designing trustworthy fpga-based embedded systems
DESCRIPTION
Designing Trustworthy FPGA-Based Embedded Systems. Ted Huffmire Naval Postgraduate School May 7, 2009. Overview. Problem Areas. Foundry Trust. Physical Attacks. Design Tools. Design Theft. System Assurance. Attacks. Trojan horse Backdoor Kill switch. Probing Sand and Scan - PowerPoint PPT PresentationTRANSCRIPT
Designing Trustworthy FPGA-Based Embedded Systems
Ted HuffmireNaval Postgraduate School
May 7, 2009
Overview
FoundryTrust
PhysicalAttacks
DesignTools
DesignTheft
Problem Areas
AttacksTrojan horse
BackdoorKill switch
ProbingSand and ScanSide Channels
Data Remanence
Covert channelsSide channels
Bypass
CloningReverse engineerReadback attack
SolutionsTrusted foundries
FPGAsX-Ray InspectionSand and Scan
Tamper sensingAdding noiseDegaussing
Logical isolationTracing wiresSanitization
Continuous powerEncrypt bitstream
WatermarkingAuthentication
Future ResearchAll of supply chainLessons from S/W Red teams
Side channels
Trusted toolsVerificationLanguages
CM
High-assurancePartial reconfig
PUFs
High-assuranceCMPs
TaggingDynamic security
Reference monitorDefense in depth
User trainingSecurity usability
DoSAuthentication
Complex designs
SystemAssurance
Reconfigurable Hardware
FPGA Chip
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
ReferenceM
onitor
Crypto Core
CPU Core
CPU Core
AES
μP
μP
Protection Alternatives
Separation Kernels
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
app1 app3app2
kernel
Separate Processors DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
gatekeeper
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
gatekeeper
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
gatekeeper
app1app3 app2
Reconfigurable Protection
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM app1
app2
app3ReferenceMonitor
Physical Software
Spatial Temporal
Design Flows
Intertwined Cores
Moats
FPGA Chip
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
ReferenceM
onitor
Crypto Core
CPU Core
CPU Core
AESAES
Moats 1.0
Moats 2.0
Moats and Drawbridges
Interconnect Tracing
FPGA Chip
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
ReferenceM
onitor
Crypto Core
CPU Core
CPU Core
AES
μP
μP
XX
Communication Architecture
FPGA Chip
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM Arbiter/R
eference Monitor
Crypto Core
CPU Core
CPU Core
AES
μP
μP
Memory Protection
FPGA Chip
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
Crypto Core
CPU Core
CPU Core
AESAES
Reference M
onitor
X
XR
eference Monitor
Policy Compiler
SoC Application
On-Chip Peripheral Bus (OPB)
To Network
µBlaze0
AuthenticationModule
AESRS232
µBlaze1
DDRSDRAM
Questions?
• http://faculty.nps.edu/tdhuffmi