Ingrid Verbauwhede 1 March 2005

Low Power Embedded Security:Thumbpod embedded biometrics project

Ingrid VerbauwhedeUniversity of California, Los Angeles

Acknowledgements:D. Hwang, S. Yang, P. Schaumont, K. Tiri

and all other IVGroup membersFunded by: NSF, SRC, UC-Micro

www.emsec.ee.ucla.edu

Ingrid Verbauwhede 2 March 2005

Motivation

• Embedded biometrics• PDA’s, cell phones, smart cards, gadgets.. • Distributed, communicating, devices

• Secure ?• Low Energy ? • Distributed security ?

New York Times (1/24/05):

“A Virus Writer Tests the Limits in Cell phones”

Informationsdienst Wissenschaft (1/28/05):

Siemens eröffnet Labor für Seitenkanalattacken

Ingrid Verbauwhede 3 March 2005

Embedded Security Pyramid

Cipher Design,Biometrics

• Security is as strong as the weakest link!

DQ

Vcc

CPUCrypto

MEM

JCA

Java

JVM

CLK

Identification

ConfidentialityIntegrity

SIM

DQ

Vcc

CPU

MEM

JCA

Java

KVM

CLK

Protocol: Wireless authentication protocol design

Algorithm: Embedded fingerprint matchingalgorithms, crypto algorithms

Architecture: Co-design, HW/SW, SOC

Circuit: Circuit techniques to combat sidechannel analysis attacks

Micro-Architecture: co-processor design

Identification

ConfidentialityIntegrity

IdentificationIntegrity

SIMSIMSIM

Ingrid Verbauwhede 4 March 2005

Driver Application: ThumbPod

• Intelligent secure keychain device that recognizes owner biometrically

• Components: – Microcontroller with memory– Fingerprint sensor– Biometric signal processing– Security processing

• Communication: IR and USB• Applications:

– Secure credit cards, secure memory, access control, etc.

LOW POWER, LOW COST AND SECURE!

Ingrid Verbauwhede 5 March 2005

Thumbpod-I (FPGA)

Processor & co-processors• Xilinx Virtex-II FPGA• Embedded LEON 32-b Sparc

processor• Memory-mapped co-

processors on the AMBA APB bus

• Two UARTs– Communication with server– Authentec CMOS fingerprint

sensor

Xilinx Virtex-II FPGA

DFTCo-Proc.

AMBA AHB

APB Bridge

UART

LEON32- Sparc

Proc.

AESCo-Proc.

APB

Mem. Controller Boot PROM

32 MB SRAM

KVM

Application

NativeBiometrics

NativeSecurity

JAM

Embedded Software Architecture

Server

AuthentecAF-2

DAC student designcontest 2003 winner

Ingrid Verbauwhede 6 March 2005

Protocol- Motivation

• Security – communication – computation trade-off• Traditional model: multiple storage of template!

Biometric Engine

TemplateStorage

Server

FingerprintSensor

FeatureExtraction

Match /Decision

User

RESULT

ID Protocol Controller

Ingrid Verbauwhede 7 March 2005

Security – communication - computation

• 4 tasks – distribute between device and server– DC: Data collection (from sensor)– FE: Feature extraction (signal processing)– MD: Matching & Decision– TS: Storage

Server

Crypto Engine

Biometric Engine

TemplateStorage

FingerprintSensor

FeatureExtraction

Match /Decision

Crypto Engine

Protocol Controller

ID

Biometric Engine

TemplateHash

Protocol Controller

User

RESULT

WIRELESS

Device

Ingrid Verbauwhede 8 March 2005

Security Partitioning

Architecture

Micro-Architecture

Circuit

Protocol

Algorithm

F1

F2

F3

F4

F5

INSECUREFUNCTIONS

SECUREFUNCTIONS

SECURECO-PROCESSORARCHITECTURE

INSECURERISC PROCESSOR

ARCHITECTURE

PHYSICAL PROTECTIONMECHANISMS

NO PHYSICALPROTECTION

INSTRUCTIONS

BUSES

WIRES

DEVICE FUNCTIONS

Ingrid Verbauwhede 9 March 2005

RINGS: energy – flexibility - security

Networking Video

StandardAlgorithm

ArchitectureArchitecture

Circuit

Application Model: System = Software-integrated domains

Domain-Specific

Hardware

SoftwareNetworking

Medium accessBaseband ProcArchitecture

Circuit

Security

ProtocolAlgorithm

Architecture Architecture

Circuit

MEMORY

Reconfigurable Interconnect

CPU

RF

BasebandProcessing

VideoEngine

Crypto

Architecture Model: System = Flex. connected processors

Ingrid Verbauwhede 10 March 2005

Side-channel attacks

had seen active service, and was naturally regarded as a man of energy and spirit, he was much sought after and listened to by simpletons. Although hewas not the chief of any

1 1 1 1 0 1 1 0 1 1 0 0 1 0 1 1 1 0 1 1 1 0 0 1 1 0 0 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 0 1 1 0 1 0 0 0 1 0 0 0 0

power consumption, delay, electromagnetic radiation

Characteristics of encryption module may expose the key

Differential Power Analysis (DPA) Statistical analysis extract secret key Quick with relatively cheap setup

0 31 63

Subkey Guess

Secret Key

Ingrid Verbauwhede 11 March 2005

Security partitioning

Thumbpod-II• Processor & co-

processor• Security partitioning

– Secure ASIC– Regular processor

LEON Processor

ASIC NON-DPA

ASIC DPA

LEON Processor

Boot PROM I/F

AMBA Peripheral

Bus

ASIC NON-DPA

Fingerprint

ASIC DPA 32bits Memory Bus

Comparator

LEON Processor

ASIC NON-DPA

ASIC DPA

LEON Processor

AHB/APB

Bridge

Boot PROM I/F

Boot ROM

Memory

Controller

Integer Unit

AMBA Peripheral

Bus

AHB Controller

ASIC NON-DPA

Sensor

RS232

2MB SRAM

UART1

UART2

AES Coprocessor

ASIC DPA 32bits Memory Bus

Comparator

Template

Storage

D-Cache2KB

I-

Cache

-Cache2KBAHB I/F

Ingrid Verbauwhede 12 March 2005

DPA attack set-up

Here is a picture of a Differential Power attack set-up.It is however to big to upload on theServer.See www.emsec.ucla.edu forMore information.

Ingrid Verbauwhede 13 March 2005

WDDL vs. STD CELL: AES Power Traces

STD CELL WDDL

Encryptionstartpulse

Power supply current

Standard cells WDDL

Ingrid Verbauwhede 14 March 2005

Conclusion

Cipher Design,Biometrics

• Embedded Security is NOT a point solution

DQ

Vcc

CPUCrypto

MEM

JCA

Java

JVM

CLK

Identification

ConfidentialityIntegrity

SIM

DQ

Vcc

CPU

MEM

JCA

Java

KVM

CLK

Protocol: Security – Communication – Computation trade-off

Algorithm: Security partitioning

Architecture: RINGS & Gezel

Circuit: WDDL & Diff routing

Micro-Architecture: co-processor design

Identification

ConfidentialityIntegrity

IdentificationIntegrity

SIMSIMSIM

Systematic cross layer design techniques and optimizations

Ingrid Verbauwhede 15 March 2005

Discussion

• Our goal (NSF): provide ENABLING TECHNOLOGIES• Secure storage to avoid identity theft of biometrics!

– Single storage instead of multiple storage– Storage with the user/customer

Privacy - social impact

If one TP stolen, only biometrics of one person is gone– Store in “hashed” version:

mathematical/crypto/embedded design issue– Multi mode biometrics

• Ultra low power Trusted compute platforms– Architectures, HW/SW co-design techniques– For Smart-cards, RF-ID tags, sensor nodes, etc.

Ingrid Verbauwhede 16 March 2005

[1] Amphion CS5230 on Virtex2 + Xilinx Virtex2 Power Estimator

[2] Helger Lipmaa PIII assembly handcoded + Intel Pentium III (1.13 GHz) Datasheet

[3] gcc, 1 mW/MHz @ 120 Mhz Sparc – assumes 0.25 um CMOS

[4] Java on KVM (Sun J2ME, non-JIT) on 1 mW/MHz @ 120 MHz Sparc – assumes 0.25 um CMOS

648 Mbits/secAsmPentium III [2] 41.4 W 0.015 (1/1900)

Java [4]Emb. Sparc 450 bits/sec 120 mW 0.0000037

(1/9600000)

CEmb. Sparc [3] 133 Kbits/sec 0.0011

(1/33000)

56 mW

Power

1.32 Gbit/secFPGA [1]

35.7 (1/1)2 Gbits/sec0.18m CMOS

Figure of Merit(Gb/s/W)

ThroughputAES 128bit key128bit data

490 mW 2.7 (1/11)

120 mW

Throughput – Energy numbers