designing trustworthy fpga-based embedded systems

Designing Trustworthy FPGA-Based Embedded Systems

Ted HuffmireNaval Postgraduate School

May 7, 2009

Overview

FoundryTrust

PhysicalAttacks

DesignTools

DesignTheft

Problem Areas

AttacksTrojan horse

BackdoorKill switch

ProbingSand and ScanSide Channels

Data Remanence

Covert channelsSide channels

Bypass

CloningReverse engineerReadback attack

SolutionsTrusted foundries

FPGAsX-Ray InspectionSand and Scan

Tamper sensingAdding noiseDegaussing

Logical isolationTracing wiresSanitization

Continuous powerEncrypt bitstream

WatermarkingAuthentication

Future ResearchAll of supply chainLessons from S/W Red teams

Side channels

Trusted toolsVerificationLanguages

High-assurancePartial reconfig

High-assuranceCMPs

TaggingDynamic security

Reference monitorDefense in depth

User trainingSecurity usability

DoSAuthentication

Complex designs

SystemAssurance

Reconfigurable Hardware

FPGA Chip

SDRAM (off-chip)

ReferenceM

onitor

Crypto Core

CPU Core

Protection Alternatives

Separation Kernels

app1 app3app2

kernel

Separate Processors DRAM

gatekeeper

app1app3 app2

Reconfigurable Protection

DRAM app1

app3ReferenceMonitor

Physical Software

Spatial Temporal

Design Flows

Intertwined Cores

FPGA Chip

SDRAM (off-chip)

ReferenceM

onitor

Crypto Core

CPU Core

AESAES

Moats 1.0

Moats 2.0

Moats and Drawbridges

Interconnect Tracing

FPGA Chip

SDRAM (off-chip)

ReferenceM

onitor

Crypto Core

CPU Core

Communication Architecture

FPGA Chip

SDRAM (off-chip)

DRAM Arbiter/R

eference Monitor

Crypto Core

CPU Core

Memory Protection

FPGA Chip

SDRAM (off-chip)

Crypto Core

CPU Core

AESAES

Reference M

onitor

eference Monitor

Policy Compiler

SoC Application

On-Chip Peripheral Bus (OPB)

To Network

µBlaze0

AuthenticationModule

AESRS232

µBlaze1

DDRSDRAM

Questions?

• http://faculty.nps.edu/tdhuffmi

designing trustworthy fpga-based embedded systems

r1 state

r2 state

policy access

moat clb core clbiob

parse tree

trustworthy fpga

s0 default

s0 9b000101101

Documents

going deeper with embedded fpga platform for …

256 soc fpga embedded development suite user guide · 1....

virtex-6 fpga embedded tri-mode ethernet mac · virtex-6...

memory security management for fpga-based embedded system

power efficient ram mapping algorithm for fpga embedded

embedded fpga design for optimal pixel adjustment process...

developing fpga-based embedded controllers using...

1 introduction high-performance embedded system design:...

fpga design and implementation of electrocardiogram...

implementing a kalman filter on fpga embedded processor

design of an fpga-based embedded system for the atlas...

a reconfigurable signal processing ic with embedded fpga and

omnidirectional visual obstacle detection using embedded...

design and analysis of trustworthy embedded systems: a...

impulse embedded compile processing video lab · impulse...

intel soc fpga embedded design suite user guide

developing fpga-based embedded controllers using...

embedded fpga based self tuning controller for conical tank

kintex-7 fpga kc705 embedded kit - xilinx · kintex-7 fpga...

fpga-based embedded system for wind tunnel variable