SoC: Security-on-chip!



Similar documents
OMAP platform security features

M-Shield mobile security technology

Security in Embedded Systems: Design Challenges

Embedded Java & Secure Element for high security in IoT systems

Side Channel Analysis and Embedded Systems Impact and Countermeasures

M-Shield Mobile Security Technology: making wireless secure

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Pervasive Computing und. Informationssicherheit

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

CRIPT - Cryptography and Network Security

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK,

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Network Security. Introduction. Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

e-code Academy Information Security Diploma Training Discerption

Introduction of Information Security Research Division

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Introducing etoken. What is etoken?

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

Secure web transactions system

High-Performance, Highly Secure Networking for Industrial and IoT Applications

Mobile Office Security Requirements for the Mobile Office

7a. System-on-chip design and prototyping platforms

Patterns for Secure Boot and Secure Storage in Computer Systems

Chapter 7 Transport-Level Security

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

CSE/EE 461 Lecture 23

DesignWare IP for IoT SoC Designs

Secure Hardware PV018 Masaryk University Faculty of Informatics

Secure Streaming Media and Digital Rights Management

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Freescale Security Backgrounder Page 1

Hardware Security Modules for Protecting Embedded Systems

Weighted Total Mark. Weighted Exam Mark

BlackBerry Enterprise Solution Security Release Technical Overview

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Strengthen RFID Tags Security Using New Data Structure

DRAFT Standard Statement Encryption

Problems of Security in Ad Hoc Sensor Network

Ciphire Mail. Abstract

HOW SECURE ARE CURRENT MOBILE OPERATING SYSTEMS?

MOTOROLA ACCOMPLI 009 PERSONAL COMMUNICATOR MODULE OVERVIEW SCOPE OF DOCUMENT. Security Policy REV 1.2, 10/2002

The Implementation of Signing e-document by Using the Wireless Identity Module in Cellular Phone

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Overview. SSL Cryptography Overview CHAPTER 1

A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

CONNECT PROTECT SECURE. Communication, Networking and Security Solutions for Defense

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

SSL VPN vs. IPSec VPN

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

SPINS: Security Protocols for Sensor Networks

IoT Security Concerns and Renesas Synergy Solutions

ISM/ISC Middleware Module

Secure Containers. Jan Imagination Technologies HGI Dec, 2014 p1

Embedding Trust into Cars Secure Software Delivery and Installation

MOTOROLA MESSAGING SERVER SERVER AND MOTOROLA MYMAIL DESKTOP PLUS MODULE OVERVIEW. Security Policy REV 1.3, 10/2002

PrivyLink Cryptographic Key Server *

Course Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits)

PUF Physical Unclonable Functions

Single Sign-On Secure Authentication Password Mechanism

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Netzwerksicherheit [NetSec] Systemsicherheit [SysSec]

Description: Objective: Attending students will learn:

Using BroadSAFE TM Technology 07/18/05

The Internet of Things: Opportunities & Challenges

Network Security Essentials:

CHASE Survey on 6 Most Important Topics in Hardware Security

Cornerstones of Security

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Common Remote Service Platform (crsp) Security Concept

Introduction to Cyber Security / Information Security

Securing Data on Microsoft SQL Server 2012

Certifying Program Execution with Secure Processors

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

IBM Crypto Server Management General Information Manual

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Advanced Authentication

IoT Security Platform

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Implementation of Wireless Gateway for Smart Home

What is a System on a Chip?

FORBIDDEN - Ethical Hacking Workshop Duration

ICAWEB423A Ensure dynamic website security

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Transcription:

SoC: Security-on-chip! MPSoC (July 2005) NEC Laboratories America Princeton, NJ

Ubiquitous Security Concerns Home Gateway Servers WLAN Terminal Access Point Corporate Network Desktop Firewall ATM machine Smart cards, e-wallets Aviation Automotive electronics MP3 player, Media jukebox Cell Phone, PDA

Security Concerns for an Example Device (3G Cell Phone) Mobile phone value chain End user Content provider Application Service provider Service provider Handset Manufacturer HW/SW Providers Privacy & Integrity of personal data Fraudulent calls & transactions Loss / theft Secure execution of downloaded SW Content security, digital rights management Secure end-to-end communications Non-repudiation Secure network access Fraudulent service usage Intellectual property protection

Functional Security Measures Applications VPN Web browser DRM Secure storage Security protocols Secure communications protocols (SSL/TLS, WTLS, IPSEC,S/MIME) Cryptographic primitives Symmetric Crypto. (RC4, DES,AES) Hash (SHA-1, MD5) Public key Crypto. (RSA,ECC) Biometric DRM protocols Authentication (IPMP) (fingerprint, face, Digital Signature (DSA,ecDSA) Key Exchange (DH,ecDH) voice)

Security Challenges for an SOC Designer Assurance gap Gap between sound functional measures and a secure implementation Security processing gap * Disparity between processing requirements and capabilities Battery gap * Energy requirements for security related functionality * Please refer to the Appendix for quantitative illustrations

Assurance Gap Implementation Implementation weaknesses! weaknesses! Functional Functional security security measures measures Cartoon courtesy: Paul Kocher

Implementation Attacks Implementation Attacks Functional Classification Integrity Attacks Privacy Attacks Availability Attacks Power Analysis Agent-based Classification Eavesdropping Microprobing Fault Injection Timing Analysis Virus Trojan Horse Physical Attacks EM Analysis Side-Channel Attacks Software Attacks

Approaches to addressing the security gaps Software SW certificates Encrypted SW execution OS and language-based techniques for isolation Tools that check code for vulnerabilities Architecture Security-enhanced embedded processors ARM TrustZone, AEGIS (MIT), XOM (Stanford) Co-processors for crypto. Trusted Computing Platforms (TCPA, NGSCB) Secure SoCs TI OMAP, NEC MP211 Logic-level One shoe does not fit all! Minimize side-channel leakage Security - Make solutions timing, strongly power independent tied to of data the SOC architecture, resource constraints, Circuit, Layout, packaging Randomizing layout to attack make reverse model, engineering.and the difficult bottomline Scrambling bus lines Sensors to detect environment variations or package removal

Case Study: MOSES (Security Architecture of NEC s MP211 mobile phone SoC) Joint work with: A. Raghunathan, M. Sankaradass, S. T. Chakradhar H. Nakajima, T. Hasegawa, S. Ueno NEC Electronics Corp.

Objectives/Requirements Mobile phone will be used to run applications such as secure browsing, VPN, DRM players, etc. Must support SSL, IPSec, OMA DRM 2.0 Must meet performance and power targets Solution must be flexible Security protocols/cryptographic algorithms may change Provide protection to any sensitive data or cryptographic keys against common attacks

MOSES : MObile SEcurity processing System First fully programmable mobile security engine Custom instruction set extensions provide > 10X security processing speedup Novel SW architecture for true protocol-level acceleration and multiprocessor systems Secure boot and run-time memory protection prevents software (virus) and physical (code modification) attacks Certificates PINS DATA FLASH ARM0 FLASH I/F MOSES FW (code) Linux Kernel ARM1 Security Enforcement Module (SEM) FLASH ROM DRAM I/F Shared memory MOSES (data) ARM2 ARM1 ARM0 SDRAM ARM2 ScratchPad BUS I/F µ85 DMAC Bridge CoPro CACHE MOSES SPXK5 DSP SRAM NEC s s MP211 mobile application processor

Thank you.

Computation Requirements for Cryptography : Symmetric Encryption & Hashing MIPS requirements for symmetric encryption and hash algorithms MP3 dec 50MIPS JPEG enc (2MP, 1sec) 200MIPS MPEG4 dec (CIF, 15fps) 250MIPS MPEG4 enc (CIF, 15fps) 800 MIPS 10Mbps @ 651.3 MIPS 3.8 Mbps@ 250MIPS (~XScale 400MHz) 2.3 Mbps@150MIPS (~SA-1100 206MHz)

Battery Requirements for Security Additional computation & communication drains energy 3DES Other SHA 3% 18% 44% 35% IPSec on a Symbol PPT2800 Pocket PC Source: Mishra et. al., ICC 2002 Transmit/ Receive Encrypted Normal Battery runs out of power Battery runs out of power 0 50 100 150 200 Avg. No. of Transactions Secure data collection on a wireless sensor node Mobile Node Motorola DragonBall MC68328 Sensoria WINS NG RF Subsystem ( 10 Kbps, 10mW power ) Sensoria WINS NG Battery Pack ( 7.2 V supplying 26 kj) Source: NAI Labs

REFERENCES Survey Papers: ************* S. Ravi, A. Raghunathan, S. Hattangady, and J.-J Quisquater, "Emerging Challenges in Designing Secure Mobile Appliances" in Ambient Intelligence: Impact on Embedded System Design, Kluwer Academic Publishers, November 2003 S. Ravi, A. Raghunathan, P. Kocher and S. Hattangady, "Security in Embedded Systems: Design Challenges" in ACM Transactions on Embedded Computing Systems: Special Issue on Embedded Systems and Security, 2004 S. Ravi, A. Raghunathan and S. Chakradhar, Tamper Resistance Mechanisms for Secure Embedded Systems, IEEE Intl. Conf. on VLSI Design, Jan. 2004. P. Kocher, R. Lee, G. McGraw, A. Raghunathan and S. Ravi, Security as a New Dimension in Embedded System Design, ACM/IEEE Design Automation Conference (DAC), June 2004. Books: ****** W. Stallings, Cryptography and Network Security: Principles and Practice. Prentice Hall, 1998. B. Schneier, Applied Cryptography: Protocols, Algorithms and Source Code in C. John Wiley, 1996. G. Hoglund and G. McGraw, Exploiting Software: How to Break Code, Addison-Wesley, 2004. W. Rankl and W. Effing, Smart Card Handbook. John Wiley and Sons. R. Anderson, Security Engineering - a Guide to Building Dependable Distributed Systems, John Wiley, 2001

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information