SoCFaSe : in quest for fast and secure SoC architectures

Over the past few years, Internet of Things (IoT) has gained a lot of attention. It is mainly due to significant improvements in technology, available processing power and efficiency. This allowed for the deployment of Artificial Intelligence (AI) techniques on these devices. The billions of smart d...

Full description

Saved in:
Bibliographic Details
Main Author: Gupta, Naina
Other Authors: Anupam Chattopadhyay
Format: Thesis-Doctor of Philosophy
Language:English
Published: Nanyang Technological University 2023
Subjects:
Online Access:https://hdl.handle.net/10356/165228
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-165228
record_format dspace
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering::Computer systems organization::Processor architectures
Engineering::Computer science and engineering::Data::Data encryption
Engineering::Computer science and engineering::Hardware::Register-transfer-level implementation
spellingShingle Engineering::Computer science and engineering::Computer systems organization::Processor architectures
Engineering::Computer science and engineering::Data::Data encryption
Engineering::Computer science and engineering::Hardware::Register-transfer-level implementation
Gupta, Naina
SoCFaSe : in quest for fast and secure SoC architectures
description Over the past few years, Internet of Things (IoT) has gained a lot of attention. It is mainly due to significant improvements in technology, available processing power and efficiency. This allowed for the deployment of Artificial Intelligence (AI) techniques on these devices. The billions of smart devices connected worldwide nowadays are embedded with commodity sensors, real-time analysis and decision making. This evolution has resulted in IoT devices becoming intelligent, smart, and more responsive. Even though this fusion of physical and digital universe has proved to be beneficial in multiple sectors such as healthcare, autonomous driving, smart home, etc. Such a growth has also led to many security challenges especially with the rise in side-channel attack possibilities. As these devices collect a lot of data and the decision-making process is data driven; security of such devices becomes a necessity for safety-critical and time-critical applications. It is a well-known fact that security in any system comes with a cost. Further, each individual SoC component will require different type of protection mechanism. Therefore, the research question addressed in this dissertation is “how can we design a secure SoC with a good performance-area trade-off in order to meet today’s application requirements”. Hence, the purpose of this thesis is three-fold: firstly, to investigate, explore and understand the attack vectors possible on the currently deployed systems. Secondly, focus on individual SoC components to integrate security measures while maintaining a balance between performance and resource utilization. This is necessary as many IoT devices are constrained either due to available resources or the time sensitiveness of the decision they are required to make. And thirdly, to ensure that the designed system is able to adapt to the changing standards and offers future-proof security as well. In view of this, we wish to integrate the proposed architecture using RISC-V open standards. Additionally, employ post-quantum cryptographic algorithms to thwart threats due to the advent of quantum computers. One of the most common sources for booting OS in any embedded device is Flash/SD-card. As it is external to the system, it is easily accessible for tampering or snooping. It is very crucial for a system to allow execution of only authorized firmware as the security of whole system can be compromised using a malicious firmware. As a result, this work begins with the development and integration of a fully hardware based secure boot mechanism. The work also demonstrates that hardware-based secure boot is better in terms of performance and energy-efficiency than software-based as well as it reduces the overall threat surface. Thus, providing better security measures. Next, we developed a lightweight, low-power, and transparent memory encryption engine to protect the DRAM from cold-boot attacks, snooping, etc. We also provide detailed analysis of performance-area trade-off using four different case studies for real-time systems/edge computing. Further, to provide future-proof security, we performed analysis and acceleration of three different post-quantum algorithms for GPU platforms belonging to three different classes of mathematical problems: Learning with errors (LWE), Ring-LWE (RLWE) and Module-LWE (MLWE). The aim of this analysis is to understand different requirements in terms of computational aspects as well as memory, investigate optimization strategies etc. As both GPUs and FPGAs allow parallel execution of operations, we then utilized the lessons learnt from GPU implementation and other hardware optimization strategies to realize the smallest hardware accelerator for CRYSTALS-Dilithium, a NIST standardized lattice-based post-quantum digital signature scheme. As the lattice-based schemes are considered to be the most promising candidate, we further developed the secure boot architecture using the lattice-based hardware accelerator. We also integrated fault protection mechanisms to prevent bypassing of secure boot. Moreover, as the possible applications of AI is expanding, the need for embedding an AI accelerator in the SoC is also becoming important. This is to have faster response time and avoid latency issues by bringing the decision-making process towards the edge. As a result, we integrated the open-source neural network accelerator NVDLA in the SoC. We also conducted experiments to analyze the security of the accelerator using side-channel attacks and report our findings.
author2 Anupam Chattopadhyay
author_facet Anupam Chattopadhyay
Gupta, Naina
format Thesis-Doctor of Philosophy
author Gupta, Naina
author_sort Gupta, Naina
title SoCFaSe : in quest for fast and secure SoC architectures
title_short SoCFaSe : in quest for fast and secure SoC architectures
title_full SoCFaSe : in quest for fast and secure SoC architectures
title_fullStr SoCFaSe : in quest for fast and secure SoC architectures
title_full_unstemmed SoCFaSe : in quest for fast and secure SoC architectures
title_sort socfase : in quest for fast and secure soc architectures
publisher Nanyang Technological University
publishDate 2023
url https://hdl.handle.net/10356/165228
_version_ 1764208084980334592
spelling sg-ntu-dr.10356-1652282023-04-04T02:58:00Z SoCFaSe : in quest for fast and secure SoC architectures Gupta, Naina Anupam Chattopadhyay School of Computer Science and Engineering anupam@ntu.edu.sg Engineering::Computer science and engineering::Computer systems organization::Processor architectures Engineering::Computer science and engineering::Data::Data encryption Engineering::Computer science and engineering::Hardware::Register-transfer-level implementation Over the past few years, Internet of Things (IoT) has gained a lot of attention. It is mainly due to significant improvements in technology, available processing power and efficiency. This allowed for the deployment of Artificial Intelligence (AI) techniques on these devices. The billions of smart devices connected worldwide nowadays are embedded with commodity sensors, real-time analysis and decision making. This evolution has resulted in IoT devices becoming intelligent, smart, and more responsive. Even though this fusion of physical and digital universe has proved to be beneficial in multiple sectors such as healthcare, autonomous driving, smart home, etc. Such a growth has also led to many security challenges especially with the rise in side-channel attack possibilities. As these devices collect a lot of data and the decision-making process is data driven; security of such devices becomes a necessity for safety-critical and time-critical applications. It is a well-known fact that security in any system comes with a cost. Further, each individual SoC component will require different type of protection mechanism. Therefore, the research question addressed in this dissertation is “how can we design a secure SoC with a good performance-area trade-off in order to meet today’s application requirements”. Hence, the purpose of this thesis is three-fold: firstly, to investigate, explore and understand the attack vectors possible on the currently deployed systems. Secondly, focus on individual SoC components to integrate security measures while maintaining a balance between performance and resource utilization. This is necessary as many IoT devices are constrained either due to available resources or the time sensitiveness of the decision they are required to make. And thirdly, to ensure that the designed system is able to adapt to the changing standards and offers future-proof security as well. In view of this, we wish to integrate the proposed architecture using RISC-V open standards. Additionally, employ post-quantum cryptographic algorithms to thwart threats due to the advent of quantum computers. One of the most common sources for booting OS in any embedded device is Flash/SD-card. As it is external to the system, it is easily accessible for tampering or snooping. It is very crucial for a system to allow execution of only authorized firmware as the security of whole system can be compromised using a malicious firmware. As a result, this work begins with the development and integration of a fully hardware based secure boot mechanism. The work also demonstrates that hardware-based secure boot is better in terms of performance and energy-efficiency than software-based as well as it reduces the overall threat surface. Thus, providing better security measures. Next, we developed a lightweight, low-power, and transparent memory encryption engine to protect the DRAM from cold-boot attacks, snooping, etc. We also provide detailed analysis of performance-area trade-off using four different case studies for real-time systems/edge computing. Further, to provide future-proof security, we performed analysis and acceleration of three different post-quantum algorithms for GPU platforms belonging to three different classes of mathematical problems: Learning with errors (LWE), Ring-LWE (RLWE) and Module-LWE (MLWE). The aim of this analysis is to understand different requirements in terms of computational aspects as well as memory, investigate optimization strategies etc. As both GPUs and FPGAs allow parallel execution of operations, we then utilized the lessons learnt from GPU implementation and other hardware optimization strategies to realize the smallest hardware accelerator for CRYSTALS-Dilithium, a NIST standardized lattice-based post-quantum digital signature scheme. As the lattice-based schemes are considered to be the most promising candidate, we further developed the secure boot architecture using the lattice-based hardware accelerator. We also integrated fault protection mechanisms to prevent bypassing of secure boot. Moreover, as the possible applications of AI is expanding, the need for embedding an AI accelerator in the SoC is also becoming important. This is to have faster response time and avoid latency issues by bringing the decision-making process towards the edge. As a result, we integrated the open-source neural network accelerator NVDLA in the SoC. We also conducted experiments to analyze the security of the accelerator using side-channel attacks and report our findings. Doctor of Philosophy 2023-03-21T00:31:12Z 2023-03-21T00:31:12Z 2023 Thesis-Doctor of Philosophy Gupta, N. (2023). SoCFaSe : in quest for fast and secure SoC architectures. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/165228 https://hdl.handle.net/10356/165228 10.32657/10356/165228 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University