HUANG Hao-you,LU Jian-gang

2006-01-01

Abstract:The GAP principles is briefly introduced.A novel implementation method based on FPGA technology is presented.The SCSI protocol controller,SDRAM controller and core controller are integrated in the FPGA chip.It has been proved that the reliability and compatibility of this novel method are superior to those of MCU+SCSI protocol controller.

Kang Sun,Lingdi Ping,Jiebing Wang,Zugen Liu,Xuezeng Pan

DOI: https://doi.org/10.1109/imsccs.2006.208

2006-01-01

Abstract:Cryptographic algorithms are usually compute-intensive and more efficiently implemented in hardware than in software. By taking advantage of FPGA technology, some work offers high performance and flexible solutions for cryptographic algorithms. But FPGAs still have some drawbacks. To overcome inherent shortages of FPGA, a novel asynchronous reconfigurable cryptographic engine (ARCEN) is introduced. In this architecture, reconfigurable cryptographic array is the kernel. It routes signals asynchronously between adjacent cells through Neighbor-to-Neighbor wires with 4-phase handshaking protocol. Computation circuit for reconfigurable cell is developed with modified DSDCVS logic. Experiment results show that the architecture has a better performance than FPGA.

Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

Ted Huffmire,Brett Brotherton,Nick Callegari,Jonathan Valamehr,Jeff White,Ryan Kastner,Tim Sherwood

DOI: https://doi.org/10.1145/1367045.1367053

IF: 1.447

2008-07-01

ACM Transactions on Design Automation of Electronic Systems

Abstract:The extremely high cost of custom ASIC fabrication makes FPGAs an attractive alternative for deployment of custom hardware. Embedded systems based on reconfigurable hardware integrate many functions onto a single device. Since embedded designers often have no choice but to use soft IP cores obtained from third parties, the cores operate at different trust levels, resulting in mixed-trust designs. The goal of this project is to evaluate recently proposed security primitives for reconfigurable hardware by building a real embedded system with several cores on a single FPGA and implementing these primitives on the system. Overcoming the practical problems of integrating multiple cores together with security mechanisms will help us to develop realistic security-policy specifications that drive enforcement mechanisms on embedded systems.

computer science, software engineering, hardware & architecture

Xiang Gao,Yiqiang Zhao,Haocheng Ma

DOI: https://doi.org/10.3390/s18093034

IF: 3.9

2018-01-01

Sensors

Abstract:Information system security has been in the spotlight of individuals and governments in recent years. Integrated Circuits (ICs) function as the basic element of communication and information spreading, therefore they have become an important target for attackers. From this perspective, system-level protection to keep chips from being attacked is of vital importance. This paper proposes a novel method based on a fringing electric field (FEF) sensor to detect whether chips are dismantled from a printed circuit board (PCB) as system-level protection. The proposed method overcomes the shortcomings of existing techniques that can be only used in specific fields. After detecting a chip being dismantled from PCB, some protective measures like deleting key data can be implemented to be against attacking. Fringing electric field sensors are analyzed through simulation. By optimizing sensor’s patterns, areas and geometrical parameters, the methods that maximize sensitivity of fringing electric field sensors are put forward and illustrated. The simulation is also reproduced by an experiment to ensure that the method is feasible and reliable. The results of experiments are inspiring in that they prove that the sensor can work well for protection of chips and has the advantage of universal applicability, low cost and high reliability.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Alberto Carelli,Cataldo Basile,Alessandro Savino,Alessandro Vallero,Stefano Di Carlo

DOI: https://doi.org/10.48550/arXiv.1912.00696

2019-12-02

Cryptography and Security

Abstract:The mobile application market is rapidly growing and changing, offering always brand new software to install in increasingly powerful devices. Mobile devices become pervasive and more heterogeneous, embedding latest technologies such as multicore architectures, special-purpose circuits and reconfigurable logic. In a future mobile market scenario reconfigurable systems are employed to provide high-speed functionalities to assist execution of applications. However, new security concerns are introduced. In particular, protecting the Intellectual Property of the exchanged soft IP cores is a serious concern. The available techniques for preserving integrity, confidentiality and authenticity suffer from the limitation of heavily relying onto the system designer. In this paper we propose two different protocols suitable for the secure deployment of soft IP cores in FPGA-based mobile heterogeneous systems where multiple independent actors are involved: a simple scenario requiring trust relationship between entities, and a more complex scenario where no trust relationship exists through adoption of the Direct Anonymous Attestation protocol. Finally, we provide a prototype implementation of the proposed architectures.

Sizhong Xuan,Jun Han,Zhiyi Yu,Yi Ren,Xiaoyang Zeng

DOI: https://doi.org/10.1109/asicon.2015.7516998

2015-01-01

Abstract:This paper introduces a new SoC platform mainly integrated with AXI bus, OR1200, ROM, SRAM, 1Mb RRAM, UART and an 80,000-gate FPGA. OR1200 is the only master, and the others are slaves. The SoC boots from ROM, and then program to be run is sent to SRAM from PC by UART, and run by the processor OR1200. The custom RRAM, known as a potential ram, can store encryption/decryption algorithms and keys. The small FPGA can be configured to implement the algorithms partially, cooperating with the processor. We run the AES-128 algorithm (including encryption and decryption) on the SoC system. With the uart tool on PC, we can verify the results correctly. The total area of the configurable SoC is 10×5 mm2 with SMIC 0.13um CMOS technology.

李万才,王颖,许骏,彭澄廉

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.20.015

2008-01-01

Abstract:The applications of reconfigurable technology in computing-intensive area are generally introduced.Data encryption system based on reconfigurable technology can provide hardwire efficiency and software flexibility.It has the important theoretical and practical significances.A universal interface design method for encryption module is presented,which gives an effective way to control the status of the user module,independent of the lower level implementation.The validation and performance analysis are demonstrated by the AES and DES encryption on Xilinx Virtex-2 FPGA.At last,this design is proved to be effective.

Ali Nadim Alhaj,Narottam Das Patel,Ajeet Singh,Rohit Kumar Bondugula,Mohsin Furkh Dar,Jameel Ahamed

DOI: https://doi.org/10.1504/ijsnet.2024.141613

2024-09-28

International Journal of Sensor Networks

Abstract:The rapid expansion of networks has given rise to numerous challenges and issues. In recent years, one idea that has captivated researchers is segregating the forwarding and control levels, which emerged with software-defined networking (SDN) frameworks. Despite centralised management and network administration advantages, SDN networks have encountered several issues, with safety and reliability being the most prominent. This paper proposes a comprehensive robust security architecture for SDN networks that consists of modular components. Each module addresses a specific security challenge, and by integrating these security solutions, we aim to establish a cohesive security framework for SDN. Furthermore, we propose a robust security algorithm capable of effectively mitigating critical security attacks such as DDoS, ARP, and MITM. Our approach involves developing a multi-level security algorithm to counteract most DDoS attacks, while also devising a real-time algorithm specifically designed to handle ARP attacks, including request-replay-ARP DoS attacks.

computer science, information systems,telecommunications

Zine El Abidine Alaoui Ismaili,Ahmed Moussa

DOI: https://doi.org/10.48550/arXiv.0909.2369

2009-09-12

Cryptography and Security

Abstract:This paper addresses efficient hardware/software implementation approaches for the AES (Advanced Encryption Standard) algorithm and describes the design and performance testing algorithm for embedded system. Also, with the spread of reconfigurable hardware such as FPGAs (Field Programmable Gate Array) embedded cryptographic hardware became cost-effective. Nevertheless, it is worthy to note that nowadays, even hardwired cryptographic algorithms are not so safe. From another side, the self-reconfiguring platform is reported that enables an FPGA to dynamically reconfigure itself under the control of an embedded microprocessor. Hardware acceleration significantly increases the performance of embedded systems built on programmable logic. Allowing a FPGA-based MicroBlaze processor to self-select the coprocessors uses can help reduce area requirements and increase a system's versatility. The architecture proposed in this paper is an optimal hardware implementation algorithm and takes dynamic partially reconfigurable of FPGA. This implementation is good solution to preserve confidentiality and accessibility to the information in the numeric communication.

Tao Li,Zhentao Liu,Huimin Du,Lei Zhang,Jungang Han,Lin Jiang,Qingang Dong

DOI: https://doi.org/10.1109/ipdpsw.2012.35

2012-01-01

Abstract:This paper presents a reconfigurable architecture and associated design methodology for developing networking silicon chips. The tools include most of the common traffic QoS features and low level interfaces as well as some special features for extensible design. When coupled with the design tools, this architecture provides powerful capabilities for the design of highly flexible networking silicon IP cores.

Arief Wicaksana,Arif Sasongko

DOI: https://doi.org/10.1109/ICEEI.2011.6021782

2016-11-18

Abstract:In data communication via internet, security is becoming one of the most influential aspects. One way to support it is by classifying and filtering ethernet packets within network devices. Packet classification is a fundamental task for network devices such as routers, firewalls, and intrusion detection systems. In this paper we present architecture of fast and reconfigurable Packet Classification Engine (PCE). This engine is used in FPGA-based firewall. Our PCE inspects multi-dimensional field of packet header sequentially based on tree-based algorithm. This algorithm simplifies overall system to a lower scale and leads to a more secure system. The PCE works with an adaptation of single cycle processor architecture in the system. Ethernet packet is examined with PCE based on Source IP Address, Destination IP Address, Source Port, Destination Port, and Protocol fields of the packet header. These are basic fields to know whether it is a dangerous or normal packet before inspecting the content. Using implementation of tree-based algorithm in the architecture, firewall rules are rebuilt into 24-bit sub-rules which are read as processor instruction in the inspection process. The inspection process is comparing one sub-rule with input field of header every clock cycle. The proposed PCE shows 91 MHz clock frequency in Cyclone II EP2C70F896C6 with 13 clocks throughput average from input to output generation. The use of tree-based algorithm simplifies the multidimensional packet inspection and gives us reconfigurable as well as scalable system. The architecture is fast, reliable, and adaptable and also can maximize the advantages of the algorithm very well. Although the PCE has high frequency and little amount of clock, filtering speed of a firewall also depends on the other components, such as packet FIFO buffer. Fast and reliable FIFO buffer is needed to support the PCE. This PCE also is not completed with rule update mechanism yet. This proposed PCE is tested as a component of FPGA-based firewall to filter Ethernet packet with FPGA DE2 Board using NIOS II platform.

Hardware Architecture,Networking and Internet Architecture

Sunil Malipatlolla,Sorin A. Huss

DOI: https://doi.org/10.1109/spl.2011.5782649

2011-04-01

Abstract:The configuration data sequence of a Field Programmable Gate Array (FPGA) is an Intellectual Property (IP) of the original designer. With the increase in deployment of FP-GAs in modern embedded systems, the IP protection of FPGA has become a necessary requirement for many IP vendors. There have been already many proposals to overcome this problem using symmetric encryption techniques but these methods need a cryptographic key to be stored in a nonvolatile memory located on FPGA or in a battery-backed RAM as done in some of the current FPGAs. The expenses with the proposed methods are, occupation of larger area on FPGA in the former case and limited lifetime of the device in the latter. In contrast, we propose a novel method which combines the Dynamic Partial Reconfiguration (Dy-namic PR) feature of an SRAM-based FPGA with the Public Key Cryptography (PKC) to protect the FPGA configuration files without the need of fixed key storage on FPGA or external to FPGA. The proposed method, is secure against the known attacks such as the Man-In-The-Middle (MITM) attack and replay attack. Therefore, the method can be used for secure deploying of IPs from local and remote vendors. Also, using this novel method not only high-end FPGAs but also low-end FPGAs with PR capabilities are secured.

Wang Ning,Wu Yanli,Liu Guangxing,Yao Ruizhe,Zhang Longfei

DOI: https://doi.org/10.1088/1755-1315/464/1/012006

2020-03-01

IOP Conference Series: Earth and Environmental Science

Abstract:Abstract The intelligent distribution network is an important hub for connecting power generation and users, and the security of its information is closely related to the stable operation of the power grid. In order to solve the contradiction between the security and real-time of information in intelligent distribution network according to Supplementary Provisions for Safety Protection of Medium and Low Voltage Distribution Network Automation System, an information security model of intelligent distribution network is proposed, after deeply studying AES encryption algorithm and SHA-256 authentication algorithm, using OPNET as simulation software for smart distribution network information to carryout transmission delay curve. FPGA is used as information security processing platform. We obtain the total delay, analyze the integrity and availability. The experiment proves that the intelligent distribution network information security processing solution satisfies the three elements of CIA information security, and has good confidentiality, integrity and availability.

Bin Li,Qinglei Zhou,Xueming Si,Jinhua Fu

DOI: https://doi.org/10.1109/access.2018.2869174

IF: 3.9

2018-01-01

IEEE Access

Abstract:With the rapid development of the Internet, increasingly more attention has been paid to network security problems. A network security defense technology has become a very important research field. Currently, most network equipment transmits data in plaintext at the data link layer, which exposes important information, such as IP addresses, port numbers, and application protocols, to an attacker and provides an opportunity for network attacks. To protect a network against attacks and ensure its security, this paper proposes a mimic encryption system for network security. Based on the concepts of moving target defense and mimic security defense, using the principles of randomization, dynamism, and diversification, a data link layer mimic encryption system is constructed from the underlying network of an information system. By transforming the frame format, a reconfigurable encryption algorithm, an hash algorithm, and a pseudo-random number generator are used to design different combination encryption modes. Then, the hash value of an encrypted frame is obtained by performing the hash operation, and feedback update is performed to generate new key parameters for the hash key pool. In addition, the pseudo-random selection of combinations of encryption algorithms and keys is performed to achieve "one frame-one key''. Finally, an FPGA is used as the network encryption card, and a CPU is used to realize two-party key agreement and the upper layer application. Using the FPGA + CPU hardware and software collaboration, the attack surface is expanded. Taking advantage of the high anti-interference property of an FPGA, part of the attack against the software system is filtered. The experimental results and analysis show that the encryption and decryption performance of this system in a 10 G network are approximately 500 MB/s. Thus, the system can effectively prevent the leakage of user data and resist network sniffing, vulnerability attacks, exhaustive key search attacks, and ciphertext-only attacks. Moreover, this system provides high security.

Subodha Charles,Prabhat Mishra

DOI: https://doi.org/10.1145/3406661

IF: 1.447

2020-10-12

ACM Transactions on Design Automation of Electronic Systems

Abstract:Growth of the Internet-of-things has led to complex system-on-chips (SoCs) being used in the edge devices in IoT applications. The increased complexity is demanding designers to consider several critical factors, such as dynamic requirement changes, long application life, mass production, and tight time-to-market deadlines. These requirements lead to more complex security concerns. SoC manufacturers outsource some of the intellectual property cores integrated on the SoC to untrusted third-party vendors. The untrusted intellectual properties can contain malicious implants, which can launch attacks using the resources provided by the on-chip interconnection network, commonly known as the network-on-chip (NoC). Existing efforts on securing NoC have considered lightweight encryption, authentication, and other attack detection mechanisms such as denial-of-service and buffer overflows. Unfortunately, these approaches focus on designing statically optimized security solutions. As a result, they are not suitable for many IoT systems with long application life and dynamic requirement changes. There is a critical need to design reconfigurable security architectures that can be dynamically tuned based on changing requirements. In this article, we propose a tier-based reconfigurable security architecture that can adapt to different use-case scenarios. We explore how to design an efficient reconfigurable architecture that can support three popular NoC security mechanisms (encryption, authentication, and denial-of-service attack detection and localization) and implement suitable dynamic reconfiguration techniques. We evaluate our proposed framework by running standard benchmarks enabling different tiers of security and provide a comprehensive analysis of how different levels of security can affect application performance, energy efficiency, and area overhead.

computer science, software engineering, hardware & architecture

Huikai Li,Jun Han,Xiaoyang Zeng,Sui Y. Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667370

2010-01-01

Abstract:This paper presents a reconfigurable data protection controller (DPC) so as to eliminate the security threats against network-on-chip (NoC) system. The proposed DPC can terminate the illegal accesses to the shared-memory of NoC system before the links to target location have been established, thus greatly save link resource and energy. Moreover, according to the implementation results based on SMIC 0.13 um CMOS technology, the DPC only slightly increases the hardware cost of NoC infrastructure. Indeed, it is also a low overhead solution compared with previous related works.

Jiaqi Gu,Ruoyao Wang,Jian Wang,Jinmei Lai,Qinghua Duan

DOI: https://doi.org/10.1109/ASICON.2017.8252498

2017-01-01

Abstract:Projects involving both software design and hardware design are usually retarded by expensive equipments, complex simulation and challenging modification. In order to retrench the designers' time and economic costs in SW/HW (Software/Hardware) co-design simulation, this paper demonstrates a remote embedded simulation system to help multiple users manage and simulate their SW/HW co-design projects remotely while scheduling the access to on-chip FPGA resources. We built a small-scale, high-concurrent multiuser management service system on board. The system offers TCP/IP connection and transmission, flexible Wi-Fi network, secure multiuser information and files management, real-time task progress notification, compilation and execution of multiple programming languages, run-time FPGA configuration and simulation, which considerably augments the exploitability for embedded simulation service. Meanwhile, we offer users a supporting PC (Personal Computer) application to attain pertinent features, which has a multithreading GUI (Graphical User Interface). In order to verify this design, we deploy a prototype on a Xilinx Zynq (TM)-7000 AP (All Programmable) SoC (System on Chips) Z-7010 on a ZYBO Board. We apply an image processing SW/HW co-design project to our prototype. The experiment result demonstrates the system's portability and efficacy when dealing with remote access, and flexibility when simulating SW/HW co-design projects through PR (Partial Reconfiguration) technique within reasonable latency. The latency for the end-to-end reconfiguration of a 306.60KB partial bitfile is 8.819ms.

Robert Karam,Tamzidul Hoque,Sandip Ray,Mark Tehranipoor,Swarup Bhunia

DOI: https://doi.org/10.1109/aspdac.2017.7858391

2017-01-01

Abstract:Field Programmable Gate Arrays (FPGAs) are being increasingly deployed in diverse applications including the emerging Internet of Things (IoT), biomedical, and automotive systems. However, security of the FPGA configuration file (i.e. bitstream), especially during in-field reconfiguration, as well as effective safeguards against unauthorized tampering and piracy during operation, are notably lacking. The current practice of bitstreram encryption is only available in high-end FPGAs, incurs unacceptably high overhead for area/energy-constrained devices, and is susceptible to side channel attacks. In this paper, we present a fundamentally different and novel approach to FPGA security that can protect against all major attacks on FPGA, namely, unauthorized in-field reprogramming, piracy of FPGA intellectual property (IP) blocks, and targeted malicious modification of the bitstream. Our approach employs the security through diversity principle to FPGA, which is often used in the software domain. We make each device architecturally different from the others using both physical (static) and logical (time-varying) configuration keys, ensuring that attackers cannot use a priori knowledge about one device to mount an attack on another. It therefore mitigates the economic motivation for attackers to reverse engineering the bitstream and IP. The approach is compatible with modern remote upgrade techniques, and requires only small modifications to existing FPGA tool flows, making it an attractive addition to the FPGA security suite. Our experimental results show that the proposed approach achieves provably high security against tampering and piracy with worst-case 14% latency overhead and 13% area overhead.