Yuchen Mei,Li Du,Xuewen He,Yuan Du,Xiaoliang Chen,Zhongfeng Wang

DOI: https://doi.org/10.1109/socc49529.2020.9524762

2020-01-01

Abstract:Most of the existing memory encryption techniques in IoT devices are based on data encryption. The level of security increases at the cost of the increased encryption algorithm complexity, resulting in large power consumption and area overhead for high-security devices. In this paper, we take a significantly different approach to encrypt the device memory through address encryption. A reconfigurable architecture called Permutation based Address Encryption (PAE) is proposed, for the first time, to encrypt the device memory with minor hardware overhead and much shorter processing time. The architecture is synthesized in SMIC 40nm standard CMOS technology. Compared with Data Encryption Standard (DES), the proposed PAE achieves 16x encryption speed and 1.4x effective key length. When combined with the DES, the PAE+DES encryption outperforms existing hardware Advanced Encryption Standard (AES) with almost 2x in power efficiency, more than 1.5x in area efficiency and better security, making it a promising hardware encryption technique for IoT devices.

Xuewen He,Li Du,Yuan Du

DOI: https://doi.org/10.1109/jiot.2024.3500781

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In IoT real-time systems and edge computing applications, Memory Encryption Engines (MEEs) are used for real-time memory encryption to protect program code and sensitive data in NVMs and mitigate some side-channel attacks. However, for resource-constrained devices, it is a considerable challenge to realize a lightweight solution with low hardware overhead, high security, and flexible bit-width. This paper presents a lightweight full-memory encryption engine, called Data&Address Encryption (DAE), which employs hybrid data and address encryption to protect Non-volatile Memories (NVMs) on-the-fly with low logic latency, flexible width adaptation, and enhanced security in some aspects. The security analyses show that DAE performs effective mitigation in some side-channel attacks, such as Remanence attack, and provides better security than data-only ciphers in resisting the brute-force attack, etc. Evaluated with TSMC’s 40nm standard CMOS technology, 128-bit DAE has a lightweight feature of 8.703 KGates, which is only 5.46% of 128-bit Advanced Encryption Standard (AES-128), and performs a 5.8× throughput, a 105.9× area efficiency, and a 48.1× energy efficiency. In the experiments on SoC simulation and FPGA platform with an embedded RISC-V core, the results show that DAE causes little or no loss of system frequency and throughput.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yang Xiang,Yuxia Cheng,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1007/s10586-017-0833-4

2017-01-01

Cluster Computing

Abstract:With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Taixin Li,Boran Sun,Hongtao Zhong,Yixin Xu,Vijaykrishnan Narayanan,Liang Shi,Tianyi Wang,Yao Yu,Thomas Kaempfe,Kai Ni,Huazhong Yang,Xueqing Li

DOI: https://doi.org/10.1145/3604589

IF: 1.447

2023-01-01

ACM Transactions on Design Automation of Electronic Systems

Abstract:Ferroelectric Field Effect Transistors (FeFETs) have spurred increasing interest in both memories and computing applications, thanks to their CMOS compatibility, low-power operation, and high scalability. However, new security threats to the FeFET-based memories also arise. A major threat is the power analysis side-channel attack (P-SCA), which exploits the power traces of the memory access to obtain data information. There have been several effective efforts on resistive nonvolatile memories (NVMs), but they fail to meet the requirements for secure FeFET-based memories due to the different capacitive FeFETs load. Directly applying these existing countermeasures to the P-SCA protection for FeFETs induces huge challenges, especially for the balance between power side-channel resistance and corresponding overheads. To address this issue, we leverage the unique features of FeFETs and propose ProtFe , namely the protection methods for FeFET-based memories, including the pipelined multi-step write strategy ( PiMWrite ) and the split array design ( SpA ). PiMWrite is proposed for general FeFET-based memories, and inserts specially designed intermediate states to mitigate information leakage with pipelined steps to reduce overheads. SpA is proposed for custom FeFET-based memories, and simultaneously writes two split portions of the array with shared minimized peripherals to go beyond the balance between security and overheads. Simulation results show that PiMWrite expands the search space of a single power trace to 21× and involves nearly zero hardware penalties. SpA presents 33× search space improvement with negligible latency, 0.6% area, and only 7.1% energy overhead. ProtFe achieves improved balance between security and overheads, compared with the state-of-the-art works.

Tianyu Yin,Guozhu Xin,Jun Han

DOI: https://doi.org/10.1109/ICSICT49897.2020.9278286

2020-01-01

Abstract:Encryption and integrity verification of memory content is very important, especially for IoT devices. In this paper, a high-performance hardware memory encryption engine integrated into RISC-V SoC is proposed. By applying this scheme, we achieved a nearly 41.8% cycle reduction over the reference design. The proposed design can help provide more safety mechanisms for TEE such as Keystone[1] by providing hardware-implemented memory encryption and integrity verification.

Zhun Zhang,Xiang Wang,Qiang Hao,Dongdong Xu,Jinlei Zhang,Jiakang Liu,Jinhui Ma

DOI: https://doi.org/10.3390/mi12050560

IF: 3.4

2021-05-15

Micromachines

Abstract:Dynamic data security in embedded systems is raising more and more concerns in numerous safety-critical applications. In particular, the data exchanges in embedded Systems-on-Chip (SoCs) using main memory are exposing many security vulnerabilities to external attacks, which will cause confidential information leakages and program execution failures for SoCs at key points. Therefore, this paper presents a security SoC architecture with integrating a four-parallel Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) cryptographic accelerator for achieving high-efficiency data processing to guarantee data exchange security between the SoC and main memory against bus monitoring, off-line analysis, and data tampering attacks. The architecture design has been implemented and verified on a Xilinx Virtex-5 Field Programmable Gate Array (FPGA) platform. Based on evaluation of the cryptographic accelerator in terms of performance overhead, security capability, processing efficiency, and resource consumption, experimental results show that the parallel cryptographic accelerator does not incur significant performance overhead on providing confidentiality and integrity protections for exchanged data; its average performance overhead reduces to as low as 2.65% on typical 8-KB I/D-Caches, and its data processing efficiency is around 3 times that of the pipelined AES-GCM construction. The reinforced SoC under the data tampering attacks and benchmark tests confirms the effectiveness against external physical attacks and satisfies a good trade-off between high-efficiency and hardware overhead.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

Yu Bo,Li Xiangyu,Chen Cong,Sun Yihe,Wu Liji,Zhang Xiangmin

DOI: https://doi.org/10.1088/1674-4926/33/6/065009

2012-01-01

Abstract:This paper presents an AES (advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution. Both decryption and encryption procedures of an AES are implemented on the chip. A fine-grained dataflow architecture is proposed, which dynamically exploits intrinsic byte-level independence in the algorithm. A novel circuit called an HMF (Hold-Match-Fetch) unit is proposed for random control, which randomly sets execution orders for concurrent operations. The AES chip was manufactured in SMIC 0.18 μm technology. The average energy for encrypting one group of plain texts (128 bits secrete keys) is 19 nJ. The core area is 0.43 mm2. A sophisticated experimental setup was built to test the DPA resistance. Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack. Compared with the corresponding fixed order execution, the hardware based random order execution is improved by at least 21 times the DPA resistance.

Ying Zhou,Guoyu Qian,Yueying Xing,Hongying Liu,Satoshi Goto,Yukiyasu Tsunoo

DOI: https://doi.org/10.1109/ISECS.2010.56

2010-01-01

Abstract:Advanced Encryption Standard (AES) is a widely used symmetric cryptographic algorithm. Differential power analysis attack (DPA) is a powerful side-channel attack method which has been successfully used to attack AES. As a lot of people focus on revealing the key, more and more people become interested in how to defend DPA attack. In this paper, we propose a method by adding a set of register and a random generator to defend DPA attack. The proposed method has been implemented on SASEBO board. It can process data with 2.56 Gbps at 200 MHz frequency. And we use the DPA attack to prove it can effectively defend the normal DPA attack.

Eunjin Choi,Jina Park,Kyuseung Han,Woojoo Lee

DOI: https://doi.org/10.1016/j.jestch.2024.101894

IF: 5.155

2024-11-22

Engineering Science and Technology an International Journal

Abstract:As open-source RISC-V cores continue to be released, the development of low-power multicore processors utilizing these cores is invigorating the edge/IoT device market. Nevertheless, comprehensive research on developing low-power multicore processors with integrated security features using existing open RISC-V cores remains limited. This study addresses this gap by introducing AESware , a dedicated lightweight hardware designed for energy-efficient AES (Advanced Encryption Standard) task execution, contributing to the development of AES-specific low-power RISC-V multicore processors. AESware supports variable key lengths and ensures minimal power consumption with a compact design. This standalone IP (Intellectual Property) is compatible with various open RISC-V cores, offering scalability and convenience. And importantly, we propose the most energy-efficient architecture for multicore processors equipped with AESware. Instead of assigning dedicated AESware to each core, we introduce a shared AESware architecture to maximize energy efficiency. We develop an operational algorithm for task scheduling in AESware, achieving maximum utilization and minimal latency while maintaining its lightweight nature. To evaluate our solution, we developed 24 processors into three groups: AESware-equipped, baseline, and those with an external AES accelerator per core. After FPGA (Field-Programmable Gate Array) prototyping for functional verification and power consumption analysis via 45 nm process technology synthesis, our findings revealed significant energy savings. AESware-equipped processors achieved up to 76%, 47%, and 33% energy savings at dual-, quad-, and octa-core configurations compared to baseline, respectively, and were more energy-efficient in running AES applications than those with individual accelerators.

engineering, multidisciplinary

liu genxian,wang haixia,liu zhenyu,wang dongsheng

DOI: https://doi.org/10.3778/j.issn.1002-8331.1403-0022

2014-01-01

Abstract:Embedded systems in high security-sensitive areas are susceptible to various types of attacks, including stealing passwords, tampering data and offline analysis. Especially, the hardware-level attacks often result in significant losses to the users. In order to defend the above attacks, the off-chip memory is encrypted and authenticated through AES-GCM algorithm. This scheme writes data after encryption, decrypt and authenticate after read data. In addition, a function is built that scrambling password with page address to ensure the encryption strength. Finally LRU cache is introduced to improve its performance. The scheme is implemented on STM32F103 microprocessor platform in software and the feasibility of the system design is proved. The memory stress experiment shows that the system security is strengthened with 9% performance degradation.

Lingxiao Duan,Jianyi Meng,Xiaolang Yan

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.052

2015-01-01

Abstract:Embedded CPU will cause side channel effects of power consumption when running encryption and decryption algorithms.In light of this issue,we proposed a random delay-based embedded processor architecture,which is able to resist DPA attacks.In the proposed architecture,random waiting delay will be inserted into preceding pipeline stage to interfere with the track of power consumption in timeline for every program running,so that to achieve the goal of DPA attacks resistant.Experiments show that this architecture has a good characteristic in resisting differential power analysis,moreover it also has lower design complexity in hardware circuit.

Jiahao Song,Haoyang Luo,Xiyuan Tang,Kuan Xu,Zhigang Ji,Yuan Wang,Runsheng Wang,Ru Huang

DOI: https://doi.org/10.1109/lssc.2022.3158630

2022-01-01

IEEE Solid-State Circuits Letters

Abstract:This letter presents a 3T eDRAM in-memory physically unclonable function (PUF) for low-cost Internet of Things (IoT) applications. The proposed design integrates PUF to eDRAM with a small peripheral overhead. With the subthreshold leakage of the bit-cell read path exploited as the entropy source, two adjacent 3T eDRAMs (with 2 $\times $ 197 F2=394 F2 area) race to generate the key bit. To overcome voltage and temperature variations, the spatial majority voting (SMV) is adopted. Implemented in 65-nm CMOS, the proposed eDRAM PUF achieves < 0.35% bit error rate (BER) across a voltage range of 1.0–1.2 V and temperature range of 0 °C–60 °C, presenting a low-cost and robust solution for IoT security.

Titu Mary Ignatius,Thockchom Birjit Singha,Roy Paily Palathinkal

DOI: https://doi.org/10.1109/access.2024.3477961

IF: 3.9

2024-10-19

IEEE Access

Abstract:With the advancement of IoT edge devices, the threat to sensitive data processed at these devices is increasing. This research aims to enhance processor's built-in resilience against power analysis attacks (PAA) by expanding pipeline stages, employing diverse pipeline techniques, and integrating additional features. The paper proposes 32-bit RISC-V core micro-architectures with inbuilt cryptographic capabilities, extending the RISC-V ISA with custom AES instructions to reduce energy consumption, code size, and encryption time compared to software AES solutions. An area-efficient 128-bit, 12-clock AES based on the Masoleh S-box is integrated into the RISC-V core, resulting in low area and power overheads. Two cores are presented: Core1, a 3-stage pipelined core with a software pause, and Core2, a 4-stage pipelined core with a hardware pause for securing data with AES instructions. Despite their vulnerabilities, the integration of AES with RISC-V architecture significantly improves their intrinsic resilience against PAA. This work analyses the vulnerability and improvement in intrinsic resilience of these cores to side-channel attacks, the impact of hardware versus software pause and the effect of pipeline stages on security metrics. The proposed designs are validated on a Xilinx Basys3 FPGA and developed in UMC 65 nm technology node. Power traces generated during AES encryption are extracted using Synopsys PrimeTime PX and analyzed with a MATLAB power attack model to successfully recover all key bytes. Core1 and Core2 achieved higher throughput of and , respectively, than the Arm CryptoCell312. Core2's added circuits for hardware pause and increased number of pipeline stages significantly boost performance and enhance security against power attacks, with only a modest increase in area and power consumption.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mingyu Yang,Tanvir Ahmed,Saya Inagaki,Kazuo Sakiyama,Yang Li,Yuko Hara-Azumi

DOI: https://doi.org/10.1109/jiot.2024.3355417

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the growth of Internet of Things (IoT) era, the protection of secret information on IoT devices is becoming increasingly important. For IoT devices, attacks that target information leakage through physical side-channels (e.g., a power side-channel) are a major threat in many use cases because IoT devices can be accessed easily by a hostile third party. However, securing resource-constrained IoT devices against side-channel attacks is a challenging issue. Generally, it is difficult to satisfy the requirements on side-channel protection while maintaining the low-power and real-time constrains of IoT devices. In this paper, we propose a hardware/software cooperative design for cryptosystems that is suitable for resource-constrained IoT devices. Combining a security-oriented processor design (i.e., an instruction set architecture definition and its architectural structure) and careful implementations of masked software implementation for cipher algorithms can effectively improve the power-performance-area (PPA) while suppressing power side-channel leakage. In our evaluation, for three ciphers (Chaskey, Simon, and AES), we demonstrate that our work is superior to state-of-the-art works (two RISC-V processors and a small-scale low-power processor) in terms of both PPA and power side-channel protection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fan Yao,Guru Venkataramani

DOI: https://doi.org/10.48550/arXiv.1902.03518

2019-02-10

Abstract:DRAM-based main memory and its associated components increasingly account for a significant portion of application performance bottlenecks and power budget demands inside the computing ecosystem. To alleviate the problems of storage density and power constraints associated with DRAM, system architects are investigating alternative non-volatile memory technologies such as Phase Change Memory (PCM) to either replace or be used alongside DRAM memory. While such alternative memory types offer many promises to overcome the DRAM-related issues, they present a significant security threat to the users due to persistence of memory data even after power down. In this paper, we investigate smart mechanisms to obscure the data left in non-volatile memory after power down. In particular, we analyze the effect of using a single encryption algorithm versus differentiated encryption based on the security needs of the application phases. We also explore the effect of encryption on a hybrid main memory that has a DRAM buffer cache plus PCM main memory. Our mechanism takes into account the limited write endurance problem associated with several non-volatile memory technologies including PCM, and avoids any additional writes beyond those originally issued by the applications. We evaluate using Gem5 simulator and SPEC 2006 applications, and show the performance and power overheads of our proposed design.

Cryptography and Security,Hardware Architecture

Weizhen Wang,Jun Han,Zhicheng Xie,Shan Huang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/isocc.2016.7799761

2016-01-01

Abstract:Together with the popularity of internet of things (IoT), the information security in IoT is becoming an urgent issue. In this paper, a cryptographic coprocessor is designed to provide security for IoT sensor nodes. This design incorporates the application-specific instruction set to support popular cryptography algorithms like advanced encryption standard (AES) and elliptic curve cryptography (ECC). The tailored instruction provides good flexibility, high energy efficiency and low latency. Local instruction and data ram is integrated into our coprocessor to reduce the instruction transfer between embedded processor and the coprocessor. Our work was synthesized under TSMC 65 nm technology. The measurement results show that our design consumes 32.7 uJ for each ECC point multiplication and 3 nJ for each AES encryption and decryption when working at 10 MHz.

Illia Ostapyshyn,Gabriele Serra,Tim-Marek Thomas,Daniel Lohmann

DOI: https://doi.org/10.1109/tcad.2024.3443773

IF: 2.9

2024-11-09

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:ARMv8.3-A has introduced the pointer authentication (PA) feature, a new set of measures and instructions to sign and validate pointers. PA is already used and supported by the major compilers to protect the return addresses on the stack as a measure against memory corruption attacks. As more and more SoCs implement ARMv8.3-A and code compiled with PA is even fully backwards compatible on CPUs without (where the new instructions are just ignored), we can expect PA-enabled binaries to become standard in the near future. This gives rise to the question, if and how also systems without the native PA could benefit from the extra security provided by the return address protection. In this article, we explore KPAC, a set of efficient software-based approaches to bring the PA-based return-address protection onto the platforms without the hardware support in an easily adoptable (binary-compatible) and scalable manner. Technically, KPAC achieves this by either a synchronous trap-based emulation inside the kernel or an asynchronous novel memory-based invocation of a dedicated CPU core. Our experiments with the CortexSuite benchmarks, Chromium, and Memcached on a variety of platforms running Linux ranging from a Xilinx ZCU102 board over a Raspberry Pi 4 up to an 80-core Ampere Altra demonstrate the broad applicability and scalability of our approach. Furthermore, we discuss how the principles of KPAC can be generalized to the other suited problem areas.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Jea Min Cho,Seungsoo Kim,Tae Won Park,Dong Hoon Shin,Yeong Rok Kim,Hyungjun Park,Dong Yun Kim,Soo Hyung Lee,Taegyun Park,Cheol Seong Hwang

DOI: https://doi.org/10.1039/d4nh00420e

2024-11-07

Nanoscale Horizons

Abstract:The importance of hardware security increases significantly to protect the vast amounts of private data stored on edge devices. Physical unclonable functions (PUFs) are gaining prominence as hardware security primitives for their ability to generate true random digital keys by exploiting the inherent randomness of the physical devices. Traditional approaches, however, require significant data movement between memory units and PUF generation circuits to perform encryption, presenting considerable energy efficiency and security challenges. This study introduces an innovative approach where PUF key generation and encryption are accomplished in the same vertically integrated resistive random access memory (V-RRAM), alleviating the data movement issue. The proposed V-RRAM encryption machine offers concealable PUFs, high area efficiency, and multi-thread data handling using parallel XOR logic operations. The encryption machine is compared with other machines, demonstrating the highest spatiotemporal cost-effectiveness.

materials science, multidisciplinary,chemistry, physical,nanoscience & nanotechnology

Shuming Guo,Yinyin Lin,Hao Wang,Yao Li,Chongyan Gu,Weiqiang Liu,Yijun Cui

DOI: https://doi.org/10.1109/tvlsi.2024.3496735

2024-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:The Internet of Things (IoT) allows devices to interact for real-time data transfer and remote control. However, IoT hardware devices have been shown security vulnerabilities. Edge device authentications, as a crucial process for IoT systems, generate and use unique IDs for secure data transmissions. Conventional authentication techniques, computational and heavyweight, are challenging and infeasible in IoT due to limited resources in IoTs. Physical unclonable functions (PUFs), a lightweight hardware-based security primitive, were proposed for resource-constrained applications. We propose a new PUF design for resource-constrained IoT devices based on low-cost logic-compatible multiple-time programmable (MTP) memory cells. The structure includes an array of MTP differential memory cells and a PUF extraction circuit. The extraction method uses the random distribution of BL current after programming each memory cell in logic-compatible MTP memory as the entropy source of PUF. Responses are obtained by comparing the current values of two memory cells under a certain address by challenge, forming challenge–response pairs (CRPs). This scheme does not increase hardware consumption and circuit differences on edge devices and is intrinsic PUF. Finally, 200 PUF chips were fabricated by CSMC based on the 0.153- $\mu$ m MCU single-gate CMOS process. The performance of the logic-compatible MTP memory cell and its PUF was evaluated. A logic-compatible MTP cell has good programming erase efficiency and good durability and retention. The uniqueness of the proposed PUF is 50.29%, the uniformity is 51.82%, and the reliability is 93.61%.

Hala Ajmi,Fakhreddine Zayer,Hamdi Belgacem

2024-08-21

Abstract:This paper presents an innovative approach utilizing in-memory computing (IMC) for the development and integration of AES (Advanced Encryption Standard) cipher technique. Our research aims to enhance cybersecurity measures for a wide range of applications for IoT, such as robotic self-driving and several uses contexts. Memristor (MR) design optimized for in-memory processing is introduced. Our work highlights the development of a 4-bit state memristor device tailored for various range of arithmetic functions in a hardware prototype of AES system. Additionally, we propose a pipeline AES design aimed at harnessing extensive parallelism and ensuring compatibility with MR devices. This approach enhances hardware performance by by managing larger data amounts, accelerating computational, and achieving greater precision demands. Compared to traditional AES hardware, AES-IMC demonstrates an approximate 30 % improvement in power with a comparable throughput rate. Compared with the latest AES-based NVM engines, AES-IMC achieves an impressive 62 % improvement in throughput at similar power dissipation levels. The IMC-developed design will protect against unintentional incidents involving unmanned devices, reducing the risks associated with hostile assaults such as hijacking and illegal control of robots. This helps to reduce the possible economic and financial losses caused by incidents

Hardware Architecture