Xuewen He,Yichuan Bai,Yujia Liu,Li Du,Zhongfeng Wang,Yuan Du

DOI: https://doi.org/10.1109/jiot.2023.3333203

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In Internet of Things (IoT) endpoint devices, some data or address ciphers are used for real-time memory protection to mitigate some side-channel attacks against memories. To better meet the requirements of real-time memory protection, this article proposes a hardware engine of permutation-based address encryption (PAE) to implement memory address encryption with flexible width adaptation, low latency, and low hardware overhead. When evaluated with TSMC's 40-nm standard CMOS technology, PAE features lightweight characteristics with a gate count of 0.589 KGates, which is only 0.37% of advanced encryption standard (AES) and 33.50% of address cipher Galois field encryption (GF-Enc). The security of PAE in memory protection is quantitatively proven through both logic cryptanalysis and side-channel attacks. The results show that PAE performs effective mitigation in some side-channel attacks and provides better security than other address ciphers in resisting the brute-force attack, chosen-plaintext attack, and the differential attack. A RISC-V system with PAE and AES is deployed on an field-programmable gate array platform to analyze the impact on performance. The evaluation data show that PAE has no impact on system throughput in the case analysis, while AES reduces system throughput by 89.47%.

Yuchen Mei,Li Du,Xuewen He,Yuan Du,Xiaoliang Chen,Zhongfeng Wang

DOI: https://doi.org/10.1109/socc49529.2020.9524762

2020-01-01

Abstract:Most of the existing memory encryption techniques in IoT devices are based on data encryption. The level of security increases at the cost of the increased encryption algorithm complexity, resulting in large power consumption and area overhead for high-security devices. In this paper, we take a significantly different approach to encrypt the device memory through address encryption. A reconfigurable architecture called Permutation based Address Encryption (PAE) is proposed, for the first time, to encrypt the device memory with minor hardware overhead and much shorter processing time. The architecture is synthesized in SMIC 40nm standard CMOS technology. Compared with Data Encryption Standard (DES), the proposed PAE achieves 16x encryption speed and 1.4x effective key length. When combined with the DES, the PAE+DES encryption outperforms existing hardware Advanced Encryption Standard (AES) with almost 2x in power efficiency, more than 1.5x in area efficiency and better security, making it a promising hardware encryption technique for IoT devices.

Tong Sun,Borui Li,Yixiao Teng,Yi Gao,Wei Dong

DOI: https://doi.org/10.1109/ipsn61024.2024.00021

2024-01-01

Abstract:Internet of Things (IoT) applications have recently been widely used in safety-critical scenarios. To prevent sensitive information leaks, IoT device vendors provide hardware-assisted protections, called Trusted Execution Environments (TEEs), like ARM Trust-Zone. Programming a TEE-based application requires separate code for two components, significantly slowing down the development process. Existing solutions tackle this issue by automatic code partition while not successfully applying it in two complicated scenarios: adding trusted logic and interactions with secure peripherals.We propose dTEE, a declarative approach to secure IoT applications based on TrustZone. dTEE proposes a rapid approach that enables developers to declare tiered-sensitive variables and functions of existing applications. Besides, dTEE automatically transforms device drivers into trusted ones. We evaluate dTEE on four real-world IoT applications and seven micro-benchmarks. Results show that dTEE achieves high expressiveness for supporting 50% more applications than existing approaches and reduces 90% of the lines of code against handcrafted development.

Mingyuan Ma,Yu Zhu,Zhenhua Zhu,Rui Yuan,Jialong Liu,Liying Xu,Yuchao Yang,Yu Wang

DOI: https://doi.org/10.1109/mnano.2022.3141514

2022-01-01

IEEE Nanotechnology Magazine

Abstract:Emerging nonvolatile main memory (NVMM) suffers from secure vulnerability due to its nonvolatility. To address this issue, existing methods tend to employ the encryption engine on the CPU side for encryption. However, this incurs large energy and latency overhead due to the massive data movement between the CPU and NVMM. On the other hand, popular encryption algorithms like the Advanced Encryption Standard (AES) usually involve massive bit-level parallelism. As a result, an emerging technology named logic-in-memory (LiM), which leverages the electrical characteristics of nonvolatile devices to enable efficient in-memory Boolean operations in parallel, is a promising solution to eliminating data movement overhead and enables faster and more energy-efficient encryption.

Jianming Huang,Yu Hua

2023-07-05

Abstract:Extended Asynchronous DRAM Refresh (eADR) proposed by Intel extends the persistence domain from the Non-Volatile Memory (NVM) to CPU caches and offers the persistence guarantee. Due to allowing lazy persistence and decreasing the amounts of instructions, eADR-based NVM systems significantly improve performance. Existing designs however fail to provide efficient encryption schemes to ensure data confidentiality in eADR-based NVM systems. It is challenging to guarantee both data persistence and confidentiality in a cost-efficient manner due to the transient persistence property of caches in eADR. Once the system crashes, eADR flushes the unencrypted data from the cache into NVM, in which security issues occur due to no encryption. To bridge the gap between persistence and confidentiality, we propose cost-efficient BBE and Sepencr encryption schemes that efficiently match different eADR execution models from ideal to practice. Under the ideal eADR execution model, BBE supports the encryption module via the battery of eADR upon crashes. Under the practical eADR execution model, Sepencr generates the one-time paddings (OTPs) at the system startup to encrypt the cached data in case the system crashes. Our evaluation results show that compared with an intuitive in-cache encryption scheme in eADR-based systems, our designs significantly reduce performance overheads while efficiently ensuring data confidentiality.

Cryptography and Security

Zhe Liu,Reza Azarderakhsh,Howon Kim,Hwajeong Seo

DOI: https://doi.org/10.1007/978-3-319-62024-4_6

2017-01-01

Abstract:ARM NEON architecture has occupied a significant share of high-end Internet of Things platforms such as mini computer, tablet and smartphone markets due to its low cost and high performance. This paper studies efficient techniques of lattice-based cryptography on ARM processor and presents the first implementation of ring-LWE encryption on ARM NEON architecture. We propose a vectorized version of Iterative Number Theoretic Transform (NTT) for high-speed computation and present a 32-bit variant of SAMS2 technique, original from Liu et al. in CHES2015, for fast reduction. Subsequently, we present a full-fledged implementation of Ring-LWE by taking advantage of proposed and previous optimization techniques. Ultimately, our ring-LWE implementation requires only 145 k clock cycles for encryption and 32.8 k cycles for decryption for $$n=256$$. These results are more than 17.6 times faster than the fastest ECC implementation on ARM NEON with same security level.

Hala Ajmi,Fakhreddine Zayer,Amira Hadj Fredj,Belgacem Hamdi,Baker Mohammad,Naoufel Werghi,Jorge Dias

DOI: https://doi.org/10.1016/j.jpdc.2024.104898

2022-05-24

Abstract:The paper proposes in-memory computing (IMC) solution for the design and implementation of the Advanced Encryption Standard (AES) based cryptographic algorithm. This research aims at increasing the cyber security of autonomous driverless cars or robotic autonomous vehicles. The memristor (MR) designs are proposed in order to emulate the AES algorithm phases for efficient in-memory processing. The main features of this work are the following: a memristor 4bit state element is developed and used for implementing different arithmetic operations for AES hardware prototype; A pipeline AES design for massive parallelism and compatibility targeting MR integration; An FPGA implementation of AES-IMC based architecture with MR emulator. The AES-IMC outperforms existing architectures in both higher throughput, and energy efficiency. Compared with the conventional AES hardware, AES-IMC shows ~30% power enhancement with comparable throughput. As for state-of-the-art AES based NVM engines, AES-IMC has comparable power dissipation, and ~62% increased throughput. By enabling the cost-effective real-time deployment of the AES, the IMC architecture will prevent unintended accidents with unmanned devices caused by malicious attacks, including hijacking and unauthorized robot control.

Cryptography and Security,Hardware Architecture

Xian Zhang,Chao Zhang,Guangyu Sun,Jia Di,Tao Zhang

DOI: https://doi.org/10.1109/CASES.2013.6662530

2013-01-01

Abstract:Emerging non-volatile memories (NVMs) have been considered as promising alternatives of DRAM for future main memory design. The NVM main memory has advantages of low standby power, high density, and good scalability. Its non-volatility, however, induces a security design challenge that data retained in memory after power-off need to be protected from malicious attacks. Although several approaches have been proposed to solve this problem through data encryption, they have some limitations such as high design complexity and non-trivial timing/energy overhead. Moreover, these techniques decrease the lifetime of NVM main memory due to extra write operations caused by encryption. In order to overcome these limitations, we propose an efficient PAD-XOR based encryption scheme in this work. A novel PAD generator based on a randomizer and several sub-PAD tables is introduced. With the PAD generator, our encryption scheme can provide run-time data protection to all data in NVM memory with low timing and power overhead. In addition, the encryption process can co-operate with wear-leveling of NVM to reduce design complexity. More important, our encryption technique has no impact on lifetime because no extra writes are incurred. Experimental results demonstrate that, compared to prior approaches, our design can achieve the same security strength with substantial lower overhead in respect of timing, energy consumption, and design complexity.

Yixin Xu,Yi Xiao,Zijian Zhao,Franz Müller,Alptekin Vardar,Xiao Gong,Sumitha George,Thomas Kämpfe,Vijaykrishnan Narayanan,Kai Ni

2023-06-03

Abstract:Non-volatile memories (NVMs) have the potential to reshape next-generation memory systems because of their promising properties of near-zero leakage power consumption, high density and non-volatility. However, NVMs also face critical security threats that exploit the non-volatile property. Compared to volatile memory, the capability of retaining data even after power down makes NVM more vulnerable. Existing solutions to address the security issues of NVMs are mainly based on Advanced Encryption Standard (AES), which incurs significant performance and power overhead. In this paper, we propose a lightweight memory encryption/decryption scheme by exploiting in-situ memory operations with negligible overhead. To validate the feasibility of the encryption/decryption scheme, device-level and array-level experiments are performed using ferroelectric field effect transistor (FeFET) as an example NVM without loss of generality. Besides, a comprehensive evaluation is performed on a 128x128 FeFET AND-type memory array in terms of area, latency, power and throughput. Compared with the AES-based scheme, our scheme shows around 22.6x/14.1x increase in encryption/decryption throughput with negligible power penalty. Furthermore, we evaluate the performance of our scheme over the AES-based scheme when deploying different neural network workloads. Our scheme yields significant latency reduction by 90% on average for encryption and decryption processes.

Emerging Technologies

Zhun Zhang,Xiang Wang,Qiang Hao,Dongdong Xu,Jinlei Zhang,Jiakang Liu,Jinhui Ma

DOI: https://doi.org/10.3390/mi12050560

IF: 3.4

2021-05-15

Micromachines

Abstract:Dynamic data security in embedded systems is raising more and more concerns in numerous safety-critical applications. In particular, the data exchanges in embedded Systems-on-Chip (SoCs) using main memory are exposing many security vulnerabilities to external attacks, which will cause confidential information leakages and program execution failures for SoCs at key points. Therefore, this paper presents a security SoC architecture with integrating a four-parallel Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) cryptographic accelerator for achieving high-efficiency data processing to guarantee data exchange security between the SoC and main memory against bus monitoring, off-line analysis, and data tampering attacks. The architecture design has been implemented and verified on a Xilinx Virtex-5 Field Programmable Gate Array (FPGA) platform. Based on evaluation of the cryptographic accelerator in terms of performance overhead, security capability, processing efficiency, and resource consumption, experimental results show that the parallel cryptographic accelerator does not incur significant performance overhead on providing confidentiality and integrity protections for exchanged data; its average performance overhead reduces to as low as 2.65% on typical 8-KB I/D-Caches, and its data processing efficiency is around 3 times that of the pipelined AES-GCM construction. The reinforced SoC under the data tampering attacks and benchmark tests confirms the effectiveness against external physical attacks and satisfies a good trade-off between high-efficiency and hardware overhead.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

Eunjin Choi,Jina Park,Kyuseung Han,Woojoo Lee

DOI: https://doi.org/10.1016/j.jestch.2024.101894

IF: 5.155

2024-11-22

Engineering Science and Technology an International Journal

Abstract:As open-source RISC-V cores continue to be released, the development of low-power multicore processors utilizing these cores is invigorating the edge/IoT device market. Nevertheless, comprehensive research on developing low-power multicore processors with integrated security features using existing open RISC-V cores remains limited. This study addresses this gap by introducing AESware , a dedicated lightweight hardware designed for energy-efficient AES (Advanced Encryption Standard) task execution, contributing to the development of AES-specific low-power RISC-V multicore processors. AESware supports variable key lengths and ensures minimal power consumption with a compact design. This standalone IP (Intellectual Property) is compatible with various open RISC-V cores, offering scalability and convenience. And importantly, we propose the most energy-efficient architecture for multicore processors equipped with AESware. Instead of assigning dedicated AESware to each core, we introduce a shared AESware architecture to maximize energy efficiency. We develop an operational algorithm for task scheduling in AESware, achieving maximum utilization and minimal latency while maintaining its lightweight nature. To evaluate our solution, we developed 24 processors into three groups: AESware-equipped, baseline, and those with an external AES accelerator per core. After FPGA (Field-Programmable Gate Array) prototyping for functional verification and power consumption analysis via 45 nm process technology synthesis, our findings revealed significant energy savings. AESware-equipped processors achieved up to 76%, 47%, and 33% energy savings at dual-, quad-, and octa-core configurations compared to baseline, respectively, and were more energy-efficient in running AES applications than those with individual accelerators.

engineering, multidisciplinary

Rui Chang,Liehui Jiang,Wenzhi Chen,Yang Xiang,Yuxia Cheng,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1007/s10586-017-0833-4

2017-01-01

Cluster Computing

Abstract:With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Ali Fakhrzadehgan,Prakash Ramrakhyani,Moinuddin K. Qureshi,Mattan Erez

DOI: https://doi.org/10.1109/DSN58367.2023.00016

2023-10-28

Abstract:The security goals of cloud providers and users include memory confidentiality and integrity, which requires implementing Replay-Attack protection (RAP). RAP can be achieved using integrity trees or mutually authenticated channels. Integrity trees incur significant performance overheads and are impractical for protecting large memories. Mutually authenticated channels have been proposed only for packetized memory interfaces that address only a very small niche domain and require fundamental changes to memory system architecture. We propose SecDDR, a low-cost RAP that targets direct-attached memories, like DDRx. SecDDR avoids memory-side data authentication, and thus, only adds a small amount of logic to memory components and does not change the underlying DDR protocol, making it practical for widespread adoption. In contrast to prior mutual authentication proposals, which require trusting the entire memory module, SecDDR targets untrusted modules by placing its limited security logic on the DRAM die (or package) of the ECC chip. Our evaluation shows that SecDDR performs within 1% of an encryption-only memory without RAP and that SecDDR provides 18.8% and 7.8% average performance improvements (up to 190.4% and 24.8%) relative to a 64-ary integrity tree and an authenticated channel, respectively.

Cryptography and Security,Hardware Architecture

Yixin Xu,Yi Xiao,Zijian Zhao,Franz Müller,Alptekin Vardar,Xiao Gong,Sumitha George,Thomas Kämpfe,Vijaykrishnan Narayanan,Kai Ni

DOI: https://doi.org/10.1038/s41467-023-43941-5

IF: 16.6

2023-12-14

Nature Communications

Abstract:Non-volatile memories (NVMs) have the potential to reshape next-generation memory systems because of their promising properties of near-zero leakage power consumption, high density and non-volatility. However, NVMs also face critical security threats that exploit the non-volatile property. Compared to volatile memory, the capability of retaining data even after power down makes NVM more vulnerable. Existing solutions to address the security issues of NVMs are mainly based on Advanced Encryption Standard (AES), which incurs significant performance and power overhead. In this paper, we propose a lightweight memory encryption/decryption scheme by exploiting in-situ memory operations with negligible overhead. To validate the feasibility of the encryption/decryption scheme, device-level and array-level experiments are performed using ferroelectric field effect transistor (FeFET) as an example NVM without loss of generality. Besides, a comprehensive evaluation is performed on a 128 × 128 FeFET AND-type memory array in terms of area, latency, power and throughput. Compared with the AES-based scheme, our scheme shows ~22.6×/~14.1× increase in encryption/decryption throughput with negligible power penalty. Furthermore, we evaluate the performance of our scheme over the AES-based scheme when deploying different neural network workloads. Our scheme yields significant latency reduction by 90% on average for encryption and decryption processes.

multidisciplinary sciences

Wenjie Xiong,Liu Ke,Dimitrije Jankov,Michael Kounavis,Xiaochen Wang,Eric Northup,Jie Amy Yang,Bilge Acun,Carole-Jean Wu,Ping Tak Peter Tang,G. Edward Suh,Xuan Zhang,Hsien-Hsin S. Lee

DOI: https://doi.org/10.1109/HPCA53966.2022.00026

2022-01-01

Abstract:Today’s data-intensive applications increasingly suffer from significant performance bottlenecks due to the limited memory bandwidth of the classical von Neumann architecture. Near-Data Processing (NDP) has been proposed to perform computation near memory or data storage to reduce data movement for improving performance and energy consumption. However, the untrusted NDP processing units (PUs) bring in new threats to workloads that are private and sensitive, such as private database queries and private machine learning inferences. Meanwhile, most existing secure hardware designs do not consider off-chip components trustworthy. Once data leaving the processor, they must be protected, e.g., via block cipher encryption. Unfortunately, current encryption schemes do not support computation over encrypted data stored in memory or storage, hindering the adoption of NDP techniques for sensitive workloads.In this paper, we propose SecNDP, a lightweight encryption and verification scheme for untrusted NDP devices to perform computation over ciphertext and verify the correctness of linear operations. Our encryption scheme leverages arithmetic secret sharing in secure Multi-Party Computation (MPC) to support operations over ciphertext, and uses counter-mode encryption to reduce the decryption latency. The security of the encryption and verification algorithm is formally proven. Compared with a non-NDP baseline, secure computation with SecNDP significantly reduces the memory bandwidth usage while providing security guarantees. We evaluate SecNDP for two workloads of distinct memory access patterns. In the setting of eight NDP units, we show a speedup up to 7.46× and energy savings of 18% over an unprotected non-NDP baseline, approaching the performance gain attained by native NDP without protection. Furthermore, SecNDP does not require any security assumption on NDP to hold, thus, using the same threat model as existing secure processors. SecNDP can be implemented without changing the NDP protocols and their inherent hardware design.

Hala Ajmi,Fakhreddine Zayer,Hamdi Belgacem

2024-08-21

Abstract:This paper presents an innovative approach utilizing in-memory computing (IMC) for the development and integration of AES (Advanced Encryption Standard) cipher technique. Our research aims to enhance cybersecurity measures for a wide range of applications for IoT, such as robotic self-driving and several uses contexts. Memristor (MR) design optimized for in-memory processing is introduced. Our work highlights the development of a 4-bit state memristor device tailored for various range of arithmetic functions in a hardware prototype of AES system. Additionally, we propose a pipeline AES design aimed at harnessing extensive parallelism and ensuring compatibility with MR devices. This approach enhances hardware performance by by managing larger data amounts, accelerating computational, and achieving greater precision demands. Compared to traditional AES hardware, AES-IMC demonstrates an approximate 30 % improvement in power with a comparable throughput rate. Compared with the latest AES-based NVM engines, AES-IMC achieves an impressive 62 % improvement in throughput at similar power dissipation levels. The IMC-developed design will protect against unintentional incidents involving unmanned devices, reducing the risks associated with hostile assaults such as hijacking and illegal control of robots. This helps to reduce the possible economic and financial losses caused by incidents

Hardware Architecture

Utsav Banerjee,Andrew Wright,Chiraag Juvekar,Madeleine Waller,Arvind,Anantha P. Chandrakasan

DOI: https://doi.org/10.1109/JSSC.2019.2915203

2019-07-10

Abstract:This paper presents the first hardware implementation of the Datagram Transport Layer Security (DTLS) protocol to enable end-to-end security for the Internet of Things (IoT). A key component of this design is a reconfigurable prime field elliptic curve cryptography (ECC) accelerator, which is 238x and 9x more energy-efficient compared to software and state-of-the-art hardware respectively. Our full hardware implementation of the DTLS 1.3 protocol provides 438x improvement in energy-efficiency over software, along with code size and data memory usage as low as 8 KB and 3 KB respectively. The cryptographic accelerators are coupled with an on-chip low-power RISC-V processor to benchmark applications beyond DTLS with up to two orders of magnitude energy savings. The test chip, fabricated in 65 nm CMOS, demonstrates hardware-accelerated DTLS sessions while consuming 44.08 uJ per handshake, and 0.89 nJ per byte of encrypted data at 16 MHz and 0.8 V.

Cryptography and Security

liu genxian,wang haixia,liu zhenyu,wang dongsheng

DOI: https://doi.org/10.3778/j.issn.1002-8331.1403-0022

2014-01-01

Abstract:Embedded systems in high security-sensitive areas are susceptible to various types of attacks, including stealing passwords, tampering data and offline analysis. Especially, the hardware-level attacks often result in significant losses to the users. In order to defend the above attacks, the off-chip memory is encrypted and authenticated through AES-GCM algorithm. This scheme writes data after encryption, decrypt and authenticate after read data. In addition, a function is built that scrambling password with page address to ensure the encryption strength. Finally LRU cache is introduced to improve its performance. The scheme is implemented on STM32F103 microprocessor platform in software and the feasibility of the system design is proved. The memory stress experiment shows that the system security is strengthened with 9% performance degradation.

Ronghua Lu,Jun Han,Xiaoyang Zeng,Qing Li,Lang Mai,Jia Zhao

DOI: https://doi.org/10.1109/aspdac.2008.4483921

2008-01-01

Abstract:A low-cost cryptographic processor for security embedded system is presented in this paper. The processor, without any assistance of dedicated cryptographic coprocessors, is scalable and very efficient for popular cryptographic algorithms such as RSA/ECC, AES, Hash, etc. Based on SMIC 0.18 um standard CMOS technology, the core circuit of the test chip has only about 32 k gates, and a max frequency of 200 MHz, under which the 1024-bit RSA algorithm takes only 150 ms and the throughout of AES reaches 256 Mbits/s.

Jianfeng Wang,Zhonghao Chen,Yiming Chen,Yixin Xu,Tianyi Wang,Yao Yu,Vijaykrishnan Narayanan,Sumitha George,Huazhong Yang,Xueqing Li

DOI: https://doi.org/10.1109/aicas57966.2023.10168612

2023-01-01

Abstract:With the wide use of NVM-based DNN accelerators for higher computing efficiency, the long data retention time essentially causes a high risk of unauthorized weight stealing by attackers. Weight encryption is an effective method, but existing ciphertext computing accelerators cannot achieve high encryption complexity and flexibility. This paper proposes WeightLock, a mixed-grained hardware-software co-design approach based on local decrypting units (LDUs). This work proposes a key-controlled cell-level hardware design for higher granularity and two weight selection schemes for higher flexibility. The simulation results show that the accuracy of VGG-8 and ResNet-18 in the Cifar-10 classification drops from 80% to only 10% even if 80% of keys are leaked. This shows >20% higher key leakage tolerance and >17x longer retraining latency protection, compared with the prior state-of-the-art hardware and software approaches, respectively. The area cost of the encryption function is negligible, with ~600x, 2.2x, and 2.4x reduction from the state-of-the-art cell-wise, column-wise, and 1T4R structures, respectively.