Abstract
A rising tide of exploits, in the recent years, following a steady discovery of the many vulnerabilities pervasive in modern computing systems has led to a growing number of studies in designing systems-on-chip (SoCs) with security as a first-class consideration. Following the momentum behind RISC-V-based systems in the public domain, much of this effort targets RISC-V-based SoCs; most ideas, however, are independent of this choice. In this manuscript, we present a consolidation of our early efforts along these lines in designing a secure SoC around RISC-V, named ITUS. In particular, we discuss a set of primitive building blocks of a secure SoC and present some of the implemented security subsystems using these building blocks—such as secure boot, memory protection, PUF-based key management, a countermeasure methodology for RISC-V micro-architectural side-channel leakage, and an integration of the open keystone-enclaves for TEE. The current ITUS SoC prototype, integrating the discussed security subsystems, was built on top of the lowRISC project; however, these are portable to any other SoC code base. The SoC prototype has been evaluated on an FPGA.
Similar content being viewed by others
Notes
e.g., BCH(398, 128, 32) capable of correcting up to 32 bit errors using 270 bits of helper data
6.25% overhead, 2 bit-tag over every 32-bit word
References
Kim Y, Daly R, Kim J, Lee JH, Lee D, Wilkerson C, Lai K, Mutlu O (2014) Flipping bits in memory without accessing them: an experimental study of dram disturbance errors. In: Proceeding of the 41st Annual International Symposium on Computer Architecuture, ser. ISCA ’14. IEEE Press, Piscataway, pp 361–372
Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Fogh A, Horn J, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown: reading kernel memory from user space. In: 27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD: USENIX Association, pp 973–990
Van Bulck J, Minkin M, Weisse O, Genkin D, Kasikci B, Piessens F, Silberstein M, Wenisch TF, Yarom Y, Strackx R Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: Proceedings of the 27th USENIX Security Symposium. USENIX Association, August 2018, see also technical report Foreshadow-NG
Canella C, Pudukotai Dinakarrao SM, Gruss D, Khasawneh KN (2020) Evolution of defenses against transient-execution attacks. In: Proceedings of the 2020 on Great Lakes Symposium on VLSI, pp 169–174
Jang Y, Lee S, Kim T (2016) Breaking kernel address space layout randomization with intel tsx. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16. ACM, New York, pp 380–392. [Online]. Available: https://doi.org/10.1145/2976749.2978321
McIlroy R, Sevcík J, Tebbi T, Titzer BL, Verwaest T (2019) Spectre is here to stay: an analysis of side-channels and speculative execution, CoRR, [Online]. Available: arXiv:1902.05178
Ravi P, Najm Z, Bhasin S, Khairallah M, Gupta SS, Chattopadhyay A (2019) Security is an architectural design constraint, Microprocessors and microsystems, vol 68, pp 17–27, [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0141933118302229
Knechtel J, Kavun EB, Regazzoni F, Heuser A, Chattopadhyay A, Mukhopadhyay D, Fei Y, Belenky Y, Levi I, Güneysu T, Schaumont P, Polian I (2020) Towards secure composition of integrated circuits and electronic systems: on the role of eda
Suh GE, Clarke D, Gassend B, Van Dijk M, Devadas S (2003) Aegis: architecture for tamper-evident and tamper-resistant processing. In: Proceedings of the 17th annual international conference on Supercomputing. ACM, pp 160–171
Costan V, Lebedev I, Devadas S (2016) Sanctum: minimal hardware extensions for strong software isolation. In: USENIX Security Symposium, pp 857–874
Lee D, Kohlbrenner D, Shinde S, Asanovic K, Song D (2020) Keystone: an open framework for architecting trusted execution environments. In: Proceedings of the Fifteenth European Conference on Computer Systems, ser. EuroSys ’20
Weiser S, Werner M, Brasser F, Malenko M, Mangard S, Sadeghi A-R (2019) Timber-v: Tag-isolated memory bringing fine-grained enclaves to risc-v. In: Proceedings 2019 - Network and Distributed System Security Symposium (NDSS). Internet Society
Menon A, Murugan S, Rebeiro C, Gala N, Veezhinathan K (2017) Shakti-t: a risc-v processor with light weight security extensions. In: Proceedings of the Hardware and Architectural Support for Security and Privacy, ser. HASP ’17. Association for Computing Machinery, New York. [Online]. Available: https://doi.org/10.1145/3092627.3092629
Kumar VBY, Chattopadhyay A, Haj-Yahya J, Mendelson A (2019) Itus: a secure risc-v system-on-chip. In: 2019 32nd IEEE International System-on-Chip Conference (SOCC), p 418–423
Haj-Yahya J, Wong MM, Pudi V, Bhasin S, Chattopadhyay A (2019) Lightweight secure-boot architecture for risc-v system-on-chip. In: 20th International Symposium on Quality Electronic Design (ISQED), pp 216–223
Kumar VBY, Gupta N, Chattopadhyay A, Kasper M, Krauß C, Niederhagen R (2020) Post-quantum secure boot. In: Design, Automation & Test in Europe Conference & Exhibition. IEEE, Grenoble
Srinivasu B, Pudi V, Chattopadhyay A, Lam K (2018) CoLPUF : a novel configurable LFSR-based PUF. In: APCCAS. IEEE, pp 358–361
Wong MM, Haj-Yahya J, Chattopadhyay A (2018) Smarts: Secure memory assurance of risc-v trusted soc. In: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, ser. HASP ’18. ACM, New York, pp 6:1–6:8. [Online]. Available: https://doi.org/10.1145/3214292.3214298
Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown, arXiv:1801.01207
Kocher P, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, Mangard S, Prescher T, Schwarz M, Yarom Y (2018) Spectre attacks: exploiting speculative execution, arXiv preprint:1801.01203
Bar-El H, Choukri H, Naccache D, Tunstall M, Whelan C (2006) The sorcerer’s apprentice guide to fault attacks. Proc IEEE 94(2):370–382
Murdock K, Oswald D, Garcia FD, Van Bulck J, Gruss D, Piessens F (2020) Plundervolt: software-based fault injection attacks against intel sgx. In: 2020 IEEE Symposium on Security and Privacy (SP)
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual International Cryptology Conference. Springer, pp 388–397
Group TC (2011) TPM main specification level 2 version 1.2, revision 116
Ravi P, Bhasin S, Breier J, Chattopadhyay A (2018) Ppap and ippap: Pll-based protection against physical attacks. In: 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), pp 620–625
Gupta N, Jati A, Chattopadhyay A, Sanadhya SK, Chang D (2017) Threshold implementations of gift: a trade-off analysis, Cryptology ePrint Archive, Report 2017/1040, https://eprint.iacr.org/2017/1040
Genkin D, Shamir A, Tromer E (2013) Rsa key extraction via low-bandwidth acoustic cryptanalysis, Cryptology ePrint Archive, Report 2013/857, https://eprint.iacr.org/2013/857
Bhattacharya S, Mukhopadhyay D (2016) Curious case of rowhammer: flipping secret exponent bits using timing analysis, Cryptology ePrint Archive, Report 2016/618, https://eprint.iacr.org/2016/618
Niederhagen R et al Industrial use cases and requirements for the deployment of post-quantum cryptography, volume wp.1, Fraunhofer Institute for Secure Information Technology, Technical Report. [Online]. Available: https://quantumrisc.org/results/quantumrisc-wp1-report.pdf
Fritzmann T, Sharif U, Müller-Gritschneder D, Reinbrecht C, Schlichtmann U, Sepulveda J (2019) Towards reliable and secure post-quantum co-processors based on risc-v. In: 2019 Design, Automation Test in Europe Conference Exhibition (DATE), pp 1148–1153
Gassend B, Clarke D, van Dijk M, Devadas S (2002) Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, ser. CCS ’02. ACM, New York, pp 148–160. [Online]. Available: https://doi.org/10.1145/586110.586132
Szefer J (2016) Survey of microarchitectural side and covert channels, attacks, and defenses, Cryptology ePrint Archive, Report 2016/479, https://eprint.iacr.org/2016/479
Bourgeat T, Lebedev I, Wright A, Zhang S (2018) Arvind, and S. Devadas, MI6: secure enclaves in a speculative out-of-order processor, CoRR, [Online]. Available: arXiv:1812.09822
Austin TM (1999) Diva: a reliable substrate for deep submicron microarchitecture design. In: Proceedings of the 32nd Annual ACM/IEEE International Symposium on Microarchitecture, ser. MICRO 32. IEEE Computer Society, USA, p 196–207
Zhang H, Ghosh S, Fix J, Apostolakis S, Beard SR, Nagendra NP, Oh T, August DI (2019) Architectural support for containment-based security. In: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, ser. ASPLOS ’19. Association for Computing Machinery, New York, pp 361–377
Jauernig P, Sadeghi A, Stapf E (2020) Trusted execution environments: properties, applications, and challenges. IEEE Secur Privacy 18(2):56–60
Zhang S, Wright A, Bourgeat T (2019) Composable building blocks to open up processor design. IEEE Micro 39(3):47–55, https://github.com/csail-csg/riscy-OOO
Sau S, Haj-Yahya J, Wong MM, Lam KY, Chattopadhyay A (2017) Survey of secure processors. In: 2017 International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS), pp 253–260
Sau S (2009) SHE: secure hardware extension version 1.1
Lebedev I, Hogan K, Devadas S (2018) Secure boot and remote attestation in the sanctum processor, Cryptology ePrint Archive, Report 2018/427, https://eprint.iacr.org/2018/427
Timmers N, Spruyt A (2016) Bypassing secure boot using fault injection, Blackhat Europe 2016
de Haas J (2013) 20 ways past secure boot, Hack in the Box Security Conference
Wong MM, Haj-Yahya J, Sau S, Chattopadhyay A (2018) A new high throughput and area efficient sha-3 implementation. In: 2018 IEEE International Symposium on Circuits and Systems (ISCAS), pp 1–5
Wold K, Tan CH (2008) Analysis and enhancement of random number generator in fpga based on oscillator rings. In: 2008 International Conference on Reconfigurable Computing and FPGAs, pp 385–390
Vermeulen B, Goossens K (2014) Debugging systems-on-chip: communication-centric and abstraction-based techniques. Springer
Orme W (2008) Debug and trace for multicore socs, ARM White paper
Rosenfeld K, Karri R (2010) Attacks and defenses for jtag. IEEE Des Test Comput 27(1):36–47
Yang B, Wu K, Karri R (2004) Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: 2004 International Conferce on Test. IEEE, pp 339–344
Chiu G-M, Li JC-M (2010) A secure test wrapper design against internal and boundary scan attacks for embedded cores. IEEE Trans Very Large Scale Integr (VLSI) Syst 20(1):126–134
Pierce L, Tragoudas S (2012) Enhanced secure architecture for joint action test group systems. IEEE Trans Very Large Scale Integr (VLSI) Syst 21(7):1342–1345
Pierce L (2011) Multi-level secure jtag architecture. In: 2011 IEEE 17th International On-Line Testing Symposium. IEEE, pp 208–209
Das A, Da Rolt J, Ghosh S, Seys S, Dupuis S, Di Natale G, Flottes M-L, Rouzeyre B, Verbauwhede I (2013) Secure jtag implementation using schnorr protocol. J Electron Test 29(2):193–209
Kocher P, Horn J, Fogh A, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, Mangard S, Prescher T, Schwarz M, Yarom Y (2019) Spectre attacks: exploiting speculative execution. In: 2019 IEEE Symposium on Security and Privacy (SP), pp 1–19
Mcilroy R, Sevcik J, Tebbi T, Titzer BL, Verwaest T (2019) Spectre is here to stay: an analysis of side-channels and speculative execution
Maisuradze G, Rossow C (2018) Speculose: analyzing the security implications of speculative execution in cpus
Ge Q, Yarom Y, Cock D, Heiser G (2018) A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J Cryptogr Eng 8(1):1–27
Gueron S (2009) Intel’s new aes instructions for enhanced performance and security. In: Fast software encryption, Dunkelman, O, Ed. Springer, Berlin, pp 51–66
Martin R, Demme J, Sethumadhavan S (2012) Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In: 2012 39th Annual International Symposium on Computer Architecture (ISCA). IEEE, pp 118–129
Yan M, Choi J, Skarlatos D, Morrison A, Fletcher CW, Torrellas J (2018) Invisispec: making speculative execution invisible in the cache hierarchy. In: Proceedings of the 51st Annual IEEE/ACM International Symposium on Microarchitecture, ser. MICRO-51. IEEE Press, Piscataway, pp 428–441
Funding
The authors acknowledge the support from the Singapore National Research Foundation (“SOCure” grant NRF2018NCR-NCR002-0001 - https://www.green-ic.org/socure)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kumar, V.B.Y., Deb, S., Gupta, N. et al. Towards Designing a Secure RISC-V System-on-Chip: ITUS. J Hardw Syst Secur 4, 329–342 (2020). https://doi.org/10.1007/s41635-020-00108-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-020-00108-8