Aimee Coughlin
ABSTRACT
Modern CPU designs are beginning to incorporate secure hardware features, but leave developers with little control over both the set of features and when and whether updates are available. Reconfigurable logic (e.g., FPGAs) has been proposed as an alternative as it is both hardware, so can have similar capabilities at a reasonable performance degradation, and programmable, allowing customization of the secure hardware. This programmability, however, opens new attack vectors that allow an adversary to re-program the FPGA. Past attempts to solve this rely on a party maintaining a shared key with the FPGA, but these business processes to keep that key secret have been shown to be quite vulnerable. In this paper, we propose a new mechanism which eliminates the trust dependence on third party processes. This new mechanism consists of a self-provisioning stage, where keys are generated internal to the FPGA and never exposed externally, coupled with a secure update mechanism which allows updates to be governed by a policy defined by the secure hardware application. To demonstrate, we fully implemented these mechanisms on a Xilinx Zynq UltraScale+ FPGA along with an example secure co-processor with remote attestation with a flexible root of trust (in contrast to Intel SGX which fixes the root of trust to be Intel). Our performance evaluation of two applications, a password manager and a contact matching application, illustrates using FPGAs is practical.
- Amazon EC2 F1 Instances: Run Customizable FPGAs in the AWS Cloud. https://aws.amazon.com/ec2/instance-types/f1/.Google Scholar
- Ces: Intel goes for self-driving cars. https://www.electronicsweekly.com/news/design/ces-intel-goes-self-driving-cars-2017-01/.Google Scholar
- FBI Apple encryption dispute. https://en.wikipedia.org/wiki/FBI--Apple_encryption_dispute.Google Scholar
- Intel Software Guard Extensions. https://software.intel.com/en-us/sgx.Google Scholar
- Intel Software Guard Extensions (SGX): A Researcher's Primer. https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2015/january/intel-software-guard-extensions-sgx-a-researchers-primer/.Google Scholar
- Introducing the Intel Software Guard Extensions Tutorial Series. https://software.intel.com/en-us/articles/introducing-the-intel-software-guard-extensions-tutorial-series.Google Scholar
- iOS Security - iOS 11. https://www.apple.com/business/docs/iOS_Security_Guide.pdf.Google Scholar
- MicroBlaze Soft Procesor Core. https://www.xilinx.com/products/design-tools/microblaze.html.Google Scholar
- Microsemi: Security. https://www.microsemi.com/product-directory/fpga-soc/1738-security.Google Scholar
- Project catapult. https://www.microsoft.com/en-us/research/project/project-catapult/.Google Scholar
- Secure Golden Key Boot. https://rol.im/securegoldenkeyboot/.Google Scholar
- Vivado user guide. http://www.xilinx.com/support/documentation/sw_manuals/xilinx2014_1/ug902-vivado-high-level-synthesis.pdf.Google Scholar
- CVE-2016--3287. Available from MITRE, CVE-ID CVE-2016--3287, July 2016.Google Scholar
- CVE-2016--3320. Available from MITRE, CVE-ID CVE-2016--3320, Aug. 2016.Google Scholar
- A. Baumann, M. Peinado, and G. Hunt. Shielding applications from an untrusted cloud with haven. ACM Trans. Comput. Syst., 33(3), Aug 2015. Google ScholarDigital Library
- D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. Yang. High-speed high-security signatures. Journal of Cryptographic Engineering, pages 1--13, 2012.Google ScholarCross Ref
- F. Brasser, U. Müller, A. Dmitrienko, K. Kostiainen, S. Capkun, and A.-R. Sadeghi. Software grand exposure: SGX cache attacks are practical. In 11th USENIX Workshop on Offensive Technologies (WOOT 17), Vancouver, BC, 2017. USENIX Association. Google ScholarDigital Library
- A. M. Caulfield et al. A cloud-scale acceleration architecture. In IEEE/ACM International Symposium on Microarchitecture (MICRO), Oct 2016. Google ScholarDigital Library
- P. Chodowiec and K. Gaj. Implementation of the twofish cipher using FPGA devices. Technical report, Electrical and Computer Engineering, George Mason University, 1999.Google Scholar
- V. Costan, I. A. Lebedev, and S. Devadas. Sanctum: Minimal risc extensions for isolated execution. IACR Cryptology ePrint Archive, 2015:564, 2015.Google Scholar
- A. Dandalis, V. K. Prasanna, and J. D. Rolim. A Comparative Study of Performance of AES Final Candidates Using FPGAs. In Cryptographic Hardware and Embedded Systems (CHES), 2000. Google ScholarDigital Library
- A. J. Elbirt and C. Paar. An FPGA Implementation and Performance Evaluation of the Serpent Block Cipher. In Proc ACM/SIGDA International Symposium on Field Programmable Gate Arrays (FPGA), 2000. Google ScholarDigital Library
- G. Gogniat, T. Wolf, W. Burleson, J.-P. Diguet, L. Bossuet, and R. Vaslin. Reconfigurable hardware for high-security/high-performance embedded systems: the safes perspective. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 16(2):144--155, 2008. Google ScholarDigital Library
- T. Huffmire, B. Brotherton, G. Wang, T. Sherwood, R. Kastner, T. Levin, T. Nguyen, and C. Irvine. Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems. In IEEE Security and Privacy, 2007. Google ScholarDigital Library
- P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. Spectre attacks: Exploiting speculative execution. CoRR, abs/1801.01203, 2018.Google Scholar
- J. Lind, I. Eyal, F. Kelbert, O. Naor, P. R. Pietzuch, and E. G. Sirer. Teechain: Scalable blockchain payments using trusted execution environments. CoRR, abs/1707.05454, 2017.Google Scholar
- M. Marlinspike. Technology preview: Private contact discovery for signal. https://signal.org/blog/private-contact-discovery/, 2017.Google Scholar
- J. T. McHenry, P. W. Dowd, F. A. Pellegrino, T. M. Carrozzi, and W. B. Cocks. An FPGA-based coprocessor for ATM firewalls. In Proc IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM)), 1997. Google ScholarDigital Library
- S. McMillan and C. Patterson. Jbits implementations of the advanced encryption standard (rijndael). In International Conference on Field Programmable Logic and Applications, pages 162--171. Springer, 2001. Google ScholarDigital Library
- E. Peterson. XAPP 1323: Developing Tamper-Resistant Designs with Zynq UltraScaleGoogle Scholar
- Devices. https://www.xilinx.com/support/documentation/application_notes/xapp1323-zynq-usp-tamper-resistant-designs.pdf, Aug 2018.Google Scholar
- A. Putnam et al. A reconfigurable fabric for accelerating large-scale datacenter services. In Proc. Annual International Symposium on Computer Architecuture (ISCA), 2014. Google ScholarDigital Library
- M. Riaz and H. M. Heys. The fpga implementation of the rc6 and cast-256 encryption algorithms. In Electrical and Computer Engineering, 1999 IEEE Canadian Conference on, volume 1, pages 367--372. IEEE, 1999.Google ScholarCross Ref
- M. Schwarz, S. Weiser, D. Gruss, C. Maurice, and S. Mangard. Malware guard extension: Using SGX to conceal cache attacks. CoRR, abs/1702.08719, 2017.Google Scholar
- P. Selkirk and J. Strömbergson. https://trac.cryptech.is/browser/core/rng/trng.Google Scholar
- I. Sourdis and D. Pnevmatikatos. Fast, large-scale string match for a 10gbps fpga-based network intrusion detection system. In Field Programmable Logic and Application, 2003.Google ScholarCross Ref
- N. Weichbrodt, A. Kurmus, P. Pietzuch, and R. Kapitza. AsyncShock: Exploiting synchronisation bugs in Intel SGX enclaves. In European Symposium on Research in Computer Security, pages 440--457. Springer, 2016.Google ScholarCross Ref
- S. Weiser and M. Werner. Sgxio: Generic trusted i/o path for intel sgx. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, CODASPY '17, pages 261--268, New York, NY, USA, 2017. ACM. Google ScholarDigital Library
- Wikipedia. List of data breaches. https://en.wikipedia.org/wiki/List_of_data_breaches.Google Scholar
- K. Wilkinson. XAPP 1267: Using Encryption and Authentication to Secure an UltraScale/UltraScaleGoogle Scholar
- FPGA Bitstream. https://www.xilinx.com/support/documentation/application_notes/xapp1267-encryp-efuse-program.pdf, Aug 2018.Google Scholar
- Y. Xu, W. Cui, and M. Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 640--656. IEEE, 2015. Google ScholarDigital Library
- F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi. Town crier: An authenticated data feed for smart contracts. In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS), 2016. Google ScholarDigital Library
Index Terms
- Breaking the Trust Dependence on Third Party Processes for Reconfigurable Secure Hardware
Recommendations
Elliptic Curve Cryptography hardware accelerator for high-performance secure servers
Security threats affecting electronics communications in the current world make necessary the encryption and authentication of every transaction. The increasing levels of security required are leading to an overload of transaction servers due to ...
Designing secure systems on reconfigurable hardware
The extremely high cost of custom ASIC fabrication makes FPGAs an attractive alternative for deployment of custom hardware. Embedded systems based on reconfigurable hardware integrate many functions onto a single device. Since embedded designers often ...
Providing Tamper-Secure SoC Updates Through Reconfigurable Hardware
Applied Reconfigurable Computing. Architectures, Tools, and ApplicationsAbstractRemote firmware updates have become the de facto standard to guarantee a secure deployment of often decentrally operated IoT devices. However, the transfer and the provision of updates are considered as highly security-critical. Immunity ...
Comments