Abstract
In his invited talk, joint between CHES 2016 and CRYPTO 2016 on the Future of Embedded Security, Paul Kocher suggested to move the security into chips because hardware is the lowest level and thus security can not be compromized by a lower layer. In this paper, we propose a generic PUF-driven secure code execution architecture that employs instruction-level code encryption. Our design foresees a tight integration of a Physically Unclonable Function (PUF) and the decryption of encrypted program code directly inside the processor’s instruction pipeline to avert revealing keys or decrypted code in externally accessible registers or memory. The architecture prevents code-injection by executing only code encrypted for individual target CPUs, has an adaptable impact on performance, and requires only minor changes to the software development process. Our PUF-based code encryption defends also from reverse engineering attempts and enforces IP protection. A proof-of-concept implementation demonstrates the feasibility of our proposed architecture.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
http://opencores.org/or1k/OR1200_OpenRISC_Processor, accessed 03/13/2017.
- 2.
http://opencores.org/project,aes_core, accessed on 03/13/2017.
- 3.
http://www.denx.de/wiki/U-Boot, accessed on 03/13/2017.
- 4.
http://www.eembc.org/coremark accessed on 27/02/2016.
- 5.
https://www.spec.org/cpu2000/, accessed on 27/02/2016.
References
Ahmed, S., Samsudin, K., Ramli, A.R., Rokhani, F.Z.: Effective implementation of AES-XTS on FPGA. In: 2011 IEEE Region 10 Conference (TENCON) (2011)
Armknecht, F., Maes, R., Sadeghi, A.R., Standaert, F.X., Wachsmann, C.: A formal foundation for the security features of physical functions. In: S&P. IEEE (2011)
Barrantes, E.G., Ackley, D.H., Forrest, S., Stefanović, D.: Randomized instruction set emulation. ACM Trans. Inf. Syst. Secur. 8(1), 3–40 (2005)
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK lightweight block ciphers. In: DAC (2015)
Bogdanov, A., Mendel, F., Regazzoni, F., Rijmen, V., Tischhauser, E.: ALE: AES-based lightweight authenticated encryption. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 447–466. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_23
Borghoff, J., et al.: PRINCE – A low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_14
Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient helper data key extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85053-3_12
Bossert, M.: Channel Coding for Telecommunications. Wiley, Hoboken (1999)
Costan, V., Devadas, S.: Intel SGX Explained. IACR 2016(86), 1–118 (2016)
Fletcher, C.W., Dijk, M.V., Devadas, S.: A secure processor architecture for encrypted computation on untrusted programs. In: STC. ACM (2012)
Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_5
Hiller, M., Merli, D., Stumpf, F., Sigl, G.: Complementary IBS: application specific error correction for PUFs. In: HOST. IEEE (2012)
Hiller, M., Sigl, G.: Increasing the efficiency of syndrome coding for PUFs with helper data compression. In: DATE. ACM/IEEE (2014)
Hiller, M., Weiner, M., et al.: Breaking through fixed PUF block limitations with differential sequence coding and convolutional codes. In: TrustED. ACM (2013)
Katzenbeisser, S., Kocabaş, Ü., Rožić, V., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 283–301. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_17
Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_34
Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: Proceedings of the 1st Workshop on Smartcard Technology (1999)
Langner, R.: To kill a centrifuge - a technical analysis of what stuxnet’s creators tried to achieve. Technical report. The Langner Group, November 2013
Lie, D., Thekkath, C., Mitchell, M., et al.: Architectural support for copy and tamper resistant software. SIGOPS Oper. Syst. Rev. 34(5), 168–177 (2000)
Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. J. Cryptol. 24(3), 588–613 (2010)
Maene, P., Verbauwhede, I.: Single-cycle implementations of block ciphers. In: Güneysu, T., Leander, G., Moradi, A. (eds.) LightSec 2015. LNCS, vol. 9542, pp. 131–147. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29078-2_8
Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: CHES (2012)
Maiti, A., Schaumont, P.: Improved ring oscillator PUF: an FPGA-friendly secure primitive. J. Cryptol. 24(2), 375–397 (2011)
One, A.: Smashing the stack for fun and profit. Phrack 7(49) (1996)
Owusu, E., Guajardo, J., et al.: OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms. In: SIGSAC. ACM (2013)
Simpson, E., Schaumont, P.: Offline hardware/software authentication for reconfigurable platforms. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 311–323. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_25
Suh, E.G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: architecture for tamper-evident and tamper-resistant processing. In: ICS. ACM (2003)
Suh, E.G., et al.: Design and implementation of the AEGIS single-chip secure processor using PUFs. SIGARCH Comput. Archit. News 33(2), 25–36 (2005)
Yang, J., Zhang, Y., Gao, L.: Fast secure processor for inhibiting software piracy and tampering. In: International Symposium on Microarchitecture. IEEE/ACM (2003)
Yu, M.D., Devadas, S.: Secure and robust error correction for physical unclonable functions. IEEE Des.Test Comput. 27(1), 48–65 (2010)
Yu, X., Fletcher, C.W., et al.: Generalized external interaction with tamper-resistant hardware with bounded information leakage. In: CCSW. ACM (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendices
SEPP architecture building blocks overview (orange arrows: key generation, black arrows: execution) (Color figure online)
1.1 A Deployment of Software Updates
Programs are initially flashed to a SEPP-powered System-on-a-Chip (SoC) at deployment time by the user via a secure connection to the device, e.g., a dedicated cable. To enable software updates in the field, an encrypted binary \({\text {c}}_{k_ u }(\mathcal {B})\)—initially deployed in a secure environment as stated above—may contain an update function. This update function needs to be able to take a new user-key \({k_ u }'\) and a new encrypted binary \({\text {c}}_{{k_ u }'}(\mathcal {B}')\) and feed it into the PUF-driven executable-image generation process. SEPP will return \(\pi ' = {\text {c}}_{{k_ p }'}({k_ u }')\) to be packaged into a new image \( \left( {\text {c}}_{{k_ u }'}(\mathcal {B}'), \pi ' \right) \) for its current instance. A user sends \({\text {c}}_{{k_ u }'}(\mathcal {B}')\) and \({k_ u }'\) to this function; the encrypted \({\text {c}}_{{k_ u }'}(\mathcal {B}')\) can be transmitted via an untrusted network connection, while \({k_ u }'\) needs to be transmitted securely. To provide this secure channel between user and \(\mathcal {B}\) running on the SEPP device, the update function already deployed in the trusted binary \(\mathcal {B}\) must contain a suitable encryption scheme, e.g., RSA-based such as TLS or SSH. Due to the small key size, the secure channel for \({k_ u }'\) requires only a low data rate.
The PUF-driven executable-image generation process of SEPP, generating \(\pi = {\text {c}}_{k_ p }({k_ u })\), has to be deactivated physically after deployment of the binaries for ultimate security demands. This completely prohibits the generation of any new executable sequence of instructions for this instance of SEPP and therefore completely prevents injections. For the over-the-air update, this security feature has to be deactivated as trade-off for an update path. The executable-image generation process of SEPP alternatively can only be triggered by a privileged instruction. This restricts its usage to the security kernel, however shifting the responsibility into software to decide what trusted code is allowed to generate new code.
1.2 B Practical Performance Measurements
Benchmarks and tests were conducted on our prototype implementation. We compare the test results with our prototype’s base platform, the OR1200 CPU, running on the same FPGA board as SEPP’s prototype implementation. In order to demonstrate the performance impact, we developed a number of custom tests with known parameters such as the number of branching instructions. These custom tests were all compiled without any compiler optimization in order to ensure deterministic outcomes. The results of our tests are summarized in Table 2.
By reducing the number of jump instructions from 14.3% to 5.3% through the removal of a function call within a loop, compared to the baseline system, the performance penalty decreases from 84% to 34%. This clearly demonstrates the impact of branch and jump instructions on the execution time of encrypted programs.
Loops generally introduce a substantial number of jumps into program execution. To verify this assumption, we manually unrolled a loop of a short example program. The number of branch instructions thereby decreased from 9.8% to 3.8%, reducing performance penalty from 61% to 17% for our custom test cases.
Furthermore, we performed CoreMarkFootnote 4 benchmarks, to show the influence of unrolling loops and to enable comparison with future developments and other platforms. We conducted the benchmark both on our system in encrypted form as well as on the baseline architecture in unencrypted form. We compare the benchmark compiled with GCC’s optimization level -O3 with another version that is compiled with additional loop unrolling optimization, enabled with the flag -funroll-all-loops. Compilation with -O3 results in a 48.8% penalty of SEPP, and enabling unrolling reduces this to 43.5%. While the baseline processor only speeds up by 9% with the additional -funroll-all-loops, SEPP’s execution speed gains 21%. This confirms that the reduction of branching instruction benefits SEPP greatly. These benchmark comparisons prove the expected effects of our instruction-level decryption, specifically the warm-up latency on branching, for actual calculations.
Unfortunately, the comparison of our prototype with related implementations is not straightforward, as authors in this field use a variety of methods for performance assessment. The AEGIS developers used the SPEC2000 CPUFootnote 5 benchmark suite [27], which is not freely available. Lie et al. [19] provide a theoretical performance analysis for their XOM architecture [19]. The OASIS instruction set extension is not directly comparable to SEPP, as the authors only give absolute time overheads for specific platform operations [25].
The AEGIS developers state that degradation can be as high as 60%; while it mostly stays below 40%. XOM’s slow down is less than 50% according to the authors’ calculations. Given this comparison, we conclude that the runtime penalty of SEPP lies well within worst case, best case, and average for comparable systems. We expect a significant performance advantage of SEPP over the compared platforms when the described improvements are implemented in future work.
We are not able to compare SEPP to previous work in respect to FPGA resources overhead for the lack of information about properties of those approaches: XOM is only an architectural design without a hardware implementation [19]. OASIS was only simulated in software [25]. Although, an FPGA implementation of AEGIS was evaluated [28] no information about their FPGA resource requirements were given. Its resource overhead was only determined by an ASIC synthesis. The ASIC area overhead of AEGIS was given as being roughly 90% larger than their baseline. We consider this value not to be directly comparable to the roughly 68% Slices overhead of SEPP.
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Kleber, S. et al. (2018). Secure Code Execution: A Generic PUF-Driven System Architecture. In: Chen, L., Manulis, M., Schneider, S. (eds) Information Security. ISC 2018. Lecture Notes in Computer Science(), vol 11060. Springer, Cham. https://doi.org/10.1007/978-3-319-99136-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-99136-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99135-1
Online ISBN: 978-3-319-99136-8
eBook Packages: Computer ScienceComputer Science (R0)