Skip to main content
Springer Nature Link
Log in

TitanSSL: Towards Accelerating OpenSSL in a Full RISC-V Architecture Using OpenTitan Root-of-Trust

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14988))

Included in the following conference series:

Abstract

RISC-V open-hardware designs are emerging in cyber-physical systems and security-critical embedded platforms. Among them, OpenTitan emerged as an open-source silicon Root-of-Trust, which provides secure-boot and execution-integrity functionalities, exploiting its internal hardware accelerators. In this paper, we explore a novel exploitation of OpenTitan as a secure cryptographic accelerator. To this purpose, we designed TitanSSL, a secure software stack that offloads cryptographic tasks to OpenTitan, and we study the trade-offs between offloading overhead through the stack and the obtained computation speed-up. TitanSSL includes an OpenSSL backend, a Linux driver for communications, and an OpenTitan firmware. We executed TitanSSL on a cycle-accurate simulator of a RISC-V CVA6 application processor integrated with OpenTitan on the same System-on-Chip. We compared our implementation with a pure software version across different cryptographic payloads. Finally, we provide guidelines for the use of OpenTitan as a coprocessor in secure cyber-physical systems designs based on open-hardware architectures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Andrade, G., Lee, D., Kohlbrenner, D., Asanovic, K., Song, D.: Software-Based Off-Chip Memory Protection for RISC-V Trusted Execution Environments. UC Berkeley (2020)

    Google Scholar 

  2. Bach-Nutman, M.: Understanding the top 10 owasp vulnerabilities. arXiv preprint arXiv:2012.09960 (2020)

  3. Cheang, K., Rasmussen, C., Lee, D., Kohlbrenner, D.W., Asanović, K., Seshia, S.A.: Verifying risc-v physical memory protection (2022)

    Google Scholar 

  4. Ciani, M., et al.: Cyber security aboard micro aerial vehicles: an opentitan-based visual communication use case. In: 2023 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1–5 (2023). https://doi.org/10.1109/ISCAS46773.2023.10181732

  5. lowRISC CIC. Opentitan official documentation (2019). https://opentitan.org/book/doc/introduction.html

  6. Costan, V., Devadas, S.: Intel sgx explained. Cryptology ePrint Archive, Paper 2016/086 (2016). https://eprint.iacr.org/2016/086

  7. Davide Schiavone, P., et al.: Slow and steady wins the race? a comparison of ultra-low-power RISC-V cores for internet-of-things applications. In: 2017 27th International Symposium on Power and Timing Modeling, Optimization and Simulation (PATMOS), pp. 1–8 (2017). https://doi.org/10.1109/PATMOS.2017.8106976

  8. Enumeration, C.W.: 2022 CWE top 25 most dangerous software weaknesses (2022). https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html

  9. Fadiheh, M.R., Stoffel, D., Barrett, C., Mitra, S., Kunz, W.: Processor hardware security vulnerabilities and their detection by unique program execution checking. In: 2019 Design, Automation and Test in Europe Conference and Exhibition, 2019, pp. 994–999 (2019). https://doi.org/10.23919/DATE.2019.8715004

  10. Foundation, O.S.: Source code for the openssl software (1998). https://github.com/openssl/openssl

  11. Gautschi, M., et al.: Near-threshold RISC-V core with DSP extensions for scalable IOT endpoint devices. IEEE Trans. Very Large Scale Integr. Syst. 25(10), 2700–2713 (2017). https://doi.org/10.1109/TVLSI.2017.2654506

  12. Group, G.P.: Global platform client API documentation (2023). https://optee.readthedocs.io/en/stable/architecture/globalplatform_api.html#tee-client-api

  13. Group, G.P.: Global platform official website (2023). https://globalplatform.org/

  14. Joannou, A., et al.: Efficient tagged memory. In: 2017 IEEE International Conference on Computer Design (ICCD), pp. 641–648 (2017). https://doi.org/10.1109/ICCD.2017.112

  15. Johnson, S., Rizzo, D., Ranganathan, P., McCune, J., Ho, R.: Titan: enabling a transparent silicon root of trust for cloud. In: Hot Chips: A Symposium on High Performance Chips, vol. 194 (2018)

    Google Scholar 

  16. Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K., Song, D.: Keystone: an open framework for architecting trusted execution environments. In: Proceedings of the Fifteenth European Conference on Computer Systems (EuroSys 2020). Association for Computing Machinery, New York (2020).https://doi.org/10.1145/3342195.3387532

  17. Lee, D., Kohlbrenner, D., Shinde, S., Song, D., Asanović, K.: Keystone: an open framework for architecting tees (2019)

    Google Scholar 

  18. Lu, T.: A survey on RISC-V security: hardware and architecture (2021)

    Google Scholar 

  19. Nasahl, P., Mangard, S.: Scramble-cfi: mitigating fault-induced control-flow attacks on opentitan (2023)

    Google Scholar 

  20. NXP. Edgelock secure enclave (2019). https://www.nxp.com/products/nxp-product-information/nxp-product-programs/edgelock-secure-enclave:EDGELOCK-SECURE-ENCLAVE

  21. Parno, B., McCune, J.M., Perrig, A.: Roots of Trust, pp. 35–40. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-1460-5_6

  22. Pinto, S., Santos, N.: Demystifying arm trustzone: a comprehensive survey. ACM Comput. Surv. 51(6) (2020). https://doi.org/10.1145/3291047

  23. Potter, B.: Microsoft SDL threat modelling tool. Netw. Secur. 2009(1), 15–18 (2009)

    Article  Google Scholar 

  24. Schrammel, D., et al.: Donky: domain keys–efficient in-process isolation for RISC-V and x86. In: Proceedings of the 29th USENIX Conference on Security Symposium, pp. 1677–1694 (2020)

    Google Scholar 

  25. Weiser, S., Werner, M., Brasser, F., Malenko, M., Mangard, S., Sadeghi, A.R.: Timber-v: tag-isolated memory bringing fine-grained enclaves to risc-v

    Google Scholar 

  26. Zaruba, F., Benini, L.: The cost of application-class processing: energy and performance analysis of a Linux-ready 1.7-GHZ 64-bit RISC-V core in 22-nm FDSOI technology. IEEE Trans. Very Large Scale Integrat. Syst. 27(11), 2629–2640 (2019). https://doi.org/10.1109/TVLSI.2019.2926114

Download references

Author information

Authors and Affiliations

  1. Università di Bologna, Via Zamboni, 33, 40126, Bologna, Italy

    Alberto Musa, Emanuele Parisi, Andrea Bartolini, Andrea Acquaviva & Francesco Barchi

  2. Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129, Torino, Italy

    Franco Volante, Luca Barbierato & Edoardo Patti

Authors
  1. Alberto Musa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Franco Volante
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emanuele Parisi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Luca Barbierato
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Edoardo Patti
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Andrea Bartolini
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Andrea Acquaviva
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Francesco Barchi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alberto Musa .

Editor information

Editors and Affiliations

  1. University of Florence, Florence, Firenze, Italy

    Andrea Ceccarelli

  2. Fraunhofer IKS, Munich, Germany

    Mario Trapp

  3. Department of Mathematics, University of Florence, Florence, Italy

    Andrea Bondavalli

  4. GTS Deutschland GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Musa, A. et al. (2024). TitanSSL: Towards Accelerating OpenSSL in a Full RISC-V Architecture Using OpenTitan Root-of-Trust. In: Ceccarelli, A., Trapp, M., Bondavalli, A., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2024. Lecture Notes in Computer Science, vol 14988. Springer, Cham. https://doi.org/10.1007/978-3-031-68606-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-68606-1_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-68605-4

  • Online ISBN: 978-3-031-68606-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics