Criticality based reliability against hardware Trojan attacks for processing of tasks on reconfigurable hardware
Introduction
Advent of reconfigurable hardware or field programmable gate arrays (FPGAs) has facilitated execution of varied tasks directly on the same hardware platform, via its property of full or partial reconfiguration at runtime [5]. Such flexibility was absent in prior hardware based application specific integrated circuit (ASIC) platforms, where reuse of hardware for a different task execution was not possible. Hence, FPGAs find usage in wide application arenas which range from automation to aviation to nuclear reactors [2]. Such systems are mixed critical in nature, where tasks of different criticality need to be executed on a common platform, in order to optimize resource and reduce design cost and energy consumption [3].
Tasks in a mixed critical system are strictly classified into various levels of criticality, as per the industrial standards of the associated application domain. For instance, criticality of tasks is classified into five levels from A to E, for avionics as per the DO-178B specification [4]. Likewise, ISO 26262 introduces four levels of criticality to ensure safety in automobiles [6]. Significant attention has been vested in developing approaches for classifying criticality of tasks based on the application domain [7].
The level of security must also vary as per the criticality of tasks in order to ensure reliability of mixed critical systems [3], [8]. More resource and care must be dedicated for executing high critical tasks like steering or braking operations of an automobile, than operations of lower critical tasks like the infotainment system. As a malfunction associated in the former will cost the loss of life, while vulnerability in the latter will only affect the mood of the user.
Previously, prime focus among researchers was to ensure security in software as hardware was considered trusted. The trend was similar even for mixed critical systems. Works exist which demonstrate scheduling and execution of tasks directly on FPGAs [9]. But these do not consider associated hardware threats, which have gained significant importance over the last few years [10]. Thus, it is of utmost importance to analyze effects of hardware attacks on mixed critical systems and propose effective strategies to ensure reliability for such scenarios.
The modern semiconductor industry has adopted the globalization strategy for system on chip (SoC) designing. Integrating intellectual properties (IPs) procured from various third party IP (3PIP) vendors and outsourcing different phases of SoC design to different parts of the world are commonly used in the globalization methodology. Though such techniques facilitate reduction of SoC design cost and meeting of stringent marketing deadlines, the element of hardware trust has been evicted [10]. Trustworthiness issues are related to both the 3PIP vendors who supply the design IPs, as well as with the outsourced sites like the foundries. Possibility exists in the implantation of malicious circuitry by adversaries in the foundries during chip design [11]. Even the 3PIP vendors may also pose as adversaries and introduce malicious codes during the hardware description language (HDL) phase of IP generation [22], [29]. Such malicious modifications are commonly termed as Hardware Trojan Horses (HTHs). HTHs are dangerous as they bypass detection during testing by remaining dormant, and exhibit their stealthy nature at runtime via pre-decided activation mechanisms set by adversaries and affect real time task processing [12].
Operations associated with reconfigurable hardware or FPGAs are even prone to hardware attacks. For the execution of a particular task on an FPGA, the related bitstream or reconfigurable IP (RIP) must configure fully or partially the FPGA fabric. Vulnerabilities can be present in the FPGA fabric as like other chips, development of FPGAs is also performed via the globalization strategy [13]. In addition to this, the RIPs which are procured from the 3PIP vendors may also be infected with HTHs [22], [29]. Reliability of fabricated devices like FPGAs can be ensured by standard authentication mechanism like physical unclonable functions (PUFs) [16], [17]. But reliability of RIPs is a concern as no full proof authentication strategy is available for RIPs, which are generally reused and recycled.
The existing literature on criticality based reliability driven execution of mixed critical tasks is limited to software [3]. Analysis of HTH attacks and associated reliability strategy for execution of mixed critical tasks on a reconfigurable hardware platform is still awaited.
In this work, our prime objective is to ensure reliability driven execution of tasks as per their criticality on a reconfigurable hardware or FPGA, from HTH attacks. We additionally focus on resource constrained environment to facilitate the objective, which is a greater challenge. For the present work, we consider only vulnerabilities associated with bitstreams procured from 3PIP vendors and consider the FPGA fabric secured via a PUF mechanism [17]. We first analyze in the threat model, how HTH affected bitstreams or RIPs may affect hardware related mixed critical task executions. The tasks may be periodic or non-periodic, i.e. aperiodic or sporadic in nature. For periodic tasks, a reliable task schedule must be generated offline, which needs to be strictly obeyed online. Initially, we propose a reliability driven scheduling approach as per the criticality of tasks for a normal scenario, where no resource limitation is present. Then, we adhere to frequency scaling via dynamic clock management module of FPGAs to facilitate the same objective for a resource constrained environment. For non-periodic tasks, dedicated resources are usually deployed for their execution. We propose a self aware strategy which facilitates criticality based reliable execution of non-periodic tasks from HTH attacks within suitable time frames of the periodic task schedule on the same reconfigurable hardware platform. Performance evaluation is performed via metrics, task success rate, task rejection rate and task preemption rate. A preliminary version of this article is presented in [30].
Our main contributions in this work are:
- (i)
Analyzing how vulnerability associated with RIPs or bitstreams, procured from untrustworthy 3PIP vendors may jeopardize mixed critical real time task operations (with focus on dependent tasks).
- (ii)
Generation of reliability driven mixed critical periodic task schedule according to their criticality, with additional focus on resource constrained environments.
- (iii)
Proposing a self aware strategy for reliable execution of non-periodic tasks within suitable time frames of the periodic task schedule, on the same reconfigurable hardware platform.
This paper is organized as follows. A related background is discussed in Section 2. Section 3 describes the system model, while threat modeling is performed in Section 4. Section 5 discusses the strategy to ensure reliability. Reliability driven periodic task scheduling, with additional focus on resource constrained environment is presented in Section 6. Section 7 provides a self aware strategy for reliability driven handling of non-periodic tasks. Experimentation and result analysis is discussed in Section 8. Finally, the article concludes in Section 9.
Section snippets
Background
Significant attention was given in the arena of hardware security by researchers, after the US Government of Defense recognized HTHs as a significant threat to mission critical applications in 2005 [1]. As HTHs remain dormant during testing, generic test time strategies are ineffective in counteracting their malicious behavior. Techniques which are commonly used to detect and mitigate the effect of HTHs are provided in [10]. These are broadly categorized into test time detection techniques,
Task model considered
A task in a mixed critical system can be represented as where the metrics αi, ϵi, δi, ρi, χi represent the arrival time, worst case execution time, deadline, related bitstream reconfiguration time on an FPGA and criticality level of task Ti respectively.
In this subsection, we classify such tasks based on their criticality, time of arrival and dependency.
Threat modeling
For this work, the FPGA device is considered trusted via a secure time bounded PUF based authentication mechanism [17]. The point of concern is the RIPs or bitstreams, which configures the FPGA VPs at runtime, as they are procured from untrustworthy 3PIP vendors. Moreover, insertion of HTHs in the HDL phase of bitstream generation is quite simple and hard to detect [20]. As, such malware insertion comprise only a few lines of additional HDL codes, which do not produce significant overhead in
Strategy for criticality based reliability
As discussed, existing works which ensure reliability for mixed critical tasks essentially focus on software. The approach is redundant task executions, followed by majority polling or result checking. The number of redundant operations depend on the criticality of the task [3].
For C1 tasks, triple redundancy, followed by majority polling is followed to facilitate FDC. Double redundancy with result checking is used to facilitate FD, for tasks with criticality C2. For C3 tasks, no redundancy or
Overview
For handling periodic tasks, we need to generate a mixed critical real time periodic task schedule offline, which will be strictly followed online. As different tasks of same or different criticality must be executed in a common VP, hence, the size of the VP must not be bitstream specific. We consider all the VPs to be of the same size, so that any task can execute in any VP. Thus, the total number of VPs will determine the size of the reconfigurable platform.
Initially, we consider a normal
Overview
For aperiodic and sporadic tasks, reconfiguration time and execution time of bitstreams related to task execution is known. No information is present about task arrival time or deadline. Hence, runtime management is required.
We adhere to the Observe-Decide-Act (ODA) paradigm to propose a self aware approach in order to facilitate scheduling and execution of aperiodic and sporadic tasks in the same hardware platform as that of the periodic tasks. This is performed in the SP of the FPGA. A single
Experimental setup
Performance evaluation is performed via simulation based experiments. Diverse task sets are used with 40 types of operations from standard benchmarks like ISCAS 85, ISCAS 89, ITC 99, IWLS 2005, HLS 1992 to cryptocores. Bitstreams for processing of these tasks are generated by synthesizing the associated HDL codes in Xilinx Vivado platform and simulations are carried out in ISim platform. At least three bitstreams are generated for each task to ensure diversity.
We use ZYNQ (xc7z020-3clg484) as
Conclusion
Reconfigurable hardware is capable of executing tasks of varied criticality on the same platform via its property of full or partial reconfiguration at runtime and thus, finds wide usage in mixed critical systems. However, the existing literature does not explore criticality based reliability for mixed critical tasks when executed on reconfigurable platform against HTH attacks. In this work, we consider the FPGA device to be secured via a time bounded PUF, and analyze how vulnerabilities in
Conflict of interest
None.
Acknowledgment
This work is supported by the Department of Science and Technology, Government of India, INSPIRE Fellowship Number IF150916.
Krishnendu Guha is presently an INSPIRE Ph.D. Fellow in A. K. Choudhury School of Information Technology (AKCSIT), University of Calcutta. He has completed his MTech from University of Calcutta in 2014, where he was the recipient of the University Gold Medal for securing the First Class First Rank. He was also awarded the prestigious INSPIRE Fellowship by the Department of Science and Technology, Government of India for carrying out his doctoral studies. His present research arena encompasses
References (30)
- et al.
Remote dynamic clock reconfiguration based attacks on internet of things applications
19th Euromicro Conference on Digital System Design (DSD)
(2016) - et al.
SHIRT (self healing intelligent real time) scheduling for secure embedded task processing
31th International Conference on VLSI Design
(2018) - Defense Science Board, Task force on high performance microchip supply, 2005. Available Online:...
- et al.
Application of FPGA to nuclear power plant I&C systems
Prog. of Nuclear Safety for Symbiosis and Sustainability
(2014) - et al.
Reliability-driven system-level synthesis for mixed-critical embedded systems
IEEE Transactions on Computers
(2013) New challenges in certification for aircraft software
Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT)
(2011)- Xilinx Inc., Virtex-5 libraries guide for HDL designs UG621, 2010. Available Online:...
- et al.
ISO 26262 safety cases: compliance and assurance
IET International System Safety Conference
(2011) - et al.
Towards the design of certifiable mixed criticality systems
16th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS)
(2010) - et al.
Analysis and optimization of fault-tolerant embedded systems with hardened processors
Proc. Conf. Design Automation and Test in Europe
(2009)
Co-scheduling persistent periodic and dynamic aperiodic real-time tasks on reconfigurable platforms
IEEE Trans. on Multi Scale Comp.
Hardware trojan attacks: Threat analysis and countermeasures
Proceedings of the IEEE
A novel built-in self-authentication technique to prevent inserting hardware Trojans
IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems
Run-time effect by inserting hardware Trojans in combinational circuits
Euromicro Conference on Digital System Design (DSD)
Design and validation for FPGA trust under hardware Trojan attacks
IEEE Transactions on Multi-Scale Computing Systems
Cited by (5)
Criticality based Reliability from Rowhammer Attacks in Multi-User-Multi-FPGA Platform
2022, Proceedings - 2022 35th International Conference on VLSI Design, VLSID 2022 - held concurrently with 2022 21st International Conference on Embedded Systems, ES 2022Self aware security for real time task schedules in reconfigurable hardware platforms
2021, Self Aware Security for Real Time Task Schedules in Reconfigurable Hardware PlatformsMinimization of WCRT with Recovery Assurance from Hardware Trojans for Tasks on FPGA-based Cloud
2021, ACM Transactions on Embedded Computing Systems
Krishnendu Guha is presently an INSPIRE Ph.D. Fellow in A. K. Choudhury School of Information Technology (AKCSIT), University of Calcutta. He has completed his MTech from University of Calcutta in 2014, where he was the recipient of the University Gold Medal for securing the First Class First Rank. He was also awarded the prestigious INSPIRE Fellowship by the Department of Science and Technology, Government of India for carrying out his doctoral studies. His present research arena encompasses embedded security, with a flavor of artificial intelligence and nature inspired strategies.
Atanu Majumder is a Ph.D student in A. K. Choudhury School of Information Technology (AKCSIT), University of Calcutta. He has completed his MTech from University of Calcutta in 2016 and is also the recipient of Rajiv Gandhi National Fellowship award from University Grants Council, Government of India. His research area deals with energy and performance efficient resource management in FPGA based heterogeneous virtualized platform.
Debasri Saha is presently an Assistant Professor in AKCSIT, University of Calcutta. Prior to this, she was associated with IIT, Patna as an Assistant Professor after completing her Ph.D. from Indian Statistical Institute (ISI), Kolkata. She was also the recipient of the University Gold Medal for securing the First Class First Rank in M.Tech in 2006 from University of Calcutta. Her research interests include VLSI design and its security issues, optimization and heuristic techniques.
Amlan Chakrabarti is presently Professor and Director of AKCSIT, University of Calcutta. He is also the Dean of Faculty for Engineering and Technology in University of Calcutta. Prior to this, he completed his post doctoral research in Princeton University after completing his Ph.D. from University of Calcutta in association with ISI, Kolkata. He is the recipient of DST BOYSCAST fellowship award in Engineering Science in 2011, Indian National Science Academy (INSA) Visiting Faculty Fellowship in 2014, JSPS Invitation Research Award in 2016 and Erasmus Mundus Leaders Award from EU in 2017 and Hamied Visiting Fellowship from Cambridge University in 2018. He has been associated with reputed international and national institutes of repute as a Visiting Professor like University of Cambridge (UK), City University of London (UK), University of Oradea (Romania), SUNY Buffalo (USA), GSI Helmholtz Research Laboratory (Germany), University of Bremen (Germany), CERN (Geneva), Kyushu Institute of Technology (Japan). His present research interests include VLSI Design, Quantum Computing and Embedded System Design.