Criticality based reliability against hardware Trojan attacks for processing of tasks on reconfigurable hardware

https://doi.org/10.1016/j.micpro.2019.102865Get rights and content

Abstract

An important aspect of mixed critical systems is to execute tasks of varied criticality on the same platform. The property of full or partial reconfiguration at runtime of reconfigurable hardware or field programmable gate arrays (FPGAs) has satisfied this criterion and facilitated the processing of mixed critical tasks directly on hardware, with the aid of reconfigurable intellectual properties (IPs) or bitstreams procured from various third party IP (3PIP) vendors. However, the existing literature in this arena does not consider the associated hardware threats. Such threats are particularly dangerous as related malware like Hardware Trojan Horses (HTHs) remain dormant during testing and evade detection, but get activated at runtime and jeopardize mission critical applications. Though several works exist on hardware security, none focus on reliability driven mixed critical task processing on reconfigurable hardware against HTH attacks. In this work, we initially explore how HTHs implanted by 3PIP vendors in the bitstreams may cause active attacks. Then, we develop strategies to ensure reliability for processing of mixed critical tasks on reconfigurable hardware. Both periodic and non-periodic, i.e. aperiodic or sporadic tasks are considered. We also focus on resource constrained environments, where we adhere to frequency scaling to facilitate accommodation of tasks on limited resources. We experiment with a variety of bitstreams and performance evaluation is performed via metrics such as task success rate, task rejection rate and task preemption rate.

Introduction

Advent of reconfigurable hardware or field programmable gate arrays (FPGAs) has facilitated execution of varied tasks directly on the same hardware platform, via its property of full or partial reconfiguration at runtime [5]. Such flexibility was absent in prior hardware based application specific integrated circuit (ASIC) platforms, where reuse of hardware for a different task execution was not possible. Hence, FPGAs find usage in wide application arenas which range from automation to aviation to nuclear reactors [2]. Such systems are mixed critical in nature, where tasks of different criticality need to be executed on a common platform, in order to optimize resource and reduce design cost and energy consumption [3].

Tasks in a mixed critical system are strictly classified into various levels of criticality, as per the industrial standards of the associated application domain. For instance, criticality of tasks is classified into five levels from A to E, for avionics as per the DO-178B specification [4]. Likewise, ISO 26262 introduces four levels of criticality to ensure safety in automobiles [6]. Significant attention has been vested in developing approaches for classifying criticality of tasks based on the application domain [7].

The level of security must also vary as per the criticality of tasks in order to ensure reliability of mixed critical systems [3], [8]. More resource and care must be dedicated for executing high critical tasks like steering or braking operations of an automobile, than operations of lower critical tasks like the infotainment system. As a malfunction associated in the former will cost the loss of life, while vulnerability in the latter will only affect the mood of the user.

Previously, prime focus among researchers was to ensure security in software as hardware was considered trusted. The trend was similar even for mixed critical systems. Works exist which demonstrate scheduling and execution of tasks directly on FPGAs [9]. But these do not consider associated hardware threats, which have gained significant importance over the last few years [10]. Thus, it is of utmost importance to analyze effects of hardware attacks on mixed critical systems and propose effective strategies to ensure reliability for such scenarios.

The modern semiconductor industry has adopted the globalization strategy for system on chip (SoC) designing. Integrating intellectual properties (IPs) procured from various third party IP (3PIP) vendors and outsourcing different phases of SoC design to different parts of the world are commonly used in the globalization methodology. Though such techniques facilitate reduction of SoC design cost and meeting of stringent marketing deadlines, the element of hardware trust has been evicted [10]. Trustworthiness issues are related to both the 3PIP vendors who supply the design IPs, as well as with the outsourced sites like the foundries. Possibility exists in the implantation of malicious circuitry by adversaries in the foundries during chip design [11]. Even the 3PIP vendors may also pose as adversaries and introduce malicious codes during the hardware description language (HDL) phase of IP generation [22], [29]. Such malicious modifications are commonly termed as Hardware Trojan Horses (HTHs). HTHs are dangerous as they bypass detection during testing by remaining dormant, and exhibit their stealthy nature at runtime via pre-decided activation mechanisms set by adversaries and affect real time task processing [12].

Operations associated with reconfigurable hardware or FPGAs are even prone to hardware attacks. For the execution of a particular task on an FPGA, the related bitstream or reconfigurable IP (RIP) must configure fully or partially the FPGA fabric. Vulnerabilities can be present in the FPGA fabric as like other chips, development of FPGAs is also performed via the globalization strategy [13]. In addition to this, the RIPs which are procured from the 3PIP vendors may also be infected with HTHs [22], [29]. Reliability of fabricated devices like FPGAs can be ensured by standard authentication mechanism like physical unclonable functions (PUFs) [16], [17]. But reliability of RIPs is a concern as no full proof authentication strategy is available for RIPs, which are generally reused and recycled.

The existing literature on criticality based reliability driven execution of mixed critical tasks is limited to software [3]. Analysis of HTH attacks and associated reliability strategy for execution of mixed critical tasks on a reconfigurable hardware platform is still awaited.

In this work, our prime objective is to ensure reliability driven execution of tasks as per their criticality on a reconfigurable hardware or FPGA, from HTH attacks. We additionally focus on resource constrained environment to facilitate the objective, which is a greater challenge. For the present work, we consider only vulnerabilities associated with bitstreams procured from 3PIP vendors and consider the FPGA fabric secured via a PUF mechanism [17]. We first analyze in the threat model, how HTH affected bitstreams or RIPs may affect hardware related mixed critical task executions. The tasks may be periodic or non-periodic, i.e. aperiodic or sporadic in nature. For periodic tasks, a reliable task schedule must be generated offline, which needs to be strictly obeyed online. Initially, we propose a reliability driven scheduling approach as per the criticality of tasks for a normal scenario, where no resource limitation is present. Then, we adhere to frequency scaling via dynamic clock management module of FPGAs to facilitate the same objective for a resource constrained environment. For non-periodic tasks, dedicated resources are usually deployed for their execution. We propose a self aware strategy which facilitates criticality based reliable execution of non-periodic tasks from HTH attacks within suitable time frames of the periodic task schedule on the same reconfigurable hardware platform. Performance evaluation is performed via metrics, task success rate, task rejection rate and task preemption rate. A preliminary version of this article is presented in [30].

Our main contributions in this work are:

  • (i)

    Analyzing how vulnerability associated with RIPs or bitstreams, procured from untrustworthy 3PIP vendors may jeopardize mixed critical real time task operations (with focus on dependent tasks).

  • (ii)

    Generation of reliability driven mixed critical periodic task schedule according to their criticality, with additional focus on resource constrained environments.

  • (iii)

    Proposing a self aware strategy for reliable execution of non-periodic tasks within suitable time frames of the periodic task schedule, on the same reconfigurable hardware platform.

This paper is organized as follows. A related background is discussed in Section 2. Section 3 describes the system model, while threat modeling is performed in Section 4. Section 5 discusses the strategy to ensure reliability. Reliability driven periodic task scheduling, with additional focus on resource constrained environment is presented in Section 6. Section 7 provides a self aware strategy for reliability driven handling of non-periodic tasks. Experimentation and result analysis is discussed in Section 8. Finally, the article concludes in Section 9.

Section snippets

Background

Significant attention was given in the arena of hardware security by researchers, after the US Government of Defense recognized HTHs as a significant threat to mission critical applications in 2005 [1]. As HTHs remain dormant during testing, generic test time strategies are ineffective in counteracting their malicious behavior. Techniques which are commonly used to detect and mitigate the effect of HTHs are provided in [10]. These are broadly categorized into test time detection techniques,

Task model considered

A task in a mixed critical system can be represented as Ti={αi,ϵi,δi,ρi,χi}, where the metrics αi, ϵi, δi, ρi, χi represent the arrival time, worst case execution time, deadline, related bitstream reconfiguration time on an FPGA and criticality level of task Ti respectively.

In this subsection, we classify such tasks based on their criticality, time of arrival and dependency.

Threat modeling

For this work, the FPGA device is considered trusted via a secure time bounded PUF based authentication mechanism [17]. The point of concern is the RIPs or bitstreams, which configures the FPGA VPs at runtime, as they are procured from untrustworthy 3PIP vendors. Moreover, insertion of HTHs in the HDL phase of bitstream generation is quite simple and hard to detect [20]. As, such malware insertion comprise only a few lines of additional HDL codes, which do not produce significant overhead in

Strategy for criticality based reliability

As discussed, existing works which ensure reliability for mixed critical tasks essentially focus on software. The approach is redundant task executions, followed by majority polling or result checking. The number of redundant operations depend on the criticality of the task [3].

For C1 tasks, triple redundancy, followed by majority polling is followed to facilitate FDC. Double redundancy with result checking is used to facilitate FD, for tasks with criticality C2. For C3 tasks, no redundancy or

Overview

For handling periodic tasks, we need to generate a mixed critical real time periodic task schedule offline, which will be strictly followed online. As different tasks of same or different criticality must be executed in a common VP, hence, the size of the VP must not be bitstream specific. We consider all the VPs to be of the same size, so that any task can execute in any VP. Thus, the total number of VPs will determine the size of the reconfigurable platform.

Initially, we consider a normal

Overview

For aperiodic and sporadic tasks, reconfiguration time and execution time of bitstreams related to task execution is known. No information is present about task arrival time or deadline. Hence, runtime management is required.

We adhere to the Observe-Decide-Act (ODA) paradigm to propose a self aware approach in order to facilitate scheduling and execution of aperiodic and sporadic tasks in the same hardware platform as that of the periodic tasks. This is performed in the SP of the FPGA. A single

Experimental setup

Performance evaluation is performed via simulation based experiments. Diverse task sets are used with 40 types of operations from standard benchmarks like ISCAS 85, ISCAS 89, ITC 99, IWLS 2005, HLS 1992 to cryptocores. Bitstreams for processing of these tasks are generated by synthesizing the associated HDL codes in Xilinx Vivado platform and simulations are carried out in ISim platform. At least three bitstreams are generated for each task to ensure diversity.

We use ZYNQ (xc7z020-3clg484) as

Conclusion

Reconfigurable hardware is capable of executing tasks of varied criticality on the same platform via its property of full or partial reconfiguration at runtime and thus, finds wide usage in mixed critical systems. However, the existing literature does not explore criticality based reliability for mixed critical tasks when executed on reconfigurable platform against HTH attacks. In this work, we consider the FPGA device to be secured via a time bounded PUF, and analyze how vulnerabilities in

Conflict of interest

None.

Acknowledgment

This work is supported by the Department of Science and Technology, Government of India, INSPIRE Fellowship Number IF150916.

Krishnendu Guha is presently an INSPIRE Ph.D. Fellow in A. K. Choudhury School of Information Technology (AKCSIT), University of Calcutta. He has completed his MTech from University of Calcutta in 2014, where he was the recipient of the University Gold Medal for securing the First Class First Rank. He was also awarded the prestigious INSPIRE Fellowship by the Department of Science and Technology, Government of India for carrying out his doctoral studies. His present research arena encompasses

References (30)

  • S. Saha et al.

    Co-scheduling persistent periodic and dynamic aperiodic real-time tasks on reconfigurable platforms

    IEEE Trans. on Multi Scale Comp.

    (2018)
  • S. Bhunia et al.

    Hardware trojan attacks: Threat analysis and countermeasures

    Proceedings of the IEEE

    (2014)
  • K. Xiao et al.

    A novel built-in self-authentication technique to prevent inserting hardware Trojans

    IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems

    (2014)
  • F. Kounelis et al.

    Run-time effect by inserting hardware Trojans in combinational circuits

    Euromicro Conference on Digital System Design (DSD)

    (2017)
  • S.M. Sarkar et al.

    Design and validation for FPGA trust under hardware Trojan attacks

    IEEE Transactions on Multi-Scale Computing Systems

    (2016)

    • Cited by (5)

    Krishnendu Guha is presently an INSPIRE Ph.D. Fellow in A. K. Choudhury School of Information Technology (AKCSIT), University of Calcutta. He has completed his MTech from University of Calcutta in 2014, where he was the recipient of the University Gold Medal for securing the First Class First Rank. He was also awarded the prestigious INSPIRE Fellowship by the Department of Science and Technology, Government of India for carrying out his doctoral studies. His present research arena encompasses embedded security, with a flavor of artificial intelligence and nature inspired strategies.

    Atanu Majumder is a Ph.D student in A. K. Choudhury School of Information Technology (AKCSIT), University of Calcutta. He has completed his MTech from University of Calcutta in 2016 and is also the recipient of Rajiv Gandhi National Fellowship award from University Grants Council, Government of India. His research area deals with energy and performance efficient resource management in FPGA based heterogeneous virtualized platform.

    Debasri Saha is presently an Assistant Professor in AKCSIT, University of Calcutta. Prior to this, she was associated with IIT, Patna as an Assistant Professor after completing her Ph.D. from Indian Statistical Institute (ISI), Kolkata. She was also the recipient of the University Gold Medal for securing the First Class First Rank in M.Tech in 2006 from University of Calcutta. Her research interests include VLSI design and its security issues, optimization and heuristic techniques.

    Amlan Chakrabarti is presently Professor and Director of AKCSIT, University of Calcutta. He is also the Dean of Faculty for Engineering and Technology in University of Calcutta. Prior to this, he completed his post doctoral research in Princeton University after completing his Ph.D. from University of Calcutta in association with ISI, Kolkata. He is the recipient of DST BOYSCAST fellowship award in Engineering Science in 2011, Indian National Science Academy (INSA) Visiting Faculty Fellowship in 2014, JSPS Invitation Research Award in 2016 and Erasmus Mundus Leaders Award from EU in 2017 and Hamied Visiting Fellowship from Cambridge University in 2018. He has been associated with reputed international and national institutes of repute as a Visiting Professor like University of Cambridge (UK), City University of London (UK), University of Oradea (Romania), SUNY Buffalo (USA), GSI Helmholtz Research Laboratory (Germany), University of Bremen (Germany), CERN (Geneva), Kyushu Institute of Technology (Japan). His present research interests include VLSI Design, Quantum Computing and Embedded System Design.

    View full text
    © 2019 Elsevier B.V. All rights reserved.