Philipp Schubaur
ABSTRACT
Many IoT devices are trusted with critical tasks and therefore require solid device security. As a result, manufacturers search for cost-efficient and easy-to-integrate trust anchors, but common IT solutions, like a Trusted Platform Modules (TPMs) are often not suitable for Internet of Things (IoT) use cases. Simultaneously, the adoption of System on Chip (SoC) devices, integrating a set of ARM® cores and Programmable Logic (PL) within one package are on the rise in several industries. While the ARM® processors facilitate networking and graphical user interfaces, a Field Programmable Gate Array (FPGA) fabric enables real-time control or acceleration of AI applications on the edge. This paper presents a solution to combine these trends for the benefit of device security: an FPGA Implementation of a Security Module as Open Source (FISMOS). The security module focuses on simplicity, providing security capabilities by little expense of logic as well as engineering resources. FISMOS is based on the PicoRV32 soft-core processor and features an AXI memory interface for data exchange with its host. It enables secure symmetric and asymmetric cryptographic functions, key enclosure, and may serve as a trust anchor for the Linux kernel. This configuration allows for customized security functionalities and a robust segmentation between the encapsulated area of the FISMOS and the Linux OS.
- Arm. 2020. AMBA AXI and ACE Protocol Specification. https://developer.arm.com/documentation/ihi0022/h (Jan. 11, 2022).Google Scholar
- Lyonel Barthe, Luis Vitorio Cargnini, Pascal Benoit, and Lionel Torres. 2011. The SecretBlaze: A Configurable and Cost-Effective Open-Source Soft-Core Processor. In 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum. 310–313. https://doi.org/10.1109/IPDPS.2011.154Google ScholarDigital Library
- Mark Beal. 2017. Using RISC-V as a Security Processor for DARPA CHIPS and Commercial IoT. In 7th RISC-V Workshop Proceedings. https://riscv.org/proceedings/2017/12/7th-risc-v-workshop-proceedingsGoogle Scholar
- cliffordwolf. 2019. picorv32. https://github.com/cliffordwolf/picorv32 (Apr. 27, 2020).Google Scholar
- William Diehl, Abubakr Abdulgadir, Jens-Peter Kaps, and Kris Gaj. 2017. Side-channel resistant soft core processor for lightweight block ciphers. In 2017 International Conference on ReConFigurable Computing and FPGAs (ReConFig). IEEE, 1–8. https://ieeexplore.ieee.org/document/8279819Google ScholarCross Ref
- Lubos Gaspar, Viktor Fischer, Lilian Bossuet, and Milos Drutarovsky. 2011. Cryptographic Extension for Soft General-Purpose Processors with Secure Key Management. In 2011 21st International Conference on Field Programmable Logic and Applications. 500–505. https://doi.org/10.1109/FPL.2011.99Google ScholarDigital Library
- Lubos Gaspar, Viktor Fischer, Lilian Bossuet, and Robert Fouquet. 2012. Secure extension of FPGA general purpose processors for symmetric key cryptography with partial reconfiguration capabilities. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 5, 3 (2012), 1–13. https://doi.org/10.1145/2362374.2362380Google ScholarDigital Library
- GnuTLS. 2022. The GnuTLS Transport Layer Security Library. https://www.gnutls.org (July 21, 2022).Google Scholar
- C. Heinz, Y. Lavan, J. Hofmann, and A. Koch. 2019. A Catalog and In-Hardware Evaluation of Open-Source Drop-In Compatible RISC-V Softcore Processors. In 2019 International Conference on ReConFigurable Computing and FPGAs (ReConFig). 1–8. https://doi.org/10.1109/ReConFig48160.2019.8994796Google ScholarCross Ref
- Infineon. 2021. 32-bit AURIX™ TriCore™ Microcontroller. https://www.infineon.com/cms/en/product/microcontroller/32-bit-tricore-microcontroller (Nov. 8, 2021).Google Scholar
- ironPeak Services GCV. 2020. Crouching T2, Hidden Danger. https://ironpeak.be/blog/crouching-t2-hidden-danger/#security-issues (Apr. 14, 2021).Google Scholar
- David Kleidermacher. 2012. Embedded systems security : practical methods for safe and secure software and systems development. Elsevier, Amsterdam.Google Scholar
- Alexander Klimm, Oliver Sander, and Jurgen Becker. 2009. A microblaze specific co-processor for real-time hyperelliptic curve cryptography on xilinx fpgas. In 2009 IEEE International Symposium on Parallel & Distributed Processing. IEEE, 1–8. https://ieeexplore.ieee.org/document/5161204Google ScholarDigital Library
- Mbed-TLS. 2021. mbedtls. https://github.com/Mbed-TLS/mbedtls (July 21, 2022).Google Scholar
- Microchip Technology Inc.2021. ATECC508A. https://www.microchip.com/en-us/product/atecc508a (Nov. 7, 2021).Google Scholar
- Open Source Hardware Association. 2021. Best Practices for Sharing FPGA Designs. https://www.oshwa.org/best-practices-for-sharing-fpga-designs (Jan. 3, 2021).Google Scholar
- OpenSSL. 2022. OpenSSL. https://www.openssl.org (July 21, 2022).Google Scholar
- OpenTitan. 2021. OpenTitan Hardware Dashboard. https://docs.opentitan.org/hw (Mar. 22, 2021).Google Scholar
- David Patterson. 2017. The RISC-V reader an open architecture atlas. Strawberry Canyon LLC, San Francisco, CA.Google Scholar
- Pulse Security. 2019. Extracting Bitlocker Keys from a TPM. https://pulsesecurity.co.nz/articles/TPM-sniffing (Mar. 19, 2019).Google Scholar
- Schubaur. 2022. FISMOS. https://github.com/hsainnos/FISMOS (July 22, 2022).Google Scholar
- Philipp Schubaur. 2021. Choosing a RISC-V Core for Implementing an FPGA-Based Security Module. In Applied Research Conference 2021. OTH Amberg-Weiden, Amberg, Germany, 76–80. https://doi.org/10.25929/7mtt-nz04Google ScholarCross Ref
- John Shalf. 2020. The future of computing beyond Moore’s Law. Philosophical Transactions of The Royal Society A-mathematical Physical and Engineering Sciences (March 2020). https://doi.org/10.1098/rsta.2019.0061Google ScholarCross Ref
- Synopsys. 2022. mbed-tls. https://www.openhub.net/p/mbed-tls/analyses/latest/languages_summary (July 21, 2022).Google Scholar
- Team libtom. 2022. LibTomCrypt. https://www.libtom.net/LibTomCrypt (July 21, 2022).Google Scholar
- The T2 Development Blog. 2020. Plug’nPwn - Connect to Jailbreak. https://blog.t8012.dev/plug-n-pwn (Nov. 4, 2021).Google Scholar
- Trusted Computing Group Administration. 2019. TPM 2.0 Library. https://trustedcomputinggroup.org/resource/tpm-library-specification (Apr. 12, 2022).Google Scholar
- TUL. 2022. PYNQ-Z2. https://www.tulembedded.com/FPGA/ProductsPYNQ-Z2.html (July 21, 2022).Google Scholar
- Haixin Wang, Guoqiang Bai, and Hongyi Chen. 2010. A gbps ipsec ssl security processor design and implementation in an fpga prototyping platform. Journal of Signal Processing Systems 58, 3 (2010), 311–324. https://doi.org/10.1007/s11265-009-0371-2Google ScholarDigital Library
- Stephen Williams. 2022. Icarus Verilog. https://github.com/steveicarus/iverilog (June 27, 2022).Google Scholar
- wolfSSL. 2022. wolfSSL Embedded SSL/TLS Library. https://www.wolfssl.com/license (July 21, 2022).Google Scholar
- Xilinx. 2005. Using Look-Up Tables as Distributed RAM in Spartan-3 Generation FPGAs. https://www.xilinx.com/support/documentation/application_notes/xapp464.pdf (July 3, 2022).Google Scholar
- Xilinx. 2018. Zynq-7000 SoC First Generation Architecture. https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html (July 18, 2022).Google Scholar
- Xilinx. 2021. Vivado Design Suite. https://www.xilinx.com/products/design-tools/vivado.html (Mar. 22, 2021).Google Scholar
- Xilinx. 2022. Accessing BRAM In Linux. https://xilinx-wiki.atlassian.net/wiki/spaces/A/pages/18842412/Accessing+BRAM+In+Linux (Jan. 17, 2022).Google Scholar
Index Terms
- FISMOS – An FPGA Implementation of a Security Module as Open Source
Recommendations
The FPGA Prototyping Implementation of LEON3 SoC
ICICEE '12: Proceedings of the 2012 International Conference on Industrial Control and Electronics EngineeringThis paper presents a prototyping verification methodology of SoC, and implements the prototyping verification of LEON3 SoC. First, it builds the FPGA prototyping hardware platform, completes transplanting an ASIC into a FPGA platform, finishes ...
Makinote: An FPGA-Based HW/SW Platform for Pre-Silicon Emulation of RISC-V Designs
RAPIDO '24: Proceedings of the 16th Workshop on Rapid Simulation and Performance Evaluation for DesignEmulating chip functionality before silicon production is crucial, especially with the increasing prevalence of RISC-V-based designs. FPGAs are promising candidates for such purposes due to their high-speed and reconfigurable architecture. In this paper,...
FPGA design of EKF block accelerator for 3D visual SLAM
FPGA implementation of computing EKF gain and cross-covariance matrices is proposed.Exploiting cross-covariance matrix symmetry reduces computational and resource costs.EKF innovation matrix dimension allows for simple SA computational designs.Our ...
Comments