

# A Survey on Hardware Security Techniques Targeting Low-Power SoC Designs

Alan Ehret<sup>1</sup>, Dr. Karen Gettings<sup>2</sup>, Bruce R. Jordan Jr<sup>2</sup>, Dr. Michel A. Kinsy<sup>1</sup> <sup>1</sup>Boston University, Boston, MA <sup>2</sup> MIT Lincoln Laboratory, Lexington, MA





### Introduction

- Embedded systems are integral part of modern life
- More devices are being made "Smart"
- Connected systems provide opportunities for theft, denial of service, etc.







# Security Challenges

- IoT deployment environment
  - Unattended
  - Physical access available
- Attackers may have unhindered access to devices for long durations
- Tight power/area budgets limit overhead available for security



Parking

**Meters** 







# Why Not Anti-Tamper?

- Increases size, weight, power consumption
  - Must always check for intrusions
- Adding security directly to IC hardware is more efficient
  - Circuit level security modules may be shut down with device



Point of sale device anti-tamper PCB – hackaday.com





### **Defense Categories**







### **Defense Categories**













# **Defense Categories**

- Processing Elements
- Volatile Memory
- Non-Volatile Memory







# **Defense Categories**







### **Processing Element Defenses**







### Secure Enclaves

- Dedicated hardware core
  - Isolate sensitive data
- Commercial examples
  - Apple SEP
  - ARM TrustZone
- Mitigates:
  - User and kernel software vulnerabilities
  - Application Processor sidechannels



[1] Apple, "los security."





)TCC

UNIVERSITY

# **Execution Obfuscation - Ascend**

- Mitigate side-channels in cloud environment
- Honest but curious cloud provider

• Power, I/O, Timing



[2] C.W.Fletcher, et al. "A secure processor architecture for encrypted computation on untrusted programs."



# **Physical Unclonable Functions**

- Use variation in manufacturing to uniquely ID a device
- Prevent impersonation of hardware
  - Silicon Fingerprints
- Useful for hardware based:
  - Key generation/storage
  - Device authentication







### Volatile Memory Defenses







# Memory Encryption & ORAM

- Prevent main memory leaks
- ORAM has greater overhead than memory encryption

|                      | Obfuscate<br>Contents | Obfuscate<br>Addresses | Obfuscate<br>Timing* |
|----------------------|-----------------------|------------------------|----------------------|
| Memory<br>Encryption | $\checkmark$          |                        |                      |
| Oblivious<br>RAM     | $\checkmark$          | $\checkmark$           | $\checkmark$         |

\*ORAM does not necessarily obfuscate timing but some implementations (see Ascend in [9]) add this functionality to obfuscate all aspects of the memory.





# Memory Encryption & ORAM



[3] E. Stefanov, et al. "Path oram: an extremely simple oblivious ram protocol,"[4] D. Kaplan, et al. "Amd memory encryption,"

**BOSTON** UNIVERSITY



# Non-Monopolizable Caches

- Reserve cache ways for threads of execution
  - Low hardware overhead
  - Moderate performance
    overhead
- Mitigate cache timing side-channels
  - Prevent threads from evicting each other's data



[5] L. Domnitser, et al. "Non-monopolizable caches: Lowcomplexity mitigation of cache side channel attacks."





### Non-Volatile Memory Defenses







INTRO

# Full Disk Encryption

- Protects Data-at-Rest
- Encryption key stored in RAM
- Data on disk protected while machine is off
- Key could be leaked by side channel
- Self Encrypting Drives (SED) vulnerable to Hot-Swap attacks
  - Requires physical access



[6] T. Muller, et al., "Self-encrypting disks pose self- decrypting risks,"



### Network-on-Chip Defenses







OTZC

UNIVERSITY

### NoC Interconnect

- Use IP from different sources
- Run multiple applications with different trust levels
  - Must prevent misuse of hardware resources
- NoC performs permission checks on traffic
  - Support virtual isolation of software stacks







# NoC Interconnect



NoC

**Protection Unit** 

Permission

Memory

RAM

• Improves performance



[7] Porquet J., et al. "NoC-MPU: A secure architecture for flexible co-hosting on shared memory MPSoCs. Department of Electrical & Computer Engineering



# **Defense Comparisons** Execution Obfuscation Limited Use Memory

| Execution<br>Secure Enc            | Memor<br>Obfusca | V Encryp     | Disi<br>Ise Men<br>Ition | K Encryp     | Cache A      | Irch. O      | PAM          | PUF          | tion         |
|------------------------------------|------------------|--------------|--------------------------|--------------|--------------|--------------|--------------|--------------|--------------|
| Access-Based Cache<br>Side-Channel | $\checkmark$     | $\checkmark$ |                          |              |              | $\checkmark$ | $\checkmark$ |              |              |
| Power-Based Cache<br>Side-Channel  |                  | $\checkmark$ |                          |              |              | $\checkmark$ | $\checkmark$ |              |              |
| Binary Reverse Engineering         |                  | $\checkmark$ |                          |              |              |              |              |              |              |
| In-Memory Data Theft               | $\checkmark$     |              | $\checkmark$             |              |              |              | $\checkmark$ |              | $\checkmark$ |
| On-Chip Data Theft                 | $\checkmark$     |              |                          |              |              | $\checkmark$ |              |              | $\checkmark$ |
| Data at Rest Theft                 |                  |              |                          | $\checkmark$ | $\checkmark$ |              |              |              |              |
| Counterfeiting                     |                  |              |                          |              |              |              |              | $\checkmark$ |              |
| On-Chip DoS                        |                  |              |                          |              |              |              |              |              | $\checkmark$ |

BOSTON UNIVERSITY



### Conclusion

- Low-power connected systems vulnerable to a variety of attacks
  - Increased potential for theft, denial of service

#### No one-size-fits-all solution

- Must analyze threat model for each system
- Consider size, weight, power budgets







BOSTON

UNIVERSITY

### References

[1] Apple, "los security," apple.com/business/docs/iOS Security Guide.pdf.

- [2] C.W.Fletcher, M.v.Dijk, and S.Devadas, "A secure processor architecture for encrypted computation on untrusted programs," in Proceedings of the seventh ACM workshop on Scalable trusted computing. ACM, 2012, pp. 3–8.
- [3] E. Stefanov, M. Van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas, "Path oram: an extremely simple oblivious ram protocol," in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 2013, pp. 299– 310.
- [4] D. Kaplan, J. Powell, and T. Woller, "Amd memory encryption," White paper, 2016.
- [5] L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev, "Nonmonopolizable caches: Low-complexity mitigation of cache side channel attacks," ACM Transactions on Architecture and Code Opti- mization (TACO), vol. 8, no. 4, p. 35, 2012.
- [6] T. Muller, T. Latzo, and F. C. Freiling, "Self-encrypting disks pose self- decrypting risks," in the 29th Chaos Communinication Congress, 2012, pp. 1–10.
- [7] Porquet, J.; Greiner, A.; Schwarz, C. NoC-MPU: A secure architecture for flexible cohosting on shared memory MPSoCs. In Proceedings of the 2011 Design, Automation & Test in Europe, Grenoble, France, 14–18 March 2011; pp. 1–4.