An exploration of mechanisms for dynamic cryptographic instruction set extension

Instruction set extensions (ISEs) supplement a host processor with special-purpose, typically fixed-function hardware components and instructions to utilise them. For cryptographic use-cases, this can be very effective due to the demand for non-standard or niche operations that are not supported by general-purpose architectures. However, one disadvantage of fixed-function ISEs is inflexibility, contradicting a need for “algorithm agility”. This paper explores a new approach, namely the provision of reconfigurable mechanisms to support dynamic (run-time changeable) ISEs. Our results, obtained using an FPGA-based LEON3 prototype, show that this approach provides a flexible general-purpose platform for cryptographic ISEs with all known advantages of previous work, but relies on careful analysis of the associated security issues.

[1]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[2]  Benton H. Calhoun,et al.  Flexible Circuits and Architectures for Ultralow Power , 2010, Proceedings of the IEEE.

[3]  Jonathan Rose,et al.  Measuring the Gap Between FPGAs and ASICs , 2006, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[4]  Christof Paar,et al.  How Secure Are FPGAs in Cryptographic Applications? , 2003, FPL.

[5]  Jonathan M. Smith,et al.  FPGA Viruses , 1999, FPL.

[6]  Peter Marwedel,et al.  Scratchpad memory: a design alternative for cache on-chip memory in embedded systems , 2002, Proceedings of the Tenth International Symposium on Hardware/Software Codesign. CODES 2002 (IEEE Cat. No.02TH8627).

[7]  Amir Roth,et al.  Dataflow Mini-Graphs: Amplifying Superscalar Capacity and Bandwidth , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[8]  Régis Leveugle,et al.  Glitch and Laser Fault Attacks onto a Secure AES Implementation on a SRAM-Based FPGA , 2011, Journal of Cryptology.

[9]  Alexander Szekely,et al.  Performance Evaluation of Instruction Set Extensions for Long Integer Modular Arithmetic on a SPARC V8 Processor , 2007 .

[10]  Johann Großschädl,et al.  A Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2m) , 2004, Asia-Pacific Computer Systems Architecture Conference.

[11]  Anant Agarwal,et al.  Software-based instruction caching for embedded processors , 2006, ASPLOS XII.

[12]  Paolo Ienne,et al.  A high-level synthesis flow for custom instruction set extensions for application-specific processors , 2010, 2010 15th Asia and South Pacific Design Automation Conference (ASP-DAC).

[13]  Gary S. Tyson,et al.  Improving program efficiency by packing instructions into registers , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[14]  Paolo Ienne,et al.  Way Stealing: Cache-assisted automatic Instruction Set Extensions , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[15]  Johann Großschädl,et al.  Instruction Set Extensions for Efficient AES Implementation on 32-bit Processors , 2006, CHES.

[16]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[17]  Yvo Desmedt,et al.  Public-Key Systems Based on the Difficulty of Tampering (Is There a Difference Between DES and RSA?) , 1986, CRYPTO.

[18]  Ryan Kastner,et al.  Handbook of FPGA Design Security , 2010 .

[19]  I. Verbauwhede,et al.  Interfacing a high speed crypto accelerator to an embedded CPU , 2004, Conference Record of the Thirty-Eighth Asilomar Conference on Signals, Systems and Computers, 2004..

[20]  G.S. Sohi,et al.  Dynamic Instruction Reuse , 1997, Conference Proceedings. The 24th Annual International Symposium on Computer Architecture.

[21]  Charles R. Moore,et al.  IBM single chip RISC processor (RSC) , 1992, Proceedings 1992 IEEE International Conference on Computer Design: VLSI in Computers & Processors.

[22]  Catherine H. Gebotys,et al.  Tailoring a Reconfigurable Platform to SHA-256 and HMAC through Custom Instructions and Peripherals , 2009, 2009 International Conference on Reconfigurable Computing and FPGAs.

[23]  Michael J. Flynn,et al.  Microprogramming revisited , 1967, ACM '67.

[24]  Frank Vahid,et al.  Warp Processors , 2004, ACM Trans. Design Autom. Electr. Syst..

[25]  Chris Weaver,et al.  CryptoManiac: a fast flexible architecture for secure communication , 2001, ISCA 2001.

[26]  Gang Wang,et al.  Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[27]  Michael J. Flynn,et al.  Dynamic microprogramming: processor organization and programming , 1971, CACM.

[28]  Patrick Schaumont,et al.  Embedded software integration for coarse-grain reconfigurable systems , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[29]  Stamatis Vassiliadis,et al.  Interlock collapsing ALU for increased instruction-level parallelism , 1992, MICRO.

[30]  Ivan Gonzalez,et al.  Ciphering algorithms in MicroBlaze-based embedded systems , 2006 .

[31]  Marcin Wójcik,et al.  An Evaluation of Hash Functions on a Power Analysis Resistant Processor Architecture , 2011, WISTP.

[32]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004, 2004 International Conferce on Test.

[33]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[34]  Sanjay J. Patel,et al.  rePLay: A Hardware Framework for Dynamic Optimization , 2001, IEEE Trans. Computers.

[35]  Scott A. Mahlke,et al.  Application-Specific Processing on a General-Purpose Core via Transparent Instruction Set Customization , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[36]  Johann Großschädl,et al.  Light-Weight Instruction Set Extensions for Bit-Sliced Cryptography , 2008, CHES.

[37]  Seth Copen Goldstein,et al.  A High-Performance Flexible Architecture for Cryptography , 1999, CHES.

[38]  Jim Tørresen,et al.  Short-Circuits on FPGAs Caused by Partial Runtime Reconfiguration , 2010, 2010 International Conference on Field Programmable Logic and Applications.

[39]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[40]  Patrick Schaumont,et al.  Process Isolation for Reconfigurable Hardware , 2006, ERSA.

[41]  Tsuyoshi Takagi,et al.  Faster Implementation of eta-T Pairing over GF(3m) Using Minimum Number of Logical Instructions for GF(3)-Addition , 2008, Pairing.

[42]  Christof Paar,et al.  Security on FPGAs: State-of-the-art implementations and attacks , 2004, TECS.

[43]  Saar Drimer,et al.  Security for volatile FPGAs , 2009 .

[44]  Tim Güneysu,et al.  Generic Side-Channel Countermeasures for Reconfigurable Devices , 2011, CHES.

[45]  Hongjun Wu,et al.  The Hash Function JH , 2009 .

[46]  Johann Großschädl,et al.  Instruction Set Extensions for Pairing-Based Cryptography , 2007, Pairing.

[47]  Tolga Acar,et al.  Analyzing and comparing Montgomery multiplication algorithms , 1996, IEEE Micro.

[48]  Michael Winston Dales,et al.  Managing a reconfigurable processor in a general purpose workstation environment , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[49]  Hideharu Amano A Survey on Dynamically Reconfigurable Processors , 2006, IEICE Trans. Commun..