Sécurité haut débit pour les systèmes embarqués à base de FPGAs

" [...] Puis, l'on ferra des recepteurs de television bijoux, comme il y a des postes de TSF bijoux. Des postes de poches, grands comme une lampe electrique. Plus besoin d'acheter un journal, l'on se branchera sur l'emission d'information, ou sur l'editorial politique, ou sur la chronique de mode, ou sur le compte rendu sportif. Voir meme sur un probleme de mots croises. Et la rue presentera un singulier spectacle. " R. Barjavel, " La television, oeil de demain ", 1947. C'est ainsi que l'auteur de romans de science fiction et d'anticipation Rene Barjavel, avait predit des la fin des annees 40 l'avenement de ce que nous connaissons sous le nom de smartphones. Drole de scene, en effet, que de voir des individus deambuler dans les rues, les yeux rives sur l'objet au creux de leur main. Pour le meilleur et pour le pire, l'avenement de la mise en reseau a l'echelle mondiale a rendu les systemes embarques omnipresents dans notre quotidien. Desormais dans le nuage, le nombre d'information personnel en transit et les vitesses de transfert toujours plus importants, imposent une securite adequate. Cependant, le cout en general associe est economiquement dissuasif. Proposer des solutions de securite ad-hoc pour ces systemes restreints en ressources, est le propos de nos travaux. S'appuyant sur des techniques a la fois anciennes et recentes, nous montrons que le couple embarque/securite peut s'accorder, et eviter ainsi, une inevitable procedure de divorce.

[1]  Larry Carter,et al.  Universal classes of hash functions (Extended Abstract) , 1977, STOC '77.

[2]  George Varghese,et al.  Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[3]  Darko Kirovski,et al.  A Hardware-Software Platform for Intrusion Prevention , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[4]  G. Edward Suh,et al.  Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions , 2005, ISCA 2005.

[5]  M. Pasotti,et al.  An application specific embeddable flash memory system for non-volatile storage of code, data and bit-streams for embedded FPGA configurations , 2003, 2003 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.03CH37408).

[6]  Vincent Rijmen,et al.  Improved Impossible Differential Cryptanalysis of 7-Round AES-128 , 2010, INDOCRYPT.

[7]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[8]  Hongjun Wu,et al.  The Hash Function JH , 2009 .

[9]  Wolfgang Fichtner,et al.  FPGA parallel-pipelined AES-GCM core for 100G Ethernet applications , 2010, 2010 Proceedings of ESSCIRC.

[10]  Victor Shoup,et al.  On Fast and Provably Secure Message Authentication Based on Universal Hashing , 1996, CRYPTO.

[11]  Michael Mitzenmacher,et al.  Compressed bloom filters , 2001, PODC '01.

[12]  Takuji Nishimura,et al.  Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator , 1998, TOMC.

[13]  Sri Parameswaran,et al.  RIJID: Random Code Injection to Mask Power Analysis based Side Channel Attacks , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[14]  Aleksandar Milenkovic,et al.  Using instruction block signatures to counter code injection attacks , 2005, CARN.

[15]  A. M. Abdullah,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1997 .

[16]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[17]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.

[18]  Gang Zhou,et al.  Improving Throughput of AES-GCM with Pipelined Karatsuba Multipliers on FPGAs , 2009, ARC.

[19]  K. Shahzad,et al.  Evaluation and comparison of TCP and UDP over Wired-cum-Wireless LAN , 2006, 2006 IEEE International Multitopic Conference.

[20]  John W. Lockwood,et al.  Deep packet inspection using parallel Bloom filters , 2003, 11th Symposium on High Performance Interconnects, 2003. Proceedings..

[21]  Austin Rogers,et al.  Designing cost-effective secure processors for embedded systems: Principles, challenges, and architectural solutions , 2010 .

[22]  Christof Paar,et al.  Understanding Cryptography: A Textbook for Students and Practitioners , 2009 .

[23]  T. Uchida,et al.  Hardware-Based TCP Processor for Gigabit Ethernet , 2007, IEEE Transactions on Nuclear Science.

[24]  SolihinYan,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006 .

[25]  Takanori Isobe,et al.  A Single-Key Attack on the Full GOST Block Cipher , 2011, Journal of Cryptology.

[26]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[27]  Andrew G. Alleyne,et al.  UDP network communications for distributed wireless control , 2003, Proceedings of the 2003 American Control Conference, 2003..

[28]  Christof Paar,et al.  Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker , 2006, CHES.

[29]  John Viega,et al.  The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH , 2006, RFC.

[30]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[31]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[32]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[33]  Emil Jovanov,et al.  Architectures for run-time verification of code integrity , 2005 .

[34]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[35]  Jim Tørresen,et al.  Advanced partial run-time reconfiguration on Spartan-6 FPGAs , 2010, 2010 International Conference on Field-Programmable Technology.

[36]  Yu Sasaki,et al.  Finding Preimages in Full MD5 Faster Than Exhaustive Search , 2009, EUROCRYPT.

[37]  Jun Yang,et al.  Improving memory encryption performance in secure processors , 2005, IEEE Transactions on Computers.

[38]  Michael Mitzenmacher,et al.  Less hashing, same performance: Building a better Bloom filter , 2006, Random Struct. Algorithms.

[39]  Sri Parameswaran,et al.  Ensuring secure program execution in multiprocessor embedded systems: A case study , 2007, 2007 5th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[40]  Nasir D. Memon,et al.  SAFE-OPS: An approach to embedded software security , 2005, TECS.

[41]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[42]  Alex Biryukov,et al.  Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[43]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[44]  Tanja Zseby,et al.  Empirical evaluation of hash functions for multipoint measurements , 2008, CCRV.

[45]  Frederic T. Chong,et al.  Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[46]  Bart Preneel,et al.  Improved Meet-in-the-Middle Attacks on Reduced-Round DES , 2007, INDOCRYPT.

[47]  Guochu Shou,et al.  High-speed architectures for GHASH based on efficient bit-parallel multipliers , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[48]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[49]  Carl Eklund,et al.  National Institute for Standards and Technology , 2009, Encyclopedia of Biometrics.

[50]  Jonathan Rose,et al.  Measuring the Gap Between FPGAs and ASICs , 2006, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[51]  Andres Upegui,et al.  Self-Reconfigurable Pervasive Platform for Cryptographic Application , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[52]  Jürgen Becker,et al.  Power estimation and power measurement of Xilinx Virtex FPGAs: trade-offs and limitations , 2003, 16th Symposium on Integrated Circuits and Systems Design, 2003. SBCCI 2003. Proceedings..

[53]  Brian Rogers,et al.  Single-level integrity and confidentiality protection for distributed shared memory multiprocessors , 2008, 2008 IEEE 14th International Symposium on High Performance Computer Architecture.

[54]  G. Edward Suh,et al.  Efficient Memory Integrity Verification and Encryption for Secure Processors , 2003, MICRO.

[55]  Alex Biryukov,et al.  Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others , 2010, EUROCRYPT.

[56]  Antoine Joux,et al.  Collisions of SHA-0 and Reduced SHA-1 , 2005, EUROCRYPT.

[57]  Eli Biham,et al.  A Framework for Iterative Hash Functions - HAIFA , 2007, IACR Cryptol. ePrint Arch..

[58]  Guochu Shou,et al.  The Design and FPGA Implementation of GF(2^128) Multiplier for Ghash , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[59]  Pierre L'Ecuyer,et al.  TestU01: A C library for empirical testing of random number generators , 2006, TOMS.

[60]  Lionel Torres,et al.  Secure FPGA configuration architecture preventing system downgrade , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[61]  John M. DeDourek,et al.  Provision of QoS in wireless networks , 2004, Proceedings. Second Annual Conference on Communication Networks and Services Research, 2004..

[62]  Neil W. Bergmann,et al.  Embedded Linux as a Platform for Dynamically Self-Reconfiguring Systems-on-Chip , 2004, ERSA.

[63]  Tim Güneysu,et al.  Cryptanalysis with COPACOBANA , 2008, IEEE Transactions on Computers.

[64]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[65]  A Foundation for Secure Mobile DRM Embedded Security , 2006 .

[66]  Sasu Tarkoma,et al.  Theory and Practice of Bloom Filters for Distributed Systems , 2012, IEEE Communications Surveys & Tutorials.

[67]  Eli Biham,et al.  Miss in the Middle Attacks on IDEA and Khufu , 1999, FSE.

[68]  Cheng-Wen Wu,et al.  Design and test of a scalable security processor , 2005, Proceedings of the ASP-DAC 2005. Asia and South Pacific Design Automation Conference, 2005..

[69]  Carla E. Brodley,et al.  SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address , 2006, IEEE Transactions on Computers.

[70]  Adronis Niyonkuru,et al.  Security in Embedded Systems: Design Challenges , 2011 .

[71]  George Varghese,et al.  Network Algorithmics-An Interdisciplinary Approach to Designing Fast Networked Devices , 2004 .

[72]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[73]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[74]  Aleksandar Milenkovic,et al.  Hardware support for code integrity in embedded processors , 2005, CASES '05.

[75]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, Journal of Cryptology.

[76]  Robert T. Braden,et al.  Requirements for Internet Hosts - Communication Layers , 1989, RFC.

[77]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[78]  Jun Xu,et al.  Architecture Support for Defending Against Buffer Overflow Attacks , 2002 .

[79]  Xiangyu Zhang,et al.  SENSS: security enhancement to symmetric shared memory multiprocessors , 2005, 11th International Symposium on High-Performance Computer Architecture.

[80]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[81]  Edwin Naroska,et al.  A combined hardware and software architecture for secure computing , 2005, CF '05.

[82]  Aleksandar Milenkovic,et al.  An efficient runtime instruction block verification for secure embedded systems , 2006, J. Embed. Comput..

[83]  A. Yurdakul,et al.  Dynamic Partial Self-Reconfiguration on Spartan-III FPGAs via a Parallel Configuration Access Port ( PCAP ) , 2008 .

[84]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[85]  Kai-Min Chung,et al.  Why simple hash functions work: exploiting the entropy in a data stream , 2008, SODA '08.

[86]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[87]  Jürgen Becker,et al.  Real-time LUT-based network topologies for dynamic and partial FPGA self-reconfiguration , 2004, Proceedings. SBCCI 2004. 17th Symposium on Integrated Circuits and Systems Design (IEEE Cat. No.04TH8784).

[88]  Yul Kwon,et al.  The design and implementation of MAC security in EPON , 2006, 2006 8th International Conference Advanced Communication Technology.

[89]  Ely Porat,et al.  An Optimal Bloom Filter Replacement Based on Matrix Solving , 2008, CSR.

[90]  Ching Yuan Hu Solving Today ' s Design Security Concerns , 2010 .

[91]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[92]  Anna Pagh,et al.  Uniform hashing in constant time and linear space , 2003, STOC '03.

[93]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[94]  G. Marsaglia,et al.  Some Difficult-to-pass Tests of Randomness , 2022 .

[95]  Haoyu Song,et al.  Fast hash table lookup using extended bloom filter: an aid to network processing , 2005, SIGCOMM '05.

[96]  Lionel Torres,et al.  TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks , 2007, CHES.

[97]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[98]  Orr Dunkelman,et al.  The effects of the omission of last round's MixColumns on AES , 2010, Inf. Process. Lett..

[99]  Yang Lu,et al.  The Research and Efficient FPGA Implementation of Ghash Core for GMAC , 2009, 2009 International Conference on E-Business and Information System Security.

[100]  Kyu-Young Whang,et al.  A linear-time probabilistic counting algorithm for database applications , 1990, TODS.

[101]  Hongjun Wu,et al.  Improved Meet-in-the-Middle Cryptanalysis of KTANTAN (Poster) , 2011, ACISP.

[102]  Christof Paar,et al.  Implementation Options for Finite Field Arithmetic for Elliptic Curve Cryptosystems , 1999 .

[103]  H.-H.S. Lee,et al.  Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems , 2004, Proceedings. 13th International Conference on Parallel Architecture and Compilation Techniques, 2004. PACT 2004..

[104]  Jürgen Teich,et al.  Real-Time Configuration Code Decompression for Dynamic FPGA Self-Reconfiguration , 2004, IEEE International Parallel and Distributed Processing Symposium.

[105]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[106]  Tao Zhang,et al.  M-TREE: A high efficiency security architecture for protecting integrity and privacy of software , 2006, J. Parallel Distributed Comput..

[107]  Guy Gogniat,et al.  A Networked, Lightweight and Partially Reconfigurable Platform , 2008, ARC.

[108]  Marc Stevens,et al.  Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities , 2007, EUROCRYPT.

[109]  Mark Horowitz,et al.  Implementing an untrusted operating system on trusted hardware , 2003, SOSP '03.

[110]  Sri Parameswaran,et al.  IMPRES: integrated monitoring for processor reliability and security , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[111]  Srivaths Ravi,et al.  Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[112]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[113]  S. Srinivasa Rao,et al.  An optimal Bloom filter replacement , 2005, SODA '05.

[114]  Manhee Lee,et al.  I2SEMS: Interconnects-Independent Security Enhanced Shared Memory Multiprocessor Systems , 2007, 16th International Conference on Parallel Architecture and Compilation Techniques (PACT 2007).

[115]  Alex Orailoglu,et al.  Application specific non-volatile primary memory for embedded systems , 2008, CODES+ISSS '08.

[116]  Tim Güneysu,et al.  DSPs, BRAMs, and a Pinch of Logic: Extended Recipes for AES on FPGAs , 2010, TRETS.