SEPUFSoC: Using PUFs for Memory Integrity and Authentication in Multi-Processors System-on-Chip

A persistent problem for modern Multi-Processors System-on-Chip (MPSoCs) is their vulnerability to code injection attacks. By tampering with the memory content, attackers are able to extract secrets from the MPSoC and to modify or deny the MPSoC's operation. This work proposes SEPUFSoC (Secure PUF-based SoC), a novel flexible, secure, and fast architecture able to be integrated into any MPSoC. SEPUFSoC prevents execution of unauthorized code as well as data manipulation by ensuring memory integrity and authentication. SEPUFSoC achieves: i) efficiency, through the integration of a fast and lightweight hash function for Message Authentication Code (MAC) generation and integrity verification of the memory lines at runtime; and ii) lightweight security, through the use of a Physical Unclonable Function (PUF) to securely generate and store the cryptographic keys that are used for the authentication of each application. We discuss the security and performance of SEPUFSoC for single core and multi-core systems. Results show that the SEPUFSoC is a secure, fast, and low overhead solution for MPSoCs.

[1]  Jonathan M. McCune,et al.  OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms , 2013, CCS.

[2]  G. Edward Suh,et al.  Aegis: A Single-Chip Secure Processor , 2007, IEEE Design & Test of Computers.

[3]  Jean-Philippe Aumasson,et al.  SipHash: A Fast Short-Input PRF , 2012, INDOCRYPT.

[4]  Abhranil Maiti,et al.  Physical unclonable function and true random number generator: a compact and scalable implementation , 2009, GLSVLSI '09.

[5]  G. Edward Suh,et al.  Design and implementation of the AEGIS single-chip secure processor using physical random functions , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[6]  Holger Boche,et al.  Information Theoretic Security and Privacy of Information Systems , 2017 .

[7]  Guido Araujo,et al.  Computer security by hardware-intrinsic authentication , 2015, 2015 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[8]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[9]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.

[10]  Tim Güneysu,et al.  Security analysis of index-based syndrome coding for PUF-based key generation , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[11]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[12]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[13]  Martha Johanna Sepúlveda,et al.  Exploiting Bus Communication to Improve Cache Attacks on Systems-on-Chips , 2017, 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[14]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[15]  Matthias Hiller,et al.  Secure Execution Architecture based on PUF-driven Instruction Level Code Encryption , 2015, IACR Cryptol. ePrint Arch..

[16]  Mark Horowitz,et al.  Implementing an untrusted operating system on trusted hardware , 2003, SOSP '03.

[17]  Florian Wilde Large scale characterization of SRAM on infineon XMC microcontrollers as PUF , 2017, CS2@HiPEAC.

[18]  Paul Cuff,et al.  Information Theoretic Security and Privacy of Information Systems , 2016 .

[19]  Trevor Mudge,et al.  MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[20]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[21]  Matthias Hiller,et al.  Cherry-Picking Reliable PUF Bits With Differential Sequence Coding , 2016, IEEE Transactions on Information Forensics and Security.