9.3 Special Session: RISC-V or RISK-V? Towards Secure Open Hardware

Printer-friendly version PDF version

Date: Thursday, March 28, 2019
Time: 08:30 - 10:00
Location / Room: Room 3

Georg Sigl, TUM, DE, Contact Georg Sigl

The end of Moore's law is pushing the renewed interest on entirely new computing and System-on-Chip (SoC) design approaches to meet the requirements of largely diverse applications. Cloud computing, Internet-of-Things and artificial intelligence are pushing the development of a wide variety of complex SoCs that integrate heterogeneous IP hardware components from different providers. Especially when it comes to building complex, highly customized SoCs, it will be desirable that SoC designers could select verified, open source hardware blocks in the same manner that software developers are doing today. Open source hardware opens a path towards an ultra-fast design cycle for complex and highly customized SOCs. RISC-V is a free and open instruction set architecture (ISA), which enables a new era of processor innovation. RISC-V has captured attention of research and industrial communities; however security is still a main concern in this architecture. RISC-V allows the development of open source hardware with hardware security extensions and secure coprocessors able to be checked by many users at the source level. This could be a further driver to create open source secure RISC-V implementations. Such implementations must resist microarchitectural attacks such as Meltdown or Spectre. Currently researchers often try to fix the michroarchitecture security problems in closed source hardware with software, while their origin is in hardware. Open source hardware allows the development of countermeasures open to a wide research community in both hardware and software together, yielding to much more secure and performant solutions. On the other hand unsecure RISC-V implementations pose a major threat on our systems. In order to avoid that RISC-V becomes a security RISK-V, more research and development in both architectural and microarchitectural security solutions is required. This special session focuses on chances and risks offered by open source hardware based on RISC-V. A trend in modern SoCs is the integration of a dedicated security module with its own CPU which is hardened against attacks. RISC-V processors hardened against hardware attacks could be an ideal open source secure element, which can be easily integrated into SOCs, offering a transparent open source trust anchor for SOCs. The first talk will give an example how to secure RISC-V processors against hardware attacks. RISC-V currently lacks security features provided in standard processors such as trusted execution environments or enclaves. While all the known approaches in this area have known weaknesses the open source hardware project offers new chances to improve enclave's security by new concepts. This area will be covered by the second presentation. Security modules usually need accelerators for standardized cryptographic operations. How to integrate security coprocessors in a RISC-V system will be covered by the third talk. The last presentation will give an application example where RISC-V based processors are integrated in a SOC for both, the data processing as a multicore system and one additional as a hardware security module. The session consists of four presentations ranging from isolated on- or off-chip secure elements based on RISC-V, open-source projects for building trusted execution environments (TEE) with secure hardware enclaves based on the RISC-V, design of side-channel and fault attack resistant of crypto accelerators based on RISC-V and an application example using a RISC-V based SOC.

TimeLabelPresentation Title
Stefan Mangard, Graz University of Technology, AT
Thomas Unterluggauer, Robert Schilling, Mario Werner and Stefan Mangard, Graz University of Technology, AT
RISC-V is an instruction-set architecture suitable for a wide variety of applications, which ranges from simple microcontrollers to high-performance CPUs. As an increasing number of commercial vendors plans to adopt the architecture in their products, its security aspects are becoming a major concern. For microcontroller implementations of RISC-V, one of the main security risks are attackers with direct physical access to the microchip. These physical attackers can perform highly powerful attacks that span from memory probing over power analysis to fault injection and analysis. In this paper, we give an overview on the capabilities of attackers with direct physical device access, common threat models, and possible countermeasures. In addition, we discuss in more detail current approaches to secure RISC-V processors against fault injection attacks on the microchip itself. First, we show how to protect the control flow against fault attacks by using an encrypted instruction stream and decrypting it in a newly added pipeline stage between the processor's fetch and decode unit. Second, we show how to protect conditional branches against fault injection by adding redundancy to the comparison operation and entangling the comparison result with the encrypted instruction stream. Finally, we discuss an approach to protect the address bus to the memory against tampering.
Ilia Lebedev, CSAIL, MIT, US
Ilia Lebedev, Kyle Hogan, Jules Drean, Dayeol Lee, Krste Asanović, Dawn Song and Srinivas Devadas, MIT, US
Recent widespread interest in trusted execution environments (TEEs) has given rise to a rich ecosystem of hardware security design starts. Of the many interpretations of a TEE, enclaves have emerged as a particularly compelling primitive: strongly isolated user-mode processes in a largely untrusted software environment. While the threat models employed by various enclave systems differ, the high-level guarantees they offer are largely the same: attestation of an enclave's initial state, as well as a guarantee of enclave integrity and privacy in the presence of a modelled adversary. This work describes Sanctorum, a small software TCB of a generic enclave-capable system, which is sufficient to implement secure enclaves akin to the primitive offered by Intel's SGX. While enclaves may be implemented via unconditionally trusted hardware and microcode, as is the case in SGX, we employ a TCB consisting largely of privileged software, which is authenticated, and may be replaced or patched as needed. Sanctorum is the trusted system software employed by the Sanctum and Keystone enclave systems, and implements a formally verified specification for enclaves on in-order multiprocessor system meeting baseline security requirements. Specifically, Sanctorum requires trustworthy hardware including a random number generator, a private cryptographic key pair derived via a secure bootstrapping protocol, and a robust isolation primitive to safeguard sensitive information. Sanctorum's threat model is informed by the threat model of the isolation primitive, and is suitable for adding enclaves to a variety of in-order processor systems.
Johanna Sepulveda, TUM, DE
Tim Fritzmann1, Uzair Sharif1, Daniel Mueller-Gritschneder1, Cezar Rodolfo Wedig Reinbrecht2, Ulf Schlichtmann1 and Johanna Sepulveda1
Increasingly complex and powerful Systems-on-Chips (SoCs), connected through a 5G network, form the basis of the Internet-of-Things (IoT). These technologies will drive the digitization in all domains, e.g. industry automation, automotive, avionics, and healthcare. A major requirement for all above domains is the long-term (10 to 30 years) secure communication between the SoCs and the cloud over public 5G networks. The foreseeable breakthrough of quantum computers represents a risk for all communication. In order to prepare for such an event, SoCs must integrate secure quantum-computer-resistant cryptography which is reliable and protected against SW and HW attacks. Empowering SoCs with such strong security poses a challenging problem due to limited resources, tight performance requirements and long-term life-cycles. While current works are focused on efficient implementations of post-quantum cryptography, implementation-security and reliability aspects for SoCs are still largely unexplored. To this end, we present two contributions. First, we discuss the challenges and opportunities of implementing reliable and secure post-quantum MPSoCs based on RISC-V architecture. Second, we introduce our RISC-V co-processor for post-quantum security, able to support different lattice-based algorithms. We show that our co-processor achieves reliability and security capabilities while presenting a good performance.
Matthias Hiller, Fraunhofer AISEC, DE
Lukas Auer1, Christian Skubich2 and Matthias Hiller1
1Fraunhofer AISEC, DE; 2Fraunhofer IIS / EAS, DE
New IoT applications are demanding for more and more performance in embedded devices while their deployment and operation poses strict power constraints. We present the security concept for a customizable Internet of Things (IoT) platform based on the RISC-V ISA and developed by several Fraunhofer Institutes. It integrates a range of peripherals with a scalable computing subsystem as a three dimensional System in-Package (3D-SiP). The security features aim for a medium security level and target the requirements of the IoT market. Our security architecture extends given implementations to enable secure deployment, operation, and update. Core security features are secure boot, an authenticated watchdog timer, and key management. The Universal Sensor Platform (USeP) SoC is developed for GLOBALFOUNDRIES' 22FDX technology and aims to provide a platform for Small and Medium-sized Enterprises (SMEs) that typically do not have access to advanced microelectronics and integration know-how, and are therefore limited to Commercial Off-The-Shelf (COTS) products.
10:00End of session
Coffee Break in Exhibition Area

Coffee Breaks in the Exhibition Area

On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area.

Lunch Breaks (Lunch Area)

On all conference days (Tuesday to Thursday), a seated lunch (lunch buffet) will be offered in the Lunch Area to fully registered conference delegates only. There will be badge control at the entrance to the lunch break area.

Tuesday, March 26, 2019

Wednesday, March 27, 2019

Thursday, March 28, 2019