Secure multi faceted approach to intellectual property protection in embedded systems
MetadataShow full item record
Increasing software and technology development costs have raised interest in the protection of Intellectual Property (IP) in computer systems. Reverse engineering of programs often leads to IP exposure causing critical security breach. Research in secure architectures (SA) sheds new light on protecting IP embedded in their programs. However, many SA methods use encryption algorithms that are often limited in their applications to constrained environments of embedded systems. Latency encountered in the implementation of many encryption algorithms can significantly degrade the performance of SAs due to their impact on the critical path of the memory hierarchy. In addition, these designs typically are not optimized for hardware implementation or for the embedded systems environment. In this research, we present a Latency Aware Simple Encryption (LASE) framework for secure architectures in embedded systems. The LASE framework is designed for efficient implementation and performance in hardware, focusing on latency and flexibility as prime design goals. The generic hardware used in the LASE framework leads to a large inherent key size, which increases the security against hardware attacks, and obfuscation of the key schedule. We also present a series of key schedules as well as hardware extensions to increase the usability and flexibility of LASE. The basic LASE framework has been implemented using programmable logic and compared with implementations of the AES algorithm, with respect to power, latency, throughput, and chip area. The LASE implementation has less than 1/16 the latency and 1⁄4 the area of AES implemented on the same FPGA platform. Cryptanalysis of LASE is performed to determine the limits of the design parameters necessary to maintain a certain level of security. This includes minimum number of encryption rounds required based on block size, resistance to linear and differential cryptanalysis for a 128-bit block size with varying knowledge of the key schedule, and the effect of knowledge of the key schedule on cryptanalysis. We also explore the use of compilers to provide various security additions with minimal or no cost in performance, power, or hardware resources. These additions include a method for encrypting the instruction set of a processor based on a modified cipher block chaining (CBC) mode of operation, and using a compiler as a tool for program reordering and obfuscation of the machine code. These additions increase the difficulty of obtaining plaintext-ciphertext pairs necessary for performing cryptanalysis. Our detailed analysis show that these methods can be combined with the LASE framework and secure architecture techniques to obtain a design with security, power, performance, and hardware usage appropriate for many embedded applications.