by Radhen Hendarmawan (RISE)
In the rapidly evolving world of embedded systems, ensuring robust software security within System-on-Chip (SoC) environments is essential. At RISE, we explore a heterogeneous approach using Field-Programmable Gate Arrays (FPGAs) and develop toolkits to streamline hardware acceleration, offering software developers powerful solutions to bolster security and performance.
The rise of embedded systems across various industries has led to the widespread adoption of System-on-Chip (SoC) architectures, which integrate multiple components such as CPUs, memory, and custom hardware blocks onto a single chip. These systems, while compact and efficient, present unique challenges, especially in terms of software security. As cyber threats continue to grow in sophistication, securing SoC environments against vulnerabilities like Man-At-The-End (MATE) attacks, malware, and hardware trojans has become critical.
Traditional software-based security measures often struggle to keep up with the demands of SoC environments, particularly due to constraints related to power, processing capability, and the heterogeneous nature of these systems. To address these challenges, researchers at RISE have been investigating a heterogeneous approach to software security, leveraging FPGAs for their flexibility, performance, and energy efficiency. Additionally, we have developed a toolkit and framework that simplifies the process of creating hardware accelerators, enabling software developers to rapidly prototype and implement security solutions with minimal expertise in hardware complexity.
Why a Heterogeneous Approach?
SoC systems typically combine CPUs, GPUs, and custom hardware blocks, necessitating a multifaceted approach to security. Integrating FPGAs into these systems provides several advantages:
- Performance Efficiency: FPGAs excel in executing cryptographic algorithms, such as the Advanced Encryption Standard (AES), much faster than traditional processors due to their parallel processing capabilities. This is crucial for applications that require real-time data protection, such as secure communications and digital rights management.
- Energy Efficiency: Power consumption is a key concern in embedded systems, particularly for battery-operated devices. FPGA-based implementations of security algorithms have demonstrated significantly lower power consumption compared to software-based solutions on CPUs or ARM processors, making them ideal for energy-constrained environments.
- Flexibility and Reconfigurability: Unlike fixed-function hardware, FPGAs can be reprogrammed to adapt to evolving security threats or to implement different security protocols as needed. This reconfigurability allows for the dynamic adaptation of security measures, providing a robust defence against emerging cyber threats.
Toolkits and Frameworks for Rapid Prototyping
One of the challenges in leveraging FPGA technology is the complexity involved in designing hardware accelerators, which often requires specialised knowledge in hardware design and troubleshooting. To overcome this barrier, our team at RISE has developed a toolkit and framework that facilitates the rapid prototyping of hardware accelerators using high-level synthesis (HLS). This HW-SW co-design solution is designed to help software developers create Hardware Intellectual Property (IP) and accelerators without needing extensive expertise in hardware complexity.
Our toolkit streamlines the process of developing FPGA bitstreams by abstracting the low-level hardware details and providing a user-friendly interface for defining and configuring hardware functions. This allows developers to focus on software security algorithms and leave the intricacies of hardware design to the automated tools. The framework supports various high-level programming languages, enabling seamless integration with existing software workflows and reducing the time required to bring new security features to market.
Case Study: AES Implementation on FPGA
To demonstrate the effectiveness of our approach, we conducted a study comparing the performance, resource utilisation, and power consumption of AES implementations on different hardware platforms: CPU, ARM, and FPGA. The results were compelling:
- Performance: The FPGA implementation of AES128 achieved encryption latencies of 20ms, compared to 250ms on ARM and 100ms on CPU. This performance boost is essential for applications where speed is critical, such as in secure real-time communications.
- Resource Utilisation: While the FPGA required more resources, such as Look-Up Tables (LUTs) and Block RAMs (BRAMs), the trade-off was justified by the significant gains in performance and energy efficiency. Our toolkit played a crucial role in optimising resource usage, enabling efficient implementation without sacrificing performance.
- Power Consumption: The FPGA implementation consumed less power during encryption operations compared to both ARM and CPU platforms, underscoring its suitability for energy-sensitive applications like IoT devices.
Future Directions and Implications
The integration of FPGAs in SoC environments represents a significant advancement in software security. By leveraging their unique capabilities and our rapid prototyping toolkit, we can develop security solutions that are not only more efficient but also more adaptable to the ever-changing cyber threat landscape. Looking ahead, our research will focus on expanding the toolkit to support additional security mechanisms, such as secure key management and real-time intrusion detection, within FPGA-based SoCs.
This heterogeneous approach to software security holds immense potential across a wide range of applications, from consumer electronics to critical infrastructure. As cyber threats continue to evolve, the ability to dynamically adapt security measures will become increasingly important. At RISE, we are committed to advancing this field and providing the tools and solutions that will help safeguard the next generation of embedded systems.
Links:
[L1] Advanced Encryption Standard (AES) Overview: https://csrc.nist.gov/pubs/journal/2001/06/report-on-the-development-of-the-aes/final
[L2] Introduction to FPGAs: https://www.xilinx.com/products/silicon-devices/fpga/what-is-an-fpga.html
References:
[1] Xilinx, “Vivado design suite user guide: high-level synthesis,” UG902, 2023.
[2] M. Tehranipoor and F. Koushanfar, “A survey of hardware trojan taxonomy and detection,” IEEE Design & Test of Computers, vol. 27, no. 1, pp. 10–25, 2010.
Please contact:
Radhen Hendarmawan, RISE, Sweden
