novel methods of augmenting high performance processors with security hardware

1

Novel Methods of Augmenting High Performance Processors with Security Hardware

Jonathan ValamehrPhD Defense, UC Santa Barbara

May 7, 2013

Committee:Prof. Timothy Sherwood (chair)

Prof. Fred ChongProf. Peter Michael Meliar-Smith

Prof. Theodore Huffmire

2

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Modern MicroprocessorsIntro/Motivation

3

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Modern MicroprocessorsIntro/Motivation

Commercial CPU tradeoffs:PerformancePowerAreaCost

Security

4

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Modern MicroprocessorsIntro/Motivation

SecurityConfidentiality IntegrityAvailability

5

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Modern Microprocessors

Flurry of hardware attacksSide channel attacks (Kocher 1996, Percival 2005, Bernstein 2005)

Power draw (Kocher et al. 1999, Jasper 2011)

EM analysis (Gandolfi et al. 2001 , Agrawal et al. 2002)

Physical tamperMemory remanence (Soden et al. 1995, Halderman et al. 2008)

Intro/Motivation

6

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Modern MicroprocessorsIntro/Motivation

High Assurance CPUsHigh development costsSmall market shareTime-consuming to

design Commercial hardware

still outperforms by 100x (and growing…)

7

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Modern MicroprocessorsIntro/Motivation

Commercial Processors

(high speed)

High Assurance Processors

(secure)

The solution

8

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

New Technology – 3D Integration

3D Integration2 or more dies stacked as one systemFoundry level option

Base Processor

CPUCPU

CPUCPU

L2 Cache(1x

SRAM)

L1

L1

Second die

3D Crypto

9

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Thesis Statement

The functionality of a processor can be extended after making minimal changes to its design. We introduce several novel methods of adding security to processors through the use of 3D Integration, resulting in secure processors that retain high performance.

Intro/Motivation

10

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Outline

Intro/Motivation -the what 3D Crypto -the why 3D Sec -the how 3D Extensible ISAs -the what else Conclusion

3D Crypto

11

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Crypto - Motivation

Current Crypto Co-processorsOff-die co-processor, or utilizing core in CMPsProne to tamper, vulnerable to side-channels Lower performance

Ideal Crypto Co-processorsHigh integrity of data being processedTamper-proof and immune to attacksHigh performance

3D Crypto

12

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Crypto Co-processor

Main Processor

CPUCPU

CPUCPU

L2 Cache(1x

SRAM)

L1

L1

Crypto Co-processor

Dedicated Crypto

Memory

Crypto Control

AESRSA

RNGD-HDESMD5

RC4

3D Crypto

13

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Security Ramifications

Threat Models (Valamehr et al. 2011)

Physical tamperMemory remanenceAccess-driven cache side-channel attacksTime-driven cache side-channel attacksFault analysisElectromagnetic analysisPower analysisThermal analysis

3D Crypto

14

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Perf/Power/Area/Cost

Potential cost savings with 3DUse of older technologies

Relationship between:PerformancePowerCostArea

3D Crypto

15

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Perf/Power/Area/Cost3D Crypto

16

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Outline

Intro/Motivation -the what 3D Crypto -the why 3D Sec -the how 3D Extensible ISAs -the what else Conclusion

3D Security

17

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Current Trends

Ideal: Fast and affordable high assurance systemsResilient against attacks Low costHigh performance

3D Security

18

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Solution

3D IntegrationOptional security layer

Base Processor

CPUCPU

CPUCPU

L2 Cache(1x

SRAM)

L1

L1

Second die

3D Security

19

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D-Sec: Idea

Past Work: 3D Passive Monitors (Mysore et al. 2006)

Analyze data from base processor

Our Contribution – 3D Active Monitors (Valamehr et al. 2010)

Information flow controlArbitration of communicationPartitioning of resources

3D Security

20

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D-Sec: Idea

Benefits with 3D Integration

Security Architecture Performance Access to internal signals

Security separate

Off-chip coprocessor Low No Yes

On-chip High Yes No

3D layer High Yes Yes

3D Security

21

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D-Sec: Idea

ChallengeNormal operation if 3D layer absentSecurity functions if 3D layer present

3D Security

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

22

3D Security Layer – Circuit Level Primitives

Circuit-level primitives for an active monitor

(a) Tapping (b) Re-routing (c) Overriding (d) Disabling= 3D layer connections = Signal flow

3D Security

23

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – Tapping

Tapping sends requested signal to the 3-D control plane

Tapping

3D Security

24

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – Disabling

Disabling effectively blocks the transmission of signals

Disabling

X

3D Security

25

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – Disabling

Theoretical 3-D Application: Mutual Trust Shared Bus Protocols

Shared L2 $

Core 1

L1 $

Core 0

L1 $

Shared Bus

= Post to the 3-D control plane

= Signal flow

... …

3D Security

26

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – Re-routing

Re-routing sends requested signals to 3-D plane, and blocks their original transmission

Re-routing

X

3D Security

27

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – Re-routing

Theoretical 3-D Application: Crypto Co-processor

Standard Execution Pipeline

AES3-D

Control Plane

1. Crypto Instruction 2. Result

Reg File

L1 $

Crypto Control Unit

1.

2.

Computation Plane

RSA DES … …

… …

INST

3D Security

28

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – Overriding

Overriding blocks transmission of signal, while simultaneously injecting a new value

Overriding

3D Security

29

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Gate-level primitives

3D Security Layer – Gate Level Primitives

in outin

out

inout

in out

Tapping Rerouting

DisablingOverriding

3D Security

30

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – General Primitive

General primitive

3D Security

31

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security

Area overhead of general primitive(s)Design Area of design

(90nm Library Area Units)

1 General Primitive 84.1

128 General Primitives 10764.8

5-Stage MIPS Pipelined Processor 240,000

4.5% increase

3D Security

32

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Background – Side-Channel Attacks

Access-driven cache attack (Percival 2005)

Victim Process

Shared Cache

Attacker Process

3D Security

33

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – Example Application

3-D Cache Eviction MonitorKeep trusted process cache lines lockedMaintain secrecy of the private key

3D Security

34

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – Example Application

3D Cache Eviction Monitor

3D Security

35

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Security Layer – Example Application

Cache Performance

3D Security

36

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Outline

Intro/Motivation -the what 3D Crypto -the why 3D Sec -the how 3D Extensible ISAs -the what else Conclusion

3D Extensible ISAs

37

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Extensible ISAs - Idea

3D layer that implements new instructionsConnects to control unit on existing processorMay have new functional unitsExtends the ISA of processorAllows reuse of fast processor

ExamplesMultimediaCryptoOther ISAs

3D Extensible ISAs

38

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Extensible ISAs - Approach

Use circuit-level primitives Find hook points

What data does the 3D layer need?Which signals does the 3D need to change?

Design Control unit with free opcodesSet aside a set of opcodes as available – NoOPs on

base layer Stall signal (for “asynchronous” execution)

3D Extensible ISAs

39

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Circuit-Level Primitives

Tapping

Rerouting

Overriding

3D Extensible ISAs

40

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Hook Points

Read opcode and register addresses (Tap)

If opcode isn’t covered: NoOP

Route register values if shared with 3-D layer (Reroute)

Replace data (Override)

3D Extensible ISAs

3-D instruction module

41

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Control Unit Design

Design Control unit with free opcodesSet aside a set of opcodes as availableNoOPs on base layerEnsure they are explicitly defined

Increase writeback mux size

3D Extensible ISAs

42

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Proof-Of-Concept 3D Extensible ISAs

43

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Results

5-stage pipelined CPUTested benchmarks for verification and execution time

5-stage + AES coreTested benchmarks for verification and execution time

– matched 5-stage by itself Insert Crypto instructions in benchmarkAES core executes and writes back correctly

3D Extensible ISAs

44

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

3D Extensible ISAs

Area overhead of general primitive(s)Design Area of design

(90nm Library Area Units)

1 General Primitive 84.1

105 General Primitives 8831

AES core 34,870

5-Stage MIPS Pipelined Processor 240,000

3.7% increase

3D Extensible ISAs

45

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Outline

Intro/Motivation -the what 3D Crypto -the why 3D Sec -the how 3D Extensible ISAs -the what else Conclusion

Conclusion

46

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Future Directions

Practical extensionsSets of general hook points3DSec applications3D ISA - heterogeneous architectures

Physical realizations3DSec chipTest functions

Conclusion

47

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Publications

• A 3D Split Manufacturing Approach to Trustworthy System DevelopmentJonathan Valamehr, Timothy Sherwood, Ryan Kastner, David Marangoni-Simonsen, Ted Huffmire, Cynthia Irvine, and Timothy Levin. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), Special Section on Three-dimensional Integrated Circuits and Microarchitectures, Vol. 32, No. 4, Pages 611-615.

• A Qualitative Security Analysis of a New Class of 3-D Integrated Crypto Co-processorsJonathan Valamehr, Ted Huffmire, Cynthia Irvine, Ryan Kastner, Cetin Kaya Koc, Timothy Levin, and Timothy Sherwood. Festschrift Jean-Jacques Quisquater, to appear, D. Naccache, editor, LNCS Nr. 6805, Springer, 2011.

• Hardware Assistance for Trustworthy Systems through 3-D IntegrationJonathan Valamehr, Mohit Tiwari, and Timothy Sherwood, Ryan Kastner, Ted Huffmire, Cynthia Irvine and Timothy Levin. Proceedings of the Annual Computer Security Applications Conference (ACSAC), December 2010. Austin, Texas.

• Hardware Trust Implications of 3-D IntegrationTed Huffmire, Timothy Levin, Michael Bilzor, Cynthia Irvine, Jonathan Valamehr, Mohit Tiwari, Timothy Sherwood, and Ryan Kastner. Workshop on Embedded Systems Security (WESS), October 2010. Scottsdale, Arizona.

• Trustworthy System Security through 3-D Integrated HardwareTed Huffmire, Jonathan Valamehr, Timothy Sherwood, Ryan Kastner, Timothy Levin, Thuy D. Nguyen, and Cynthia Irvine. Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2008) June 2008. Anaheim, CA.

• High-Assurance System Support through 3-D IntegrationTheodore Huffmire, Tim Levin, Cynthia Irvine, Thuy Nguyen, Jonathan Valamehr, Ryan Kastner, and Tim Sherwood. NPS Technical Report NPS-CS-07-016, November 2007.

Conclusion

48

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Publications

• Inspection Resistant Memory ArchitecturesJonathan Valamehr, Andrew Putnam, Daniel Shumow, Melissa Chase, Seny Kamara, Vinod Vaikuntanathan, and Timothy Sherwood. IEEE Micro: Micro's Top Picks from Computer Architecture Conferences (IEEE Micro - top pick), May-June 2013.

• Inspection Resistant Memory: Architectural Support for Security from Physical ExaminationJonathan Valamehr, Andrew Putnam, Daniel Shumow, Melissa Chase, Seny Kamara, Vinod Vaikuntanathan, and Timothy Sherwood. Proceedings of the International Symposium of Computer Architecture. (ISCA), June 2012. Portland, Oregon.

• Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow SecurityMohit Tiwari, Jason Oberg, Xun Li, Jonathan Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T Chong, and Timothy Sherwood. in Proceedings of the International Symposium of Computer Architecture (ISCA), June 2011. San Jose, CA.

• A Small Cache of Large Ranges: Hardware Methods for Efficiently Searching, Storing, and Updating Big Dataflow TagsMohit Tiwari, Banit Agrawal, Shashidhar Mysore, Jonathan Valamehr, and Timothy Sherwood. Proceedings of the International Symposium on Microarchitecture (Micro), November 2008. Lake Como, Italy.

• Designing Secure Systems on Reconfigurable HardwareTed Huffmire, Brett Brotherton, Nick Callegari, Jonathan Valamehr, Jeff White, Ryan Kastner, and Tim Sherwood. ACM Transactions on Design Automation of Electronic Systems (TODAES) Vol 13 No 3, July 2008.

• Opportunities and Challenges of using Plasmonic Components in Nanophotonic Architectures Hassan Wassel, Daoxin Dai, Luke Theogarajan, Jennifer Dionne, Mohit Tiwari, Jonathan Valamehr, Frederic Chong, and Timothy Sherwood. IEEE Journal on Emerging and Selected Topics in Circuits and Systems (JETCAS) To appear

• Towards Chip-Scale Plasmonic InterconnectsHassan M. G. Wassel, Mohit Tiwari, Jonathan Valamehr, Luke Theogarajan, Jennifer Dionne, Frederic T. Chong, and Timothy Sherwood. Workshop on the Interaction between Nanophotonic Devices and Systems (WINDS) December 2010. Atlanta, Georgia.

Conclusion

49

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Acknowledgements

Labmates Committee members Collaborators at NPS, UCSD, MSR, GA Tech Janet Kayfetz

Conclusion

50

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Start up in Palo Alto, CA

What’s next?Conclusion

51

3-D Security

Thank you!

52

Intro/Motivation 3D Crypto 3D Security 3D Extensible ISAs Conclusion

Thesis Statement

The functionality of a processor can be extended after making minimal changes to its design. We introduce several novel methods of adding security to processors through the use of 3D Integration, resulting in secure processors that retain high performance.

Intro/Motivation