SoCFaSe : in quest for fast and secure SoC architectures

Over the past few years, Internet of Things (IoT) has gained a lot of attention. It is mainly due to significant improvements in technology, available processing power and efficiency. This allowed for the deployment of Artificial Intelligence (AI) techniques on these devices. The billions of smart devices connected worldwide nowadays are embedded with commodity sensors, real-time analysis and decision making. This evolution has resulted in IoT devices becoming intelligent, smart, and more responsive. Even though this fusion of physical and digital universe has proved to be beneficial in multiple sectors such as healthcare, autonomous driving, smart home, etc. Such a growth has also led to many security challenges especially with the rise in side-channel attack possibilities. As these devices collect a lot of data and the decision-making process is data driven; security of such devices becomes a necessity for safety-critical and time-critical applications. It is a well-known fact that security in any system comes with a cost. Further, each individual SoC component will require different type of protection mechanism. Therefore, the research question addressed in this dissertation is “how can we design a secure SoC with a good performance-area trade-off in order to meet today’s application requirements”. Hence, the purpose of this thesis is three-fold: firstly, to investigate, explore and understand the attack vectors possible on the currently deployed systems. Secondly, focus on individual SoC components to integrate security measures while maintaining a balance between performance and resource utilization. This is necessary as many IoT devices are constrained either due to available resources or the time sensitiveness of the decision they are required to make. And thirdly, to ensure that the designed system is able to adapt to the changing standards and offers future-proof security as well. In view of this, we wish to integrate the proposed architecture using RISC-V open standards. Additionally, employ post-quantum cryptographic algorithms to thwart threats due to the advent of quantum computers. One of the most common sources for booting OS in any embedded device is Flash/SD-card. As it is external to the system, it is easily accessible for tampering or snooping. It is very crucial for a system to allow execution of only authorized firmware as the security of whole system can be compromised using a malicious firmware. As a result, this work begins with the development and integration of a fully hardware based secure boot mechanism. The work also demonstrates that hardware-based secure boot is better in terms of performance and energy-efficiency than software-based as well as it reduces the overall threat surface. Thus, providing better security measures. Next, we developed a lightweight, low-power, and transparent memory encryption engine to protect the DRAM from cold-boot attacks, snooping, etc. We also provide detailed analysis of performance-area trade-off using four different case studies for real-time systems/edge computing. Further, to provide future-proof security, we performed analysis and acceleration of three different post-quantum algorithms for GPU platforms belonging to three different classes of mathematical problems: Learning with errors (LWE), Ring-LWE (RLWE) and Module-LWE (MLWE). The aim of this analysis is to understand different requirements in terms of computational aspects as well as memory, investigate optimization strategies etc. As both GPUs and FPGAs allow parallel execution of operations, we then utilized the lessons learnt from GPU implementation and other hardware optimization strategies to realize the smallest hardware accelerator for CRYSTALS-Dilithium, a NIST standardized lattice-based post-quantum digital signature scheme. As the lattice-based schemes are considered to be the most promising candidate, we further developed the secure boot architecture using the lattice-based hardware accelerator. We also integrated fault protection mechanisms to prevent bypassing of secure boot. Moreover, as the possible applications of AI is expanding, the need for embedding an AI accelerator in the SoC is also becoming important. This is to have faster response time and avoid latency issues by bringing the decision-making process towards the edge. As a result, we integrated the open-source neural network accelerator NVDLA in the SoC. We also conducted experiments to analyze the security of the accelerator using side-channel attacks and report our findings.