Fort-NoCs: Mitigating the Threat of a Compromised NoC

Developed by Michael Ancajas, Dr. Koushik Chakraborty, and Dr. Sanghamitra Roy of Utah State University’s Electrical and Computer Engineering Department

 

Technical Summary

Three emerging technology trends in the modern world are conspiring to impose massive challenges in secure hardware design. First, the increasing integration of uncore components in a processor such as accelerators and IP cores with different signaling protocols necessitates the need for an efficient interconnect system. For example, there is a transition from bus-based crossbars connecting a few cores (e.g. Core i7) to an on-chip network connecting many cores.

Second, as Multiprocessor-System-on-Chip (MPSoC) development grows in complexity and cost, there is an increasing emphasis on employing third-party IP (3PIP) Network-on-Chip (NoC) blocks to connect these components for cost reduction purposes. Even if all other System-on-Chip (SoC) components are designed with the highest security standards, a malicious NoC that has access to all nodes can wreak havoc to an otherwise secure system.

Lastly, recent trends of using MPSoCs in cloud computing data centers, expose these systems to new threats as different co-scheduled applications (secure and non-secure) are forced to share underlying hardware resources. There is a potent threat posed by a third party NoC in an MPSoC cloud computing setup. A malicious third-party vendor can provide a compromised NoC by embedding a hardware Trojan within the IP block. This can facilitate a range of possible attacks with accomplice software, from covert communication to steal classified information to data corruption or simple denial of services.

Patent pending “Fort-NoCs” is a three-layer security mechanism for an MPSoC system with a potentially compromised communication platform. These security measures are introduced in the SoC firmware that interfaces the processing element with the network interface of the NoC. Fort-NoCs comprises: (1) a lower layer Data Scrambling (DS) that creates a stiff barrier for activation of a hardware Trojan in the NoC; (2) a middle layer Packet Certification (PC) that breaks the communication link between the untrusted NoC hardware and its accomplice thread; and (3) a top layer Node Obfuscation (NObf) that decouples the source and destination nodes of a communication to dramatically increase side-channel resilience. Combined together, our three-layer security mechanisms mitigate the threat of a C-NoC, with minimal power performance overhead.

 

Competitive Advantages

Fort-NoCs is a holistic layered approach to harden security on systems with a C-NoC by using all three techniques together. These techniques play complementary roles in hardware level protection by preventing the two-way communication between software and the hardware and introducing noise in the NoC data communication. This is accomplished with negligible overhead on performance and bandwidth of the NoC. On an average, DS adds 3.8% overhead, PC adds 2%, while NObf adds 0.01% increase in latency. Compared to the recently proposed state-of-the-art NoC-MPU, Fort-NoCs offers compelling advantages in power-performance overheads and threat resilience from a C-NoC.

 

Commercial Applications

•  Multicore systems

•  Anything involving NoCs

•  Security conscious companies

 

References

•  Ancajas, D.M.; Chakraborty, K.; Roy, S., "Fort-NoCs: Mitigating the threat of a compromised NoC," in Design Automation Conference (DAC), 2014 51st ACM/EDAC/IEEE , vol., no., pp.1-6, 1-5 June 2014 doi: 10.1145/2593069.2593144

 

Patent Information:
Category(s):
Computer Science
For Information, Contact:
Christian Iverson
Utah State University
435-797-9620
christian.iverson@usu.edu
Inventors:
Dean Ancajas Koushik Chakraborty Sanghamitra Roy
Keywords: