Abstract
Dynamic data security in embedded systems is raising more and more concerns in numerous safety-critical applications. In particular, the data exchanges in embedded Systems-on-Chip (SoCs) using main memory are exposing many security vulnerabilities to external attacks, which will cause confidential information leakages and program execution failures for SoCs at key points. Therefore, this paper presents a security SoC architecture with integrating a four-parallel Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) cryptographic accelerator for achieving high-efficiency data processing to guarantee data exchange security between the SoC and main memory against bus monitoring, off-line analysis, and data tampering attacks. The architecture design has been implemented and verified on a Xilinx Virtex-5 Field Programmable Gate Array (FPGA) platform. Based on evaluation of the cryptographic accelerator in terms of performance overhead, security capability, processing efficiency, and resource consumption, experimental results show that the parallel cryptographic accelerator does not incur significant performance overhead on providing confidentiality and integrity protections for exchanged data; its average performance overhead reduces to as low as 2.65% on typical 8-KB I/D-Caches, and its data processing efficiency is around 3 times that of the pipelined AES-GCM construction. The reinforced SoC under the data tampering attacks and benchmark tests confirms the effectiveness against external physical attacks and satisfies a good trade-off between high-efficiency and hardware overhead.
Highlights
Modern embedded systems are gaining popularity in numerous security-sensitive sectors with great intrinsic reliability, high performance, and good functional adaptation, which are ideal control platforms for executing intensive real-time data processing tasks, such as in automotive, aerospace, avionic, and railway systems
Processors are at the heart of embedded systems: attackers can exploit hostile data to trick the internal interpreter into executing unintended commands or accessing unauthorized data, and they can get the confidential information of system and control the behavior of programs to perform malicious actions
The external memory should be initialized during the system initialization stage (Boot Process): first, the bitstream is duplicated from the external flash memory to Field Programmable Gate Array (FPGA) at power-up; the RAM blocks of inner FPGA are instated with the bootloader (U-Boot), which duplicates the kernel from flash memory to the external RAM Memory and establishes the mapping of memory space, and loader branches to the proper
Summary
Modern embedded systems are gaining popularity in numerous security-sensitive sectors with great intrinsic reliability, high performance, and good functional adaptation, which are ideal control platforms for executing intensive real-time data processing tasks, such as in automotive, aerospace, avionic, and railway systems. The widespread usages of embedded systems in safety-critical fields have made hardware system security as a prominent issue. The diversiform threats mainly arise from the untrusted IPs [2], vulnerable firmware and software [3], and even insecure communications with the other devices [4], which are the critical factors on damaging the security of embedded systems in safety-critical applications. Processors are at the heart of embedded systems: attackers can exploit hostile data to trick the internal interpreter into executing unintended commands or accessing unauthorized data, and they can get the confidential information of system and control the behavior of programs to perform malicious actions.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
