Abstract
System-on-chip (SoC) developers utilize Intellectual Property (IP) cores from third-party vendors due to increasing design complexity, cost as well as time-to-market constraints. A typical SoC consists of a wide variety of IP cores (such as processor, memory, controller, FPGA, etc.) that interact using a Network-on-Chip (NoC). This global trend of designing SoCs using third-party IPs raises serious concerns about security vulnerabilities. Since NoC facilitates communication between all IPs in an SoC, NoC is the ideal place for any malicious implants (such as hardware Trojans) to hide and launch a plethora of attacks. Due to the resource-constrained nature of SoCs, developing security solutions against such attacks is a major challenge. In particular, in an eavesdropping attack, a Trojan-infected router copies packets transferred through the NoC and re-routes the duplicated packets to an accompanying malicious application running on another IP in an attempt to extract confidential information. While authenticated encryption can thwart such attacks, it leads to performance and energy overhead in resource-constrained SoCs. In this chapter, we discuss a lightweight alternative defense based on digital watermarking techniques. The method is theoretically analyzed to evaluate its security. Experiments using realistic SoC models and diverse applications demonstrate that the approach can mitigate eavesdropping attacks while incurring minor overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Most NoCs facilitate flits, which is a further breakdown of a packet used for flow control purposes. We stick to the level of packets for the ease of explanation as this method remains the same at the flit level as well.
References
N. Agarwal, T. Krishna, L. Peh, N.K. Jha, Garnet: a detailed on-chip network model inside a full-system simulator, in 2009 IEEE International Symposium on Performance Analysis of Systems and Software (2009), pp. 33–42
A. Ahmed, F. Farahmandi, Y. Iskander, P. Mishra, Scalable hardware trojan activation by interleaving concrete simulation and symbolic execution, in 2018 IEEE International Test Conference (ITC) (IEEE, Piscataway, 2018), pp. 1–10
A. Ahmed, Y. Huang, P. Mishra, Cache reconfiguration using machine learning for vulnerability-aware energy optimization. ACM Trans. Embed. Comput. Syst. 18(2), 1–24 (2019)
Alteris FlexNoC Resilience Package, www.arteris.com/flexnoc-resilience-package-functional-safety [Online]
D.M. Ancajas, K. Chakraborty, S. Roy, Fort-NoCs: mitigating the threat of a compromised NoC, in 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC) (2014), pp. 1–6
M. Best, A. Brouwer, F. MacWilliams, A. Odlyzko, N.J.A.A. Sloane, Bounds for binary codes of length less than 25. IEEE Trans. Inf. Theory 24(1), 81–93 (1978)
N. Binkert, B. Beckmann, G. Black, S.K. Reinhardt, A. Saidi, A. Basu, J. Hestness, D.R. Hower, T. Krishna, S. Sardashti, R. Sen, K. Sewell, M. Shoaib, N. Vaish, M.D. Hill, D.A. Wood, The gem5 simulator. SIGARCH Comput. Archit. News 39(2), 1–7 (2011)
A.K. Biswas, Network-on-chip intellectual property protection using circular path–based fingerprinting. ACM J. Emerg. Technol. Comput. Syst. 17(1), 1–22 (2020)
A.K. Biswas, S.K. Nandy, R. Narayan. Router attack toward NoC-enabled MPSoC and monitoring countermeasures against such threat. Circuits Syst. Signal Process. 34(10), 3241–3290 (2015)
Bloomberg, The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
T. Boraten, A.K. Kodi, Packet security with path sensitization for NoCs, in 2016 Design, Automation Test in Europe Conference Exhibition (DATE) (2016), pp. 1136–1139
S. Charles, P. Mishra, Lightweight and trust-aware routing in NoC based SoCs, in IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (2020)
S. Charles, P. Mishra, Reconfigurable network-on-chip security architecture. ACM Trans. Des. Autom. Electron. Syst. 25(6), 1–25 (2020)
S. Charles, P. Mishra, Securing network-on-chip using incremental cryptography, in IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (2020)
S. Charles, H. Hajimiri, P. Mishra, Proactive thermal management using memory-based computing in multicore architectures, in International Green and Sustainable Computing Conference (IGSC) (2018), pp. 1–8
S. Charles, C.A. Patil, U.Y. Ogras, P. Mishra, Exploration of memory and cluster modes in directory-based many-core CMPs, in IEEE/ACM International Symposium on Networks-on-Chip (NOCS) (2018), pp. 1–8
S. Charles, A. Ahmed, U.Y. Ogras, P. Mishra, Efficient cache reconfiguration using machine learning in NoC-based many-core CMPs. ACM Transact. Des. Autom. Electron. Syst. 24(6), 1–23 (2019)
S. Charles, Y. Lyu, P. Mishra, Real-time detection and localization of DoS attacks in NoC based SoCs, in Design Automation & Test in Europe (DATE) (2019), pp. 1160–1165
S. Charles, M. Logan, P. Mishra, Lightweight anonymous routing in NoC based SoCs, in Design Automation & Test in Europe (DATE) (2020)
S. Charles, Y. Lyu, P. Mishra, Real-time detection and localization of distributed DoS attacks in NoC based SoCs. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 39(12), 4510– 4523 (2020)
S.V.R. Chittamuru, I.G. Thakkar, V. Bhat, S. Pasricha, Soteria: exploiting process variations to enhance hardware security with photonic NoC architectures, in 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC) (2018), pp. 1–6
H. Deng, X. Sun, B. Wang, Y. Cao, Selective forwarding attack detection using watermark in WSNs, in 2009 ISECS International Colloquium on Computing, Communication, Control, and Management, vol. 3 (IEEE, Piscataway, 2009), pp. 109–113
I. Dumer, D. Micciancio, M. Sudan, Hardness of approximating the minimum distance of a linear code. IEEE Trans. Inf. Theory 49(1), 22–37 (2003)
F. Farahmandi, P. Mishra, FSM anomaly detection using formal analysis, in 2017 IEEE International Conference on Computer Design (ICCD) (IEEE, Piscataway, 2017), pp. 313–320
F. Farahmandi, Y. Huang, P. Mishra, Trojan localization using symbolic algebra, in 2017 22nd Asia and South Pacific Design Automation Conference (ASPDAC) (IEEE, Piscataway, 2017), pp. 591–597
F. Farahmandi, Y. Huang, P. Mishra, System-on-Chip Security: Validation and Verification (Springer Nature, Cham, 2019)
J. Frey, Q. Yu, A hardened network-on-chip design using runtime hardware trojan mitigation methods. Integr. VLSI J. 56(C), 15–31 (2017)
U. Gupta, C.A. Patil, G. Bhat, P. Mishra, U.Y. Ogras, DyPo: dynamic pareto-optimal configuration selection for heterogeneous MpSoCs. ACM Trans. Embed. Comput. Syst. 16(5s), 1–20 (2017)
W. Hoeffding, Probability inequalities for sums of bounded random variables, in The Collected Works of Wassily Hoeffding (Springer, Berlin, 1994), pp. 409–426
A. Houmansadr, N. Borisov, BotMosaic: collaborative network watermark for the detection of IRC-based botnets. J. Syst. Softw. 86(3), 707–715 (2013)
A. Houmansadr, N. Kiyavash, N. Borisov, Rainbow: a robust and invisible non-blind watermark for network flows, in Proceedings of the NDSS (2009)
Y. Huang, P. Mishra, Vulnerability-aware energy optimization for reconfigurable caches in multitasking systems. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 38(5), 809–821 (2019)
Y. Huang, S. Bhunia, P. Mishra, MERS: statistical test generation for side-channel analysis based trojan detection, in ACM SIGSAC Conference on Computer and Communications Security (CCS) (2016), pp. 130–141
Y. Huang, S. Bhunia, P. Mishra, Scalable test generation for trojan detection using side channel analysis. IEEE Trans. Inf. Forensics Secur. 13(11), 2746–2760 (2018)
M. Hussain, A. Malekpour, H. Guo, S. Parameswaran, EETD: an energy efficient design for runtime hardware trojan detection in untrusted network-on-chip, in 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (2018), pp. 345–350
A. Iacovazzi, Y. Elovici, Network flow watermarking: a survey. IEEE Commun. Surv. Tutor. 19(1), 512–530 (2017)
L.S. Indrusiak, J. Harbin, M.J. Sepulveda, Side-channel attack resilience through route randomisation in secure real-time networks-on-chip, in 2017 12th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC) (2017), pp. 1–8
L.S. Indrusiak, J. Harbin, C. Reinbrecht, J. Sepúlveda, Side-channel protected MPSoC through secure real-time networks-on-chip. Microprocess. Microsyst. 68, 34–46 (2019)
Intel Xeon Phi Processor 7210, http://ark.intel.com/products/94033/Intel-Xeon-Phi-Processor-7210-16GB-1_30-GHz-64-core [Online]
H.K. Kapoor, G.B. Rao, S. Arshi, G. Trivedi, A security framework for NoC using authenticated encryption and session keys. Circuits Syst. Signal Process. 32(6), 2605–2622 (2013)
S.T. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, Y. Zhou, Designing and implementing malicious hardware, in Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET’08 (USENIX Association, Berkeley, 2008)
B. Lebiednik, S. Abadal, H. Kwon, T. Krishna, Architecting a secure wireless network-on-chip, in 2018 Twelfth IEEE/ACM International Symposium on Networks-on-Chip (NOCS) (2018), pp. 1–8
Z. Ling, X. Fu, W. Jia, W. Yu, D. Xuan, J. Luo, Novel packet size-based covert channel attacks against anonymizer. IEEE Trans. Comput. 62(12), 2411–2426 (2012)
Y. Lyu, P. Mishra, A survey of side-channel attacks on caches and countermeasures. J. Hardw. Syst. Secur. 2(1), 33–50 (2018)
Y. Lyu, P. Mishra, Efficient test generation for trojan detection using side channel analysis, in Design Automation & Test in Europe Conference (DATE) (2019), pp. 408–413
Y. Lyu, P. Mishra, Automated test generation for trojan detection using delay-based side channel analysis, in 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE) (2020), pp. 1031–1036
Y. Lyu, P. Mishra, Automated trigger activation by repeated maximal clique sampling, in Asia and South Pacific Design Automation Conference (ASPDAC) (2020), pp. 482–487
Y. Lyu, P. Mishra, Scalable activation of rare triggers in hardware trojans by repeated maximal clique sampling. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. (2020). https://doi.org/10.1109/TCAD.2020.3019984
J.Y.V. Manoj Kumar, A.K. Swain, S. Kumar, S.R. Sahoo, K. Mahapatra, Run time mitigation of performance degradation hardware trojan attacks in network on chip, in 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (2018), pp. 738–743
A. May, I. Ozerov, On computing nearest neighbors with applications to decoding of binary linear codes, in Annual International Conference on the Theory and Applications of Cryptographic Techniques (Springer, Berlin, 2015), pp. 203–228
D. McGrew, J. Viega, The Galois/counter mode of operation (GCM), in Submission to NIST Modes of Operation Process, 20 (2004)
P. Mishra, S. Bhunia, M. Tehranipoor, Hardware IP Security and Trust (Springer, Berlin, 2017)
Z. Pan, P. Mishra, Automated test generation for hardware trojan detection using reinforcement learning, in Asia and South Pacific Design Automation Conference (ASPDAC) (2021)
Z. Pan, J. Sheldon, P. Mishra, Test generation using reinforcement learning for delay-based side channel analysis, in IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (2020)
J. Porquet, A. Greiner, C. Schwarz, NoC-MPU: a secure architecture for flexible co-hosting on shared memory MPSoCs, in 2011 Design, Automation Test in Europe (2011), pp. 1–4
N Prasad, R. Karmakar, S. Chattopadhyay, I. Chakrabarti, Runtime mitigation of illegal packet request attacks in networks-on-chip, in 2017 IEEE International Symposium on Circuits and Systems (ISCAS) (IEEE, Piscataway, 2017), pp. 1–4
J.S. Rajesh, D.M. Ancajas, K.Chakraborty, S. Roy, Runtime detection of a bandwidth denial attack from a rogue network-on-chip, in Proceedings of the 9th International Symposium on Networks-on-Chip, NOCS ’15 (Association for Computing Machinery, New York, 2015)
V.Y. Raparti, S. Pasricha, Lightweight mitigation of hardware trojan attacks in NoC-based manycore computing, in 2019 56th ACM/IEEE Design Automation Conference (DAC) (2019), pp. 1–6
C. Reinbrecht, A. Susin, L. Bossuet, J. Sepúlveda, Gossip NoC – avoiding timing side-channel attacks through traffic management, in 2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (2016), pp. 601–606
R.M. Roth, G. Seroussi, Bounds for binary codes with narrow distance distributions. IEEE Trans. Inf. Theory 53(8), 2760–2768 (2007)
A. Saeed, A. Ahmadinia, M. Just, C. Bobda, An ID and address protection unit for NoC based communication architectures, in Proceedings of the 7th International Conference on Security of Information and Networks (ACM, New York, 2014), p. 288
K. Sajeesh, H.K. Kapoor, An authenticated encryption based security framework for NoC architectures, in 2011 International Symposium on Electronic System Design (2011), pp. 134–139
J. Sepúlveda, D. Flórez, G. Gogniat, Reconfigurable security architecture for disrupted protection zones in NoC-based MPSoCs, in 10th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC) (IEEE, Piscataway, 2015), pp. 1–8
J. Sepúlveda, A. Zankl, D. Flórez, G. Sigl, Towards protected MPSoC communication for information protection against a malicious NoC. Procedia Comput. Sci. 108, 1103–1112 (2017). International Conference on Computational Science, ICCS 2017, 12–14 June 2017, Zurich
J. Sepúlveda, D. Aboul-Hassan, G. Sigl, B. Becker, M. Sauer, Towards the formal verification of security properties of a network-on-chip router, in 2018 IEEE 23rd European Test Symposium (ETS) (IEEE, Piscataway, 2018), pp. 1–6
K. Shuler, Majority of leading China semiconductor companies rely on arteris network-on-chip interconnect IP (2013)
A. Sodani, R. Gramunt, J. Corbal, H. Kim, K. Vinod, S. Chinthamani, S. Hutsell, R. Agarwal, Y. Liu, Knights landing: second-generation Intel Xeon Phi product. IEEE Micro 36(2), 34–46 (2016)
A. Van Herrewege, I. Verbauwhede, Software only, extremely compact, Keccak-based secure PRNG on ARM Cortex-M, in Proceedings of the 51st Annual Design Automation Conference (DAC) (IEEE, Piscataway, 2014), pp. 1–6
Y. Wang, G.E. Suh, Efficient timing channel protection for on-chip networks, in 2012 IEEE/ACM Sixth International Symposium on Networks-on-Chip (2012), pp. 142–151
X. Wang, D.S. Reeves, P. Ning, F. Feng, Robust network-based attack attribution through probabilistic watermarking of packet flows. Technical report, North Carolina State University, Dept. of Computer Science, 2005
W. Wang, P. Mishra, S. Ranka, Dynamic Reconfiguration in Real-Time Systems (Springer, Berlin, 2012)
S.C. Woo, M. Ohara, E. Torrie, J.P. Singh, A. Gupta, The splash-2 programs: characterization and methodological considerations, in Proceedings 22nd Annual International Symposium on Computer Architecture (1995), pp. 24–36
Q. Yu, J. Frey, Exploiting error control approaches for hardware trojans on network-on-chip links, in 2013 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS) (IEEE, Piscataway, 2013), pp. 266–271
A. Zand, G. Vigna, R. Kemmerer, C. Kruegel, Rippler: delay injection for service dependency detection, in IEEE INFOCOM 2014-IEEE Conference on Computer Communications (IEEE, Piscataway, 2014), pp. 2157–2165
Acknowledgement
This work was partially supported by the National Science Foundation (NSF) grant SaTC-1936040.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Charles, S., Mishra, P. (2021). Securing on-Chip Communication Using Digital Watermarking. In: Mishra, P., Charles, S. (eds) Network-on-Chip Security and Privacy. Springer, Cham. https://doi.org/10.1007/978-3-030-69131-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-69131-8_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-69130-1
Online ISBN: 978-3-030-69131-8
eBook Packages: EngineeringEngineering (R0)