# High-efficiency protection solution for off-chip memory in embedded systems

Vaslin Romain<sup>1</sup>, Guy Gogniat<sup>1</sup>, Jean-Philippe Diguet<sup>1</sup>, Eduardo Wanderley<sup>1</sup>, Russell Tessier<sup>2</sup>, Wayne Burleson<sup>2</sup>

> <sup>1</sup>LESTER UBS/CNRS FRE 2734 – University of South Brittany 56123 Lorient FRANCE

> > <sup>2</sup>ECE department – University of Massachusetts 01003 Amherst USA



Romain Vaslin – Cryptarchi 07 – 1 High-efficiency protection solution for off-chip memory

EL SQA

# Introduction

Security in embedded systems : essential issue for external communication and architecture core



Hardware attacks



# Introduction

Security in embedded systems : essential issue for external communication and architecture core

# New threats on embedded systems :

- Hardware attacks
- Software attacks



# Introduction

Security in embedded systems : essential issue for external communication and architecture core

# New threats on embedded systems :

- Hardware attacks
- Software attacks

#### New adapted solutions :

- Architecture solutions
- Constraint requirements



# Outline

# Threat model & common solutions

- Targeted threats
- Some solutions

# 2 Extended OTP solution

- One-Time-Pad architecture
- Extended OTP latency standpoint

## 3 Experiments & results

- Cost of security
- Comparison with previous solutions

5 1 - A C

Targeted threats Some solutions

# Outline



- Targeted threats
- Some solutions
- 2 Extended OTP solution
  - One-Time-Pad architecture
  - Extended OTP latency standpoint
  - 3 Experiments & results
    - Cost of security
    - Comparison with previous solutions

< 17 ×

Threat model & common solutions Extended OTP solution

Extended OTP solution Experiments & results

# **Targeted threats**



Spoofind attack

◆□ ▶ ◆□ ▶ ◆ □ ▶ ◆ □ ■ ■ ● ● ●

Romain Vaslin – Cryptarchi 07 – 5 High-efficiency protection solution for off-chip memory

Threat model & common solutions

Extended OTP solution Experiments & results Targeted threats Some solutions

# **Targeted threats**



#### Relocation attack

ъ

ъ.

Targeted threats Some solutions

# **Targeted threats**



#### Spoofind attack



#### Replay attack

Relocation attack

Romain Vaslin – Cryptarchi 07 – 5 High-efficiency protection solution for off-chip memory

Threat model & common solutions Extended OTP solution

Experiments & results

Targeted threats Some solutions

# Outline

# Threat model & common solutions

- Targeted threats
- Some solutions

## 2 Extended OTP solution

- One-Time-Pad architecture
- Extended OTP latency standpoint

## B Experiments & results

- Cost of security
- Comparison with previous solutions

4 回 > 4 回 > 4 回 > 回 回 の Q の

# Some solutions

#### Attacks

- Memory modification (Integrity)
- Data extraction (Confidentiality)

#### Solutions

**Targeted threats** 

Some solutions

- Data hashing (MD5, SHA familly,...)
- Data ciphering (AES, RSA, ECC, ...)



Romain Vaslin – Cryptarchi 07 – 7 High-efficiency protection solution for off-chip memory

Targeted threats Some solutions

# **Existing solutions**

#### **Existing solutions**

- XOM : memory ciphering (AES) and hashing (HMAC)
- PE-ICE : memory ciphering and hashing (only AES)
- AEGIS : memory ciphering (OTP) and hashing (SHA-1)



XOM write request

XOM read request

< □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □

Romain Vaslin – Cryptarchi 07 – 8 High-efficiency protection solution for off-chip memory

Targeted threats Some solutions

# **Existing solutions**

#### **Existing solutions**

- XOM : memory ciphering (AES) and hashing (HMAC)
- PE-ICE : memory ciphering and hashing (only AES)
- AEGIS : memory ciphering (OTP) and hashing (SHA-1)



**PE-ICE** write request

**PE-ICE** read request

< □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □

Romain Vaslin – Cryptarchi 07 – 8 High-efficiency protection solution for off-chip memory

Targeted threats Some solutions

# **Existing solutions**

#### **Existing solutions**

- XOM : memory ciphering (AES) and hashing (HMAC)
- PE-ICE : memory ciphering and hashing (only AES)
- AEGIS : memory ciphering (OTP) and hashing (SHA-1)

#### PROBLEM

• Latency memory overhead adds by security solution



▲□▶▲□▶▲≡▶▲≡▶ 三目目 ののの

One-Time-Pad architecture Extended OTP latency standpoint

# Outline

## Threat model & common solutions

- Targeted threats
- Some solutions

## 2 Extended OTP solution

- One-Time-Pad architecture
- Extended OTP latency standpoint

#### Experiments & results

- Cost of security
- Comparison with previous solutions

One-Time-Pad architecture Extended OTP latency standpoint

# Extended One-Time-Pad encryption principals



**OTP** encryption



< □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □

One-Time-Pad architecture Extended OTP latency standpoint

# Extended One-Time-Pad encryption principals



Romain Vaslin – Cryptarchi 07 – 10 High-efficiency protection solution for off-chip memory

< □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □

One-Time-Pad architecture Extended OTP latency standpoint

# Extended One-Time-Pad encryption principals



One-Time-Pad architecture Extended OTP latency standpoint

# **OTP** sequence



Romain Vaslin - Cryptarchi 07 - 11

One-Time-Pad architecture Extended OTP latency standpoint

# **OTP** sequence



Romain Vaslin - Cryptarchi 07 - 11

One-Time-Pad architecture Extended OTP latency standpoint

# **OTP** sequence



Romain Vaslin - Cryptarchi 07 - 11

One-Time-Pad architecture Extended OTP latency standpoint

# **OTP** sequence



Romain Vaslin – Cryptarchi 07 – 11

One-Time-Pad architecture Extended OTP latency standpoint

# **OTP** sequence



Romain Vaslin – Cryptarchi 07 – 11 High-efficiency protection solution for off-chip memory

**One-Time-Pad architecture Extended OTP latency standpoint** 

# **OTP** sequence



Read request : Get  $TS(@) \leftarrow TS$  memory  $2 - Get \overline{CRC(@)} \leftarrow CRC \overline{memory}$  $3 - OTP = AES \{TS(@), @, RV\}$ 4 – Get ciphered data  $\leftarrow$  memory

Romain Vaslin - Cryptarchi 07 - 11

One-Time-Pad architecture Extended OTP latency standpoint

# **OTP** sequence



Romain Vaslin - Cryptarchi 07 - 11

One-Time-Pad architecture Extended OTP latency standpoint

# **OTP** sequence



Romain Vaslin - Cryptarchi 07 - 11

One-Time-Pad architecture Extended OTP latency standpoint

# **OTP** sequence



Romain Vaslin - Cryptarchi 07 - 11

One-Time-Pad architecture Extended OTP latency standpoint

# Outline

## Threat model & common solutions

- Targeted threats
- Some solutions

#### 2 Extended OTP solution

- One-Time-Pad architecture
- Extended OTP latency standpoint

#### Experiments & results

- Cost of security
- Comparison with previous solutions

< 17 ×

One-Time-Pad architecture Extended OTP latency standpoint

# Latency with the extended OTP



Romain Vaslin – Cryptarchi 07 – 13 High-efficiency protection solution for off-chip memory

▲□▶▲□▶▲≡▶▲≡▶ 三目目 ののの

One-Time-Pad architecture Extended OTP latency standpoint

# Latency with the extended OTP



Romain Vaslin – Cryptarchi 07 – 13 High-efficiency protection solution for off-chip memory

▲□▶▲□▶▲≡▶▲≡▶ 三目目 ののの

Cost of security Comparison with previous solutions

# Outline

#### Threat model & common solutions

- Targeted threats
- Some solutions

#### 2 Extended OTP solution

- One-Time-Pad architecture
- Extended OTP latency standpoint

#### 3 Experiments & results

- Cost of security
- Comparison with previous solutions

< 17 ×

Cost of security Comparison with previous solutions

# Global architecture features

#### Architecture features

- ALTERA NIOS 2 processor
  - NIOS 2 core fast version
  - Instruction cache : 512 bytes with 256 bits per line
  - Data cache : 512 bytes with 256 bits per line
- SDRAM memory : 512 Kbytes (for code and rw data)
- On-chip-memory : 96 Kbytes (for TS and CRC)

#### **OTP** memory consumption

 $\begin{array}{l} \textit{OTP} \texttt{storage} = \textit{TS} \texttt{storage} + \textit{CRC} \texttt{storage} \\ \textit{TS} \texttt{storage} = (\frac{\textit{RW} \textit{ data} \textit{ memory } \textit{size}}{\textit{CACHE} \textit{ line} \textit{ width}}) * \textit{TS} \textit{Size} \\ \textit{CRC32} \texttt{storage} = (\frac{\textit{Total} \textit{ memory } \textit{size}}{\textit{CACHE} \textit{ line} \textit{ width}}) * \textit{CRC} \textit{Size} \\ \end{array}$ 

▲□▶▲□▶▲≡▶▲≡▶ 三目目 ののの

Cost of security Comparison with previous solutions

# Cost of security with NIOS

|                           | Base<br>NIOS |         | OTP <b>128</b><br>RC32 | NIOS + OTP <b>128</b><br>+ CRC8 |          |  |
|---------------------------|--------------|---------|------------------------|---------------------------------|----------|--|
|                           |              |         | overhead               |                                 | overhead |  |
| Logic (ALUTs)             | 2198         | 6193    | x2.81                  | 6095                            | x2.77    |  |
| Memory (KB)               | 512          | 600     | +18.75%                | 662                             | +31.25%  |  |
| Read latency<br>(cycles)  | 0            | 11(8+3) | +11                    | 3(0+3)                          | +3       |  |
| Write latency<br>(cycles) | 0            | 12(8+4) | +12                    | 12(8+4)                         | +12      |  |



Romain Vaslin - Cryptarchi 07 - 16

Cost of security Comparison with previous solutions

# Outline

## Threat model & common solutions

- Targeted threats
- Some solutions

## 2 Extended OTP solution

- One-Time-Pad architecture
- Extended OTP latency standpoint

## Experiments & results

- Cost of security
- Comparison with previous solutions

< 17 ×

Cost of security Comparison with previous solutions

# Comparison with previous solutions

|                        | base AES<br>(no integrity) | our solution<br>OTP + CRC32 |          | our solution<br>OTP $+$ CRC8 |          | PE-ICE<br>AES |          | AEGIS<br>OTP + hash trees |          |
|------------------------|----------------------------|-----------------------------|----------|------------------------------|----------|---------------|----------|---------------------------|----------|
|                        |                            |                             | overhead |                              | overhead |               | overhead |                           | overhead |
| Memory (KB)            | 512                        | 600                         | +18.75%  | 662                          | +31.25%  | 776           | +50.7%   | 768                       | +50%     |
| Rd latency<br>(cycles) | 22(14+8)                   | 11(8+3)                     | -11      | 3(0+3)                       | -19      | 25(17+8)      | +3       | $\approx$ SHA-1           | +4502/69 |
| Wr latency<br>(cycles) | 22(14+8)                   | 12(8+4)                     | -10      | 12(8+4)                      | -10      | 26(18+8)      | +4       | -                         | -        |



Romain Vaslin - Cryptarchi 07 - 18 High-efficiency protection solution for off-chip memory

Cost of security Comparison with previous solutions

# Conclusions on the extended OTP

#### **OTP** features

- Efficient software execution
- Minimize the memory overhead
- Confidentiality protection
- Integrity protection
- But need for extra logic

#### Trade-off memory overhead/software execution

- software execution  $++ \Rightarrow$  memory ++
- memory −− ⇒ software execution −−

< □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □

# Perspectives

#### Increasing security level

- Providing security against hardware attacks (side-channel for example)
- Extending the threat model (reducing the trusted zone)

#### Security issues

 Provide a deep evaluation of the security level of the architecture (depending on the CRC size, the cache line size)

▲□▶▲□▶▲≡▶▲≡▶ 三目目 ののの

# Perspectives

#### Architecture exploration

- Exploration for different architecture features (cache size, cache line size, CRC size)
- Reduce the on-chip memory footprint
- Store securely TS and CRC in off-chip memory

#### **Future orientation**

- Evaluation of the power consumption cost due to security
- Memory protection management with a RTOS
- Use the reconfigurable features of the FPGA for security and power management purposes

# Conclusion

#### Alternative

- Alternative to standard solutions
- Very high performances
- Adapted to embedded systems constraints

#### **Future orientation**

- Many opportunities for OTP solution
- Security issues
- Architecture issues

< □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □ > < □