Abstract
Network-on-chip (NoC) is widely used in designing modern System-on-Chip (SoC) architectures. It is critical to secure on-chip communication to design trustworthy systems. This book presented a wide variety of security attacks and state-of-the-art countermeasures for NoC-based SoCs. This chapter concludes the book with a summary of ideas presented in the previous chapters, and outlines the roadmap of future NoC security and privacy challenges and opportunities.
Access provided by Autonomous University of Puebla. Download chapter PDF
Similar content being viewed by others
Keywords
- System-on-Chip
- SoC
- Network-on-Chip
- NoC
- Intellectual Property
- IP
- Security vulnerability
- NoC architecture
- Lightweight encryption
- Incremental cryptography
- Trust-aware routing
- Anonymous routing
- Denial-of-service
- Digital watermarking
- Secure cryptography
- NoC security
- Post-silicon validation
- Functional validation
- Security verification
- Assertion-based validation
- Interoperability constraint
- Vulnerability analysis
- Side-channel analysis
1 Summary
Given the widespread acceptance of Network-on-Chip (NoC) architectures in designing System-on-Chip (SoC) based devices, it is critical to ensure the security and trustworthiness of NoC-based SoCs [6,7,8,9,10,11,12]. This book provides a comprehensive reference for SoC designers, security engineers as well as researchers interested in designing secure on-chip communication architectures. This book contains contributions from NoC security and privacy experts. Different chapters cover a wide variety of security attacks and state-of-the-art countermeasures. The topics covered in this book can be broadly divided into the following categories.
1.1 NoC-Based SoC Design Methodology
The first three chapters introduced the readers to the NoC-based SoC design methodology. Specifically, it outlined various challenges associated with designing secure and energy-efficient on-chip communication architectures including discussions on security vulnerabilities in NoC-based SoCs (Chap. 1), modeling of NoC architectures (Chap. 2), and energy-efficient NoC design (Chap. 3).
1.2 Design-for-Security Solutions
The next four chapters described efficient design-time solutions for securing NoC architectures. The goal of these approaches is to discuss lightweight security solutions for designing trustworthy NoCs including lightweight encryption using incremental cryptography (Chap. 4), trust-aware routing (Chap. 5), lightweight anonymous routing (Chap. 6), and secure cryptography integration (Chap. 7).
1.3 Runtime Monitoring Techniques
The next four chapters deal with security solutions for monitoring runtime vulnerabilities. Specifically, it explores several runtime security monitoring techniques including detection of denial-of-service attacks (Chap. 8), securing communication using digital watermarking (Chap. 9), NoC attack detection using machine learning (Chap. 10), and Trojan-aware NoC routing (Chap. 11).
1.4 NoC Validation and Verification
The next three chapters of the book look at NoC validation and verification techniques. Specifically, it presents efficient techniques for verifying functional correctness as well as security vulnerabilities including NoC security and trust validation (Chap. 12), post-silicon validation and debug (Chap. 13), and design of reliable NoC architectures (Chap. 14).
1.5 Emerging NoC Technologies
The next three chapters survey security implications in emerging NoC technologies. Specifically, it looks at security vulnerabilities and countermeasures for optical (Chap. 15), wireless (Chap. 16) as well as 3D NoCs (Chap. 17).
2 Future Directions
This book covered security challenges in NoC-based SoC architectures. The future giga and tera-scale architectures can impose new challenges and opportunities. The introduction of emerging NoC technologies such as wireless and optical have already shown promising results. However, it is a major challenge to develop low-cost and flexible security solutions with minimal impact on area, performance, and energy. We briefly outline some of the challenges ahead in designing secure and trustworthy NoC architectures.
2.1 Confluence of Functional Validation and Security Verification
Drastic increase in SoC complexity has led to a significant increase in SoC design and validation complexity [2, 13, 17, 19, 24, 27, 31, 33, 35]. Therefore, it is crucial to verify both functional correctness and security guarantees of NoC-based SoCs. One promising direction is to utilize the existing functional validation methodology to perform NoC security verification. Specifically, assertion-based validation is widely used for functional validation of NoC-based SoCs. Verification engineers can develop security assertions for monitoring security vulnerabilities [32]. Similar to functional assertions, security assertions can be used to check for any pre-silicon security vulnerabilities. They can also be synthesized as security checkers (coverage monitors) for post-silicon security validation. Similar to activating functional assertions, verification engineers can utilize the same test generation framework to generate tests for activating security assertions. In the future, verification engineers can seamlessly integrate assertion-based functional validation with assertion-based security validation to design secure and trustworthy NoC-based SoCs.
2.2 Security of Emerging NoC Architectures
The increased usage of emerging NoC technologies have motivated researchers to explore security in optical, wireless, and 3D NoC architectures. The applicability of the proposed ideas to emerging NoC technologies is a promising avenue for future exploration. The inherent characteristics of emerging NoC technologies can create unique security vulnerabilities as well. For example, wireless NoCs inherently use broadcast message to communicate between nodes. In such a scenario, eavesdropping and spoofing attacks can become more prominent. Therefore, future research can explore required modifications to the proposed approaches to fit the characteristics of emerging NoC architectures.
2.3 Seamless Integration of NoC Security Mechanisms
While existing literature has discussed different threat models, it is naive to think that mitigating one particular type of threat will secure the SoC. For example, defending against eavesdropping attacks does not guarantee that eavesdropping is the only possible attack in that particular architecture. Developing security mechanisms for different threat models is a promising starting point. However, seamless integration of a suite of security mechanisms is required to secure the hardware root of trust. For example, Intel SGX (Software Guard Extensions) [14] provides hardware based software protection techniques. Future research needs to explore how to integrate several NoC security mechanisms and ensure their interoperability in hardware, firmware, and software layers in order to enable a truly secure cyberspace.
2.4 NoC Security versus Interoperability Constraints
NoC-based SoCs are widely used today in resource-constrained IoT devices. Designers employ a wide variety of techniques to improve energy efficiency in NoC-based SoCs [3,4,5, 20, 23, 39]. IoT applications bring three important considerations: long application life, conflicting design constraints, and dynamic use-case scenarios. For example, a car equipped with state-of-the-art security would be vulnerable in a few years since it was not designed to defend against future attacks. Similarly, it may be acceptable for a smart watch to trust the wireless network at home and impose a light-weight security requirement in favor of a lower energy profile. However, a stronger defense mechanism is necessary when communicating with the untrusted network in a coffee shop at the cost of power and performance. There is a critical need for IoT devices to dynamically adapt to the environment over the lifetime based on four-way interoperability constraints consisting of security, energy, connectivity, and intelligence. The future NoC-based SoCs need to utilize a reconfigurable security engine that can be tailored during execution based on the use-case scenarios as well as interoperability constraints [10].
2.5 Comprehensive NoC Security Vulnerability Analysis
Given the increasing design complexity coupled with diversity of attacks, it is critical to verify NoC-based SoCs to ensure that there are no vulnerabilities. In the future, there will be a comprehensive vulnerability analysis framework that utilizes a wide variety of analysis/validation techniques across design stages. While design-time security validation techniques can detect certain types of vulnerabilities [1, 15, 16, 18, 29, 30, 34, 36], it is infeasible to remove all possible vulnerabilities during pre-silicon security validation [35]. Therefore, verification engineers need to utilize both pre-silicon and post-silicon security validation [16, 35]. There are three major approaches for NoC security validation: simulation-based validation, formal verification, and side-channel analysis. While formal methods can provide security guarantees, the complexity of NoC designs make the exploration space grow exponentially. Simulation-based techniques are scalable but they cannot provide 100% security guarantees due to input space complexity. Side-channel analysis is a promising alternative that relies on side-channel signatures (such as power, delay, electromagnetic emanation, etc.) to detect vulnerabilities [21, 22, 25, 26, 28, 37]. The future of NoC security validation needs to utilize an effective combination of simulation, formal methods, and side-channel analysis.
2.6 NoC Security and Privacy Analytics Using Machine Learning
The intersection of machine learning and security has not been given adequate attention in an NoC context. Apart from a few runtime monitoring techniques that uses machine learning concepts, this area is still in its infancy. Tools such as Cisco Encrypted Traffic Analytics [38] utilize machine learning to detect threats by observing traffic behavior and unencrypted packet header information. It has shown promising results in the computer networks domain. Models that can be trained offline and detect threats during runtime has the potential to provide security guarantees, especially for real-time and safety-critical applications. While this book covered a wide variety of NoC security vulnerabilities known today, it is expected that future attacks will exploit new vulnerabilities. Therefore, a synergistic integration of security validation and machine learning will be crucial to design emerging NoC-based SoCs.
References
A. Ahmed, F. Farahmandi, Y. Iskander, P. Mishra, Scalable hardware trojan activation by interleaving concrete simulation and symbolic execution, in 2018 IEEE International Test Conference (ITC), pp. 1–10 (IEEE, 2018)
A. Ahmed, F. Farahmandi, P. Mishra, Directed test generation using concolic testing on RTL models, in 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1538–1543 (2018)
A. Ahmed, Y. Huang, P. Mishra, Cache reconfiguration using machine learning for vulnerability-aware energy optimization. ACM Trans. Embed. Comput. Syst. (TECS) 18(2), 1–24 (2019)
S. Charles, A. Ahmed, U.Y. Ogras, P. Mishra, Efficient cache reconfiguration using machine learning in NoC-based many-core CMPs. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 24(6), 1–23 (2019)
S. Charles, H. Hajimiri, P. Mishra, Proactive thermal management using memory-based computing in multicore architectures, in International Green and Sustainable Computing Conference (IGSC), pp. 1–8 (2018)
S. Charles, M. Logan, P. Mishra, Lightweight anonymous routing in NoC based SoCs, in Design Automation & Test in Europe (DATE) (2020)
S. Charles, Y. Lyu, P. Mishra, Real-time detection and localization of dos attacks in NoC based socs, in Design Automation & Test in Europe (DATE), pp. 1160–1165 (2019)
S. Charles, Y. Lyu, P. Mishra, Real-time detection and localization of distributed dos attacks in NoC based socs. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 39(12), 4510–4523 (2020)
S. Charles, P. Mishra, Lightweight and trust-aware routing in NoC based socs, in IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (2020)
S. Charles, P. Mishra, Reconfigurable network-on-chip security architecture. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 25(6), 1–25 (2020)
S. Charles, P. Mishra, Securing network-on-chip using incremental cryptography, in IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (2020)
S. Charles, C.A. Patil, U.Y. Ogras, P. Mishra, Exploration of memory and cluster modes in directory-based many-core CMPs, in IEEE/ACM International Symposium on Networks-on-Chip (NOCS), pp. 1–8 (2018)
M. Chen, X. Qin, H.-M. Koo, P. Mishra, System-Level Validation: High-Level Modeling and Directed Test Generation Techniques (Springer, 2012)
V. Costan, S. Devadas, Intel SGX explained. IACR Cryptology ePrint Archive 2016(086), 1–118 (2016)
F. Farahmandi, Y. Huang, P. Mishra, Trojan localization using symbolic algebra, in 2017 22nd Asia and South Pacific Design Automation Conference (ASPDAC), pp. 591–597 (IEEE, 2017)
F. Farahmandi, Y. Huang, P. Mishra, System-on-Chip Security: Validation and Verification (Springer Nature, 2019)
F. Farahmandi, P. Mishra, Automated debugging of arithmetic circuits using incremental gröbner basis reduction, in 2017 IEEE International Conference on Computer Design (ICCD), pp. 193–200 (IEEE, 2017)
F. Farahmandi, P. Mishra, FSM anomaly detection using formal analysis, in 2017 IEEE International Conference on Computer Design (ICCD), pp. 313–320 (IEEE, 2017)
F. Farahmandi, P. Mishra, Automated test generation for debugging multiple bugs in arithmetic circuits. IEEE Trans. Comput. 68(2), 182–197 (2018)
U. Gupta, C.A. Patil, G. Bhat, P. Mishra, U.Y. Ogras, DyPO: Dynamic pareto-optimal configuration selection for heterogeneous MpSoCs. ACM Trans. Embed. Comput. Syst. (TECS) 16(5s), 1–20 (2017)
Y. Huang, S. Bhunia, P. Mishra, MERS: statistical test generation for side-channel analysis based trojan detection, in ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 130–141 (2016)
Y. Huang, S. Bhunia, P. Mishra, Scalable test generation for trojan detection using side channel analysis. IEEE Trans. Inf. Forensics Secur. (TIFS) 13(11), 2746–2760 (2018)
Y. Huang, P. Mishra, Vulnerability-aware energy optimization for reconfigurable caches in multitasking systems. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 38(5), 809–821 (2019)
Y. Lyu, A. Ahmed, P. Mishra, Automated activation of multiple targets in RTL models using concolic testing, in 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 354–359 (IEEE, 2019)
Y. Lyu, P. Mishra, A survey of side-channel attacks on caches and countermeasures. J. Hardware Syst. Secur. 2(1), 33–50 (2018)
Y. Lyu, P. Mishra, Efficient test generation for trojan detection using side channel analysis, in Design Automation & Test in Europe Conference (DATE), pp. 408–413 (2019)
Y. Lyu, P. Mishra, Automated test generation for activation of assertions in RTL models, in 2020 25th Asia and South Pacific Design Automation Conference (ASPDAC), pp. 223–228 (IEEE, 2020)
Y. Lyu, P. Mishra, Automated test generation for trojan detection using delay-based side channel analysis, in 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1031–1036 (2020)
Y. Lyu, P. Mishra, Automated trigger activation by repeated maximal clique sampling, in Asia and South Pacific Design Automation Conference (ASPDAC), pp. 482–487 (2020)
Y. Lyu, P. Mishra, Scalable activation of rare triggers in hardware trojans by repeated maximal clique sampling. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. (2020)
Y. Lyu, P. Mishra, Scalable concolic testing of RTL models. IEEE Trans. Comput. (2020). https://doi.org/10.1109/TC.2020.2997644
Y. Lyu, P. Mishra, System-on-chip security assertions. Preprint (2020). arXiv:2001.06719
Y. Lyu, X. Qin, M. Chen, P. Mishra, Directed test generation for validation of cache coherence protocols. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 38(1), 163–176 (2018)
P. Mishra, S. Bhunia, M. Tehranipoor, Hardware IP Security and Trust (Springer, 2017)
P. Mishra, F. Farahmandi, Post-Silicon Validation and Debug (Springer, 2019)
Z. Pan, P. Mishra, Automated test generation for hardware trojan detection using reinforcement learning, in Asia and South Pacific Design Automation Conference (ASPDAC) (2021)
Z. Pan, J. Sheldon, P. Mishra, Test generation using reinforcement learning for delay-based side channel analysis, in IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (2020)
S.R. Patil, G.B. Pularikkal, D. McGrew, B.H. Anderson, M. Nanjanagud, Encrypted traffic analytics over a multi-path TCP connection, August 8 2019. US Patent App. 15/891,708
W. Wang, P. Mishra, S. Ranka, Dynamic Reconfiguration in Real-Time Systems (Springer, 2012)
Acknowledgements
This work was partially supported by the National Science Foundation (NSF) grant SaTC-1936040.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Mishra, P., Charles, S. (2021). The Future of Secure and Trustworthy Network-on-Chip Architectures. In: Mishra, P., Charles, S. (eds) Network-on-Chip Security and Privacy. Springer, Cham. https://doi.org/10.1007/978-3-030-69131-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-69131-8_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-69130-1
Online ISBN: 978-3-030-69131-8
eBook Packages: EngineeringEngineering (R0)