Thesis etd-10242016-212552 |
Link copiato negli appunti
Thesis type
Tesi di laurea magistrale
Author
BALDANZI, LUCA
URN
etd-10242016-212552
Thesis title
Data Security for Automotive Embedded Systems: Design and Verification of a Secure Hardware Extension prototype
Department
INGEGNERIA DELL'INFORMAZIONE
Course of study
INGEGNERIA ELETTRONICA
Supervisors
relatore Prof. Fanucci, Luca
relatore Ing. Carnevale, Berardino
relatore Ing. Carnevale, Berardino
Keywords
- AES
- ASIC
- Automotive
- FPGA
- secure
- security
Graduation session start date
24/11/2016
Availability
Withheld
Release date
24/11/2086
Summary
In recent years, the number of electronics systems embedded in cars has dramatically increased. These devices control a large number of functionalities involving safety (e.g. Anti-block Braking System (ABS) control and Engine control), position (e.g. Global Position System (GPS)) or personal device connectivity (e.g. Bluetooth connection). Such an increased complexity of car electronics has made modern cars more vulnerable to cyber-attacks as there is a large number of potential access points given to a potential malicious entities. For this reason, the automotive industry is focusing towards the research of innovative security solutions to protect in-car systems.
A valid approach to the current security demands in Automotive field is the Secure Hardware Extension (SHE) specified by the Hersteller Initiative Software (HIS) consortia, which encloses a set of useful functions for Automotive Security. The SHE improves a generic automotive microcontroller by the addition of a secure zone for the protection of cryptographic parameters (i.e. used in confidentiality-protected communications) and an authentication-based software environment.Therefore, it fulfills the recent needs of the automotive world in terms of confidentiality protection of data flowing over the various networks and a safe HW-SW interaction.
In this work a flexible and efficient SHE module has been developed. The implemented SHE architecture consists of three major hardware sub-blocks: a cryptographic core, a cipher keys storage core and a control unit for interfacing with the external world such as a general purpose microprocessor. The cryptographic core is based on a flexible and efficient hardware implementation of the AES algorithm with the possibility of working with the Electronic Code Book (ECB), Cipher Block Chaining (CBC) and Cipher-based Message Authentication Code (CMAC) modes. On the other hand, the cipher keys that are contained within the SHE module can only be manipulated through specific secure interfaces. Furthermore, part of the work was the development of the software to control and verify the SHE functionality, making the HW/SW co-design a fundamental aspect of the project. The communication between the external processor and the system is an Advanced eXtensible Interface (AXI) bus, which interacts with the SHE by a memory-mapped interface.The novelty introduced by this thesis is the implementation of an efficient SHE and the addition of cryptographic functions as 256-bits keys support for the AES.
The involved cryptographic algorithms have been tested against the official test vectors provided by the National Institute of Standard and Technology (NIST). The prototype of the SHE was implemented on a Xilinx Zynq-7000 board reaching a 148MHz clock frequency. The occupation of the final system is lower than 5% of the LUTs and 2% of the registers available on the FPGA. The SHE module has also been synthesized on a 40nm standard-cell CMOS technology at 210MHz leading to a size of 236Kgates. In terms of performance, the reachable throughput at 148MHz frequency is 34Mbps for ECB, 33Mbps for CBC and 16Mbps for CMAC mode.
A valid approach to the current security demands in Automotive field is the Secure Hardware Extension (SHE) specified by the Hersteller Initiative Software (HIS) consortia, which encloses a set of useful functions for Automotive Security. The SHE improves a generic automotive microcontroller by the addition of a secure zone for the protection of cryptographic parameters (i.e. used in confidentiality-protected communications) and an authentication-based software environment.Therefore, it fulfills the recent needs of the automotive world in terms of confidentiality protection of data flowing over the various networks and a safe HW-SW interaction.
In this work a flexible and efficient SHE module has been developed. The implemented SHE architecture consists of three major hardware sub-blocks: a cryptographic core, a cipher keys storage core and a control unit for interfacing with the external world such as a general purpose microprocessor. The cryptographic core is based on a flexible and efficient hardware implementation of the AES algorithm with the possibility of working with the Electronic Code Book (ECB), Cipher Block Chaining (CBC) and Cipher-based Message Authentication Code (CMAC) modes. On the other hand, the cipher keys that are contained within the SHE module can only be manipulated through specific secure interfaces. Furthermore, part of the work was the development of the software to control and verify the SHE functionality, making the HW/SW co-design a fundamental aspect of the project. The communication between the external processor and the system is an Advanced eXtensible Interface (AXI) bus, which interacts with the SHE by a memory-mapped interface.The novelty introduced by this thesis is the implementation of an efficient SHE and the addition of cryptographic functions as 256-bits keys support for the AES.
The involved cryptographic algorithms have been tested against the official test vectors provided by the National Institute of Standard and Technology (NIST). The prototype of the SHE was implemented on a Xilinx Zynq-7000 board reaching a 148MHz clock frequency. The occupation of the final system is lower than 5% of the LUTs and 2% of the registers available on the FPGA. The SHE module has also been synthesized on a 40nm standard-cell CMOS technology at 210MHz leading to a size of 236Kgates. In terms of performance, the reachable throughput at 148MHz frequency is 34Mbps for ECB, 33Mbps for CBC and 16Mbps for CMAC mode.
File
Nome file | Dimensione |
---|---|
Thesis not available for consultation. |