Secure Network-on-Chip Architectures for MPSoC: Overview and Challenges

After getting an Overview of SoCs from An Overview — Systems-On-Chips (SOCs) And Their Security Risks Blog we will move forward by going deeper to get an understanding about SoCs one of important components: Network-on-Chip (NOC) and the security challenges it faces.

Network-on-Chip (NOC) is the heart of data communication in Embedded system domain especially between processing cores in Multiprocessor-based Systems on Chip (MPSoC). Packets transferred via the NoC are exposed to various malicious activities, which makes NoC-based systems vulnerable to security attacks. Additionally, Hardware Trojans (HTs) can be deployed in some of the NoC nodes to apply security threats by extracting sensitive information or degrading the system performance. In this blog, an overview of some security attacks in NoC-based systems and the countermeasure techniques giving prominence on malicious nodes are discussed.

The Advances in technology have unprecedented growth in the semiconductor industry, so the complexity of circuits built on a single chip has been increased. For clock frequency scaling and high throughput systems, Multiprocessors System-on-Chip (MPSoC) are now the only way to construct a high performance platform by filling up a processor die with multiple simpler processing elements (PEs). In MPSoC, the processing cores can be allocated with multiple different applications that are running simultaneously . Data are exchanged among the applications through the NoC through plaintext. As a result, data are vulnerable to security threats such as: a malicious application may be mapped to some PEs and steal sensitive information of other applications exploiting the on-chip network. Moreover, a malicious application can be run on the MPSoC applying a denial of service (DoS) attack by injecting huge number of packets to speed up the NoC and consequently it degrades the overall system performance.

As far as security attacks in SoC is concerned, the malicious hardware modification of the original design in the chip, known as Hardware Trojan (HT) plays a vital role in security threats, where the hardware platform becomes insecure. The aim of such HT attacks are to leak information, degrade the system, manipulate data, or completely destroy the system. HTs can be embedded during any stage of the IC design process or during manufacturing process. They are becoming more complex and powerful such that they are hard to detect, particularly in complex systems on a single IC, which makes the test processes even harder to notice HTs. Since NoC is composed of several different based-routing modules, network interfaces, and various control units, the complexity of NoC has increased and made it vulnerable to HT attacks.

Most of NoCs made till now were meant to secure the cores and not the intercommunication media inside the MPSoC. In system degradation, the goal of such attack is to degrade the whole system through applying Denial of Service (DoS) by wasting the network bandwidth through flooding the NoC with redundant packets, deadlock, or livelock. On the other hand, threats such as Power deprivation attack(wasting power),Information extraction and Hijacking(System Reconfiguration) are the threats SoCs need to be kept secure from.

In order to react to such attacks, firewalls are build in the network interface of the NoC to filter malevolent and unauthorized packets. In security zones technique that are meant to run a sensitive application/system follow a certain security-policy. Another technique to protect the secrecy of the data in NoCs is by applying encryption protocols . Secure routing algorithm is one of the important techniques to avoid malicious nodes that are part of security threats.

The main challenge of such secure routing schemes is detecting the malicious nodes, which is still a big research area. Once the malicious routers have been detected, the secure routing protocol detour packets around them. In the proposed architecture , a HT is embodied in the NoC to violate the routing protocol causing deadlock to apply DoS attack, creating a a routing aware scheme to detect the HT in runtime and detour the packets around such malicious nodes.

Up till now we saw software based security threats which can be removed by software updates, but what about hardware and the security risks it faces. Trojan virus aren't restricted in software domain, it can be in an idle state and waiting for an activation (trigger) signal to run its malicious payload. There are 3 such categories of malicious nodes that we need to be aware of:

1. Benign node: A malicious node that can be detected and automatically avoided by the system routing technique if in small number.
2. Moderate-harmful node: A malicious node that is hard to detect and expensive to be avoided, where is hard to detect the cause of system degradation such as Dos or normal traffic.
3. Malignant node: A malicious node that is very hard, mostly impossible, to detect and silently applies its payload. For example they use technique such as silent data corruption, dropping the packets without forwarding by black hole routers.

Thus, we could see that he main goal of this research is to detect such malicious nodes at run-time and avoid them through secure routing techniques .Unlike fault-tolerant routing algorithms where the faulty nodes are dead routers and are not involved in packets’ routing which are very to detect , malicious nodes are nodes that participate in packets routing and apply their payload to breach the system security or degrade the system on trigger.

Multiprocessors System-on-Chip (MPSoC) are now the only way to construct a high performance platform, where multiple processing cores are connected and communicating through Network-on-chip (NoC). NoC is flexible and dynamically allow application sharing resources in MPSoC, which makes the NoC security critical. The challenge is to provide a secure System-on-chip network that allows a trustworthy network platform for smooth application running in the system, which the proposed algorithm tried to solve keeping in mind all the threats.

Till then Stay safe, Stay connected and be aware !