Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures
|
|
- Oswin Jonah Weaver
- 6 years ago
- Views:
Transcription
1 Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures L. BARTHE, P. BENOIT, L. TORRES LIRMM - CNRS - University of Montpellier 2 FPL 10 - Tuesday 31 August, 2010 Milan, Italy
2 Context: Side-Channel Attacks / Attackers exploit the correlation between data and physical leakages in order to reveal the secrets Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 1 / 19
3 Topic of this Work Main objective Improving the robustness of embedded processors against Power and ElectroMagnetic Analysis Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 2 / 19
4 Topic of this Work Main objective Improving the robustness of embedded processors against Power and ElectroMagnetic Analysis Contributions A RISC pipeline threat model A new masking countermeasure for RISC-based processors Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 2 / 19
5 Topic of this Work Main objective Improving the robustness of embedded processors against Power and ElectroMagnetic Analysis Contributions A RISC pipeline threat model A new masking countermeasure for RISC-based processors Challenge Implement countermeasures without compromising requirements of embedded systems! Area Security Speed Power Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 2 / 19
6 A Case Study: Xilinx s MicroBlaze A 32-bit RISC processor Soft-core processor Designed and supported by Xilinx for their FPGAs High level of flexibility Typical processor for embedded systems MicroBlaze s architecture Modified harvard architecture Classic RISC 5-stage pipeline Extra features: barrel shifter, cache memories etc. Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 3 / 19
7 A Case Study: Xilinx s MicroBlaze A 32-bit RISC processor Soft-core processor Designed and supported by Xilinx for their FPGAs High level of flexibility Typical processor for embedded systems MicroBlaze s architecture Modified harvard architecture Classic RISC 5-stage pipeline Extra features: barrel shifter, cache memories etc. Pipelining increases processor performance by increasing the instructions throughput What about security? Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 3 / 19
8 SCAs on the MicroBlaze Example: Data Encryption Standard (DES) Symmetric block cipher algorithm Standard software implementation using ANSI C code / mb-gcc L0 R0 K1 F L1 = R0 R1 = L0 F(0,K1) A DES Attack Model (Kocher) Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 4 / 19
9 SCAs on the MicroBlaze Example: Data Encryption Standard (DES) Symmetric block cipher algorithm Standard software implementation using ANSI C code / mb-gcc ANSI C L0 R0 K1 ASM F L1 = R0 R1 = L0 F(0,K1) A DES Attack Model (Kocher) Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 4 / 19
10 Concrete Evaluation: Acquisition Setup X-Y Table Oscilloscope EM Sensor Probe Low-Noise Amplifier Spartan-3 Board Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 5 / 19
11 Concrete Evaluation: DEMA Flow First step: data acquisition Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 6 / 19
12 Concrete Evaluation: DEMA Flow Second step: perform attacks First step: data acquisition Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 6 / 19
13 Concrete Evaluation: DEMA Flow Second step: perform attacks First step: data acquisition Last step: analyze results Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 6 / 19
14 Concrete Evaluation: DEMA Results Full key discovered with less than 500 electromagnetic traces Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 7 / 19
15 Concrete Evaluation: DEMA Results Full key discovered with less than 500 electromagnetic traces Voltage Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 7 / 19
16 Concrete Evaluation: DEMA Results Voltage Full key discovered with less than 500 electromagnetic traces - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 7 / 19
17 Concrete Evaluation: DEMA Results Full key discovered with less than 500 electromagnetic traces Voltage highest amplitude => guessed key - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 7 / 19
18 MicroBlaze s Datapath Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Instruction IF/ID Register File ID/EX ALU EX/MA Data MA/WB Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 8 / 19
19 The Pipeline Threat Model noitcurtsni yromem hctef noitcurtsni )FI( n IF SWI ID XOR n+1 n+2 n+3 n+4 n+5 retsiger elif edoced noitcurtsni )DI( IF/ID EX ULA etucexe )XE( ID/EX MA atad yromem ssecca yromem )AM( EX/MA MA/WB Voltage kcab-etirw )BW( WB - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 9 / 19
20 The Pipeline Threat Model noitcurtsni yromem hctef noitcurtsni )FI( n n+1 n+2 n+3 n+4 n+5 IF SWI... ID XOR SWI retsiger elif edoced noitcurtsni )DI( IF/ID EX ULA etucexe )XE( ID/EX XOR MA atad yromem ssecca yromem )AM( EX/MA MA/WB Voltage kcab-etirw )BW( WB - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 9 / 19
21 The Pipeline Threat Model noitcurtsni yromem hctef noitcurtsni )FI( n n+1 n+2 n+3 n+4 n+5 IF SWI... ID XOR SWI... XOR SWI retsiger elif edoced noitcurtsni )DI( IF/ID EX ULA etucexe )XE( ID/EX MA atad yromem ssecca yromem )AM( EX/MA XOR MA/WB Voltage kcab-etirw )BW( WB - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 9 / 19
22 The Pipeline Threat Model noitcurtsni yromem hctef noitcurtsni )FI( n n+1 n+2 n+3 n+4 n+5 IF SWI... ID XOR SWI... XOR SWI... XOR SWI... XOR SWI retsiger elif edoced noitcurtsni )DI( IF/ID EX ULA etucexe )XE( ID/EX MA atad yromem ssecca yromem )AM( EX/MA MA/WB... Voltage kcab-etirw )BW( WB - correct sub-key - other sub-keys Time Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 9 / 19
23 Investigation of a Secure Processor: Overview Pipelined processors increase the efficiency of SCAs Hardware countermeasures not only focused on the ALU and the register file of the processor Challenge: overhead vs security Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 10 / 19
24 State-of-Art of Countermeasures ALGORITHM Arithmetic Masking Boolean Masking Random Execution Dummy Cycles masking countermeasures hiding countermeasures CIRCUIT Noise Generators Decoupled Power Supply GATE Gate Level Masking Dual-Rail Logic Asynchronous Logic No perfect solution has been identified but the security can be significantly improved Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 11 / 19
25 Masking Countermeasures Main idea Sensitive data are masked with various random numbers A mask correction is performed at key steps Strategy for Power and ElectroMagnetic Analysis Confuse the attacker Example: boolean masking Masked data result from XOR operations M M D... D D = D M D Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 12 / 19
26 A RISC-based Masked Datapath - 1 Dual pipelined datapath RISC pipeline with masked data New one with the corresponding mask D1 Combinatorial Process D2 M1 Combinatorial Process M2 Exploiting the simplicity of RISC architectures Trade-Off Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 13 / 19
27 A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
28 A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
29 A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
30 A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
31 A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
32 A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
33 A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
34 A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
35 A RISC-based Masked Datapath - 2 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
36 A new Open-Processor is Born The SecretBlaze Compliant with the MicroBlaze s instruction set Modified harvard architecture RISC 5-stage pipeline Optional features (barrel shifter etc.) Available soon at SecretBlaze!s Processor SecretBlaze!s Core Instruction Fetch Instruction Decode Execute Access Write-Back IM Bus Interface Register File ALU DM Bus Interface MSR int_i INT halt_sb_i clk_i rst_n_i im_bus_i/o dm_bus_i/o SecretBlaze!s Sub-System Decoder Instruction Cache Data Cache WB Bus Master Interface WB IO Bus Master Interface wb_mem_bus_i/o wb_io_bus_i/o Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 15 / 19
37 Evaluation: Overhead Without countermeasure With countermeasure Overhead Max Freq. in Mhz % # Slices % # LUTs % # BRAMs % Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 16 / 19
38 Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19
39 Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19
40 Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess x 16 Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19
41 Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess x 16 Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19
42 Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess x 16 x 2 Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19
43 Evaluation: Robustness Without countermeasure 1 st Pos. 2 th Pos. With countermeasure 1 st Pos. 2 th Pos. First Correct Guess x 16 x 2 Clock number n n + 1 n + 2 n + 3 n + 4 n + 5 Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Voltage - correct sub-key - other sub-keys Time DEMA traces without countermeasure Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19
44 Evaluation: Robustness Without countermeasure 1st Pos. 2th Pos. First Correct Guess 431 With countermeasure 1st Pos. 2th Pos x 16 x2 n n+1 n+2 n+3 n+4 n+5 Clock number n n+1 n+2 n+3 n+4 n+5 Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Voltage Voltage Clock number - correct sub-key - other sub-keys - correct sub-key - other sub-keys Time Time DEMA traces without countermeasure DEMA traces with countermeasure Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19
45 Evaluation: Robustness Without countermeasure 1st Pos. 2th Pos. First Correct Guess 431 With countermeasure 1st Pos. 2th Pos x 16 x2 Clock number n n+1 n+2 n+3 n+4 n+5 Clock number n n+1 n+2 n+3 n+4 n+5 Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Pipeline State XOR ID SWI IF XOR EX SWI ID XOR MA SWI EX XOR WB SWI MA SWI WB... Voltage Voltage ALU - correct sub-key - other sub-keys - correct sub-key - other sub-keys Time Time DEMA traces without countermeasure DEMA traces with countermeasure Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 17 / 19
46 A RISC-based Masked Datapath - 3 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Masked Unmasked Masked Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
47 A RISC-based Masked Datapath - 3 Instruction Fetch (IF) Instruction Decode (ID) Execute (EX) Access (MA) Write-Back (WB) Register File MAMU Instruction IF/ID ID/EX ALU EX/MA Data MA/WB Mask Register File Masked Unmasked Masked Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 14 / 19
48 Conclusion Hardware weaknesses of pipelined processors A new masking countermeasure for embedded processors A new Open-Processor Significant reduction of the undesirable effects of the pipelining technique ALU is still a critical security issue Power constant logics or asynchronous logics should be investigated High-order attacks? Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 18 / 19
49 Thanks for your attention Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures 19 / 19
Countermeasures against EM Analysis
Countermeasures against EM Analysis Paolo Maistri 1, SebastienTiran 2, Amine Dehbaoui 3, Philippe Maurine 2, Jean-Max Dutertre 4 (1) (2) (3) (4) Context Side channel analysis is a major threat against
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationHiding Higher-Order Leakages in Hardware
Hiding Higher-Order Leakages in Hardware 21. May 2015 Ruhr-Universität Bochum Acknowledgement Pascal Sasdrich Tobias Schneider Alexander Wild 2 Story? Threshold Implementation should be explained? 1 st
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationCountermeasures against EM Analysis for a Secured FPGA-based AES Implementation
Countermeasures against EM Analysis for a Secured FPGA-based AES Implementation P. Maistri 1, S. Tiran 2, P. Maurine 2, I. Koren 3, R. Leveugle 1 1 Univ. Grenoble Alpes, TIMA Laboratory, F-38031 Grenoble
More informationInstruction Set Overview
MicroBlaze Instruction Set Overview ECE 3534 Part 1 1 The Facts MicroBlaze Soft-core Processor Highly Configurable 32-bit Architecture Master Component for Creating a MicroController Thirty-two 32-bit
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationSide-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel?
Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel? 11. Sep 2013 Ruhr University Bochum Outline Power Analysis Attack Masking Problems in hardware Possible approaches
More informationECE260: Fundamentals of Computer Engineering
ECE260: Fundamentals of Computer Engineering Pipelined Datapath and Control James Moscola Dept. of Engineering & Computer Science York College of Pennsylvania ECE260: Fundamentals of Computer Engineering
More informationThe Nios II Family of Configurable Soft-core Processors
The Nios II Family of Configurable Soft-core Processors James Ball August 16, 2005 2005 Altera Corporation Agenda Nios II Introduction Configuring your CPU FPGA vs. ASIC CPU Design Instruction Set Architecture
More informationECE 2300 Digital Logic & Computer Organization. Caches
ECE 23 Digital Logic & Computer Organization Spring 217 s Lecture 2: 1 Announcements HW7 will be posted tonight Lab sessions resume next week Lecture 2: 2 Course Content Binary numbers and logic gates
More informationRISC Pipeline. Kevin Walsh CS 3410, Spring 2010 Computer Science Cornell University. See: P&H Chapter 4.6
RISC Pipeline Kevin Walsh CS 3410, Spring 2010 Computer Science Cornell University See: P&H Chapter 4.6 A Processor memory inst register file alu PC +4 +4 new pc offset target imm control extend =? cmp
More informationThe embedded security challenge: Protecting bits at rest
The embedded security challenge: Protecting bits at rest Patrick Schaumont schaum@vt.edu Acknowledgements: Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department Secret bits-at-rest Hi-Res
More informationDesigning a Pipelined CPU
Designing a Pipelined CPU CSE 4, S2'6 Review -- Single Cycle CPU CSE 4, S2'6 Review -- ultiple Cycle CPU CSE 4, S2'6 Review -- Instruction Latencies Single-Cycle CPU Load Ifetch /Dec Exec em Wr ultiple
More informationComputer and Hardware Architecture II. Benny Thörnberg Associate Professor in Electronics
Computer and Hardware Architecture II Benny Thörnberg Associate Professor in Electronics Parallelism Microscopic vs Macroscopic Microscopic parallelism hardware solutions inside system components providing
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationWhat is Pipelining. work is done at each stage. The work is not finished until it has passed through all stages.
PIPELINING What is Pipelining A technique used in advanced microprocessors where the microprocessor begins executing a second instruction before the first has been completed. - A Pipeline is a series of
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationSlides for Lecture 15
Slides for Lecture 15 ENCM 501: Principles of Computer Architecture Winter 2014 Term Steve Norman, PhD, PEng Electrical & Computer Engineering Schulich School of Engineering University of Calgary 6 March,
More informationComputer Systems Architecture Spring 2016
Computer Systems Architecture Spring 2016 Lecture 01: Introduction Shuai Wang Department of Computer Science and Technology Nanjing University [Adapted from Computer Architecture: A Quantitative Approach,
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationBasic FPGA Architectures. Actel FPGAs. PLD Technologies: Antifuse. 3 Digital Systems Implementation Programmable Logic Devices
3 Digital Systems Implementation Programmable Logic Devices Basic FPGA Architectures Why Programmable Logic Devices (PLDs)? Low cost, low risk way of implementing digital circuits as application specific
More informationLecture Topics. Announcements. Today: Data and Control Hazards (P&H ) Next: continued. Exam #1 returned. Milestone #5 (due 2/27)
Lecture Topics Today: Data and Control Hazards (P&H 4.7-4.8) Next: continued 1 Announcements Exam #1 returned Milestone #5 (due 2/27) Milestone #6 (due 3/13) 2 1 Review: Pipelined Implementations Pipelining
More informationLecture 15: Pipelining. Spring 2018 Jason Tang
Lecture 15: Pipelining Spring 2018 Jason Tang 1 Topics Overview of pipelining Pipeline performance Pipeline hazards 2 Sequential Laundry 6 PM 7 8 9 10 11 Midnight Time T a s k O r d e r A B C D 30 40 20
More informationOrganic Computing. Dr. rer. nat. Christophe Bobda Prof. Dr. Rolf Wanka Department of Computer Science 12 Hardware-Software-Co-Design
Dr. rer. nat. Christophe Bobda Prof. Dr. Rolf Wanka Department of Computer Science 12 Hardware-Software-Co-Design 1 Reconfigurable Computing Platforms 2 The Von Neumann Computer Principle In 1945, the
More informationARM processor organization
ARM processor organization P. Bakowski bako@ieee.org ARM register bank The register bank,, which stores the processor state. r00 r01 r14 r15 P. Bakowski 2 ARM register bank It has two read ports and one
More informationThe Processor. Z. Jerry Shi Department of Computer Science and Engineering University of Connecticut. CSE3666: Introduction to Computer Architecture
The Processor Z. Jerry Shi Department of Computer Science and Engineering University of Connecticut CSE3666: Introduction to Computer Architecture Introduction CPU performance factors Instruction count
More informationCOMP2611: Computer Organization. The Pipelined Processor
COMP2611: Computer Organization The 1 2 Background 2 High-Performance Processors 3 Two techniques for designing high-performance processors by exploiting parallelism: Multiprocessing: parallelism among
More informationMasking the Energy Behavior of DES Encryption
Masking the Energy Behavior of DES Encryption H. Saputra, N. Vijaykrishnan, M. Kandemir, M. J. Irwin, R. Brooks, S. Kim and W. Zhang Computer Science and Engineering, Applied Research Lab The Pennsylvania
More informationPipelining. Pipeline performance
Pipelining Basic concept of assembly line Split a job A into n sequential subjobs (A 1,A 2,,A n ) with each A i taking approximately the same time Each subjob is processed by a different substation (or
More informationImplementation Tradeoffs for Symmetric Cryptography
Implementation Tradeoffs for Symmetric Cryptography Télécom ParisTech, LTCI Page 1 Implementation Trade-offs Security Physical attacks Cryptanalysis* Performance energy Throughput Latency Complexity *
More informationPower Analysis Attacks
Power Analysis Attacks Elisabeth Oswald Computer Science Department Crypto Group eoswald@cs.bris.ac.uk Elisabeth.Oswald@iaik.tugraz.at Outline Working principle of power analysis attacks DPA Attacks on
More informationMicro-Architectural Attacks and Countermeasures
Micro-Architectural Attacks and Countermeasures Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 25 Contents Micro-Architectural Attacks Cache Attacks Branch Prediction Attack
More informationcs470 - Computer Architecture 1 Spring 2002 Final Exam open books, open notes
1 of 7 ay 13, 2002 v2 Spring 2002 Final Exam open books, open notes Starts: 7:30 pm Ends: 9:30 pm Name: (please print) ID: Problem ax points Your mark Comments 1 10 5+5 2 40 10+5+5+10+10 3 15 5+10 4 10
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationProcessor Architecture. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Processor Architecture Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Moore s Law Gordon Moore @ Intel (1965) 2 Computer Architecture Trends (1)
More informationMidnight Laundry. IC220 Set #19: Laundry, Co-dependency, and other Hazards of Modern (Architecture) Life. Return to Chapter 4
IC220 Set #9: Laundry, Co-dependency, and other Hazards of Modern (Architecture) Life Return to Chapter 4 Midnight Laundry Task order A B C D 6 PM 7 8 9 0 2 2 AM 2 Smarty Laundry Task order A B C D 6 PM
More informationFast dynamic and partial reconfiguration Data Path
Fast dynamic and partial reconfiguration Data Path with low Michael Hübner 1, Diana Göhringer 2, Juanjo Noguera 3, Jürgen Becker 1 1 Karlsruhe Institute t of Technology (KIT), Germany 2 Fraunhofer IOSB,
More informationWhat is Pipelining? Time per instruction on unpipelined machine Number of pipe stages
What is Pipelining? Is a key implementation techniques used to make fast CPUs Is an implementation techniques whereby multiple instructions are overlapped in execution It takes advantage of parallelism
More informationParallelism via Multithreaded and Multicore CPUs. Bradley Dutton March 29, 2010 ELEC 6200
Parallelism via Multithreaded and Multicore CPUs Bradley Dutton March 29, 2010 ELEC 6200 Outline Multithreading Hardware vs. Software definition Hardware multithreading Simple multithreading Interleaved
More informationORCA FPGA- Optimized VectorBlox Computing Inc.
ORCA FPGA- Optimized 2016 VectorBlox Computing Inc. 1 ORCA FPGA- Optimized Tiny, Low-Power FPGA 3,500 LUT4s 4 MUL16s < $5.00 ISA: RV32IM hw multiply, sw divider < 2,000 LUTs ~ 20MHz What is ORCA? Family
More informationCOSC 6385 Computer Architecture - Pipelining
COSC 6385 Computer Architecture - Pipelining Fall 2006 Some of the slides are based on a lecture by David Culler, Instruction Set Architecture Relevant features for distinguishing ISA s Internal storage
More informationProcessor Architecture
Processor Architecture Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE2030: Introduction to Computer Systems, Spring 2018, Jinkyu Jeong (jinkyu@skku.edu)
More informationVery High-Order Masking: Efficient Implementation and Security Evaluation
Very High-Order Masking: Efficient Implementation and Security Evaluation Anthony Journault and François-Xavier Standaert UCL (Louvain-la-Neuve, Belgium) CHES 2017, Taipei, Taiwan Outline Background Masking
More informationPipelining! Advanced Topics on Heterogeneous System Architectures. Politecnico di Milano! Seminar DEIB! 30 November, 2017!
Advanced Topics on Heterogeneous System Architectures Pipelining! Politecnico di Milano! Seminar Room @ DEIB! 30 November, 2017! Antonio R. Miele! Marco D. Santambrogio! Politecnico di Milano! 2 Outline!
More informationCSE A215 Assembly Language Programming for Engineers
CSE A215 Assembly Language Programming for Engineers Lecture 4 & 5 Logic Design Review (Chapter 3 And Appendices C&D in COD CDROM) September 20, 2012 Sam Siewert ALU Quick Review Conceptual ALU Operation
More informationCorrelated Power Noise Generator as a Low Cost DPA Countermeasures to Secure Hardware AES Cipher
Correlated Power Noise Generator as a Low Cost DPA Countermeasures to Secure Hardware AES Cipher Najeh Kamoun 1, Lilian Bossuet 2, and Adel Ghazel 1 1 CIRTA COM, SUP COM 2 IMS, University of Bordeaux Tunis,
More informationA Study of the Speedups and Competitiveness of FPGA Soft Processor Cores using Dynamic Hardware/Software Partitioning
A Study of the Speedups and Competitiveness of FPGA Soft Processor Cores using Dynamic Hardware/Software Partitioning By: Roman Lysecky and Frank Vahid Presented By: Anton Kiriwas Disclaimer This specific
More informationThe Processor Pipeline. Chapter 4, Patterson and Hennessy, 4ed. Section 5.3, 5.4: J P Hayes.
The Processor Pipeline Chapter 4, Patterson and Hennessy, 4ed. Section 5.3, 5.4: J P Hayes. Pipeline A Basic MIPS Implementation Memory-reference instructions Load Word (lw) and Store Word (sw) ALU instructions
More informationCOMPUTER ORGANIZATION AND DESIGN
ARM COMPUTER ORGANIZATION AND DESIGN Edition The Hardware/Software Interface Chapter 4 The Processor Modified and extended by R.J. Leduc - 2016 To understand this chapter, you will need to understand some
More information! Program logic functions, interconnect using SRAM. ! Advantages: ! Re-programmable; ! dynamically reconfigurable; ! uses standard processes.
Topics! SRAM-based FPGA fabrics:! Xilinx.! Altera. SRAM-based FPGAs! Program logic functions, using SRAM.! Advantages:! Re-programmable;! dynamically reconfigurable;! uses standard processes.! isadvantages:!
More informationDesigning a Pipelined CPU
Designing a Pipelined CPU Peer Instruction Lecture Materials for Computer Architecture by Dr. Leo Porter, adapted by Janet Davis, are licensed under a Creative Commons Attribution- NonCommercial-ShareAlike
More informationSecure and Efficient Implementation of Symmetric Encryption Schemes using FPGAs
Secure and Efficient Implementation of Symmetric Encryption Schemes using FPGAs François-Xavier Standaert U rypto Group, fstandae@uclouvain.be Summary. Due to its potential to greatly accelerate a wide
More informationCPE300: Digital System Architecture and Design
CPE300: Digital System Architecture and Design Fall 2011 MW 17:30-18:45 CBC C316 Number Representation 09212011 http://www.egr.unlv.edu/~b1morris/cpe300/ 2 Outline Recap Logic Circuits for Register Transfer
More informationASSEMBLY LANGUAGE MACHINE ORGANIZATION
ASSEMBLY LANGUAGE MACHINE ORGANIZATION CHAPTER 3 1 Sub-topics The topic will cover: Microprocessor architecture CPU processing methods Pipelining Superscalar RISC Multiprocessing Instruction Cycle Instruction
More informationThe Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance
2013.12.7 DLSI International Symposium The Design and Evaluation Methodology of Dependable VLSI for Focusing on the security of hardware modules - Tamper resistant cryptographic circuit - Evaluation tools
More informationSIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI
SIDE CHANNEL ANALYSIS : LOW COST PLATFORM ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI THE CEA Military Applications Division (DAM) Nuclear Energy Division (DEN) Technological Research Division
More informationINVESTIGATION OF DPA RESISTANCE OF BLOCK RAMS IN FPGAS
INVESTIGATION OF DPA RESISTANCE OF BLOCK RAMS IN FPGAS by Shaunak Shah A Thesis Submitted to the Graduate Faculty of George Mason University In Partial fulfillment of The Requirements for the Degree of
More informationBinary Adders. Ripple-Carry Adder
Ripple-Carry Adder Binary Adders x n y n x y x y c n FA c n - c 2 FA c FA c s n MSB position Longest delay (Critical-path delay): d c(n) = n d carry = 2n gate delays d s(n-) = (n-) d carry +d sum = 2n
More informationEITF20: Computer Architecture Part2.2.1: Pipeline-1
EITF20: Computer Architecture Part2.2.1: Pipeline-1 Liang Liu liang.liu@eit.lth.se 1 Outline Reiteration Pipelining Harzards Structural hazards Data hazards Control hazards Implementation issues Multi-cycle
More informationInstruction Level Parallelism. Appendix C and Chapter 3, HP5e
Instruction Level Parallelism Appendix C and Chapter 3, HP5e Outline Pipelining, Hazards Branch prediction Static and Dynamic Scheduling Speculation Compiler techniques, VLIW Limits of ILP. Implementation
More informationDLX Unpipelined Implementation
LECTURE - 06 DLX Unpipelined Implementation Five cycles: IF, ID, EX, MEM, WB Branch and store instructions: 4 cycles only What is the CPI? F branch 0.12, F store 0.05 CPI0.1740.83550.174.83 Further reduction
More informationImplementation of a pipelined MIPS CPU with single cycle
Implementation of a pipelined MIPS CPU with single cycle S.G.Nafreen Sultana 1, K.Sudhakar 2 K.PrasadBabu 3 S.Ahmed Basha 4 1 15G31D0610 M.Tech DSCE, Sjcet, Yerrakota, Kurnool, Andhra Pradesh India 2 HOD
More informationKeywords: Soft Core Processor, Arithmetic and Logical Unit, Back End Implementation and Front End Implementation.
ISSN 2319-8885 Vol.03,Issue.32 October-2014, Pages:6436-6440 www.ijsetr.com Design and Modeling of Arithmetic and Logical Unit with the Platform of VLSI N. AMRUTHA BINDU 1, M. SAILAJA 2 1 Dept of ECE,
More informationDepartment of Computer and IT Engineering University of Kurdistan. Computer Architecture Pipelining. By: Dr. Alireza Abdollahpouri
Department of Computer and IT Engineering University of Kurdistan Computer Architecture Pipelining By: Dr. Alireza Abdollahpouri Pipelined MIPS processor Any instruction set can be implemented in many
More informationEfficiency and memory footprint of Xilkernel for the Microblaze soft processor
Efficiency and memory footprint of Xilkernel for the Microblaze soft processor Dariusz Caban, Institute of Informatics, Gliwice, Poland - June 18, 2014 The use of a real-time multitasking kernel simplifies
More informationFull Datapath. Chapter 4 The Processor 2
Pipelining Full Datapath Chapter 4 The Processor 2 Datapath With Control Chapter 4 The Processor 3 Performance Issues Longest delay determines clock period Critical path: load instruction Instruction memory
More informationRC-6 CRYPTOSYSTEM IN VHDL. BY:- Deepak Singh Samant
RC-6 CRYPTOSYSTEM IN VHDL BY:- Deepak Singh Samant OBJECTIVE: TO IMPLEMENT A CRYPTOSYSTEM USING RIVEST CIPHER-6 (RC6) ALGORITHM IN VHDL(FPGA) What is CRYPTOLOGY? CRYPTOGRAPHY is the art and science of
More informationLaboratory Pipeline MIPS CPU Design (2): 16-bits version
Laboratory 10 10. Pipeline MIPS CPU Design (2): 16-bits version 10.1. Objectives Study, design, implement and test MIPS 16 CPU, pipeline version with the modified program without hazards Familiarize the
More informationImproving Performance: Pipelining
Improving Performance: Pipelining Memory General registers Memory ID EXE MEM WB Instruction Fetch (includes PC increment) ID Instruction Decode + fetching values from general purpose registers EXE EXEcute
More informationPipelining: Hazards Ver. Jan 14, 2014
POLITECNICO DI MILANO Parallelism in wonderland: are you ready to see how deep the rabbit hole goes? Pipelining: Hazards Ver. Jan 14, 2014 Marco D. Santambrogio: marco.santambrogio@polimi.it Simone Campanoni:
More informationFPGA Implementation of MIPS RISC Processor
FPGA Implementation of MIPS RISC Processor S. Suresh 1 and R. Ganesh 2 1 CVR College of Engineering/PG Student, Hyderabad, India 2 CVR College of Engineering/ECE Department, Hyderabad, India Abstract The
More informationNovel Design of Dual Core RISC Architecture Implementation
Journal From the SelectedWorks of Kirat Pal Singh Spring May 18, 2015 Novel Design of Dual Core RISC Architecture Implementation Akshatha Rai K, VTU University, MITE, Moodbidri, Karnataka Basavaraj H J,
More informationSIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM)
SIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM) A Major Qualifying Project Report Submitted to the Faculty of WORCESTER POLYTECHNIC INSTITUTE By Zachary Goddard Nicholas LaJeunesse 1 Abstract While
More informationCMPEN 331 Computer Organization and Design, Lab 4 Due Wednesday April 5, 2017 at 7:0 am (Drop box on Canvas)
Penn State University School of Electrical Engineering and Computer Science Page 1 of 5 CMPEN 331 Computer Organization and Design, Lab 4 Due Wednesday April 5, 2017 at 7:0 am (Drop box on Canvas) This
More informationCHAPTER 3 ASYNCHRONOUS PIPELINE CONTROLLER
84 CHAPTER 3 ASYNCHRONOUS PIPELINE CONTROLLER 3.1 INTRODUCTION The introduction of several new asynchronous designs which provides high throughput and low latency is the significance of this chapter. The
More informationPractical Electromagnetic Template Attack on HMAC
Practical Electromagnetic Template Attack on HMAC Pierre Alain Fouque 1 Gaétan Leurent 1 Denis Réal 2,3 Frédéric Valette 2 1ENS,75Paris,France. 2CELAR,35Bruz,France. 3INSA-IETR,35Rennes,France. September
More informationCost efficient FPGA implementations of Min- Sum and Self-Corrected-Min-Sum decoders
Cost efficient FPGA implementations of Min- Sum and Self-Corrected-Min-Sum decoders Oana Boncalo (1), Alexandru Amaricai (1), Valentin Savin (2) (1) University Politehnica Timisoara, Romania (2) CEA-LETI,
More informationLow-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs
Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs Roel Maes 1, Pim Tuyls 1,2, Ingrid Verbauwhede 1 1. COSIC, K.U.Leuven and IBBT 2. Intrinsic-ID, Eindhoven Workshop on
More informationSmart card Power Analysis: From Theory To Practice
Smart card Power Analysis: From Theory To Practice João Lopes and Ricardo Chaves INESC-ID, Instituto Superior Técnico, Universidade Lisboa Email: joao.c.lopes@tecnico.ulisboa.pt, Ricardo.Chaves@inesc-id.pt
More informationComputer Architecture 计算机体系结构. Lecture 2. Instruction Set Architecture 第二讲 指令集架构. Chao Li, PhD. 李超博士
Computer Architecture 计算机体系结构 Lecture 2. Instruction Set Architecture 第二讲 指令集架构 Chao Li, PhD. 李超博士 SJTU-SE346, Spring 27 Review ENIAC (946) used decimal representation; vacuum tubes per digit; could store
More informationBasic FPGA Architecture Xilinx, Inc. All Rights Reserved
Basic FPGA Architecture 2005 Xilinx, Inc. All Rights Reserved Objectives After completing this module, you will be able to: Identify the basic architectural resources of the Virtex -II FPGA List the differences
More informationChapter 4 The Processor 1. Chapter 4A. The Processor
Chapter 4 The Processor 1 Chapter 4A The Processor Chapter 4 The Processor 2 Introduction CPU performance factors Instruction count Determined by ISA and compiler CPI and Cycle time Determined by CPU hardware
More informationCS 31: Intro to Systems Digital Logic. Kevin Webb Swarthmore College February 3, 2015
CS 31: Intro to Systems Digital Logic Kevin Webb Swarthmore College February 3, 2015 Reading Quiz Today Hardware basics Machine memory models Digital signals Logic gates Circuits: Borrow some paper if
More informationPipelining Analogy. Pipelined laundry: overlapping execution. Parallelism improves performance. Four loads: Non-stop: Speedup = 8/3.5 = 2.3.
Pipelining Analogy Pipelined laundry: overlapping execution Parallelism improves performance Four loads: Speedup = 8/3.5 = 2.3 Non-stop: Speedup =2n/05n+15 2n/0.5n 1.5 4 = number of stages 4.5 An Overview
More informationCENG 3531 Computer Architecture Spring a. T / F A processor can have different CPIs for different programs.
Exam 2 April 12, 2012 You have 80 minutes to complete the exam. Please write your answers clearly and legibly on this exam paper. GRADE: Name. Class ID. 1. (22 pts) Circle the selected answer for T/F and
More informationSide-Channel Attack against RSA Key Generation Algorithms
Side-Channel Attack against RSA Key Generation Algorithms CHES 2014 Aurélie Bauer, Eliane Jaulmes, Victor Lomné, Emmanuel Prouff and Thomas Roche Agence Nationale de la Sécurité des Systèmes d Information
More informationVertex Shader Design I
The following content is extracted from the paper shown in next page. If any wrong citation or reference missing, please contact ldvan@cs.nctu.edu.tw. I will correct the error asap. This course used only
More informationThe CPU Design Kit: An Instructional Prototyping Platform. for Teaching Processor Design. Anujan Varma, Lampros Kalampoukas
The CPU Design Kit: An Instructional Prototyping Platform for Teaching Processor Design Anujan Varma, Lampros Kalampoukas Dimitrios Stiliadis, and Quinn Jacobson Computer Engineering Department University
More informationCPE300: Digital System Architecture and Design
CPE300: Digital System Architecture and Design Fall 2011 MW 17:30-18:45 CBC C316 Pipelining 11142011 http://www.egr.unlv.edu/~b1morris/cpe300/ 2 Outline Review I/O Chapter 5 Overview Pipelining Pipelining
More informationChapter 4. The Processor
Chapter 4 The Processor Introduction CPU performance factors Instruction count Determined by ISA and compiler CPI and Cycle time Determined by CPU hardware 4.1 Introduction We will examine two MIPS implementations
More informationRECONFIGURABLE SPI DRIVER FOR MIPS SOFT-CORE PROCESSOR USING FPGA
RECONFIGURABLE SPI DRIVER FOR MIPS SOFT-CORE PROCESSOR USING FPGA 1 HESHAM ALOBAISI, 2 SAIM MOHAMMED, 3 MOHAMMAD AWEDH 1,2,3 Department of Electrical and Computer Engineering, King Abdulaziz University
More informationECE260: Fundamentals of Computer Engineering
Pipelining James Moscola Dept. of Engineering & Computer Science York College of Pennsylvania Based on Computer Organization and Design, 5th Edition by Patterson & Hennessy What is Pipelining? Pipelining
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationEITF20: Computer Architecture Part2.2.1: Pipeline-1
EITF20: Computer Architecture Part2.2.1: Pipeline-1 Liang Liu liang.liu@eit.lth.se 1 Outline Reiteration Pipelining Harzards Structural hazards Data hazards Control hazards Implementation issues Multi-cycle
More informationSystem-on Solution from Altera and Xilinx
System-on on-a-programmable-chip Solution from Altera and Xilinx Xun Yang VLSI CAD Lab, Computer Science Department, UCLA FPGAs with Embedded Microprocessors Combination of embedded processors and programmable
More informationINTRODUCTION TO FPGA ARCHITECTURE
3/3/25 INTRODUCTION TO FPGA ARCHITECTURE DIGITAL LOGIC DESIGN (BASIC TECHNIQUES) a b a y 2input Black Box y b Functional Schematic a b y a b y a b y 2 Truth Table (AND) Truth Table (OR) Truth Table (XOR)
More informationVirtex-II Architecture. Virtex II technical, Design Solutions. Active Interconnect Technology (continued)
Virtex-II Architecture SONET / SDH Virtex II technical, Design Solutions PCI-X PCI DCM Distri RAM 18Kb BRAM Multiplier LVDS FIFO Shift Registers BLVDS SDRAM QDR SRAM Backplane Rev 4 March 4th. 2002 J-L
More informationUsing FPGA for Computer Architecture/Organization Education
IEEE Computer Society Technical Committee on Computer Architecture Newsletter, Jun. 1996, pp.31 35 Using FPGA for Computer Architecture/Organization Education Yamin Li and Wanming Chu Computer Architecture
More informationCS 251, Winter 2018, Assignment % of course mark
CS 251, Winter 2018, Assignment 5.0.4 3% of course mark Due Wednesday, March 21st, 4:30PM Lates accepted until 10:00am March 22nd with a 15% penalty 1. (10 points) The code sequence below executes on a
More information