978-1-5090-2520-6/16/$31.00 ©2016 IEEE Towards Risk Aware NoCs for Data Protection in MPSoCs Johanna Sepulveda 1 , Daniel Flórez 2 , Ramon Fernandes 3 , Cesar Marcon 3 , Guy Gogniat 2 , Georg Sigl 1,4 1 Institute for Security in Information Technology, Technical University of Munich, Germany 2 Lab-STICC, South Brittany University, France 3 FACIN - PUCRS – Av. Ipiranga 6681, 90619-900, Porto Alegre, Brazil 4 Fraunhofer Institute for Applied and Integrated Security, Garching, Germany johanna.sepulveda@tum.de Abstract— Multi-Processors Systems-on-Chip (MPSoCs), as a key technology enabler of the new computation paradigm Internet-of-Things (IoT), are currently exposed to attacks. Malicious applications can be downloaded at runtime to the MPSoC, infecting IP-blocks connected to a Network-on-Chip (NoC) and opening doors to perform Timing Side Channel Attacks (TSCA). By monitoring the NoC traffic, an attacker is able to infer the sensitive information, such as secret keys. Previous works have shown that NoC routing can be used to avoid attacks. In this paper we propose GRaNoC, a NoC architecture able to monitor and evaluate the risk of the communication paths inside the NoC. Sensitive traffic is exchanged to minimal low-risk paths defined at runtime. We propose five types of dead-lock free risk-aware routing algorithm and evaluate the security, performance and cost under several synthetic and SPLASH-2 benchmarks. We show that our architecture is able to guarantee secure paths during runtime while adding only low cost and performance penalties to the MPSoC. Keywords—Security; Network-on-Chip; risk path; routing. I. INTRODUCTION Flexibility and high computation power have turned Multi-Processors System-on-Chip (MPSoCs) as the foreseen platform able to meet the requirements demanded by semiconductor industry. MPSoCs integrate several processing and storage Intellectual Property (IP) cores which communicate through a Network-on-Chip (NoC). By means of a set of routers and links, the NoC communicates packets between a pair of source IP (which injects the packet) and destination IP (which receives the packet). A network interface links an IP core to a router. It implements the communication protocol by packing and unpacking the data and controlling the data injection and ejection from the NoC. In order to increase the efficiency of the communication, two-level NoCs are employed. They integrate a data NoC and control NoC into commutation points (CP) for exchanging data and control packets of the MPSoC [1]. Fig. 1 presents an MPSoC with 9 IP cores interconnected through a two-level 3x3 mesh-based NoC. The adoption of MPSoCs in the Internet-of-Things (IoT) context promises to be source of huge benefits. By interconnecting the MPSoCs through an external network, as Internet, MPSoCs are able to download programs for upgrading the firmware and executing several ever- changing applications at runtime. Each application is characterized by performance and security requirements, which must be met under tight area and power constraints [1]. In order to increase the performance of the MPSoC, applications are divided into smaller pieces of code, called tasks, and split on the shared MPSoC hardware resources. Such an approach forces the peer interaction among the IP cores. Consequently, for critical applications, sensitive data must be exchanged through the shared NoC, which increases the vulnerability of the system. Software-based attacks can be used to extract sensitive information [2], to modify the system behavior [3] or to deny the MPSoC operation. Timing attacks are one of the most effective and dangerous security incidents at the MPSoC [4]. Shared NoCs can be exploited by an attacker in order to spy sensitive information. By using the attacker throughput variation due the traffic collision (competition for the same resources) with sensitive flows, an attacker can infer sensitive data, as shown in [5]. Previous works have shown that secure enhanced NoCs can be used to prevent and mitigate software attacks [6-8]. One of the most common techniques to implement security at NoCs is through firewalls embedded at the network interface, between the source IP and destination IP. They monitor and filter the NoC traffic according to a set of security rules. Firewalls are used to guarantee the access control [6,8] security service. Security mechanisms are controlled and configured through the Secure Manager (SM) core, a secure processor that compiles the security requirements into security rules able to be loaded into the firewalls of the system. Each time a security rule is violated, the packet is discarded and the firewall notifies the SM. Fig. 1 shows two attacks, one detected by the source IP firewall (A1) and the other at the destination IP firewall (A2). While A1 detection allows the attacker identification (source IP), A2 detection identifies a possible target of attack. Despite the high protection derived from the firewall integration, sensitive traffic must be communicated through risky shared paths. As a complement of the firewall protection, in order to mitigate attacks, NoC Authorized licensed use limited to: Pontificia Universidade Catolica do Rio Grande do Sul (PUC/RS). Downloaded on November 11,2022 at 19:18:01 UTC from IEEE Xplore. Restrictions apply.