CAESAR-MPSoC: Dynamic and Efficient MPSoC Security Zones

Dynamic security zones in Multiprocessor System-on-Chip (MP-SoC) has been used to isolate sensitive applications from possible attackers. These physical wrappers are usually configured through programmable hardware firewalls. Previous works have shown the efficiency of this security mechanism against a wide variety of attacks. However, the security zone configuration is performed in an unprotected way, exposing the system to attacks caused by rogue firewall update. In this work we propose CAESAR-MPSoC, an enhanced MPSoC able to ensure the protected configuration of the firewalls through encrypted and authenticated reconfiguration packets. To this end, we present two contributions. First, we integrate two CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness) hardware IP cores, ASCON and AEGIS, into MPSoCs. Second, we developed a light-weight interface that allows to plug-in the different CAESAR cores into MPSoC environment. Third, we show the protected configuration of security zones. Fourth, we evaluate the security, area and cost of CAESAR-MPSoC. The results show that our solution is feasible and effective to allow the protected and efficient security zone configuration.