Reconfigurable Framework for Red-Black Architecture for Devices Attached to Digital Content

Abstract

The propensity of digital devices with diverse applications running on a Rich OS in a network centric environment is the benchmark of a successful device today. In order to give the consumer a robust experience, the applications running on these devices need to access the myriad of hardware interfaces which are architected into them. This limitless access requested by the applications to various hardware interfaces on the device compromises the security of the device as well as user data. Recognizing this problem various standards have been developed and diverse solutions (whether incorporating these standards or not) have been proposed based on different topologies. This work presents a solution for securing of embedded devices using a novel generic architecture that partition the device into RED-BLACK separation. The user decides what part of the architecture he wants to labelled as BLACK side. The BLACK side of the system is where the user desires all the information to be secure and encrypted, while the RED side encompasses all the interfaces connected with the data sources and the data is usually unsecure. An ‘on the fly’ configuration cryptographic interface is proposed as part of our generic architecture to partition a design into RED-BLACK areas to protect against side channel attacks. This concept of ‘on the fly’ configuration is similar to frequency hopping in communication systems to guard against eavesdropping. The cryptographic interface (CI) between the RED BLACK sides can be reconfigured ‘on the fly’ at selected intervals to guard against side channel attacks. The re-configurability does not use any special features of the FPGA, and is portable across different FPGA vendors and families of FPGA’s as well as ASIC designs. Our proposed module can be plugged in between these two user’s defined partitions to handle the secure flow of information from RED side to BLACK side. While in the reverse way the unencrypted information from the RED side is encrypted before presenting it to the BLACK side. To establish the effectiveness of the proposed module, a design instance is developed and a number of experiments are performed on the system. The results are presented to demonstrate the working of the proposed technique.