Research And Design Of SoC Secure Key Technique Based On Network On Chip

Due to the advantages of good scalability,high communication efficiency and low power consumption,network on chip has become the communication structure to solve the SoC scale expansion problem.However,SoC based on network on chip is faced with security threats such as unauthorized memory access and denial of service attacks.In order to ensure the data security and availability of the network on chip,this paper studies the access control mechanism and denial of service attacks resistance of the network on chip.Considering the architecture features and transmission characteristics of the network on chip,we design and implement the corresponding security mechanism,to improve the security protection capability of the network on chip.The main work and research results are as follows:We analyze the security memory requirements of the network on chip,and propose a dual authentication mechanism based on access control and path verification.With hardware implementation approach,access control unit is designed and can be configured dynamically.The access control unit is embedded in the network interface of the network on chip to verify the validity of the access request.The access control unit consists of data processing module,control module,permission list and judgment module.The permission list stores the value of the permission of the requester.In order to achieve the high speed access,the permissions list is implemented by ternary content addressable memory(TCAM).Path verification uses complementary path encoding scheme,encoding the routing direction of the request packet to represent the path information.The target node can reverse the path coding information to obtain the source address of the requester,thus verifying if the corresponding information in the packet header is same with the source address,to prevent the attacker from implementing the attack by modifying the packet header information.By analyzing the implementation approach of the denial of service attacks on the NoC,a security router is designed to resist multiple denial of service attacks.Denial of service attacks can change NoC from the normal available state to the congested state or the node failure state.Congestion and node failure state can be regarded as unavailable.By analyzing the state transition of the network on chip,availability model of the network on chip is established to estimate quantitatively the availability of the network on chip.The address filtering module and the traffic regulation module are embedded in the router local input port,filtering the invalid packet and regulating the packet injection rate of process element,so as to resist the address attack and the bandwidth occupancy attack.The traffic monitor module is embedded in the router output port,finding the abnormal traffic of the output port,to detect whether the routing table is tampered maliciously.In order to guarantee the transmission of security services data,the neighbor shared buffer scheme and selectable priority arbiter are designed.The security services data should also be transmitted timely and effectively even when network on chip is congested.After comparison and analysis between multi-scheme,we choose shared connection architecture and communication resources to transmit security service packet,and set the security service packet to be a higher priority.We reform the typical round-robin arbiter,and implement a selectable priority arbiter.In order to balance the nonuniform traffic of input port and improve the utilization rate of the virtual channel buffer of the router,the neighbor shared buffer scheme is designed.When the buffer of the input port is not enough,the buffer can be borrowed from two neighbor ports,so security services data can be transmitted normally when network is congested.The system-level simulation platform is designed to verify and test the security mechanism designed in this paper.The research result shows that the security mechanism designed in this paper not only improves the security protection capability of SoC,but also has higher execution efficiency and less hardware resource overhead,compared with the previous schemes.