RISC-V open-hardware designs are emerging in cyber-physical systems and security-critical embedded platforms. Among them, OpenTitan emerged as an open-source silicon Root-of-Trust, which provides secure-boot and execution-integrity functionalities, exploiting its internal hardware accelerators. In this paper, we explore a novel exploitation of OpenTitan as a secure cryptographic accelerator. To this purpose, we designed TitanSSL, a secure software stack that offloads cryptographic tasks to OpenTitan, and we study the trade-offs between offloading overhead through the stack and the obtained computation speed-up. TitanSSL includes an OpenSSL backend, a Linux driver for communications, and an OpenTitan firmware. We executed TitanSSL on a cycle-accurate simulator of a RISC-V CVA6 application processor integrated with OpenTitan on the same System-on-Chip. We compared our implementation with a pure software version across different cryptographic payloads. Finally, we provide guidelines for the use of OpenTitan as a coprocessor in secure cyber-physical systems designs based on open-hardware architectures.

TitanSSL: Towards Accelerating OpenSSL in a Full RISC-V Architecture Using OpenTitan Root-of-Trust / Musa, Alberto; Volante, Franco; Parisi, Emanuele; Barbierato, Luca; Patti, Edoardo; Bartolini, Andrea; Acquaviva, Andrea; Barchi, Francesco. - 14988:(2024), pp. 169-183. (Intervento presentato al convegno 43rd International Conference on Computer Safety, Reliability, and Security (SAFECOMP) tenutosi a Florence (ITA) nel September 18–20, 2024) [10.1007/978-3-031-68606-1_11].

TitanSSL: Towards Accelerating OpenSSL in a Full RISC-V Architecture Using OpenTitan Root-of-Trust

Volante, Franco;Barbierato, Luca;Patti, Edoardo;
2024

Abstract

RISC-V open-hardware designs are emerging in cyber-physical systems and security-critical embedded platforms. Among them, OpenTitan emerged as an open-source silicon Root-of-Trust, which provides secure-boot and execution-integrity functionalities, exploiting its internal hardware accelerators. In this paper, we explore a novel exploitation of OpenTitan as a secure cryptographic accelerator. To this purpose, we designed TitanSSL, a secure software stack that offloads cryptographic tasks to OpenTitan, and we study the trade-offs between offloading overhead through the stack and the obtained computation speed-up. TitanSSL includes an OpenSSL backend, a Linux driver for communications, and an OpenTitan firmware. We executed TitanSSL on a cycle-accurate simulator of a RISC-V CVA6 application processor integrated with OpenTitan on the same System-on-Chip. We compared our implementation with a pure software version across different cryptographic payloads. Finally, we provide guidelines for the use of OpenTitan as a coprocessor in secure cyber-physical systems designs based on open-hardware architectures.
2024
9783031686054
9783031686061
File in questo prodotto:
File Dimensione Formato  
2024_Safecomp___TitanSSL__Towards_accelerating_OpenSSL_in_a_full_RISC_V_Architecture_using_the_OpenTitan_Root_of_Trust.pdf

embargo fino al 09/09/2025

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: Pubblico - Tutti i diritti riservati
Dimensione 664.96 kB
Formato Adobe PDF
664.96 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
978-3-031-68606-1_11.pdf

accesso riservato

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 996.29 kB
Formato Adobe PDF
996.29 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2992725