RISC-V open-hardware designs are emerging in cyber-physical systems and security-critical embedded platforms. Among them, OpenTitan emerged as an open-source silicon Root-of-Trust, which provides secure-boot and execution-integrity functionalities, exploiting its internal hardware accelerators. In this paper, we explore a novel exploitation of OpenTitan as a secure cryptographic accelerator. To this purpose, we designed TitanSSL, a secure software stack that offloads cryptographic tasks to OpenTitan, and we study the trade-offs between offloading overhead through the stack and the obtained computation speed-up. TitanSSL includes an OpenSSL backend, a Linux driver for communications, and an OpenTitan firmware. We executed TitanSSL on a cycle-accurate simulator of a RISC-V CVA6 application processor integrated with OpenTitan on the same System-on-Chip. We compared our implementation with a pure software version across different cryptographic payloads. Finally, we provide guidelines for the use of OpenTitan as a coprocessor in secure cyber-physical systems designs based on open-hardware architectures.
TitanSSL: Towards Accelerating OpenSSL in a Full RISC-V Architecture Using OpenTitan Root-of-Trust / Musa, Alberto; Volante, Franco; Parisi, Emanuele; Barbierato, Luca; Patti, Edoardo; Bartolini, Andrea; Acquaviva, Andrea; Barchi, Francesco. - 14988:(2024), pp. 169-183. (Intervento presentato al convegno 43rd International Conference on Computer Safety, Reliability, and Security (SAFECOMP) tenutosi a Florence (ITA) nel September 18–20, 2024) [10.1007/978-3-031-68606-1_11].
TitanSSL: Towards Accelerating OpenSSL in a Full RISC-V Architecture Using OpenTitan Root-of-Trust
Volante, Franco;Barbierato, Luca;Patti, Edoardo;
2024
Abstract
RISC-V open-hardware designs are emerging in cyber-physical systems and security-critical embedded platforms. Among them, OpenTitan emerged as an open-source silicon Root-of-Trust, which provides secure-boot and execution-integrity functionalities, exploiting its internal hardware accelerators. In this paper, we explore a novel exploitation of OpenTitan as a secure cryptographic accelerator. To this purpose, we designed TitanSSL, a secure software stack that offloads cryptographic tasks to OpenTitan, and we study the trade-offs between offloading overhead through the stack and the obtained computation speed-up. TitanSSL includes an OpenSSL backend, a Linux driver for communications, and an OpenTitan firmware. We executed TitanSSL on a cycle-accurate simulator of a RISC-V CVA6 application processor integrated with OpenTitan on the same System-on-Chip. We compared our implementation with a pure software version across different cryptographic payloads. Finally, we provide guidelines for the use of OpenTitan as a coprocessor in secure cyber-physical systems designs based on open-hardware architectures.File | Dimensione | Formato | |
---|---|---|---|
2024_Safecomp___TitanSSL__Towards_accelerating_OpenSSL_in_a_full_RISC_V_Architecture_using_the_OpenTitan_Root_of_Trust.pdf
embargo fino al 09/09/2025
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
664.96 kB
Formato
Adobe PDF
|
664.96 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
978-3-031-68606-1_11.pdf
accesso riservato
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
996.29 kB
Formato
Adobe PDF
|
996.29 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2992725