SCARV: a side-channel hardened RISC-V platform

RISC-V is an Instruction Set Architecture (ISA) design. An ISA is essentially a specification for the instructions any compatible processor implementation should be able to execute, and the resources those instructions can access; it acts as the interface between the processor implementation (hardware) and programs that execute on it (software). In sharp contrast with proprietary analogues such as the x86 ISA from Intel, RISC-V is an open source design. This means it can be used freely by anyone for any purpose, which, in part, has meant rapid development of a rich support infrastructure around the project: this includes a) vibrant developer and user communities, built around an associated non-profit foundation, b) numerous implementations of the ISA, both in HDL (i.e., a soft core for use on an FPGA platform) and silicon (i.e., physical ICs), and c) ports of programming tool-chains (e.g., GCC and LLVM) and operating systems (e.g., Linux).

Similar openness is a core principle in security-critical contexts, contrasting with the alternative often colloquially termed "security by obscurity". This is particularly true in the field of cryptography, a technology routinely tasked with ensuring secrecy, robustness and provenience of our data (communicated or stored), and the authenticity of parties we interact with: open development of cryptographic standards, designs, and implementations is the modern norm. As a result, RISC-V presents various opportunities when used to execute cryptographic software. The proposed research goals capitalise on these opportunities, in a way designed to address advanced, persistent threats to our digital security, and, by extension, society. Specifically:

1) Since RISC-V can be implemented by anyone, it is possible to develop a core hardened against specific types of attack; the focus will be on the threat of side-channel attacks (which is particularly relevant to embedded use-cases, e.g., IoT). As well as doing so, the proposed research will investigation how detailed information about the implementation can be harnessed to produce more effective security evaluations.

2) Since RISC-V can be adapted by anyone, it is possible to develop various cryptography-specific extensions or variants of the ISA that offer either, for example, higher efficiency. If cryptographic software is more efficient it can also be more secure, because, for example, larger keys or more robust attack countermeasures can be deployed without as significant an impact on latency.

3) Evaluation of side-channel security can be prohibitive in the sense it needs various specific items of equipment. Harnessing a platform based on RISC-V, the proposed research with address this problem by offering a "lab. free" (i.e., cloud-based) acquisition and analysis workflow available to anyone.

We classify the generation and management of different forms of impact under four broad headings, anticipating that the proposed research will address each one to a greater or lesser extent:

1. Dissemination of research output. In the short- to medium- term, documented advances in the scientific state-of-the-art will generate impact within associated academic and industrial contexts. However, more detailed consideration of what and how dissemination could be achieved suggests that both a) written (i.e., REF-applicable journal and/or conference publications), and b) verbal (e.g., workshop presentations), cases are important. An integral part of our strategy is, in line with the ethos of RISC-V, to provide open source access to all hardware and software deliverables stemming from the programme of work; wrt. such research output, this will maximise their utility while also facilitating a) reproducability, and b) longer-term use by other beneficiaries (e.g., extension by other academics, or exploitation by industrial users).

2. Industrial engagement. Industrial applicability is a by-design feature of the proposal, with a set of use-cases provided by Thales driving research direction. As such, there is significant potential to engage with industry in relation to the research output. Initially through our industrial partners within the proposal, but using our wider network of contacts (e.g., via the CyberInvest programme), we will actively pursue a) direct research collaboration, and b) exploitation of research output.

3. Public engagement. We have a specific goal in relation to public engagement, which relates to the National Cipher Challenge. In our view, this currently presents a skewed view of cryptography and cryptanalysis; the concept of side-channel attacks, while of increasing practical relevance, is not represented for example. Assuming successful completion of the associated research and development tasks, we suggest it is possible to use our "lab. free" evaluation platform as a means of resolving this. Once operational, our strategy will be to engage with the National Cipher Challenge organisers and supplement it to include a side-channel focused "build-it, break-it, fix-it" challenge. This has the potential to inform and engage participants from the wider public, potentially encouraging further study in related fields.

4. Human capital creation. Ultimately, we expect the long-term impact of successful human capital creation (under a cited remit of increased national capability, e.g., in cyber-security) to exceed the short(er)-term impact of the project output: any given technology or technique may be superseded, but human capital creation provides a clear economic impact lasting many decades. As such, our strategy is to a) enable the PDRAs to develop and then manage their own research agenda by formulating and executing their own ideas, and pursuing any relevant training and career development opportunities, b) use the proposed research as leverage in and subject matter for (competitive) applications for funding of PhD studentships, and c) offer academic enrichment to Undergraduate student by operating a "undergraduate internship" programme within the research group, modelled on EPSRC-supported initiatives of the same style.