Secure Intermittent Computing: Precomputation and Implementation

Suslowicz, Charles Eugene

22 May 2018

This thesis explores the security of intermittent devices, embedded systems designed to retain their state across periods of power loss, for cases both when the device has an excess of available energy and when power loss is unavoidable. Existing work with intermittent systems has focused on the problems inherent to the intermittent paradigm and ignored the security implications of persistent state across periods of power loss. The security of these devices is closely linked to their unique operational characteristics and are addressed here in two studies. First, the presence of an energy harvester creates an opportunity to use excess energy, available when additional energy is harvested after the local energy reservoir is filled, to precompute security related operations. Precomputation powered by this excess energy can reduce the cost of expensive tasks during periods of energy scarcity, potentially enabling the use of expensive security operations on traditionally unsecured devices. Second, when energy is limited and intermittent operation is required, the secure storage of checkpoints is a necessity to protect against adversary manipulation of the system state. To examine the secure storage of checkpoints a protocol is implemented to ensure the integrity and authenticity of a device's checkpoints, and evaluated for its energy overhead and performance. The cost of properly ensuring the integrity and authenticity of these checkpoints is examined to identify the overhead necessary to execute intermittent operations in a secure manner. Taken together, these studies lay the groundwork for a comprehensive view of the current state of intermittent device security. / Master of Science / This thesis explores two unique aspects of the intermittent computing paradigm, the precomputation during periods of excess energy and the security of system checkpoints. Intermittent systems are a class of embedded device that lack a classic, consistent, energy source and instead rely on transient energy collected from their surroundings. This removes the need for connection to a power grid or battery management, but introduces challenges in operation since the device can lose power at any time. Additionally, excess energy is available to these systems when they have filled their local energy reservoir, a capacitor or small rechargeable battery, and additional energy can still be collected form the environment. In this case, it is possible to begin precomputing energy intensive operations to enable more operations at a later time on a limited energy budget. Since their power source is inconsistent, intermittent systems checkpoint their current state to allow execution to resume at the beginning of the next power cycle. The security ramifications of saving the current system state into a checkpoint have not been considered in the state of the art. This thesis implements a protocol to properly secure system checkpoints and evaluates its performance to identify the energy overhead required for a secure checkpointing scheme. The results demonstrate the need for the development of more efficient solutions within the domain. Together, the two approaches presented in this thesis provide case studies on the behavior of intermittent devices when provided with either an excess or a dearth of energy. The optimization and improvement of modern intermittent devices will need to address both of these extremes as the field is further improved.

intermittent computing

embedded systems security

Top-down Approach To Securing Intermittent Embedded Systems

Santhana Krishnan, Archanaa

29 September 2021

The conventional computing techniques are based on the assumption of a near constant source of input power. While this assumption is reasonable for high-end devices such as servers and mobile phones, it does not always hold in embedded devices. An increasing number of Internet of Things (IoTs) is powered by intermittent power supplies which harvest energy from ambient resources, such as vibrations. While the energy harvesters provide energy autonomy, they introduce uncertainty in input power. Intermittent computing techniques were proposed as a coping mechanism to ensure forward progress even with frequent power loss. They utilize non-volatile memory to store a snapshot of the system state as a checkpoint. The conventional security mechanisms do not always hold in intermittent computing. This research takes a top-down approach to design secure intermittent systems. To that end, we identify security threats, design a secure intermittent system, optimize its performance, and evaluate our design using embedded benchmarks. First, we identify vulnerabilities that arise from checkpoints and demonstrates potential attacks that exploit the same. Then, we identify the minimum security requirements for protecting intermittent computing and propose a generic protocol to satisfy the same. We then propose different security levels to configure checkpoint security based on application needs. We realize configurable intermittent security to optimize our generic secure intermittent computing protocol to reduce the overhead of introducing security to intermittent computing. Finally, we study the role of application in intermittent computing and study the various factors that affect the forward progress of applications in secure intermittent systems. This research highlights that power loss is a threat vector even in embedded devices, establishes the foundation for security in intermittent computing. / Doctor of Philosophy / The embedded systems are present in every aspect of life. They are available in watches, mobile phones, tablets, servers, health aids, home security, and other everyday useful technology. To meet the demand for powering up a rising number of embedded devices, energy harvesters emerged as a solution to provide an autonomous solution to power on low-power devices. With energy autonomy, came energy scarcity that introduced intermittent computing, where embedded systems operate intermittently because of lack of constant input power. The intermittent systems store snapshots of their progress as checkpoints in non-volatile memory and restore the checkpoints to resume progress. On the whole, the intermittent system is an emerging area of research that is being deployed in critical locations such as bridge health monitoring. This research is focused on securing intermittent systems comprehensively. We perform a top-down analysis to identify threats, mitigate them, optimize the mitigation techniques, and evaluate the implementation to arrive at secure intermittent systems. We identify security vulnerabilities that arise from checkpoints to demonstrate the weakness in intermittent systems. To mitigate the identified vulnerabilities, we propose secure intermittent solutions to protect intermittent systems using a generic protocol. Based on the implementation of the generic protocol and its performance, we propose several optimizations based on the needs of the application to securing intermittent systems. And finally, we benchmark the security properties using two-way relation between security and application in intermittent systems. With this research, we create a foundation for designing secure intermittent systems.

Security

Intermittent computing

Exploiting checkpoints

Benchmarks

Surplus and Scarce Energy: Designing and Optimizing Security for Energy Harvested Internet of Things

Santhana Krishnan, Archanaa

January 2018

Internet of Things require a continuous power supply for longevity and energy harvesting from ambient sources enable sustainable operation of such embedded devices. Using selfpowered power supply gives raise two scenarios, where there is surplus or scarce harvested energy. In situations where the harvester is capable of harvesting beyond its storage capacity, the surplus energy is wasted. In situations where the harvester does not have sufficient resources, the sparse harvested energy can only transiently power the device. Transiently powered devices, referred to as intermittent computing devices, ensure forward progress by storing checkpoints of the device state at regular intervals. Irrespective of the availability of energy, the device should have adequate security. This thesis addresses the security of energy harvested embedded devices in both energy scenarios. First, we propose precomputation, an optimization technique, that utilizes the surplus energy. We study two cryptographic applications, namely bulk encryption and true random number generation, and we show that precomputing improves energy efficiency and algorithm latency in both applications. Second, we analyze the security pitfalls in transiently powered devices. To secure transiently powered devices, we propose the Secure Intermittent Computing Protocol. The protocol provides continuity to underlying application, atomicity to protocol operations and detects replay and tampering of checkpoints. Both the proposals together provide comprehensive security to self-powered embedded devices. / Master of Science / Internet of Things(IoT) is a collection of interconnected devices which collects data from its surrounding environment. The data collected from these devices enable emerging technologies like smart home and smart cities, where objects are controlled remotely. With the increase in the number of such devices, there is a demand for self-powered devices to conserve electrical energy. Energy harvesters are suitable for this purpose because they convert ambient energy into electrical energy to be stored in an energy buffer, which is to be used when required by the device. Using energy harvesters as power supply presents us with two scenarios. First, when there is sufficient ambient energy, the surplus energy, which is the energy harvested beyond the storage capacity of the buffer, is not consumed by the device and thus, wasted. Second, when the harvested energy is scarce, the device is forced to shutdown due to lack of power. In this thesis, we consider the overall security of an energy harvested IoT device in both energy scenarios. We optimize cryptographic algorithms to utilize the surplus energy and design a secure protocol to protect the device when the energy is scarce. Utilizing both the ideas together provides adequate security to the Internet of Things.

Embedded systems

Internet of Things

Security

Precomputing

Intermittent computing

Enabling Full-Fledged Parallelism on Intermittently Powered Computing

Akhunov, Khakim

24 June 2024

Energy-harvesting batteryless devices exploit power from various sources, such as radio waves, sunlight, and vibration. However, the sporadic availability of ambient energy causes frequent power failures, forcing the systems to operate intermittently. The computation interruptions violate forward progress and memory consistency. State-of-the-art solutions have proposed multiple mature approaches for intermittent computing to provide both application termination guarantees and consistent and idempotent results. Some solutions propose so-called just-in-time (JIT) checkpoints, where dedicated hardware is used to constantly monitor available energy and warn the system when the energy level in the energy buffer reaches critical points. These points indicate potential power failures before which the system must back up its architectural state. Other solutions propose placing checkpoints in the program code at compile time based on the energy consumption of code execution between checkpoints. A power failure can occur at any time during execution, but the computation recovers from the recent checkpoint. Instead of explicitly placing checkpoints, another set of solutions assumes the software developers split the application into failure-atomic tasks directly manipulating non-volatile memory. The common condition in task-based intermittent programming is to keep the energy consumption of each task within the capacity of the energy buffer. While efficient, the proposed solutions target off-the-shelf single-core ultra-low-power microcontrollers (MCUs) with limited flexibility and performance capability. These MCUs are energy-efficient and ideal for performing low-cost tasks. On the other hand, contemporary compute- and data-intensive, parallelizable applications demand the execution of high-cost tasks on edge devices. The reason is that sending large amounts of raw sensor data wirelessly to offload the intensive tasks to the cloud is too energy-inefficient, especially for energy-harvesting devices. Four critical limitations prevent the use of advanced multicore devices and emerging technologies for the efficient execution of modern applications on ultra-low-power batteryless edges. First, in existing systems, programmers need to exploit underlying parallelism manually by interacting directly with low-power accelerators, which is cumbersome. Programmable general-purpose multicore platforms provide the highest degree of flexibility, but the intermittent computing community has overlooked them so far. Existing intermittent computing runtimes do not support parallelism or provide language constructs to express parallelizable code blocks. Second, the availability of energy and the strength of incoming power affect an intermittent system's charging and discharging cyclical nature. When incoming power is strong enough, the device charges rapidly and spends more time on computation. Similarly, low input power forces the system to spend more time collecting energy than computing. To respond to ambient power dynamics and increase throughput, existing works have proposed workload, accuracy, voltage, frequency, and computational unit scaling techniques. However, the solutions work on a fixed hardware configuration, and target systems are limited by the performance of a single-core processor without employing available degrees of application parallelism. Third, existing low-power multicore platforms are not designed for intermittent computing. Their internal non-volatile flash memories are not suitable for intermittent computing because they have high energy requirements, low speed, and limited write endurance. The only way to exploit current low-power multicore platforms for intermittent computing is to introduce an external non-volatile memory, such as FRAM. However, this architectural configuration is very inefficient as compared to embedded FRAM due to its significant energy overhead, making backup and recovery operations energy-expensive. Finally, using emerging memories, e.g., MRAM, as an external non-volatile memory allows for in-memory processing (PIM) of data-intensive computations, eliminating unnecessary data movement and enabling data-level parallelism. While inherently idempotent, such in-memory computation is hard to integrate into traditional MCU-based intermittent systems. Successful integration lacks the effective maintenance of data flow and computation in a power failure-resilient manner. In this thesis, we tackle the limitations. In Chapter 3, we introduce AdaMICA, an intermittent computing runtime that supports parallel intermittent multicore computing and provides the highest degree of flexibility of programmable general-purpose multiple cores. AdaMICA adaptively switches to the best multicore configuration considering the dynamic input power. Therefore, it allows an intermittent system to benefit from workload parallelization, thereby increasing systems throughput and decreasing end-to-end delay while considering the energy availability. Chapter 4 presents PEARL, a power- and energy-aware multicore intermittent computing that enables, for the first time, the efficient adaptation of the common off-the-shelf low-power multicore microcontroller platforms to the intermittent computing paradigm. PEARL features a novel backup policy that significantly reduces the number of accesses to non-volatile memory on multicore platforms. PEARL benefits from multicore power-aware adaptation to adjust the underlying hardware architecture and exploits energy awareness to transition an intermittent system to ultra-low-power mode, retaining memory content. In Chapter 6, we address emerging non-volatile memory, CRAM (Computational RAM), presenting PiMCo and LUTIC, novel programmable CRAM-based in-memory coprocessors that facilitate the power-failure resilient execution of parallelizable computational loads. The coprocessors are pluggable into and controlled by a general-purpose MCU via a standard communication protocol. In Chapter 7, we propose Viadotto, a novel adaptive intermittent computing system that bridges the gap between existing MCU-based intermittent systems and the emerging compute-in-memory paradigm. Viadotto introduces a high-level programming model supported by its compiler, software library, and power failure-resilient memory controller, hiding detailed low-level logic operations and data flow management in CRAM from programmers. Viadotto exploits adaptation by controlling data-level parallelism with respect to the ambient power level. In essence, this thesis addresses several pivotal challenges to enabling full-fledged parallelism on ultra-low-power batteryless devices. Hence, we have made a significant step towards the efficient deployment of modern complex applications on energy-harvesting systems.

Intermittent computing

Batteryless system

Multicore system

Parallelism

Processing in-memory

Computing in-memory

Applying Memoization as an Approximate Computing Method for Transiently Powered Systems / Tillämpa Memoization i en Ungefärlig Beräkningsmetod för Transientdrivna System

Perju, Dragos-Stefan

January 2019

Internet of Things (IoT) is becoming a more and more prevailing technology, as it not only makes the routine of our life easier, but it also helps industry and enteprise become more efficient. The high potential of IoT can also help support our own population on Earth, through precision agriculture, smart transportation, smart city and so on. It is therefore important that IoT is made scalable in a sustainable manner, in order to secure our own future as well.The current work is concerning transiently powered systems (TPS), which are embedded systems that use energy harvesting as their only power source. In their basic form, TPS suffer frequent reboots due to unreliable availability of energy from the environment. Initially, the throughput of such systems are therefore lower than their battery-enabled counterparts. To improve this, TPS involve checkpointing of RAM and processor state to non-volatile memory, as to keep computation progress saved throughout power loss intervals.The aim of this project is to lower the number of checkpoints necessary during an application run on a TPS in the generic case, by using approximate computing. The energy need of TPS is lowered using approximations, meaning more results are coming through when the system is working between power loss periods. For this study, the memoization technique is implemented in the form of a hash table. The Kalman filter is taken as the testing application of choice, to run on the Microchip SAM-L11 embedded platform.The memoization technique manages to yield an improvement for the Kalman application considered, versus the initial baseline version of the program. A user is allowed to ”balance” between more energy savings but more inaccurate results or the opposite, by adjusting a ”quality knob” variable epsilon ϵ.For example, for an epsilon ϵ = 0.7, the improvement is of 32% fewer checkpoints needed than for the baseline version, with the output deviating by 42% on average and 71% at its maximum point.The proof of concept has been made, being that approximate computing can indeed improve the throughput of TPS and make them more feasiable. It is pointed out however that only one single application type was tested, with a certain input trace. The hash table method implemented can behave differently depending on what application and/or data it is working with. It is therefore suggested that a pre-analysis of the specific dataset and application can be done at design time, in order to check feasiability of applying approximations for the certain case considered. / Internet of Things (IoT) håller på att bli en mer och mer utbredd teknik, eftersom det inte bara underlättar rutiner i vårt liv, utan det hjälper också industrin och företag att bli effektivare. Den höga potentialen med IoT kan också hjälpa till att ge stöd åt vår egen befolkning på jorden, genom precisionslantbruk, smart transport, smarta städer och mer. Det är därför viktigt att IoT görs skalbart på ett hållbart sätt för att säkra vår egen framtid.Det nuvarande arbetet handlar om transientdrivna system (TPS), vilket är inbäddade system som använder energiskörning som sin enda kraftkälla. I sin grundform har TPS ofta återställningar på grund av opålitlig tillgång till energi från miljön. Ursprungligen är därför sådana systems genomströmning lägre än deras batteriaktiverade motsvarigheter. För att förbättra detta använder TPS kontrollpunkter i RAM och processortillstånd till icke-flyktigt minne, för att hålla beräkningsförloppet sparat under strömförlustintervaller.Syftet med detta projekt är att sänka antalet kontrollpunkter som krävs under en applikationskörning på en TPS i ett generiskt fall, genom att använda ungefärlig datorberäkning. Energibehovet för TPS sänks med ungefärliga belopp, vilket innebär att fler resultat kommer när systemet arbetar mellan strömförlustperioder. För denna studie implementeras memoiseringstekniken i form av en hashtabell. Kalman-filtret tas som testapplikation för att köra på Microchip SAM-L11 inbäddad plattform.Memoization-tekniken lyckas ge en förbättring för Kalman-applikationen som beaktades, jämfört med den ursprungliga baslinjeversionen av programmet. En användare får ”balansera” mellan mer energibesparingar men mer felaktiga resultat eller motsatsen genom att justera en ”kvalitetsrat”-variabel epsilon ϵ. Till exempel, för en epsilon ϵ = 0.7, är förbättringen 32% färre kontrollpunkter som behövs än för baslinjeversionen, med en utdata avvikelse med 42% i genomsnitt och 71% vid sin högsta punkt.Beviset på konceptet har gjorts, att ungefärlig databeräkning verkligen kan förbättra genomströmning av TPS och göra dem mer genomförbara. Det påpekas dock att endast en enda applikationstyp testades, med ett visst inmatningsspår. Den implementerade hashtabellmetoden kan bete sig annorlunda beroende på vilken applikation och/eller data den arbetar med. Det föreslås därför att en föranalys av det specifika datasättet och applikationen kan göras vid designtidpunkten för att kontrollera genomförbarheten av att tillämpa ungefärliga belopp för det aktuella fallet.

memoization

approximate computing

intermittent computing

energy harvesting

embedded systems

internet of things

memoization

approximativ databehandling

intermittent databehandling

energi skördar

inbäddade system

sakernas internet

Computer and Information Sciences

Data- och informationsvetenskap