Two-level Verification-Based Defense Mechanism for Flooding Attack on NoC Systems

In today's world, with the increasing use of System-on-Chip (SoC) and multi-core applications, Network-on-Chip (NoC) has become a widely adopted solution for scalable core connectivity. However, the need for quick time-to-market in chip manufacturing has led to the widespread use of third-party IPs, resulting in significant security vulnerabilities. This is particularly critical in multi-core systems used for applications such as neural networks, where hardware components like Memory frequently handle data transmission. Network congestion or transmission issues can severely impact performance, potentially rendering the entire chip inoperable. These vulnerabilities can be exploited by Hardware Trojans (HT) through flooding attacks, which inundate critical components with a large volume of packets, causing substantial disruptions. To address this challenge, we propose a two-level verification-based defense mechanism. This approach involves authenticating packets at the Network Interface (NI). Packets that fail to pass the authentication process are discarded, preventing them from entering the router and network. This defense mechanism effectively blocks malicious packets from infiltrating the network while allowing legitimate packets to pass through without the need for adjustments to mapping methods or introducing computational overhead. We verified the effectiveness of the proposed method by observing the transmission latency and the number of malicious packets received within a given period. With the Level 1 defense mechanism, the number of additional execution cycles caused by HTs is reduced by 94.74%, while the number of malicious packets received is reduced by 74.83%. When the Level 2 defense is implemented, malicious packets are completely blocked, achieving ideal transmission efficiency.