Jiliang Zhang,Yaping Lin,Yongqiang Lyu,Ray C. C. Cheung,Wenjie Che,Qiang Zhou,Jinian Bian

DOI: https://doi.org/10.1109/FCCM.2013.12

2013-01-01

Abstract:The continuous growth in both capability and capacity for FPGA now requires significant resources invested in the hardware design, which results in two classes of main security issues: 1) the unauthorized use and piracy attacks including cloning, reverse engineering, tampering etc. 2) the licensing issue. Binding hardware IPs (HW-IPs) to specific FPGA devices can efficiently resolve these problems. However, previous binding techniques are all based on encryption and hence have three main drawbacks: 1) encryption-based proposals in commercial are limited to protect the single large FPGA configuration, 2) many encryption-based proposals depend on a trusted third party to involve the licensing protocol, and 3) the encryption-based binding methods use costly mechanisms such as secure ROM or flash memory to store FPGA specific cryptographic keys, which is not only expensive but also vulnerable to side-channel attacks, and the management and transport of secret keys became a practical issue. In this work, we propose a PUF-FSM binding technique completely different from the traditional encryption-based methods to address these shortcomings.

Jiliang Zhang,Yaping Lin,Yongqiang Lyu,Gang Qu,Ray C. C. Cheung,Wenjie Che,Qiang Zhou,Jinian Bian

DOI: https://doi.org/10.1109/FPL.2013.6645555

2013-01-01

Abstract:In this paper we propose a novel binding mechanism that can protect FPGA IP from being cloned, tampered, or misused; and facilitate the pay-per-use licensing to limit the FPGA IP's execution to specific FPGA devices only. In this mechanism, the FPGA vendors will provide each enrolled device with a Physical Unclonable Function (PUF) that can be deployed securely during fabrication process. The core vendor will embed an augmented Finite State Machine (FSM) into the original FSM structure of the hardware IP (HW-IP) to react on the PUF response to a given challenge. The proposed binding method does not need any Trusted Third Party (TTP) or block cipher for key management and exchange. We analyze several known attacks to hardware IP and show that our method is secure against these attacks. Experimental results on MCNC benchmarks show that the proposed method incurs small design overhead in terms of area, power and delay.

Sunil Malipatlolla,Sorin A. Huss

DOI: https://doi.org/10.1109/spl.2011.5782649

2011-04-01

Abstract:The configuration data sequence of a Field Programmable Gate Array (FPGA) is an Intellectual Property (IP) of the original designer. With the increase in deployment of FP-GAs in modern embedded systems, the IP protection of FPGA has become a necessary requirement for many IP vendors. There have been already many proposals to overcome this problem using symmetric encryption techniques but these methods need a cryptographic key to be stored in a nonvolatile memory located on FPGA or in a battery-backed RAM as done in some of the current FPGAs. The expenses with the proposed methods are, occupation of larger area on FPGA in the former case and limited lifetime of the device in the latter. In contrast, we propose a novel method which combines the Dynamic Partial Reconfiguration (Dy-namic PR) feature of an SRAM-based FPGA with the Public Key Cryptography (PKC) to protect the FPGA configuration files without the need of fixed key storage on FPGA or external to FPGA. The proposed method, is secure against the known attacks such as the Man-In-The-Middle (MITM) attack and replay attack. Therefore, the method can be used for secure deploying of IPs from local and remote vendors. Also, using this novel method not only high-end FPGAs but also low-end FPGAs with PR capabilities are secured.

Farzane Khajuyi,Behnam Ghavami,Human Nikmehr

DOI: https://doi.org/10.48550/arXiv.2101.08754

2021-01-22

Abstract:We introduce a protection-based IP security scheme to protect soft and firm IP cores which are used on FPGA devices. The scheme is based on Finite State Machin (FSM) obfuscation and exploits Physical Unclonable Function (PUF) for FPGA unique identification (ID) generation which help pay-per-device licensing. We introduce a communication protocol to protect the rights of parties in this market. On standard benchmark circuits, the experimental results show that our scheme is secure, attack-resilient and can be implemented with low area, power and delay overheads.

Cryptography and Security,Hardware Architecture

Robert Karam,Tamzidul Hoque,Sandip Ray,Mark Tehranipoor,Swarup Bhunia

DOI: https://doi.org/10.1109/aspdac.2017.7858391

2017-01-01

Abstract:Field Programmable Gate Arrays (FPGAs) are being increasingly deployed in diverse applications including the emerging Internet of Things (IoT), biomedical, and automotive systems. However, security of the FPGA configuration file (i.e. bitstream), especially during in-field reconfiguration, as well as effective safeguards against unauthorized tampering and piracy during operation, are notably lacking. The current practice of bitstreram encryption is only available in high-end FPGAs, incurs unacceptably high overhead for area/energy-constrained devices, and is susceptible to side channel attacks. In this paper, we present a fundamentally different and novel approach to FPGA security that can protect against all major attacks on FPGA, namely, unauthorized in-field reprogramming, piracy of FPGA intellectual property (IP) blocks, and targeted malicious modification of the bitstream. Our approach employs the security through diversity principle to FPGA, which is often used in the software domain. We make each device architecturally different from the others using both physical (static) and logical (time-varying) configuration keys, ensuring that attackers cannot use a priori knowledge about one device to mount an attack on another. It therefore mitigates the economic motivation for attackers to reverse engineering the bitstream and IP. The approach is compatible with modern remote upgrade techniques, and requires only small modifications to existing FPGA tool flows, making it an attractive addition to the FPGA security suite. Our experimental results show that the proposed approach achieves provably high security against tampering and piracy with worst-case 14% latency overhead and 13% area overhead.

Daniel Hutchings,Adam Taylor,Jeffrey Goeders

DOI: https://doi.org/10.1145/3656644

IF: 2.837

2024-04-13

ACM Transactions on Reconfigurable Technology and Systems

Abstract:Current IP encryption methods offered by FPGA vendors use an approach where the IP is decrypted during the CAD flow, and remains unencrypted in the bitstream. Given the ease of accessing modern bitstream-to-netlist tools, encrypted IP is vulnerable to inspection and theft from the IP user. While the entire bitstream can be encrypted, this is done by the user, and is not a mechanism to protect confidentiality of 3rd party IP. In this work we present a design methodology, along with a proof-of-concept tool, that demonstrates how IP can remain partially encrypted through the CAD flow and into the bitstream. We show how this approach can support multiple encryption keys from different vendors, and can be deployed using existing CAD tools and FPGA families. Our results document the benefits and costs of using such an approach to provide much greater protection for 3rd party IP.

computer science, hardware & architecture

Jiliang Zhang,Qiang Wu,Yongqiang Lyu,Qiang Zhou,Yici Cai,Yaping Lin,Gang Qu

DOI: https://doi.org/10.1109/cadgraphics.2013.22

2013-01-01

Abstract:Physical Unclonable Function (PUF) makes use of the uncontrollable process variations during the production of IC to generate a unique signature for each IC. It has a wide application in security such as FPGA Intellectual Property (IP) protection, key generation and digital rights management. Ring Oscillator (RO) based PUF and Arbiter-based PUF are the most popular PUFs, but they are not specially designed for FPGA. RO-based PUF incurs high resource overhead while obtaining less challenge-response pairs, and requires ``hard macros'' to implement on FPGA. The arbiter-based PUF brings low resource overhead, but its structure is hard to be mapped on FPGA. Anderson'PUF can address these weaknesses of current Arbiter-based and RO-based PUFs. However, it cannot be directly implemented on the new generation FPGAs, and therefore it has the scalability issue. In order to address these problems, this paper presents a delay-based PUF using the intrinsic structure of FPGA (look-up table and multiplexer). The proposed delay-based PUF is completely realized on 28nm FPGAs. The experimental results show its high uniqueness and reliability. Moreover, we test the proposed PUF in the high temperature, and the results show its availability. Finally, the prospect of the proposed PUF in the FPGA IP protection is discussed.

Endres Puschner,Maik Ender,Steffen Becker,Christof Paar

DOI: https://doi.org/10.1145/3689939.3695779

2024-11-17

Abstract:Field Programmable Gate Arrays (FPGAs) are known for their reprogrammability that allows for post-manufacture circuitry changes. Nowadays, they are integral to a variety of systems including high-security applications such as aerospace and military systems. However, this reprogrammability also introduces significant security challenges, as bitstream manipulation can directly alter hardware circuits. Malicious manipulations may lead to leakage of secret data and the implementation of hardware Trojans. In this paper, we present a comprehensive framework for manipulating bitstreams with minimal reverse engineering, thereby exposing the potential risks associated with inadequate bitstream protection. Our methodology does not require a complete understanding of proprietary bitstream formats or a fully reverse-engineered target design. Instead, it enables precise modifications by inserting pre-synthesized circuits into existing bitstreams. This novel approach is demonstrated through a semi-automated framework consisting of five steps: (1) partial bitstream reverse engineering, (2) designing the modification, (3) placing and (4) routing the modification into the existing circuit, and (5) merging of the modification with the original bitstream. We validate our framework through four practical case studies on the OpenTitan design synthesized for Xilinx 7-Series FPGAs. While current protections such as bitstream authentication and encryption often fall short, our work highlights and discusses the urgency of developing effective countermeasures. We recommend using FPGAs as trust anchors only when bitstream manipulation attacks can be reliably excluded.

Cryptography and Security

Roel Maes,Dries Schellekens,Ingrid Verbauwhede

DOI: https://doi.org/10.1109/tifs.2011.2169667

IF: 7.231

2012-02-01

IEEE Transactions on Information Forensics and Security

Abstract:Currently achievable intellectual property (IP) protection solutions for field-programmable gate arrays (FPGAs) are limited to single large “monolithic” configurations. However, the ever growing capabilities of FPGAs and the consequential increasing complexity of their designs ask for a modular development model, where individual IP cores from multiple parties are integrated into a larger system. To enable such a model, the availability of IP protection at the modular level is imperative. In this work, we propose an IP protection mechanism for FPGA designs at the level of individual IP cores, by making use of the self-reconfiguring capabilities of modern FPGAs and deploying a trusted third party to run a metering service, similar to the work of Güneysu et al. and Drimer et al. The proposed scheme makes it possible to enforce a pay-per-use licensing scheme which holds considerable advantages, both for IP core providers as well as for system integrators. Moreover, the scheme has a minimal implementation overhead and is the first of its kind to be solely based on primitives that are already available in recent commercially available FPGA devices. This allows for an immediate and feasible deployment, in contrast to earlier proposed solutions.

computer science, theory & methods,engineering, electrical & electronic

Kaushik Vaidyanathan,Renzhi Liu,Ekin Sumbul,Qiuling Zhu,Franz Franchetti,Larry Pileggi

DOI: https://doi.org/10.1109/hst.2014.6855561

2014-05-01

Abstract:Split fabrication, the process of splitting an IC into an untrusted and trusted tier, facilitates access to the most advanced semiconductor manufacturing capabilities available in the world without requiring disclosure of design intent. While researchers have investigated the security of logic blocks in the context of split fabrication, the security of IP blocks, another key component of an SoC, has not been examined. Our security analysis of IP block designs, specifically embedded memory and analog components, shows that they are vulnerable to “recognition attacks” at the untrusted foundry due to the use of standardized floorplans and leaf cell layouts. We propose methodologies to design these blocks efficiently and securely, and demonstrate their effectiveness using 130nm split fabricated testchips.

Zhaokun Han,Mohammed Shayan,Aneesh Dixit,Mustafa Shihab,Yiorgos Makris,Jeyavijayan Rajendran

DOI: https://doi.org/10.48550/arXiv.2306.05532

2023-06-21

Abstract:Hardware intellectual property (IP) piracy is an emerging threat to the global supply chain. Correspondingly, various countermeasures aim to protect hardware IPs, such as logic locking, camouflaging, and split manufacturing. However, these countermeasures cannot always guarantee IP security. A malicious attacker can access the layout/netlist of the hardware IP protected by these countermeasures and further retrieve the design. To eliminate/bypass these vulnerabilities, a recent approach redacts the design's IP to an embedded field-programmable gate array (eFPGA), disabling the attacker's access to the layout/netlist. eFPGAs can be programmed with arbitrary functionality. Without the bitstream, the attacker cannot recover the functionality of the protected IP. Consequently, state-of-the-art attacks are inapplicable to pirate the redacted hardware IP. In this paper, we challenge the assumed security of eFPGA-based redaction. We present an attack to retrieve the hardware IP with only black-box access to a programmed eFPGA. We observe the effect of modern electronic design automation (EDA) tools on practical hardware circuits and leverage the observation to guide our attack. Thus, our proposed method FuncTeller selects minterms to query, recovering the circuit function within a reasonable time. We demonstrate the effectiveness and efficiency of FuncTeller on multiple circuits, including academic benchmark circuits, Stanford MIPS processor, IBEX processor, Common Evaluation Platform GPS, and Cybersecurity Awareness Worldwide competition circuits. Our results show that FuncTeller achieves an average accuracy greater than 85% over these tested circuits retrieving the design's functionality.

Cryptography and Security

Ji-Liang Zhang,Qiang Wu,Yi-Peng Ding,Yong-Qiang Lv,Qiang Zhou,Zhi-Hua Xia,Xing-Ming Sun,Xing-Wei Wang

DOI: https://doi.org/10.1007/s11390-016-1616-8

2016-01-01

Abstract:Physical unclonable function (PUF) makes use of the uncontrollable process variations during the production of IC to generate a unique signature for each IC. It has a wide application in security such as FPGA intellectual property (IP) protection, key generation and digital rights management. Ring oscillator (RO) PUF and Arbiter PUF are the most popular PUFs, but they are not specially designed for FPGA. RO PUF incurs high resource overhead while obtaining less challenge-response pairs, and requires "hard macros" to implement on FPGAs. The arbiter PUF brings low resource overhead, but its structure has big bias when it is mapped on FPGAs. Anderson PUF can address these weaknesses of current Arbiter and RO PUFs implemented on FPGAs. However, it cannot be directly implemented on the new generation 28 nm FPGAs. In order to address these problems, this paper designs and implements a delay-based PUF that uses two LUTs in an SLICEM to implement two 16-bit shift registers of the PUF, 2-to-1 multiplexers in the carry chain to implement the multiplexers of the PUF, and any one of the 8 flip-flops to latch 1-bit PUF signatures. The proposed delay-based PUF is completely realized on 28 nm commercial FPGAs, and the experimental results show its high uniqueness, reliability and reconfigurability. Moreover, we test the impact of aging on it, and the results show that the effect of aging on the proposed PUF is insignificant, with only 6% bit-flips. Finally, the prospects of the proposed PUF in the FPGA binding and volatile key generation are discussed.

Mario Werner,Thomas Unterluggauer,David Schaffenrath,Stefan Mangard

DOI: https://doi.org/10.48550/arXiv.1802.06691

2018-02-20

Abstract:Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows to tamper with code in memory, steal confidential Intellectual Property (IP), or mount fault attacks to manipulate a CPU's control flow. In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices. At compile time, SCFP encrypts and authenticates software with instruction-level granularity. During execution, an SCFP hardware extension between the CPU's fetch and decode stage continuously decrypts and authenticates instructions. Sponge-based authenticated encryption in SCFP yields fine-grained control-flow integrity and thus prevents code-reuse, code-injection, and fault attacks on the code and the control flow. In addition, SCFP withstands any modification of software in memory. For evaluation, we extended a RISC-V core with SCFP and fabricated a real System on Chip (SoC). The average overhead in code size and execution time of SCFP on this design is 19.8% and 9.1%, respectively, and thus meets the requirements of embedded IoT devices.

Cryptography and Security

Krzysztof Kepa,Fearghal Morgan,Krzysztof Kosciuszkiewicz

DOI: https://doi.org/10.1109/fpl.2009.5272250

2009-08-01

Abstract:As FPGA technology and related EDA tools develop, design IP protection and licensing requires increasing consideration. The current multi-player, Partial-Reconfiguration (PR) design flow does not facilitate bitstream-level IP core license enforcement, e.g, time-limited or pay-per-use. This paper proposes the use of a Secure Reconfigurable Controller (SeReCon) for accounting of IP core usage, e.g. total runtime, no. of activations etc, in a PR system. This paper extends the reported SeReCon root-of-trust to support license enforcement within the PR flow and to facilitate confidentiality of the IP core during the PR system life-cycle. A prototype IP-aware SeReCon demonstrator, implemented on Virtex-5 and supporting reconfiguration of a PCIe accelerator with cryptographic IP cores is described.

Yi Zhang,Min Zhu,Bohan Yang,Leibo Liu

DOI: https://doi.org/10.1088/1742-6596/1619/1/012003

2020-01-01

Journal of Physics Conference Series

Abstract:Physical unclonable function (PUF) generates unique secret keys from unavoidable IC manufacturing variations, which can eliminate high computation expense and additional key storage. The inherent flexibility and lower time-to-market have made field programmable gate array (FPGA) the platform of choice for faster implementation. However, logic elements on FPGA are predefined while some types of PUFs need strictly mirrored symmetric routing. This paper presents a robust and FPGA friendly PUF based on oscillator collapse (OC-PUF) with million number of challenge-response pairs (CRPs). Mirrored routes are obtained with a novel delay cell design and a signal path configuration technique. In the meanwhile, the response bias issues on FPGA is effectively resolved. Measured on Altera DE2-115, the average interchip hamming distance (inter-chip HD) of the proposed OC-PUF is 46.7%. After applying dynamic threshold with a value 255, intra-chip hamming distance (intra-chip HD) dropped to 5.46E-06 at nominal conditions.

Kevin Immanuel Gubbi,Banafsheh Saber Latibari,Muhtasim Alam Chowdhury,Afrooz Jalilzadeh,Erfan Yazdandoost Hamedani,Setareh Rafatirad,Avesta Sasan,Houman Homayoun,Soheil Salehi

DOI: https://doi.org/10.1109/tcsi.2024.3364160

2024-01-01

Abstract:The globalization of the manufacturing process and the supply chain for electronic hardware has been driven by the need to maximize profitability while lowering risk in a technologically advanced silicon sector. However, many hardware IPs’ security features have been broken because of the rise in successful hardware attacks. Existing security efforts frequently ignore numerous dangers in favor of fixing a particular vulnerability. This inspired the development of a unique method that uses emerging spin-based devices to obfuscate circuitry to secure hardware intellectual property (IP) during fabrication and the supply chain. We propose an Optimized and Automated Secure IC (OASIC) Design Flow, a defense-in-depth approach that can minimize overhead while maximizing security. Our EDA tool flow uses a dynamic obfuscation method that employs dynamic lockboxes, which include switch boxes and magnetic random access memory (MRAM)-based look-up tables (LUT) while offering minimal overhead and being flexible and resilient against modern SAT-based attacks and power side-channel attacks. An EDA tool flow for optimized lockbox insertion is also developed to generate SAT-resilient design netlists with the least power and area overhead. PPA metrics and security (SAT attack time) are provided to the designer for each lockbox insertion run. A verification methodology is provided to verify locked and unlocked designs for functional correctness. Finally, we use ISCAS’85 benchmarks to show that the EDA tool flow provides a secure hardware netlist with maximum security while considering power and area constraints. Our results indicate that the proposed OASIC design flow can maximize security while incurring less than 15% area overhead and maintaining a similar power footprint compared to the original design. OASIC design flow demonstrates improved performance as design size increases, which demonstrates the scalability of the proposed approach.

engineering, electrical & electronic

Benjamin Tan,Rana Elnaggar,Jason M. Fung,Ramesh Karri,Krishnendu Chakrabarty

DOI: https://doi.org/10.1109/tcad.2020.3019772

2021-06-01

Abstract:System integrators create heterogeneous systems-on-chip (SoCs) by integrating numerous third-party intellectual property blocks (3PIPs) to achieve application-specific design goals. With increasing intellectual property (IP) complexity, 3PIPs can suffer from hardware bugs or they can inadvertently introduce other software-exploitable security threats to the SoC. To ensure the ongoing survivability of new SoCs, we need infrastructure for patching newly discovered IP issues after an SoC has been deployed. To address the increasing risks from 3PIPs, we explore the feasibility and limitations of implementing monitoring and mitigation capabilities in hardware. Our proposed monitoring and mitigation patch (MoP) blocks provide a defensive foundation against critical IP-centric issues, focusing on situations where a system integrator only has interface-level visibility of 3PIP designs. The MoPs are distributed throughout the SoC to monitor and mitigate issues directly in hardware and transparently for potentially compromised software—the MoPs are resilient against run-time compromised software and firmware. We ensure that these monitors are reconfigurable after deployment by implementing them using embedded-FPGAs or as a reprogrammable, fixed-design module. We perform a case study of numerous IP-types and model a selection of security-relevant issues and bugs in the IPs, exploring the relative complexity and potential resource overhead. Our study shows the utility of our proposed approach, with MoP blocks requiring less than ~1.5% of the adaptive logic modules (ALMs) in a Cyclone V FPGA for interface monitoring and issue mitigation per IP.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Maik Ender,Amir Moradi,Christof Paar

DOI: https://doi.org/10.48550/arXiv.2105.13756

2021-05-28

Abstract:The security of FPGAs is a crucial topic, as any vulnerability within the hardware can have severe consequences, if they are used in a secure design. Since FPGA designs are encoded in a bitstream, securing the bitstream is of the utmost importance. Adversaries have many motivations to recover and manipulate the bitstream, including design cloning, IP theft, manipulation of the design, or design subversions e.g., through hardware Trojans. Given that FPGAs are often part of cyber-physical systems e.g., in aviation, medical, or industrial devices, this can even lead to physical harm. Consequently, vendors have introduced bitstream encryption, offering authenticity and confidentiality. Even though attacks against bitstream encryption have been proposed in the past, e.g., side-channel analysis and probing, these attacks require sophisticated equipment and considerable technical expertise. In this paper, we introduce novel low-cost attacks against the Xilinx 7-Series (and Virtex-6) bitstream encryption, resulting in the total loss of authenticity and confidentiality. We exploit a design flaw which piecewise leaks the decrypted bitstream. In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely. In addition to the attacks, we discuss several countermeasures.

Cryptography and Security

Abhishek Basak,Swarup Bhunia,Thomas Tkacik,Sandip Ray

DOI: https://doi.org/10.1109/tifs.2017.2658544

IF: 7.231

2017-07-01

IEEE Transactions on Information Forensics and Security

Abstract:Modern system-on-chip (SoC) designs involve integration of a large number of intellectual property (IP) blocks, many of which are acquired from untrusted third-party vendors. An IP containing a security vulnerability-whether inadvertent or malicious-may compromise the trustworthiness of the entire SoC, e.g., by leaking sensitive information or causing execution failures at key points. Existing functional validation approaches, post-manufacturing tests, and IP trust verification techniques are inadequate to accomplish comprehensive system-level security assurance in the presence of untrusted IPs. In this paper, we analyze security issues at the SoC level caused by untrusted IPs. We also propose a novel, resilient SoC security architecture to ensure trusted SoC operation with untrusted IPs. Our architecture realizes fine-grained IP-trust aware security policies in an efficient security policy checker that enables run-time monitoring of security issues arising from untrusted IPs. It also exploits on-chip design-for-debug architecture to ensure trusted information flow from IP blocks to the security policy checker. Unlike existing solutions to the untrusted IP problem, which rely on verification of IP trust before they are integrated into an SoC, the proposed approach follows a fundamentally different architecture-level solution based on run-time resilience. We demonstrate the effectiveness of this framework for system protection using several illustrative practical use cases. We also provide experimental results to show that the overhead of the proposed architecture is modest on representative SoC designs.

computer science, theory & methods,engineering, electrical & electronic