Robert Karam,Tamzidul Hoque,Sandip Ray,Mark Tehranipoor,Swarup Bhunia

DOI: https://doi.org/10.1109/aspdac.2017.7858391

2017-01-01

Abstract:Field Programmable Gate Arrays (FPGAs) are being increasingly deployed in diverse applications including the emerging Internet of Things (IoT), biomedical, and automotive systems. However, security of the FPGA configuration file (i.e. bitstream), especially during in-field reconfiguration, as well as effective safeguards against unauthorized tampering and piracy during operation, are notably lacking. The current practice of bitstreram encryption is only available in high-end FPGAs, incurs unacceptably high overhead for area/energy-constrained devices, and is susceptible to side channel attacks. In this paper, we present a fundamentally different and novel approach to FPGA security that can protect against all major attacks on FPGA, namely, unauthorized in-field reprogramming, piracy of FPGA intellectual property (IP) blocks, and targeted malicious modification of the bitstream. Our approach employs the security through diversity principle to FPGA, which is often used in the software domain. We make each device architecturally different from the others using both physical (static) and logical (time-varying) configuration keys, ensuring that attackers cannot use a priori knowledge about one device to mount an attack on another. It therefore mitigates the economic motivation for attackers to reverse engineering the bitstream and IP. The approach is compatible with modern remote upgrade techniques, and requires only small modifications to existing FPGA tool flows, making it an attractive addition to the FPGA security suite. Our experimental results show that the proposed approach achieves provably high security against tampering and piracy with worst-case 14% latency overhead and 13% area overhead.

Kang Sun,Lingdi Ping,Jiebing Wang,Zugen Liu,Xuezeng Pan

DOI: https://doi.org/10.1109/imsccs.2006.208

2006-01-01

Abstract:Cryptographic algorithms are usually compute-intensive and more efficiently implemented in hardware than in software. By taking advantage of FPGA technology, some work offers high performance and flexible solutions for cryptographic algorithms. But FPGAs still have some drawbacks. To overcome inherent shortages of FPGA, a novel asynchronous reconfigurable cryptographic engine (ARCEN) is introduced. In this architecture, reconfigurable cryptographic array is the kernel. It routes signals asynchronously between adjacent cells through Neighbor-to-Neighbor wires with 4-phase handshaking protocol. Computation circuit for reconfigurable cell is developed with modified DSDCVS logic. Experiment results show that the architecture has a better performance than FPGA.

Peiqi Sun,Aijiao Cui

DOI: https://doi.org/10.1109/iscas.2019.8702721

2019-01-01

Abstract:Field-programmable gate arrays (FPGAs) are widely applied in various fields for its merit of reconfigurability. The reusable intellectual property (IP) design blocks are usually adopted in the more complex FPGA designs to shorten design cycle. IP infringement hence becomes a concern. In this paper, we propose a new pay-per-use scheme using the lock and key mechanism for the protection of FPGA IP. Physical Unclonable Function (PUF) is adopted to generate a unique ID for each IP instance. An extra Finite State Machine (FSM) is introduced for the secure retrieval of PUF information by the FPGA IP vendor. The lock is implemented on the original FSM. Only when the FPGA developer can provide a correct license, can the FSM be unlocked and start normal operation. The FPGA IP can hence be protected from illegal use or distribution. The scheme is applied on some benchmarks and the experimental results show that it just incurs acceptably low overhead while it can resist typical attacks.

Farzane Khajuyi,Behnam Ghavami,Human Nikmehr

DOI: https://doi.org/10.48550/arXiv.2101.08754

2021-01-22

Abstract:We introduce a protection-based IP security scheme to protect soft and firm IP cores which are used on FPGA devices. The scheme is based on Finite State Machin (FSM) obfuscation and exploits Physical Unclonable Function (PUF) for FPGA unique identification (ID) generation which help pay-per-device licensing. We introduce a communication protocol to protect the rights of parties in this market. On standard benchmark circuits, the experimental results show that our scheme is secure, attack-resilient and can be implemented with low area, power and delay overheads.

Cryptography and Security,Hardware Architecture

Michael A. Gora,Abhranil Maiti,Patrick Schaumont

DOI: https://doi.org/10.1109/tii.2010.2068303

IF: 12.3

2010-11-01

IEEE Transactions on Industrial Informatics

Abstract:Software intellectual property (SWIP) is a critical component of increasingly complex field programmable gate arrays (FPGA)-based system-on-chip (SOC) designs. As a result, developers want to ensure that their Software Intellectual Property (SWIP) is protected from being exposed to or tampered with by unauthorized parties. By restricting the execution of SWIP to a single trusted FPGA platform, SWIP binding addresses developers' concerns about maintaining control of their intellectual property and the market position it affords. This work proposes a novel design flow for SWIP binding on a commodity FPGA platform lacking specialized hardcore security facilities. We accomplish this by leveraging the qualities of a Physical Unclonable Function (PUF) and a tight integration of hardware and software security features. A prototype implementation demonstrates our design flow's ability to successfully protect software by encryption using a 128 bit FPGA-unique key extracted from a PUF. Based on this proof of concept, a solution to perform secure remote software updates, a common challenge in embedded systems, is proposed to showcase the practicality and flexibility of the design flow.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Daniel Hutchings,Adam Taylor,Jeffrey Goeders

DOI: https://doi.org/10.1145/3656644

IF: 2.837

2024-04-13

ACM Transactions on Reconfigurable Technology and Systems

Abstract:Current IP encryption methods offered by FPGA vendors use an approach where the IP is decrypted during the CAD flow, and remains unencrypted in the bitstream. Given the ease of accessing modern bitstream-to-netlist tools, encrypted IP is vulnerable to inspection and theft from the IP user. While the entire bitstream can be encrypted, this is done by the user, and is not a mechanism to protect confidentiality of 3rd party IP. In this work we present a design methodology, along with a proof-of-concept tool, that demonstrates how IP can remain partially encrypted through the CAD flow and into the bitstream. We show how this approach can support multiple encryption keys from different vendors, and can be deployed using existing CAD tools and FPGA families. Our results document the benefits and costs of using such an approach to provide much greater protection for 3rd party IP.

computer science, hardware & architecture

Pascal Cotret,Guy Gogniat,Martha Johanna Sepulveda Florez

DOI: https://doi.org/10.1016/j.micpro.2016.01.013

2016-02-17

Abstract:Embedded systems are parts of our daily life and used in many fields. They can be found in smartphones or in modern cars including GPS, light/rain sensors and other electronic assistance mechanisms. These systems may handle sensitive data (such as credit card numbers, critical information about the host system and so on) which must be protected against external attacks as these data may be transmitted through a communication link where attackers can connect to extract sensitive information or inject malicious code within the system. This work presents an approach to protect communications in multiprocessor architectures. This approach is based on hardware security enhancements acting as firewalls. These firewalls filter all data going through the system communication bus and an additional flexible cryptographic block aims to protect external memory from attacks. Benefits of our approach are demonstrated using a case study and some custom software applications implemented in a Field-Programmable Gate Array (FPGA). Firewalls implemented in the target architecture allow getting a low-latency security layer with flexible cryptographic features. To illustrate the benefit of such a solution, implementations are discussed for different MPSoCs implemented on Xilinx Virtex-6 FPGAs. Results demonstrate a reduction up to 33% in terms of latency overhead compared to existing efforts.

Cryptography and Security

Alberto Carelli,Cataldo Basile,Alessandro Savino,Alessandro Vallero,Stefano Di Carlo

DOI: https://doi.org/10.48550/arXiv.1912.00696

2019-12-02

Cryptography and Security

Abstract:The mobile application market is rapidly growing and changing, offering always brand new software to install in increasingly powerful devices. Mobile devices become pervasive and more heterogeneous, embedding latest technologies such as multicore architectures, special-purpose circuits and reconfigurable logic. In a future mobile market scenario reconfigurable systems are employed to provide high-speed functionalities to assist execution of applications. However, new security concerns are introduced. In particular, protecting the Intellectual Property of the exchanged soft IP cores is a serious concern. The available techniques for preserving integrity, confidentiality and authenticity suffer from the limitation of heavily relying onto the system designer. In this paper we propose two different protocols suitable for the secure deployment of soft IP cores in FPGA-based mobile heterogeneous systems where multiple independent actors are involved: a simple scenario requiring trust relationship between entities, and a more complex scenario where no trust relationship exists through adoption of the Direct Anonymous Attestation protocol. Finally, we provide a prototype implementation of the proposed architectures.

Krzysztof Kepa,Fearghal Morgan,Krzysztof Kosciuszkiewicz

DOI: https://doi.org/10.1109/fpl.2009.5272250

2009-08-01

Abstract:As FPGA technology and related EDA tools develop, design IP protection and licensing requires increasing consideration. The current multi-player, Partial-Reconfiguration (PR) design flow does not facilitate bitstream-level IP core license enforcement, e.g, time-limited or pay-per-use. This paper proposes the use of a Secure Reconfigurable Controller (SeReCon) for accounting of IP core usage, e.g. total runtime, no. of activations etc, in a PR system. This paper extends the reported SeReCon root-of-trust to support license enforcement within the PR flow and to facilitate confidentiality of the IP core during the PR system life-cycle. A prototype IP-aware SeReCon demonstrator, implemented on Virtex-5 and supporting reconfiguration of a PCIe accelerator with cryptographic IP cores is described.

Roel Maes,Dries Schellekens,Ingrid Verbauwhede

DOI: https://doi.org/10.1109/tifs.2011.2169667

IF: 7.231

2012-02-01

IEEE Transactions on Information Forensics and Security

Abstract:Currently achievable intellectual property (IP) protection solutions for field-programmable gate arrays (FPGAs) are limited to single large “monolithic” configurations. However, the ever growing capabilities of FPGAs and the consequential increasing complexity of their designs ask for a modular development model, where individual IP cores from multiple parties are integrated into a larger system. To enable such a model, the availability of IP protection at the modular level is imperative. In this work, we propose an IP protection mechanism for FPGA designs at the level of individual IP cores, by making use of the self-reconfiguring capabilities of modern FPGAs and deploying a trusted third party to run a metering service, similar to the work of Güneysu et al. and Drimer et al. The proposed scheme makes it possible to enforce a pay-per-use licensing scheme which holds considerable advantages, both for IP core providers as well as for system integrators. Moreover, the scheme has a minimal implementation overhead and is the first of its kind to be solely based on primitives that are already available in recent commercially available FPGA devices. This allows for an immediate and feasible deployment, in contrast to earlier proposed solutions.

computer science, theory & methods,engineering, electrical & electronic

Zhaokun Han,Mohammed Shayan,Aneesh Dixit,Mustafa Shihab,Yiorgos Makris,Jeyavijayan Rajendran

DOI: https://doi.org/10.48550/arXiv.2306.05532

2023-06-21

Abstract:Hardware intellectual property (IP) piracy is an emerging threat to the global supply chain. Correspondingly, various countermeasures aim to protect hardware IPs, such as logic locking, camouflaging, and split manufacturing. However, these countermeasures cannot always guarantee IP security. A malicious attacker can access the layout/netlist of the hardware IP protected by these countermeasures and further retrieve the design. To eliminate/bypass these vulnerabilities, a recent approach redacts the design's IP to an embedded field-programmable gate array (eFPGA), disabling the attacker's access to the layout/netlist. eFPGAs can be programmed with arbitrary functionality. Without the bitstream, the attacker cannot recover the functionality of the protected IP. Consequently, state-of-the-art attacks are inapplicable to pirate the redacted hardware IP. In this paper, we challenge the assumed security of eFPGA-based redaction. We present an attack to retrieve the hardware IP with only black-box access to a programmed eFPGA. We observe the effect of modern electronic design automation (EDA) tools on practical hardware circuits and leverage the observation to guide our attack. Thus, our proposed method FuncTeller selects minterms to query, recovering the circuit function within a reasonable time. We demonstrate the effectiveness and efficiency of FuncTeller on multiple circuits, including academic benchmark circuits, Stanford MIPS processor, IBEX processor, Common Evaluation Platform GPS, and Cybersecurity Awareness Worldwide competition circuits. Our results show that FuncTeller achieves an average accuracy greater than 85% over these tested circuits retrieving the design's functionality.

Cryptography and Security

FAN Ming-jun,LI Ning,ZHAO Le-jun,YE Fan

DOI: https://doi.org/10.3969/j.issn.1004-3365.2007.02.009

IF: 1.992

2007-01-01

Microelectronics Journal

Abstract:A new IP protection method is described,which is a mutual authentication based on triple DES and is applicable for protection of security for SRAM FPGA bit streams.Legality of the IP core user is assured through the communication authentication between inner protection circuit outside IP core in FPGA and the external authentication device,which protects IP core information efficiently from detection and replication when it is downloaded into FPGA.The principle,architecture and implementation of the IP core protection system are demonstrated,and a simplified mutual authentication system using this new technology is designed.

Jiliang Zhang,Yaping Lin,Yongqiang Lyu,Gang Qu,Ray C. C. Cheung,Wenjie Che,Qiang Zhou,Jinian Bian

DOI: https://doi.org/10.1109/FPL.2013.6645555

2013-01-01

Abstract:In this paper we propose a novel binding mechanism that can protect FPGA IP from being cloned, tampered, or misused; and facilitate the pay-per-use licensing to limit the FPGA IP's execution to specific FPGA devices only. In this mechanism, the FPGA vendors will provide each enrolled device with a Physical Unclonable Function (PUF) that can be deployed securely during fabrication process. The core vendor will embed an augmented Finite State Machine (FSM) into the original FSM structure of the hardware IP (HW-IP) to react on the PUF response to a given challenge. The proposed binding method does not need any Trusted Third Party (TTP) or block cipher for key management and exchange. We analyze several known attacks to hardware IP and show that our method is secure against these attacks. Experimental results on MCNC benchmarks show that the proposed method incurs small design overhead in terms of area, power and delay.

Kaushik Vaidyanathan,Renzhi Liu,Ekin Sumbul,Qiuling Zhu,Franz Franchetti,Larry Pileggi

DOI: https://doi.org/10.1109/hst.2014.6855561

2014-05-01

Abstract:Split fabrication, the process of splitting an IC into an untrusted and trusted tier, facilitates access to the most advanced semiconductor manufacturing capabilities available in the world without requiring disclosure of design intent. While researchers have investigated the security of logic blocks in the context of split fabrication, the security of IP blocks, another key component of an SoC, has not been examined. Our security analysis of IP block designs, specifically embedded memory and analog components, shows that they are vulnerable to “recognition attacks” at the untrusted foundry due to the use of standardized floorplans and leaf cell layouts. We propose methodologies to design these blocks efficiently and securely, and demonstrate their effectiveness using 130nm split fabricated testchips.

Alexandre Proulx,Jean-Yves Chouinard,Amine Miled,Paul Fortier

DOI: https://doi.org/10.1109/tvlsi.2024.3360370

2024-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:System-on-chip (SoC) field programmable gate array (FPGA) devices are becoming increasingly prominent in a vast range of applications. The fusion of the FPGA’s unmatched parallel computing capacity and flexibility with a full-bore processing system makes these devices extremely powerful. With recent technological progress, SoC FPGA devices are implemented in increasingly complex systems where security and safety are often issues of concern. To cater to these concerns, these devices are commonly fit with encryption and authentication capabilities to ensure the confidentiality and authenticity of externally stored bitstreams, firmware, and bootloaders. However, while much effort is placed into securing these partitions when stored in external memory, little attention seems to be paid to the security of this data once it is decrypted for execution. This article investigates how vulnerable systems are to attacks that target decrypted data during execution. We demonstrate that data stored in external synchronous dynamic random access memory (SDRAM) can provide access to trusted and secured interfaces of SoC FPGA devices even with diligently applied security features.

engineering, electrical & electronic,computer science, hardware & architecture

Endres Puschner,Maik Ender,Steffen Becker,Christof Paar

DOI: https://doi.org/10.1145/3689939.3695779

2024-11-17

Abstract:Field Programmable Gate Arrays (FPGAs) are known for their reprogrammability that allows for post-manufacture circuitry changes. Nowadays, they are integral to a variety of systems including high-security applications such as aerospace and military systems. However, this reprogrammability also introduces significant security challenges, as bitstream manipulation can directly alter hardware circuits. Malicious manipulations may lead to leakage of secret data and the implementation of hardware Trojans. In this paper, we present a comprehensive framework for manipulating bitstreams with minimal reverse engineering, thereby exposing the potential risks associated with inadequate bitstream protection. Our methodology does not require a complete understanding of proprietary bitstream formats or a fully reverse-engineered target design. Instead, it enables precise modifications by inserting pre-synthesized circuits into existing bitstreams. This novel approach is demonstrated through a semi-automated framework consisting of five steps: (1) partial bitstream reverse engineering, (2) designing the modification, (3) placing and (4) routing the modification into the existing circuit, and (5) merging of the modification with the original bitstream. We validate our framework through four practical case studies on the OpenTitan design synthesized for Xilinx 7-Series FPGAs. While current protections such as bitstream authentication and encryption often fall short, our work highlights and discusses the urgency of developing effective countermeasures. We recommend using FPGAs as trust anchors only when bitstream manipulation attacks can be reliably excluded.

Cryptography and Security

Amr Alanwar,Mona A. Aboelnaga,Yousra Alkabani,M. Watheq El-Kharashi,Hassan Bedour

DOI: https://doi.org/10.48550/arXiv.1711.01010

2017-11-03

Cryptography and Security

Abstract:Hardware Trojan detection and protection is becoming more crucial as more untrusted third parties manufacture many parts of critical systems nowadays. The most common way to detect hardware Trojans is comparing the untrusted design with a golden (trusted) one. However, third-party intellectual properties (IPs) are black boxes with no golden IPs to trust. So, previous attempts to detect hardware Trojans will not work with third-party IPs. In this work, we present novel methods for Trojan protection and detection on field programmable gate arrays (FPGAs) without the need for golden chips. Presented methods work at runtime instead of test time. We provide a wide spectrum of Trojan detection and protection methods. While the simplest methods have low overhead and provide limited protection mechanisms, more sophisticated and costly techniques are introduced that can detect hardware Trojans and even clean up the system from infected IPs. Moreover, we study the cost of using the FPGA partial reconfiguration feature to get rid of infected IPs. In addition, we discuss the possibility to construct IP core certificate authority that maintains a centralized database of unsafe vendors and IPs. We show the practicality of the introduced schemes by implementing the different methodologies on FPGAs. Results show that simple methods present negligible overheads and as we try to increase security the delay and power overheads increase.

Sebastian Wallat,Marc Fyrbiak,Moritz Schlögel,Christof Paar

DOI: https://doi.org/10.1109/IVSW.2017.8031551

2019-10-01

Abstract:A massive threat to the modern and complex IC production chain is the use of untrusted off-shore foundries which are able to infringe valuable hardware design IP or to inject hardware Trojans causing severe loss of safety and security. Similarly, market dominating SRAM-based FPGAs are vulnerable to both attacks since the crucial gate-level netlist can be retrieved even in field for the majority of deployed device series. In order to perform IP infringement or Trojan injection, reverse engineering (parts of) the hardware design is necessary to understand its internal workings. Even though IP protection and obfuscation techniques exist to hinder both attacks, the security of most techniques is doubtful since realistic capabilities of reverse engineering are often neglected. The contribution of our work is twofold: first, we carefully review an IP watermarking scheme tailored to FPGAs and improve its security by using opaque predicates. In addition, we show novel reverse engineering strategies on proposed opaque predicate implementations that again enables to automatically detect and alter watermarks. Second, we demonstrate automatic injection of hardware Trojans specifically tailored for third-party cryptographic IP gate-level netlists. More precisely, we extend our understanding of adversary's capabilities by presenting how block and stream cipher implementations can be surreptitiously weakened.

Cryptography and Security

Ted Huffmire,Brett Brotherton,Nick Callegari,Jonathan Valamehr,Jeff White,Ryan Kastner,Tim Sherwood

DOI: https://doi.org/10.1145/1367045.1367053

IF: 1.447

2008-07-01

ACM Transactions on Design Automation of Electronic Systems

Abstract:The extremely high cost of custom ASIC fabrication makes FPGAs an attractive alternative for deployment of custom hardware. Embedded systems based on reconfigurable hardware integrate many functions onto a single device. Since embedded designers often have no choice but to use soft IP cores obtained from third parties, the cores operate at different trust levels, resulting in mixed-trust designs. The goal of this project is to evaluate recently proposed security primitives for reconfigurable hardware by building a real embedded system with several cores on a single FPGA and implementing these primitives on the system. Overcoming the practical problems of integrating multiple cores together with security mechanisms will help us to develop realistic security-policy specifications that drive enforcement mechanisms on embedded systems.

computer science, software engineering, hardware & architecture

Anirban Sengupta,Aditya Anshul

DOI: https://doi.org/10.1109/access.2024.3382202

IF: 3.9

2024-04-05

IEEE Access

Abstract:In the present era of the global design supply chain, several untrustworthy entities can be involved. From an intellectual property (IP) vendor's perspective, an attacker in the system-on-chip (SoC) integration house may pirate the design IP and/or claim ownership. This paper introduces a novel watermarking methodology using design parameter driven encrypted dispersion matrix with an eigen decomposition-based security framework as a detective countermeasure against the aforementioned threat. Our work considers the IP vendor as the defender and the SoC integration house as the attacker. The proposed approach presents a security framework that extracts the characteristics of the IP vendor selected design space parameters and the design space's characteristics in terms of IP vendor chosen resource configurations and exploits them as unique features to embed them as digital evidence for protecting IP design. In the presented approach, secret security constraints are extracted for embedding into the IP design using a number of components such as dispersion matrix generation block, eigen decomposition block, AES encryption block, and high level synthesis (HLS) register allocation block. The results of the proposed approach, in comparison with prior works, offer an improvement in the probability of coincidence upto ~107, tamper tolerance upto ~10231, and entropy upto ~10545 at negligible design overhead.

computer science, information systems,telecommunications,engineering, electrical & electronic