A Novel FPGA Architecture and Protocol for the Self-attestation of Configurable Hardware

Field-Programmable Gate Arrays or FPGAs are popular platforms for hardware-based attestation. They offer protection against physical and remote attacks by verifying if an embedded processor is running the intended application code. However, since FPGAs are configurable after deployment (thus not tamper-resistant), they are susceptible to attacks, just like microprocessors. Therefore, attesting an electronic system that uses an FPGA should be done by verifying the status of both the software and the hardware, without the availability of a dedicated tamper-resistant hardware module. Inspired by the work of Perito and Tsudik, this paper proposes a partially reconfigurable FPGA architecture and attestation protocol that enable the self-attestation of the FPGA. Through the use of our solution, the FPGA can be used as a trusted hardware module to perform hardware-based attestation of a processor. This way, an entire hardware/software system can be protected against malicious

[1]  Mauro Conti,et al.  SACHa: Self-Attestation of Configurable Hardware , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[3]  Peng Ning,et al.  Remote attestation to dynamic system properties: Towards providing complete system integrity evidence , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[4]  Ahmad-Reza Sadeghi,et al.  Invited: Things, trouble, trust: On building trust in IoT systems , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[5]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[6]  Stefan Katzenbeisser,et al.  SCAPI: a scalable attestation protocol to detect software and physical attacks , 2017, WISEC.

[7]  Young-Geun Choi,et al.  Proactive Code Verification Protocol in Wireless Sensor Network , 2007, ICCSA.

[8]  Gene Tsudik,et al.  Secure Code Update for Embedded Devices via Proofs of Secure Erasure , 2010, ESORICS.

[9]  Diomidis Spinellis,et al.  Reflection as a mechanism for software integrity verification , 2000, TSEC.

[10]  Ricardo Chaves,et al.  On-the-fly attestation of reconfigurable hardware , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[11]  Markus G. Kuhn,et al.  A Protocol for Secure Remote Updates of FPGA Configurations , 2009, ARC.

[12]  Ahmad-Reza Sadeghi,et al.  DARPA: Device Attestation Resilient to Physical Attacks , 2016, WISEC.

[13]  Ingrid Verbauwhede,et al.  Secure remote reconfiguration of an FPGA-based embedded system , 2011, 6th International Workshop on Reconfigurable Communication-Centric Systems-on-Chip (ReCoSoC).

[14]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[15]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[16]  Ingrid Verbauwhede,et al.  Secure, Remote, Dynamic Reconfiguration of FPGAs , 2015, TRETS.

[17]  Yongdae Kim,et al.  Remote Software-Based Attestation for Wireless Sensors , 2005, ESAS.

[18]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[19]  Ahmad-Reza Sadeghi,et al.  SeED: secure non-interactive attestation for embedded devices , 2017, WISEC.

[20]  Ahmad-Reza Sadeghi,et al.  TyTAN: Tiny trust anchor for tiny devices , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[21]  Gene Tsudik,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[22]  Adrian Perrig,et al.  VIPER: verifying the integrity of PERipherals' firmware , 2011, CCS '11.