Secure Local Configuration of Intellectual Property Without a Trusted Third Party

Trading intellectual property (IP) for FPGAs relies on configuring devices securely. This is achieved by using built-in security features of modern FPGAs, i.e. internal decryption engines. The disadvantage of using these features is that a trusted third party (TTP) needs to be involved for the preparation of the devices. Previously published schemes, in this area, are dependent on a TTP that mediates between core vendors (CVs) and system developers (SDs), which poses a major flaw in the chain of trust. In this paper, we propose a scheme where CV and SD can establish a licensing agreement without the participation of a TTP using off-the-shelf products. The IP is delivered in a secure format using state-of-the-art encryption methods. Decryption of the IP is handled by an application running on the FPGA that furthermore guarantees a secure configuration of the device. In order to prevent reverse engineering (RE) of the application, we rely on the progress made in hardware-assisted software (HAS) protection using a tamper and side channel attack (SCA) resistant hardware component. As a result, the application establishes a chain of trust between CVs and SDs without the need for a TTP.

[1]  Ingrid Verbauwhede,et al.  Practical feasibility evaluation and improvement of a pay-per-use licensing scheme for hardware IP cores in Xilinx FPGAs , 2014, Journal of Cryptographic Engineering.

[2]  Christof Paar,et al.  Security on FPGAs: State-of-the-art implementations and attacks , 2004, TECS.

[3]  Jorge Guajardo,et al.  Extended abstract: The butterfly PUF protecting IP on every FPGA , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[4]  Fearghal Morgan,et al.  SeReCon: a secure reconfiguration controller for self-reconfigurable systems , 2010, Int. J. Crit. Comput. Based Syst..

[5]  Swarup Bhunia,et al.  The Hardware Trojan War , 2018 .

[6]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[7]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[8]  Patrick Schaumont,et al.  Offline Hardware/Software Authentication for Reconfigurable Platforms , 2006, CHES.

[9]  Ingrid Verbauwhede,et al.  A Pay-per-Use Licensing Scheme for Hardware IP Cores in Recent SRAM-Based FPGAs , 2012, IEEE Transactions on Information Forensics and Security.

[10]  Patrick Schaumont,et al.  A flexible design flow for software IP binding in commodity FPGA , 2009, 2009 IEEE International Symposium on Industrial Embedded Systems.

[11]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[12]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[13]  Chip-Hong Chang,et al.  Public key protocol for usage-based licensing of FPGA IP cores , 2015, 2015 IEEE International Symposium on Circuits and Systems (ISCAS).

[14]  Swarup Bhunia,et al.  The Hardware Trojan War Attacks, Myths, and Defenses , 2018 .

[15]  Tom Kean,et al.  Cryptographic rights management of FPGA intellectual property cores , 2002, FPGA '02.

[16]  Yongqiang Lyu,et al.  A PUF-FSM Binding Scheme for FPGA IP Protection and Pay-Per-Device Licensing , 2015, IEEE Transactions on Information Forensics and Security.

[17]  Chip-Hong Chang,et al.  A Pragmatic Per-Device Licensing Scheme for Hardware IP Cores on SRAM-Based FPGAs , 2014, IEEE Transactions on Information Forensics and Security.

[18]  Morris J. Dworkin,et al.  SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[19]  Tim Güneysu,et al.  Dynamic Intellectual Property Protection for Reconfigurable Devices , 2007, 2007 International Conference on Field-Programmable Technology.

[20]  Müstak E. Yalçin,et al.  Partially Reconfigurable IP Protection System with Ring Oscillator Based Physically Unclonable Functions , 2017, 2017 New Generation of CAS (NGCAS).

[21]  Sauvagya Ranjan Sahoo,et al.  A Flexible Pay-per-Device Licensing Scheme for FPGA IP Cores , 2017, 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).