Flexible and low-cost HSM based on non-volatile FPGAs

Embedded systems supported on FPGAs are increasingly playing a bigger role on safety-critical areas. A particular example of a safety-critical system is a Hardware Security Module, providing private key management and usage in a secure and reliable way. However, commercially available systems are too expensive and limited in the provided functionality. On the other hand, existing volatile FPGA solutions do not adequately provide the needed security features. Herein, an open-source, low-cost and highly flexible re-configurable Hardware Security Module is proposed, supported by a System-on-Chip with a non-volatile FPGA. The presented solution operates as a versatile certification system that provides key management, digital signature services and is able to issue trustworthy certificates. The solution can be used, for example, in IT security applications through an integration with the included PKCS#11 interface. To further illustrate the flexibility of the proposed solution, a Log-Chain certification use-case is also presented. Experimental results suggest that the system is able to compute up to 2 sign/certification operations per second with a low cost, adaptable, and secure approach.

[1]  Shivkumar Selvakumaraswamy,et al.  Efficient transmission of PKI certificates using elliptic curve cryptography and its variants , 2016, Int. Arab J. Inf. Technol..

[2]  Ricardo Chaves,et al.  Compact and On-the-Fly Secure Dynamic Reconfiguration for Volatile FPGAs , 2016, ACM Trans. Reconfigurable Technol. Syst..

[3]  Rüdiger Kapitza,et al.  AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves , 2016, ESORICS.

[4]  Samir Chatterjee,et al.  Design and Implementation of a Digital Signature Solution for a Healthcare Enterprise , 2004, AMCIS.

[5]  Lionel Torres,et al.  A survey on security features in modern FPGAs , 2015, 2015 10th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC).

[6]  Yajun Ha,et al.  FPGA based Rekeying for cryptographic key management in Storage Area Network , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[7]  Ramarathnam Venkatesan,et al.  Orthogonal Security with Cipherbase , 2013, CIDR.

[8]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[9]  Peter M. Athanas,et al.  A Key Management Architecture for Securing Off-Chip Data Transfers , 2004, FPL.

[10]  Kris Gaj,et al.  Secure partial reconfiguration of FPGAs , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[11]  Thomas Feller Towards Trustworthy Cyber-Physical Systems , 2014 .

[12]  Fernando Cerdán,et al.  A Certification Authority for Elliptic Curve X.509v3 Certificates , 2007, International Conference on Networking and Services (ICNS '07).

[13]  Ramarathnam Venkatesan,et al.  FPGAs for trusted cloud computing , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[14]  Elisa Bertino,et al.  Authentication and key management for Advanced Metering Infrastructures utilizing physically unclonable functions , 2012, 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm).