Secure partial dynamic reconfiguration with unsecured external memory

This paper proposes a solution to improve the security of the partial dynamic reconfiguration of FPGA, without significantly affecting the reconfiguration performance. The existing solutions for secure partial dynamic reconfiguration on SRAM based FPGAs impact the reconfiguration process and the available resources due to their complex multi-layered partial bitstream validation process. This adversely affects the performance of applications using reconfigurable hardware. The proposed solution uses high performance encryption engines to change the encryption key of the remotely received bitstream by a randomly generated key, unique to each configuration, when storing the bitstream in the external unsecured memory. An additional CBC-MAC authentication mechanism is also considered that combined with the frame-wise error detection mechanism of the configuration port, allows for an improved countermeasure against replay attack and wrongful bitstream usage. The proposed solution introduces a resource overhead of 1.1% in regard to the base reconfigurable system and provides the lowest impact on the reconfiguration process when compared to the related state of the art, achieving a reconfiguration throughput of 2.5 Gbps.

[1]  A. Satoh,et al.  Tackling the Security Issues of FPGA Partial Reconfiguration with Physical Unclonable Functions ( ERSA ’ 12 Academic Invited Paper ) , 2012 .

[2]  Markus G. Kuhn,et al.  A Protocol for Secure Remote Updates of FPGA Configurations , 2009, ARC.

[3]  Kris Gaj,et al.  Secure partial reconfiguration of FPGAs , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[4]  Saar Drimer,et al.  Volatile FPGA design security { a survey , 2008 .

[5]  Christof Paar,et al.  Security on FPGAs: State-of-the-art implementations and attacks , 2004, TECS.

[6]  Fearghal Morgan,et al.  SeReCon: a secure reconfiguration controller for self-reconfigurable systems , 2010, Int. J. Crit. Comput. Based Syst..

[7]  Ingrid Verbauwhede,et al.  A Pay-per-Use Licensing Scheme for Hardware IP Cores in Recent SRAM-Based FPGAs , 2012, IEEE Transactions on Information Forensics and Security.

[8]  Saar Drimer,et al.  Security for volatile FPGAs , 2009 .

[9]  Javier Castillo,et al.  A secure self-reconfiguring architecture based on open-source hardware , 2005, 2005 International Conference on Reconfigurable Computing and FPGAs (ReConFig'05).

[10]  Tim Güneysu,et al.  Two IP protection schemes for multi-FPGA systems , 2012, 2012 International Conference on Reconfigurable Computing and FPGAs.

[11]  Lionel Torres,et al.  Secure FPGA configuration architecture preventing system downgrade , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[12]  Kenji Toda,et al.  Bitstream Protection in Dynamic Partial Reconfiguration Systems Using Authenticated Encryption , 2013, IEICE Trans. Inf. Syst..

[13]  Ingrid Verbauwhede,et al.  Secure remote reconfiguration of an FPGA-based embedded system , 2011, 6th International Workshop on Reconfigurable Communication-Centric Systems-on-Chip (ReCoSoC).

[14]  Ingrid Verbauwhede,et al.  A single-chip solution for the secure remote configuration of FPGAs using bitstream compression , 2013, 2013 International Conference on Reconfigurable Computing and FPGAs (ReConFig).

[15]  Jérémie Crenne,et al.  SecURe DPR: Secure update preventing replay attacks for dynamic partial reconfiguration , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[16]  Klaus D. Müller-Glaser,et al.  A System Architecture for Reconfigurable Trusted Platforms , 2008, 2008 Design, Automation and Test in Europe.

[17]  Chik How Tan,et al.  Analysis and Enhancement of Random Number Generator in FPGA Based on Oscillator Rings , 2008, 2008 International Conference on Reconfigurable Computing and FPGAs.

[18]  Patrick Schaumont,et al.  Offline Hardware/Software Authentication for Reconfigurable Platforms , 2006, CHES.

[19]  Ricardo Chaves,et al.  On-the-fly attestation of reconfigurable hardware , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[20]  Stamatis Vassiliadis,et al.  Reconfigurable memory based AES co-processor , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[21]  Kris Gaj,et al.  Implementation of EAX mode of operation for FPGA bitstream encryption and authentication , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[22]  T. Kean Secure configuration of Field Programmable Gate arrays , 2001 .