Secure Extension of FPGA General Purpose Processors for Symmetric Key Cryptography with Partial Reconfiguration Capabilities

In data security systems, general purpose processors (GPPs) are often extended by a cryptographic accelerator. The article presents three ways of extending GPPs for symmetric key cryptography applications. Proposed extensions guarantee secure key storage and management even if the system is facing protocol, software and cache memory attacks. The system is partitioned into processor, cipher, and key memory zones. The three security zones are separated at protocol, system, architecture and physical levels. The proposed principle was validated on Altera NIOS II, Xilinx MicroBlaze and Microsemi Cortex M1 soft-core processor extensions. We show that stringent separation of the cipher zone is helpful for partial reconfiguration of the security module, if the enciphering algorithm needs to be dynamically changed. However, the key zone including reconfiguration controller must remain static in order to maintain the high level of security required. We demonstrate that the principle is feasible in partially reconfigurable field programmable gate arrays (FPGAs) such as Altera Stratix V or Xilinx Virtex 6 and also to some extent in FPGAs featuring hardwired general purpose processors such as Cortex M3 in Microsemi SmartFusion FPGA. Although the three GPPs feature different data interfaces, we show that the processors with their extensions reach the required high security level while maintaining partial reconfiguration capability.

[1]  BossuetLilian,et al.  Secure Extension of FPGA General Purpose Processors for Symmetric Key Cryptography with Partial Reconfiguration Capabilities , 2012 .

[2]  Saar Drimer Authentication of FPGA Bitstreams: Why and How , 2007, ARC.

[3]  E. Simpson Offline HW / SW Authentication for Reconfigurable Platforms , 2006 .

[4]  Mike Bond,et al.  Cryptographic Processors-A Survey , 2006, Proceedings of the IEEE.

[5]  Kris Gaj,et al.  Implementation of EAX mode of operation for FPGA bitstream encryption and authentication , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[6]  Mohsen Machhout,et al.  Coupled FPGA/ASIC Implementation of Elliptic Curve Crypto-Processor , 2010, International journal of Network Security & Its Applications.

[7]  Dmitry Akselrod,et al.  Platform independent overall security architecture in multi-processor system-on-chip integrated circuits for use in mobile phones and handheld devices , 2007, Comput. Electr. Eng..

[8]  Gang Wang,et al.  Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[9]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[10]  Lilian Bossuet,et al.  Dynamically configurable security for SRAM FPGA bitstreams , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[11]  Tim Kerins,et al.  Single-chip FPGA implementation of a cryptographic co-processor , 2004, Proceedings. 2004 IEEE International Conference on Field- Programmable Technology (IEEE Cat. No.04EX921).

[12]  Lilian Bossuet,et al.  Dynamically Configurable Security for SRAM FPGA Bitstreams , 2004, IPDPS.

[13]  Fearghal Morgan,et al.  SeReCon: a secure reconfiguration controller for self-reconfigurable systems , 2010, Int. J. Crit. Comput. Based Syst..

[14]  FPGA Run-Time Reconfiguration : Two Approaches , 1998 .

[15]  Lilian Bossuet,et al.  HCrypt: A Novel Concept of Crypto-processor with Secured Key Management , 2010, 2010 International Conference on Reconfigurable Computing and FPGAs.

[16]  P. Glenn Gulak,et al.  An area-efficient universal cryptography processor for smart cards , 2006, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[17]  Jean-Jacques Quisquater,et al.  Power Analysis of FPGAs: How Practical is the Attack? , 2003, FPL.

[18]  Lionel Torres,et al.  Secure Protocol Implementation for Remote Bitstream Update Preventing Replay Attacks on FPGA , 2010, 2010 International Conference on Field Programmable Logic and Applications.

[19]  Ingrid Verbauwhede,et al.  Multicore Curve-Based Cryptoprocessor with Reconfigurable Modular Arithmetic Logic Units over GF(2^n) , 2007, IEEE Transactions on Computers.

[20]  Mohamed Khalil Hani,et al.  DESIGN AND IMPLEMENTATION OF A PRIVATE AND PUBLIC KEY CRYPTO PROCESSOR FOR NEXT-GENERATION IT SECURITY APPLICATIONS , 2006 .

[21]  Patrick Schaumont,et al.  Offline Hardware/Software Authentication for Reconfigurable Platforms , 2006, CHES.

[22]  Lilian Bossuet,et al.  Secure extensions of FPGA soft core processors for symmetric key cryptography , 2011, 6th International Workshop on Reconfigurable Communication-Centric Systems-on-Chip (ReCoSoC).