Bitstream Encryption and Authentication Using AES-GCM in Dynamically Reconfigurable Systems

A secure and dependable dynamic partial reconfiguration (DPR) system based on the AES-GCM cipher is developed, where the reconfigurable IP cores are protected by encrypting and authenticating their bitstreams with AES-GCM. In DPR systems, bitstream authentication is essential for avoiding fatal damage caused by inadvertent bitstreams. Although encryption-only systems can prevent bitstream cloning and reverse engineering, they cannot prevent erroneous or malicious bitstreams from being accepted as valid. If a bitstream error is detected after the system has already been partly configured, the system must be reconfigured with an errorless bitstream or at worst rebooted since the DPR changes the hardware architecture itself and the system cannot recover itself to the initial state by asserting a reset signal. In this regard, our system can recover from configuration errors without rebooting. To the authors' best knowledge, this is the first DPR system featuring both bitstream protection and error recovery mechanisms. Additionally, we clarify the relationship between the computation time and the bitstream block size, and derive the optimal internal memory size necessary to achieve the highest throughput. Furthermore, we implemented an AES-GCM-based DPR system targeting the Virtex-5 device on an off-the-shelf board, and demonstrated that all functions of bitstream decryption, verification, configuration, and error recovery work correctly. This paper clarifies the throughput, the hardware utilization, and the optimal memory configuration of said DPR system.

[1]  Mihir Bellare,et al.  EAX: A Conventional Authenticated-Encryption Mode , 2003, IACR Cryptol. ePrint Arch..

[2]  Saar Drimer,et al.  Authentication of FPGA Bitstreams: Why and How , 2007, ARC.

[3]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[4]  Guy Gogniat,et al.  Software Radio and Dynamic Reconfiguration on a DSP/FPGA platform , 2004 .

[5]  Kenji Toda,et al.  A Secure Content Delivery System Based on a Partially Reconfigurable FPGA , 2008, IEICE Trans. Inf. Syst..

[6]  Morris J. Dworkin,et al.  SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[7]  Charles E. Stroud,et al.  Dynamic fault tolerance in FPGAs via partial reconfiguration , 2000, Proceedings 2000 IEEE Symposium on Field-Programmable Custom Computing Machines (Cat. No.PR00871).

[8]  Lilian Bossuet,et al.  Dynamically configurable security for SRAM FPGA bitstreams , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[9]  Jürgen Becker,et al.  Dynamic and Partial FPGA Exploitation , 2007, Proceedings of the IEEE.

[10]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[11]  Jeff Mason,et al.  Invited Paper: Enhanced Architectures, Design Methodologies and CAD Tools for Dynamic Reconfiguration of Xilinx FPGAs , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[12]  Takeshi Sugawara,et al.  High-Speed Pipelined Hardware Architecture for Galois Counter Mode , 2007, ISC.

[13]  Morris J. Dworkin,et al.  SP 800-38A 2001 edition. Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[14]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[15]  Walter Stechele,et al.  Using Partial-Run-Time Reconfigurable Hardware to accelerate Video Processing in Driver Assistance System , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[16]  Kris Gaj,et al.  Secure partial reconfiguration of FPGAs , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[17]  Akashi Satoh High-Speed Parallel Hardware Architecture for Galois Counter Mode , 2007, 2007 IEEE International Symposium on Circuits and Systems.