PUFMon: Security monitoring of FPGAs using physically unclonable functions

Mainstream FPGAs and programmable SoCs employ different countermeasures during configuration and runtime to mitigate physical attacks. However, it has been demonstrated that sophisticated active attack techniques, such as laser voltage probing, can still bypass the bitstream protections during the configuration phase. On the other hand, although the security monitoring IP cores provided by FPGA vendors can ensure the physical security during the runtime of applications, they are unable to detect such attacks during configuration. In this work, we propose a novel approach to using PUFs as physical sensors to monitor the integrity of FPGAs against active attacks. Small modifications in existing PUF architectures enable us to design a PUF-based security scheme, which can be deployed for integrity monitoring and authentication/key generation at the same time. We evaluate the effectiveness of our framework against a range of powerful attacks, such as optical probing and fault attacks. We further discuss how this scheme can be deployed during bitstream configuration in FPGAs with partial reconfiguration capability.

[1]  C. Boit,et al.  Distinction of Photo-Electric and Thermal Effects in a MOSFET by 1064 nm Laser Stimulation , 2006, 2006 13th International Symposium on the Physical and Failure Analysis of Integrated Circuits.

[2]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).

[3]  Ulrich Rührmair,et al.  Virtual Proofs of Reality and their Physical Implementation , 2015, 2015 IEEE Symposium on Security and Privacy.

[4]  Makoto Nagata,et al.  Ring Oscillator under Laser: Potential of PLL-based Countermeasure against Laser Fault Injection , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[5]  Mark Mohammad Tehranipoor,et al.  RON: An on-chip ring oscillator network for hardware Trojan detection , 2011, 2011 Design, Automation & Test in Europe.

[6]  Jean-Pierre Seifert,et al.  No Place to Hide: Contactless Probing of Secret Data on FPGAs , 2016, CHES.

[7]  Srinivas Devadas,et al.  Recombination of Physical Unclonable Functions , 2010 .

[8]  Christof Paar,et al.  Bitstream Fault Injections (BiFI)–Automated Fault Attacks Against SRAM-Based FPGAs , 2018, IEEE Transactions on Computers.

[9]  Roel Maes,et al.  Physically Unclonable Functions , 2012, Springer Berlin Heidelberg.

[10]  Colin O'Flynn,et al.  Fault Injection using Crowbars on Embedded Systems , 2016, IACR Cryptol. ePrint Arch..

[11]  G. Richard Newell,et al.  Differential power analysis countermeasures for the configuration of SRAM FPGAs , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[12]  Heiko Lohrke Automated Detection of Fault Sensitive Locations for Reconfiguration Attacks on Programmable Logic , 2016 .

[13]  Roel Maes,et al.  Physically Unclonable Functions , 2013, Springer Berlin Heidelberg.

[14]  Georg Sigl,et al.  Detection of probing attempts in secure ICs , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.