Volatile FPGA design security { a survey

Volatile FPGAs, the dominant type of programmable logic devices, are used in space, military, automotive, and consumer electronics applications which require them to operate in a wide range of environments. The continuous growth in both their capability and capacity now requires signicant resources to be invested in the designs that are created for them. This has brought increased interest in the security attributes of FPGAs; specically, how well do they protect the information processed within it, how are designs protected during distribution, and how developers’ ownership rights are protected while designs from multiple sources are combined. This survey establishes the foundations for discussing \FPGA security", examines a wide range of attacks and defenses along with the current state of industry oerings, and nally, outlines on-going research and latest developments.

[1]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[2]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[3]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[4]  Martin Stigge,et al.  Reversing CRC { Theory and Practice , 2006 .

[5]  Mike Bond,et al.  Experience Using a Low-Cost FPGA Design to Crack DES Keys , 2002, CHES.

[6]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[7]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[8]  Lilian Bossuet,et al.  Dynamically Configurable Security for SRAM FPGA Bitstreams , 2004, IPDPS.

[9]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[10]  Mike Bond,et al.  Cryptographic Processors-A Survey , 2006, Proceedings of the IEEE.

[11]  Jean-Baptiste Note,et al.  From the bitstream to the netlist , 2008, FPGA '08.

[12]  Peter Hazucha,et al.  Characterization of soft errors caused by single event upsets in CMOS processes , 2004, IEEE Transactions on Dependable and Secure Computing.

[13]  Gang Qu,et al.  Zero overhead watermarking technique for FPGA designs , 2003, GLSVLSI '03.

[14]  B. Preneel,et al.  Differential Electromagnetic Attack on an FPGA Implementation of Elliptic Curve Cryptosystems , 2006, 2006 World Automation Congress.

[15]  Bernhard Fechner Dynamic delay-fault injection for reconfigurable hardware , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[16]  Boris Skoric,et al.  Read-Proof Hardware from Protective Coatings , 2006, CHES.

[17]  Richard E. Anderson,et al.  IC Failure Analysis: Magic, Mystery, and Science , 1997, IEEE Des. Test Comput..

[18]  E. Normand Single event upset at ground level , 1996 .

[19]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).

[20]  Ingrid Verbauwhede,et al.  Synthesis of Secure FPGA Implementations , 2004, IACR Cryptol. ePrint Arch..

[21]  Paul Chow,et al.  DES Cracking on the Transmogrifier 2a , 1999, CHES.

[22]  Gang Xiong,et al.  Forgery: ‘Fingerprinting’ documents and packaging , 2005, Nature.

[23]  FRANÇOIS-XAVIER STANDAERT,et al.  An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays , 2006, Proceedings of the IEEE.

[24]  Christof Paar,et al.  Security on FPGAs: State-of-the-art implementations and attacks , 2004, TECS.

[25]  Christof Paar,et al.  Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker , 2006, CHES.

[26]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[27]  Adam Megacz,et al.  A Library and Platform for FPGA Bitstream Manipulation , 2007, 15th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM 2007).

[28]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[29]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[30]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[31]  Lukás Sekanina,et al.  An Evolvable Combinational Unit for FPGAs , 2004, Comput. Artif. Intell..

[32]  Sofiène Tahar,et al.  IP watermarking techniques: survey and comparison , 2003, The 3rd IEEE International Workshop on System-on-Chip for Real-Time Applications, 2003. Proceedings..

[33]  G. Edward Suh,et al.  Extracting secret keys from integrated circuits , 2005, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[34]  J. R. Rao,et al.  The EM Side–Channel(s):Attacks and Assessment Methodologies , 2003 .

[35]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[36]  Saar Drimer,et al.  Authentication of FPGA Bitstreams: Why and How , 2007, ARC.

[37]  共立出版株式会社 コンピュータ・サイエンス : ACM computing surveys , 1978 .

[38]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[39]  Tim Güneysu,et al.  DSPs, BRAMs and a Pinch of Logic: New Recipes for AES on FPGAs , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.

[40]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[41]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[42]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[43]  Sergei Skorobogatov Low temperature data remanence in static RAM , 2002 .

[44]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[45]  Paul J. Layzell,et al.  Analysis of unconventional evolved electronics , 1999, CACM.

[46]  Jürgen Teich,et al.  Identifying FPGA IP-Cores Based on Lookup Table Content Analysis , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[47]  Miodrag Potkonjak,et al.  Constraint-based watermarking techniques for design IP protection , 2001, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[48]  Delon Levi,et al.  JBits: Java based interface for reconfigurable computing , 1999 .

[49]  Mark McLean,et al.  FPGA-BASED SINGLE CHIP CRYPTOGRAPHIC SOLUTION ( U ) , 2007 .

[50]  M. Potkonjak,et al.  FPGA fingerprinting techniques for protecting intellectual property , 1998, Proceedings of the IEEE 1998 Custom Integrated Circuits Conference (Cat. No.98CH36143).

[51]  Hervé Chabanne,et al.  Electromagnetic Side Channels of an FPGA Implementation of AES , 2004, IACR Cryptol. ePrint Arch..

[52]  K. Thompson Reflections on trusting trust , 1984, CACM.

[53]  John Gilmore,et al.  Cracking DES - secrets of encryption research, wiretap politics and chip design: how federal agencies subvert privacy , 1998 .

[54]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[55]  B. Preneel,et al.  Electromagnetic Analysis Attack on an FPGA Implementation of an Elliptic Curve Cryptosystem , 2005, EUROCON 2005 - The International Conference on "Computer as a Tool".

[56]  Peter Gutmann,et al.  Data Remanence in Semiconductor Devices , 2001, USENIX Security Symposium.

[57]  Gang Wang,et al.  Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[58]  Mahmut T. Kandemir,et al.  Leakage Current: Moore's Law Meets Static Power , 2003, Computer.

[59]  Alessandro Trifiletti,et al.  Enhancing power analysis attacks against cryptographic devices , 2006, 2006 IEEE International Symposium on Circuits and Systems.

[60]  Markus G. Kuhn,et al.  Compromising Emanations , 2002, Encyclopedia of Cryptography and Security.

[61]  Jonathan M. Smith,et al.  FPGA Viruses , 1999, FPL.

[62]  Bart Preneel,et al.  Power-Analysis Attacks on an FPGA - First Experimental Results , 2003, CHES.

[63]  Lukás Sekanina,et al.  Towards evolvable IP cores for FPGAs , 2003, NASA/DoD Conference on Evolvable Hardware, 2003. Proceedings..

[64]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[65]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[66]  R. Seepold Virtual Socket Interface Alliance , 1999, Design, Automation and Test in Europe Conference and Exhibition, 1999. Proceedings (Cat. No. PR00078).

[67]  Dennis G. Abraham,et al.  Transaction Security System , 1991, IBM Syst. J..

[68]  A. Lesea,et al.  The rosetta experiment: atmospheric soft error rate testing in differing technology FPGAs , 2005, IEEE Transactions on Device and Materials Reliability.

[69]  Steven Trimberger Trusted Design in FPGAs , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[70]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[71]  Yvo Desmedt,et al.  Cryptanalysis of UCLA Watermarking Schemes for Intellectual Property Protection , 2002, Information Hiding.

[72]  Peter J. Bentley,et al.  On Evolvable Hardware , 2001 .

[73]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[74]  Patrick Schaumont,et al.  Offline Hardware/Software Authentication for Reconfigurable Platforms , 2006, CHES.

[75]  Bart Preneel,et al.  Power Analysis Attacks Against FPGA Implementations of the DES , 2004, FPL.

[76]  Dakshi Agrawal,et al.  Multi-channel Attacks , 2003, CHES.

[77]  Bart Preneel,et al.  Power Analysis of an FPGA: Implementation of Rijndael: Is Pipelining a DPA Countermeasure? , 2004, CHES.

[78]  Kris Gaj,et al.  Implementation of EAX mode of operation for FPGA bitstream encryption and authentication , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[79]  T. Kean Secure configuration of Field Programmable Gate arrays , 2001 .

[80]  Li Shang,et al.  Dynamic power consumption in Virtex™-II FPGA family , 2002, FPGA '02.

[81]  Jean-Jacques Quisquater,et al.  Power Analysis of FPGAs: How Practical is the Attack? , 2003, FPL.

[82]  M. Potkonjak,et al.  Robust FPGA intellectual property protection through multiple small watermarks , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).

[83]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[84]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[85]  Paul Syverson,et al.  A Taxonomy of Replay Attacks , 1994 .

[86]  J. Conway On Numbers and Games , 1976 .

[87]  Daniel E. Holcomb,et al.  Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags , 2007 .

[88]  Tom Kean,et al.  Cryptographic rights management of FPGA intellectual property cores , 2002, FPGA '02.

[89]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[90]  Jürgen Teich,et al.  FPGA core watermarking based on power signature analysis , 2006, 2006 IEEE International Conference on Field Programmable Technology.

[91]  Eric Peeters,et al.  Updates on the Security of FPGAs Against Power Analysis Attacks , 2006, ARC.