Compact and On-the-Fly Secure Dynamic Reconfiguration for Volatile FPGAs

The dynamic partial reconfiguration functionality of FPGAs can be attacked, particularly when the FPGA is remotely located or the configuration bitstreams are sent through insecure networks. The existing FPGA technologies provide some built-in security mechanisms; however, these are often inadequate. The existing solutions still impose a significant impact on the reconfiguration process and on the available resources. This article proposes a solution to improve the security of dynamic partial reconfiguration of FPGAs, without significantly affecting the reconfiguration performance. The proposed solution changes the encryption key of the remotely received bitstream by a randomly generated key, unique for each configuration, when storing them in the external unsecured memory. The native frame-wise error detection mechanism combined with an additional CBC-MAC authentication mechanism, allows for an improved countermeasure against replay attack and wrongful bitstream usage. The proposed solution introduces an overhead of 1% of the available resources on the target FPGA and provides the lowest impact on the reconfiguration process when compared to the state of the art, achieving a reconfiguration throughput of 2.5Gbps. Regarding the built-in security mechanism provided by the Xilinx FPGAs, the solution herein proposed provides better security and improves the reconfiguration performance by more than 3 times.

[1]  Ingrid Verbauwhede,et al.  Practical feasibility evaluation and improvement of a pay-per-use licensing scheme for hardware IP cores in Xilinx FPGAs , 2014, Journal of Cryptographic Engineering.

[2]  Ingrid Verbauwhede,et al.  A Pay-per-Use Licensing Scheme for Hardware IP Cores in Recent SRAM-Based FPGAs , 2012, IEEE Transactions on Information Forensics and Security.

[3]  Christof Paar,et al.  Physical Security Evaluation of the Bitstream Encryption Mechanism of Altera Stratix II and Stratix III FPGAs , 2015, TRETS.

[4]  Tim Güneysu,et al.  Dynamic Intellectual Property Protection for Reconfigurable Devices , 2007, 2007 International Conference on Field-Programmable Technology.

[5]  Tim Güneysu,et al.  Two IP protection schemes for multi-FPGA systems , 2012, 2012 International Conference on Reconfigurable Computing and FPGAs.

[6]  Fearghal Morgan,et al.  SeReCon: a secure reconfiguration controller for self-reconfigurable systems , 2010, Int. J. Crit. Comput. Based Syst..

[7]  Kris Gaj,et al.  Secure partial reconfiguration of FPGAs , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[8]  Christof Paar,et al.  Security on FPGAs: State-of-the-art implementations and attacks , 2004, TECS.

[9]  Ingrid Verbauwhede,et al.  Secure, Remote, Dynamic Reconfiguration of FPGAs , 2015, TRETS.

[10]  Saar Drimer,et al.  Volatile FPGA design security { a survey , 2008 .

[11]  Gang Qu,et al.  Reconfigurable Binding against FPGA Replay Attacks , 2015, TODE.

[12]  Saar Drimer,et al.  Security for volatile FPGAs , 2009 .

[13]  Stamatis Vassiliadis,et al.  Reconfigurable memory based AES co-processor , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[14]  Kenji Toda,et al.  Bitstream Protection in Dynamic Partial Reconfiguration Systems Using Authenticated Encryption , 2013, IEICE Trans. Inf. Syst..

[15]  Chik How Tan,et al.  Analysis and Enhancement of Random Number Generator in FPGA Based on Oscillator Rings , 2008, 2008 International Conference on Reconfigurable Computing and FPGAs.

[16]  Habib Mehrez,et al.  Protecting FPGA bitstreams using authenticated encryption , 2013, 2013 IEEE 11th International New Circuits and Systems Conference (NEWCAS).

[17]  Markus G. Kuhn,et al.  A Protocol for Secure Remote Updates of FPGA Configurations , 2009, ARC.

[18]  Stephen M. Trimberger,et al.  FPGA Security: Motivations, Features, and Applications , 2014, Proceedings of the IEEE.

[19]  Ricardo Chaves,et al.  Secure partial dynamic reconfiguration with unsecured external memory , 2014, 2014 24th International Conference on Field Programmable Logic and Applications (FPL).

[20]  Scott Hauck,et al.  Reconfigurable Computing: The Theory and Practice of FPGA-Based Computation , 2007 .

[21]  Lionel Torres,et al.  Secure FPGA configuration architecture preventing system downgrade , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[22]  Tarek A. El-Ghazawi,et al.  The Promise of High-Performance Reconfigurable Computing , 2008, Computer.

[23]  Ingrid Verbauwhede,et al.  Secure remote reconfiguration of an FPGA-based embedded system , 2011, 6th International Workshop on Reconfigurable Communication-Centric Systems-on-Chip (ReCoSoC).

[24]  Kris Gaj,et al.  Implementation of EAX mode of operation for FPGA bitstream encryption and authentication , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[25]  T. Kean Secure configuration of Field Programmable Gate arrays , 2001 .

[26]  Javier Castillo,et al.  A secure self-reconfiguring architecture based on open-source hardware , 2005, 2005 International Conference on Reconfigurable Computing and FPGAs (ReConFig'05).

[27]  A. Satoh,et al.  Tackling the Security Issues of FPGA Partial Reconfiguration with Physical Unclonable Functions ( ERSA ’ 12 Academic Invited Paper ) , 2012 .

[28]  Ingrid Verbauwhede,et al.  A single-chip solution for the secure remote configuration of FPGAs using bitstream compression , 2013, 2013 International Conference on Reconfigurable Computing and FPGAs (ReConFig).

[29]  Ricardo Chaves,et al.  On-the-fly attestation of reconfigurable hardware , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[30]  Jérémie Crenne,et al.  SecURe DPR: Secure update preventing replay attacks for dynamic partial reconfiguration , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[31]  Klaus D. Müller-Glaser,et al.  A System Architecture for Reconfigurable Trusted Platforms , 2008, 2008 Design, Automation and Test in Europe.