Bitstream encryption and authentication with AES-GCM in dynamically reconfigurable systems

A high-speed and secure dynamic partial reconfiguration (DPR) system is realized with AES-GCM that guarantees both confidentiality and authenticity of FPGA bitstreams. In DPR systems, bitstream authentication is essential for avoiding fatal damage caused by unintended bitstreams. An encryption-only system can prevent bitstream cloning and reverse engineering, but cannot prevent erroneous or malicious bitstreams from being configured. Authenticated encryption is a relatively new concept that provides both message encryption and authentication, and AES-GCM is one of the latest authenticated encryption algorithms suitable for hardware implementation. We implemented the AES-GCMbased DPR system targeting the Virtex-5 device on an offthe-shelf board, and evaluated its throughput and hardware resource utilization. For comparison, we also implemented AES-CBC and SHA-256 modules on the same device. The experimental results showed that the AES-GCM-based system achieved higher throughput with less resource utilization than the AES/SHA-based system. The AES-GCMmodule achieved more than 1 Gbps throughput and the entire system achieved about 800 Mbps throughput with reasonable resource utilization. This paper clarifies the advantage of using AES-GCM for protecting DPR systems.

[1]  Saar Drimer Authentication of FPGA Bitstreams: Why and How , 2007, ARC.

[2]  Lilian Bossuet,et al.  Dynamically Configurable Security for SRAM FPGA Bitstreams , 2004, IPDPS.

[3]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[4]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[5]  Charles E. Stroud,et al.  Dynamic fault tolerance in FPGAs via partial reconfiguration , 2000, Proceedings 2000 IEEE Symposium on Field-Programmable Custom Computing Machines (Cat. No.PR00871).

[6]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[7]  William C. Barker,et al.  TECHNOLOGY ADMINISTRATION , 2004 .

[8]  Guy Gogniat,et al.  Software Radio and Dynamic Reconfiguration on a DSP/FPGA platform , 2004 .

[9]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[10]  Takeshi Sugawara,et al.  High-Speed Pipelined Hardware Architecture for Galois Counter Mode , 2007, ISC.

[11]  H. Niederreiter,et al.  Finite Fields: Encyclopedia of Mathematics and Its Applications. , 1997 .

[12]  Jürgen Becker,et al.  Dynamic and Partial FPGA Exploitation , 2007, Proceedings of the IEEE.

[13]  Kenji Toda,et al.  A Secure Content Delivery System Based on a Partially Reconfigurable FPGA , 2008, IEICE Trans. Inf. Syst..

[14]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[15]  D. Wagner,et al.  A Conventional Authenticated-Encryption Mode , 2003 .

[16]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[17]  Akashi Satoh High-Speed Parallel Hardware Architecture for Galois Counter Mode , 2007, 2007 IEEE International Symposium on Circuits and Systems.

[18]  Walter Stechele,et al.  Using Partial-Run-Time Reconfigurable Hardware to accelerate Video Processing in Driver Assistance System , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[19]  Kris Gaj,et al.  Secure partial reconfiguration of FPGAs , 2005, Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005..

[20]  James H. Burrows,et al.  Secure Hash Standard , 1995 .