Jo Vliegen
Abstract
With the widespread availability of broadband Internet, Field-Programmable Gate Arrays (FPGAs) can get remote updates in the field. This provides hardware and software updates, and enables issue solving and upgrade ability without device modification. In order to prevent an attacker from eavesdropping or manipulating the configuration data, security is a necessity.
This work describes an architecture that allows the secure, remote reconfiguration of an FPGA. The architecture is partially dynamically reconfigurable and it consists of a static partition that handles the secure communication protocol and a single reconfigurable partition that holds the main application. Our solution distinguishes itself from existing work in two ways: it provides entity authentication and it avoids the use of a trusted third party. The former provides protection against active attackers on the communication channel, while the latter reduces the number of reliable entities. Additionally, this work provides basic countermeasures against simple power-oriented side-channel analysis attacks.
The result is an implementation that is optimized toward minimal resource occupation. Because configuration updates occur infrequently, configuration speed is of minor importance with respect to area. A prototype of the proposed design is implemented, using 5,702 slices and having minimal downtime.
- An Braeken, Jan Genoe, Serge Kubera, Nele Mentens, Abdellah Touhafi, Ingrid Verbauwhede, Yannick Verbelen, Jo Vliegen, and Karel Wouters. 2011. Secure remote reconfiguration of an FPGA-based embedded system. In Proceedings of the 6th International Workshop on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoc’11), Diana Goehringer, Gabriel Marchesan Almeida, Gilles Sassatelli, and Leandro Soares Indrusiak (Eds.). IEEE, 74--79.Google Scholar
Cross Ref
- Jolo Viegas Carreira, Diamantino Costa, and João Gabriel Silva. 1999. Fault injection spot-checks computer system dependability. IEEE Spectrum 36, 8 (Aug. 1999), 50--55. Google ScholarDigital Library
- Javier Castillo, Pablo Huerta, Victor Lopez, and Jose Ignacio Martinez. 2005. A secure self-reconfiguring architecture based on open-source hardware. In Proceedings of the International Conference on Reconfigurable Computing and FPGAs (RECONFIG’05), René Cumplido and Claudia Feregrino (Eds.). IEEE, 7--10. Google ScholarDigital Library
- Pawel Chodowiec and Kris Gaj. 2003. Very compact FPGA implementation of the AES algorithm. In Proceedings of 5th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’03) (Lecture Notes in Computer Science), Colin D. Walter, Çetin Kaya Koç, and Christof Paar (Eds.), Vol. 2779. Springer-Verlag, Berlin, 319--333.Google ScholarCross Ref
- Florian Devic, Lionel Torres, and Benoît Badrignans. 2010. Secure protocol implementation for remote bitstream update preventing replay attacks on FPGA. In Proceedings of the 2010 International Conference on Field Programmable Logic and Applications (FPL’10), Fabrizio Ferrandi, Jari Nurmi, and Marco D. Santambrogio (Eds.). IEEE, 179--182. Google ScholarDigital Library
- Florian Devic, Lionel Torres, Jérémie Crenne, Benoît Badriganans, and Pascal Benoît. 2012. Secure DPR: Secure update preventing replay attacks for dynamic partial reconfiguration. In Proceedings of 22nd International Conference on Field Programmable Logic and Applications (FPL’12), Dirk Koch, Satnam Singh, and Jim Tørresen (Eds.). IEEE, 57--62.Google ScholarCross Ref
- Saar Drimer and Markus G. Kuhn. 2009. A protocol for secure remote updates of FPGA configurations. In Proceedings of the 5th International Workshop on Reconfigurable Computing: Architectures, Tools and Applications (ARC’09) (Lecture Notes in Computer Science), Jürgen Becker, Roger Woods, Peter M. Athanas, and Fearghal Morgan (Eds.). Springer, New York, 50--61. Google ScholarDigital Library
- ECRYPTII. 2012. Yearly Report on Algorithms and Keysizes. Technical Report. KU Leuven.Google Scholar
- Blaise Gassend, Dwaine Clarke, Marten van Dijk, and Srinivas Devadas. 2002. Silicon physical random functions. In Proceedings of the 9th ACM Conference on Computer and communications security (CCS’02), Vijayalakshmi Atluri (Ed.). ACM, New York, 148--160. Google ScholarDigital Library
- Ivan Gonzalez, Sergio Lopez-Buedo, and Francisco J. Gomez-Arribas. 2008. Implementation of secure applications in self-reconfigurable systems. Microprocessors and Microsystems 32, 1 (Feb. 2008), 23--32. Google ScholarDigital Library
- Tetsuya Izu, Bodo Möller, and Tsuyoshi Takagi. 2002. Improved elliptic curve multiplication methods resistant against side channel attacks. In Proceedings of the 3rd International Conference on Cryptology in India (INDOCRYPT’02) (Lecture Notes in Computer Science), Alfred Menezes and Palash Sarkar (Eds.), Vol. 2551. Springer, New York, 296--313. Google ScholarDigital Library
- Krzysztof Kepa, Fearghal Morgan, Krzysztof Kosciuszkiewicz, and Tomasz Surmacz. 2010. SeReCon: A secure reconfiguration controller for self-reconfigurable systems. Int. J. Crit. Comput.-Based Syst. 1, 1/2/3 (Feb. 2010), 86--103. Google ScholarDigital Library
- Paul C. Kocher. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the 16th Annual International Cryptology Conference (CRYPTO’96) (Lecture Notes in Computer Science), Neal Koblitz (Ed.), Vol. 1109. Springer, New York, 104--113. Google ScholarDigital Library
- Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference (CRYPTO’99) (Lecture Notes in Computer Science), Michael J. Wiener (Ed.), Vol. 1666. Springer, New York, 388--397. Google ScholarDigital Library
- Paul C. Kocher, Joshua Jaffe, Benjamin Jun, and Pankaj Rohatgi. 2011. Introduction to differential power analysis. J. Crypt. Eng. 1, 1 (April 2011), 5--27.Google ScholarCross Ref
- Roel Maes, Anthony Van Herrewege, and Ingrid Verbauwhede. 2012. PUFKY: A fully functional PUF-based cryptographic key generator. In Proceedings of 14th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’12) (Lecture Notes in Computer Science), Emmanuel Prouff and Patrick Schaumont (Eds.). Springer-Verlag, Berlin, 16. Google ScholarDigital Library
- Alfred J. Menezes, Scott A. Vanstone, and Paul C. Van Oorschot. 1996. Handbook of Applied Cryptography (1st ed.). CRC Press, Inc., Boca Raton, FL. Google ScholarDigital Library
- Peter L. Montgomery. 1985. Modular multiplication without trial division. Math. Comp. 44, 170 (Apr. 1985), 519--521.Google ScholarCross Ref
- Peter L. Montgomery. 1987. Speeding the pollard and elliptic curve methods of factorization. Math. Comp. 48, 177 (1987), 243--264. DOI: http://dx.doi.org/10.2307/2007888Google ScholarCross Ref
- Amir Moradi, Markus Kasper, and Christof Paar. 2012. Black-box side-channel attacks highlight the importance of countermeasures—An analysis of the Xilinx Virtex-4 and Virtex-5 bitstream encryption mechanism. In Proceedings of the Cryptographers’ Track at the RSA Conference (CT-RSA’12) (Lecture Notes in Computer Science), Orr Dunkelman (Ed.), Vol. 7178. Springer, New York, 1--18. Google ScholarDigital Library
- NIST. 2001a. Advanced Encryption Standard (AES) (NIST FIPS-197).Google Scholar
- NIST. 2001b. Recommendation for Block Cipher Modes of Operation (NIST SP-800-38A).Google Scholar
- NIST. 2008. The Keyed-Hash Message Authentication Code (HMAC) (NIST FIPS-198-1).Google Scholar
- NIST. 2012. Secure Hash Standard (NIST FIPS-180-4).Google Scholar
- NIST. 2013. Digital Signature Standard (DSS) (NIST FIPS-186-4).Google Scholar
- J. Postel. 1980. User Datagram Protocol. RFC 768 (Standard). Google ScholarDigital Library
- Dirk Rykx and Joris Thielen. 2011. Evaluatie van Nieuwe Hashfunctie Kandidaten op FPGA. Master’s thesis. Katholieke Hogeschool Limburg, Diepenbeek, Belgium.Google Scholar
- Jo Vliegen, Nele Mentens, Jan Genoe, An Braeken, Serge Kubera, Abdellah Touhafi, and Ingrid Verbauwhede. 2010. A compact FPGA-based architecture for elliptic curve cryptography over prime fields. In Proceedings of the 21st IEEE International Conference on Application-Specific Systems, Architectures and Processors (ASAP’10), Christophe Wolinski, Jürgen Teich, François Charot, and Walid Najjar (Eds.). IEEE, New York, 313--316.Google ScholarCross Ref
- Knut Wold and Chik How Tan. 2009. Analysis and enhancement of random number generator in FPGA based on oscillator rings. Int. J. Reconfig. Comput. 2009, 501672 (2009), 385--390. Google ScholarDigital Library
- Xilinx. 2011. Virtex-6 FPGA DSP48E1 Slice—User Guide 369. Retrieved from http://www.xilinx.com/support/documentation/user_guides/ug369.pdf. (Last accessed November 2013)Google Scholar
- Xilinx. 2012. Virtex-5 FPGA XtremeDSP design considerations—User guide 193. Retrieved from http://www.xilinx.com/support/documentation/user_guides/ug193.pdf. (Last accessed November 2013)Google Scholar
Index Terms
- Secure, Remote, Dynamic Reconfiguration of FPGAs
Recommendations
Performance-Area Improvement by Partial Reconfiguration for an Aerospace Remote Sensing Application
RECONFIG '11: Proceedings of the 2011 International Conference on Reconfigurable Computing and FPGAsDynamic Partial Reconfiguration (DPR) allows modification of certain parts of an FPGA while the rest of the device continues to operate and remains unaffected by the partial reprogramming. DPR for FPGA-based designs is an increasingly important feature ...
SeReCon: a secure reconfiguration controller for self-reconfigurable systems
A risk of covert insertion of circuitry into reconfigurable computing (RC) systems exists. This paper reviews risks of hardware attack on field programmable gate array (FPGA)-based RC systems and proposes a method for secure system credentials ...
Secure Extension of FPGA General Purpose Processors for Symmetric Key Cryptography with Partial Reconfiguration Capabilities
In data security systems, general purpose processors (GPPs) are often extended by a cryptographic accelerator. The article presents three ways of extending GPPs for symmetric key cryptography applications. Proposed extensions guarantee secure key ...
Comments