Scalable security path methodology: A cost-security trade-off to protect FPGA IPs against active and passive tampers
01 Oct 2017-pp 85-90
TL;DR: A new tamper-resistant design methodology (Security Path methodology) and a revised security-aware FPGA architecture to protect the design against tampering attacks in parallel with the normal operation of the circuit.
Abstract: Modern FPGAs have a great market share in the hardware design industry and are used as primary elements in different critical applications like aerospace, automotive, military etc. They also are widely used in hardware prototyping, massive parallel systems and reconfigurable architectures. Short time to market and flexibility are two good features of FPGAs in the growth and diversity of their applications. However, field programmability has caused security concerns for IPs/Designs on FPGAs. Research shows that a reliable mechanism is required to protect the IPs/applications on FPGAs against malicious manipulations during all stages of design lifecycle, especially when they are operating in the field. In this paper, we propose a new tamper-resistant design methodology (Security Path methodology) and a revised security-aware FPGA architecture to protect the design against tampering attacks in parallel with the normal operation of the circuit. CAD tool is also updated to analyze vulnerabilities of the design and automatically insert the security modules inside the target generated IPs. All these proceedings are implemented with a balance approach between implementation costs and required security level.
Citations
More filters
15 Dec 2020
TL;DR: In this paper, a hardware-software co-design approach for secured FPGA accelerated embedded system design is presented, which inherits Mandatory Access Control (MAC) based authentication policies running at software down to hardware accelerators.
Abstract: Modern embedded systems include on-chip FPGA along with processors to meet the high computation demand by providing flexibility to users to add custom hardware accelerators. Any confidential or sensitive information may be processed by those custom accelerators or hardware Intellectual Properties (IPs). Existing accelerator usage models in embedded systems do not prevent illegal access to the IPs, which can be a severe security breach. In this paper, we present a hardware-software co-design approach for secured FPGA accelerated embedded system design. Our proposed security framework inherits Mandatory Access Control (MAC) based authentication policies running at software down to hardware accelerators in FPGA. It ensures secured processing of confidential data in the hardware to prevent software originated attacks at hardware IPs and information leaks. We have implemented a prototype of our proposed framework, which shows that it can be easily integrated while designing an embedded system with custom accelerator IPs. The experimental results show that the proposed framework establishes secured hardware execution with a negligible amount of area and performance overhead.
2 citations
References
More filters
TL;DR: Recent advances in the open source Verilog-to-Routing (VTR) CAD flow are described that enable further research in these areas and release new FPGA architecture files and models that are much closer to modern commercial architectures, enabling more realistic experiments.
Abstract: Exploring architectures for large, modern FPGAs requires sophisticated software that can model and target hypothetical devices. Furthermore, research into new CAD algorithms often requires a complete and open source baseline CAD flow. This article describes recent advances in the open source Verilog-to-Routing (VTR) CAD flow that enable further research in these areas. VTR now supports designs with multiple clocks in both timing analysis and optimization. Hard adder/carry logic can be included in an architecture in various ways and significantly improves the performance of arithmetic circuits. The flow now models energy consumption, an increasingly important concern. The speed and quality of the packing algorithms have been significantly improved. VTR can now generate a netlist of the final post-routed circuit which enables detailed simulation of a design for a variety of purposes. We also release new FPGA architecture files and models that are much closer to modern commercial architectures, enabling more realistic experiments. Finally, we show that while this version of VTR supports new and complex features, it has a 1.5× compile time speed-up for simple architectures and a 6× speed-up for complex architectures compared to the previous release, with no degradation to timing or wire-length quality.
335 citations
"Scalable security path methodology:..." refers methods in this paper
...We implemented the proposed methodology in VTR toolbox [20]....
[...]
04 Nov 2013
TL;DR: FANCI is a tool that flags suspicious wires, in a design, which have the potential to be malicious, which FANCI uses scalable, approximate, boolean functional analysis to detect these wires.
Abstract: Hardware design today bears similarities to software design. Often vendors buy and integrate code acquired from third-party organizations into their designs, especially in embedded/system-on-chip designs. Currently, there is no way to determine if third-party designs have built-in backdoors that can compromise security after deployment.The key observation we use to approach this problem is that hardware backdoors incorporate logic that is nearly-unused, i.e. stealthy. The wires used in stealthy backdoor circuits almost never influence the outputs of those circuits. Typically, they do so only when triggered using external inputs from an attacker. In this paper, we present FANCI, a tool that flags suspicious wires, in a design, which have the potential to be malicious. FANCI uses scalable, approximate, boolean functional analysis to detect these wires.Our examination of the TrustHub hardware backdoor benchmark suite shows that FANCI is able to flag all suspicious paths in the benchmarks that are associated with backdoors. Unlike prior work in the area, FANCI is not hindered by incomplete test suite coverage and thus is able to operate in practice without false negatives. Furthermore, FANCI reports low false positive rates: less than 1% of wires are reported as suspicious in most cases. All TrustHub designs were analyzed in a day or less. We also analyze a backdoor-free out-of-order microprocessor core to demonstrate applicability beyond benchmarks.
329 citations
09 Sep 2012
TL;DR: Using an innovative patented technique, Pipeline Emission Analysis (PEA) was able to extract the secret key to activate the backdoor, as well as other security keys such as the AES and the Passkey, which means the device is wide open to intellectual property (IP) theft, fraud, re-programming, and reverse engineering of the design.
Abstract: This paper is a short summary of the first real world detection of a backdoor in a military grade FPGA. Using an innovative patented technique we were able to detect and analyse in the first documented case of its kind, a backdoor inserted into the Actel/Microsemi ProASIC3 chips for accessing FPGA configuration. The backdoor was found amongst additional JTAG functionality and exists on the silicon itself, it was not present in any firmware loaded onto the chip. Using Pipeline Emission Analysis (PEA), our pioneered technique, we were able to extract the secret key to activate the backdoor, as well as other security keys such as the AES and the Passkey. This way an attacker can extract all the configuration data from the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device. Clearly this means the device is wide open to intellectual property (IP) theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan. Most concerning, it is not possible to patch the backdoor in chips already deployed, meaning those using this family of chips have to accept the fact they can be easily compromised or will have to be physically replaced after a redesign of the silicon itself.
265 citations
"Scalable security path methodology:..." refers background in this paper
...In [10-16] it has been shown that encryption keys in Xilinx, Altera, and Microsemi FPGAs are vulnerable to differential power analysis (DPA) attacks and the plaintext bitstream can be extracted when the key is exposed....
[...]
17 Oct 2011
TL;DR: A successful attack on the bitstream encryption engine integrated in the widespread Virtex-II Pro FPGAs from Xilinx, using side-channel analysis, is developed, believed to be the first attack against thebitstream encryption of a commercial FPGA reported in the open literature.
Abstract: Over the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect the intellectual property and to prevent fraud, e.g., by cloning a design embedded into an FPGA or manipulating its content, many current FPGAs employ a bitstream encryption feature. We develop a successful attack on the bitstream encryption engine integrated in the widespread Virtex-II Pro FPGAs from Xilinx, using side-channel analysis. After measuring the power consumption of a single power-up of the device and a modest amount of off-line computation, we are able to recover all three different keys used by its triple DES module. Our method allows extracting secret keys from any real-world device where the bitstream encryption feature of Virtex-II Pro is enabled. As a consequence, the target product can be cloned and manipulated at the will of the attacker since no side-channel protection was included into the design of the decryption module. Also, more advanced attacks such as reverse engineering or the introduction of hardware Trojans become potential threats. While performing the side-channel attack, we were able to deduce a hypothetical architecture of the hardware encryption engine. To our knowledge, this is the first attack against the bitstream encryption of a commercial FPGA reported in the open literature.
185 citations
"Scalable security path methodology:..." refers background in this paper
...In [10-16] it has been shown that encryption keys in Xilinx, Altera, and Microsemi FPGAs are vulnerable to differential power analysis (DPA) attacks and the plaintext bitstream can be extracted when the key is exposed....
[...]
24 Feb 2008
TL;DR: This work aims to raise awareness about security issues for users of FPGAs and makes custom compilation and low-level tinkering with bitstreams - à la JBits - possible.
Abstract: This poster presents an in-depth analysis of the Xilinx bitstream file format. This theoretical analysis is backed by a simple and efficient implementation of a reverse-engineering tool for Xilinx bitstreams. The development process followed these lines. First, publicly available documentation from Xilinx has been analyzed; then some custom assumptions about the bitstream format have been made. This information allowed a suitable algorithm to be run on well-chosen bitstreams. The output from this automated analysis step is a database which relates raw bitstream data to low-level netlist elements. This database is subsequently used as input to an efficient bitstream compiler which can either generate a bitstream from a low-level (XDL) description of the netlist, or conversely decompile any given bitstream to its low-level netlist elements. This work has been validated for the spartan3, virtex2, virtex4 and virtex5 FPGA lines from Xilinx. Decompiling a bitstream is very fast; it is two orders of magnitude faster than the reverse operation of compilation with Xilinx' bitgen. This work aims to raise awareness about security issues for users of FPGAs. It also makes custom compilation and low-level tinkering with bitstreams - a la JBits - possible
182 citations
"Scalable security path methodology:..." refers background in this paper
...FPGAs with built-in encryption are expensive and powerhungry for many of embedded applications [4] and [17]....
[...]
...However, recently some papers such as [4] proposed an easy process to decompile the bitstream of modem FPGA families to a textual netlist description in a short time....
[...]