Zero Knowledge Authentication for Reuse of IPs in Reconfigurable Platforms
01 Oct 2019-pp 2040-2045
TL;DR: This work proposes a zero knowledge authentication strategy for safe reusing of RIPs that relies on verification of proof of authentication (PoA) mark embedded in the RIP by the RIP producers, and experimental results validate the proposed mechanism.
Abstract: A key challenge of the embedded era is to ensure trust in reuse of intellectual properties (IPs), which facilitates reduction of design cost and meeting of stringent marketing deadlines. Determining source of the IPs or their authenticity is a key metric to facilitate safe reuse of IPs. Though physical unclonable functions solves this problem for application specific integrated circuit (ASIC) IPs, authentication strategies for reconfigurable IPs (RIPs) or IPs of reconfigurable hardware platforms like field programmable gate arrays (FPGAs) are still in their infancy. Existing authentication techniques for RIPs that relies on verification of proof of authentication (PoA) mark embedded in the RIP by the RIP producers, leak useful clues about the PoA mark. This results in replication and implantation of the PoA mark in fake RIPs. This not only causes loss to authorized second hand RIP users, but also poses risk to the reputation of the RIP producers. We propose a zero knowledge authentication strategy for safe reusing of RIPs. The PoA of an RIP producer is kept secret and verification is carried out based on traversal times from the initial point to several intermediate points of the embedded PoA when the RIPs configure an FPGA. Such delays are user specific and cannot be replicated as these depend on intrinsic properties of the base semiconductor material of the FPGA, which is unique and never same as that of another FPGA. Experimental results validate our proposed mechanism. High strength even for low overhead ISCAS benchmarks, considered as PoA for experimentation depict the prospects of our proposed methodology.
Citations
More filters
References
More filters
TL;DR: A Built-In Self-Test (BIST) method to accurately measure the combinatorial circuit delays on an FPGA, paving the way for matching timing requirements in designs to FPGAs as a means of combating the problem of process variations.
Abstract: This article proposes a Built-In Self-Test (BIST) method to accurately measure the combinatorial circuit delays on an FPGA. The flexibility of the on-chip clock generation capability found in modern FPGAs is employed to step through a range of frequencies until timing failure in the combinatorial circuit is detected. In this way, the delay of any combinatorial circuit can be determined with a timing resolution of the order of picoseconds. Parallel and optimized implementations of the method for self-characterization of the delay of all the LUTs on an FPGA are also proposed. The method was applied to Altera Cyclone II and III FPGAs . A complete self-characterization of LUTs on a Cyclone II was achieved in 2.5 seconds, utilizing only 13kbit of block RAM to store the results. More extensive tests were carried out on the Cyclone III and the delays of adder circuits and embedded multiplier blocks were successfully measured. This self-measurement method paves the way for matching timing requirements in designs to FPGAs as a means of combating the problem of process variations.
70 citations
"Zero Knowledge Authentication for R..." refers methods in this paper
...For evaluation of responses, we adhere to the technique proposed in [19] and also used in [20]....
[...]
TL;DR: This work proposes an IP protection mechanism for FPGA designs at the level of individual IP cores, by making use of the self-reconfiguring capabilities of modern FPGAs and deploying a trusted third party to run a metering service, similar to the work of Giineysu et ah and Drimer et at
Abstract: Currently achievable intellectual property (IP) protection solutions for field-programmable gate arrays (FPGAs) are limited to single large "monolithic" configurations. However, the ever growing capabilities of FPGAs and the consequential increasing complexity of their designs ask for a modular development model, where individual IP cores from multiple parties are integrated into a larger system. To enable such a model, the availability of IP protection at the modular level is imperative. In this work, we propose an IP protection mechanism for FPGA designs at the level of individual IP cores, by making use of the self-reconfiguring capabilities of modern FPGAs and deploying a trusted third party to run a metering service, similar to the work of Giineysu et ah and Drimer et at The proposed scheme makes it possible to enforce a pay-per-use licensing scheme which holds considerable advantages, both for IP core providers as well as for system integrators. Moreover, the scheme has a minimal implementation overhead and is the first of its kind to be solely based on primitives that are already available in recent commercially available FPGA devices. This allows for an immediate and feasible deployment, in contrast to earlier proposed solutions.
69 citations
"Zero Knowledge Authentication for R..." refers background in this paper
...Even modern IPs are licensed to prevent its usage after a certain number of times [5]....
[...]
TL;DR: It is shown that, without an initial knowledge that a reverse-engineering countermeasure is employed, the PE technique outperforms the full-encryption technique in terms of the reverse- engineering cost.
Abstract: The configuration-data sequence of a field-programmable gate array (FPGA) is an intellectual property (IP) of the original designer. This paper proposes a partial-encryption (PE) technique for IP protection of configuration-data sequences by means of increasing the reverse-engineering cost. The PE technique encrypts a few selected data of the sequence. These data are selected in a judicious way such that, when a rival competitor copies the partially encrypted sequence into a cloned product, the cloned product performs the expected task to a certain degree of correctness but not absolutely error-free. Debugging is required. It is shown that, without an initial knowledge that a reverse-engineering countermeasure is employed, the PE technique outperforms the full-encryption technique in terms of the reverse-engineering cost. This paper describes implementation details of the proposed PE technique. Issues regarding system designs that embed hidden imperfections are also discussed.
67 citations
TL;DR: This paper identifies design constraints for Trojan detection to achieving detection, collusion prevention, and isolating the Trojan-infected 3PIP, and incorporates them during high-level synthesis.
Abstract: Trustworthiness of system-on-chip designs is undermined by malicious logic (Trojans) in third-party intellectual properties (3PIPs). In this paper, duplication, diversity, and isolation principles have been extended to detect build trustworthy systems using untrusted, potentially Trojan-infected 3PIPs. We use a diverse set of vendors to prevent collusions between the 3PIPs from the same vendor. We identify design constraints for Trojan detection to achieving detection, collusion prevention, and isolating the Trojan-infected 3PIP, and incorporate them during high-level synthesis. In addition, we develop techniques to reduce the number of vendors. The effectiveness of the proposed techniques is validated using the high-level synthesis benchmarks.
64 citations
"Zero Knowledge Authentication for R..." refers methods in this paper
...Such a strategy is applicable in both the domains of application specific integrated circuits (ASICs) [3] and field programmable gate arrays (FPGAs) [4]....
[...]
TL;DR: A novel technique to authenticate and identify field-programmable gate arrays (FPGAs) using the reconfigurability feature of FPGAs to perform self-characterization and extract the unique timing of the FPGA building blocks over the space of possible inputs is introduced.
Abstract: This paper introduces a novel technique to authenticate and identify field-programmable gate arrays (FPGAs). The technique uses the reconfigurability feature of FPGAs to perform self-characterization and extract the unique timing of the FPGA building blocks over the space of possible inputs. The characterization circuit is then exploited for constructing a physically unclonable function (PUF). The PUF can accept different forms of challenges including pulsewidth, digital binary, and placement challenges. The responses from the PUF are only verifiable by entities with access to the unique timing signature. However, the authentic device is the only entity who can respond within a given time constraint. The constraint is set by the gap between the speed of PUF evaluation on authentic hardware and simulation of its behavior. A suite of authentication protocols is introduced based on the time-bounded mechanism. We ensure that the responses are robust to fluctuations in operational conditions such as temperature and voltage variations by employing: 1) a linear calibration mechanism that adjusts the clock frequency by a feedback from on-chip temperature and voltage sensor readings, and 2) a differential PUF structure with real-valued responses that cancels out the common impact of variations on delays. Security against various attacks is discussed and a proof-of-concept implementation of signature extraction and authentication are demonstrated on Xilinx Virtex 5 FPGAs.
63 citations
"Zero Knowledge Authentication for R..." refers methods in this paper
...PUFs are basically used for authentication of hard IPs or fabricated devices [20]....
[...]
...Generation of PUFs for authentication of FPGA devices based on this concept was proposed in [18], [20]....
[...]
...For evaluation of responses, we adhere to the technique proposed in [19] and also used in [20]....
[...]