Compact and On-the-Fly Secure Dynamic Reconfiguration for Volatile FPGAs
- 12 January 2016
- journal article
- research article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Reconfigurable Technology and Systems
- Vol. 9 (2), 1-22
- https://doi.org/10.1145/2816822
Abstract
The dynamic partial reconfiguration functionality of FPGAs can be attacked, particularly when the FPGA is remotely located or the configuration bitstreams are sent through insecure networks. The existing FPGA technologies provide some built-in security mechanisms; however, these are often inadequate. The existing solutions still impose a significant impact on the reconfiguration process and on the available resources. This article proposes a solution to improve the security of dynamic partial reconfiguration of FPGAs, without significantly affecting the reconfiguration performance. The proposed solution changes the encryption key of the remotely received bitstream by a randomly generated key, unique for each configuration, when storing them in the external unsecured memory. The native frame-wise error detection mechanism combined with an additional CBC-MAC authentication mechanism, allows for an improved countermeasure against replay attack and wrongful bitstream usage. The proposed solution introduces an overhead of 1% of the available resources on the target FPGA and provides the lowest impact on the reconfiguration process when compared to the state of the art, achieving a reconfiguration throughput of 2.5Gbps. Regarding the built-in security mechanism provided by the Xilinx FPGAs, the solution herein proposed provides better security and improves the reconfiguration performance by more than 3 times.Keywords
Funding Information
- FCT (UID/CEC/50021/2013)
- ARTEMIS (621429)
This publication has 28 references indexed in Scilit:
- Reconfigurable Binding against FPGA Replay AttacksACM Transactions on Design Automation of Electronic Systems, 2015
- Physical Security Evaluation of the Bitstream Encryption Mechanism of Altera Stratix II and Stratix III FPGAsACM Transactions on Reconfigurable Technology and Systems, 2014
- Secure, Remote, Dynamic Reconfiguration of FPGAsACM Transactions on Reconfigurable Technology and Systems, 2014
- Practical feasibility evaluation and improvement of a pay-per-use licensing scheme for hardware IP cores in Xilinx FPGAsJournal of Cryptographic Engineering, 2014
- FPGA Security: Motivations, Features, and ApplicationsProceedings of the IEEE, 2014
- Protecting FPGA bitstreams using authenticated encryptionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- Bitstream Protection in Dynamic Partial Reconfiguration Systems Using Authenticated EncryptionIEICE Transactions on Information and Systems, 2013
- A Protocol for Secure Remote Updates of FPGA ConfigurationsPublished by Springer Science and Business Media LLC ,2009
- Security on FPGAsACM Transactions on Embedded Computing Systems, 2004
- Secure Configuration of Field Programmable Gate ArraysLecture Notes in Computer Science, 2001