Deeply Hardware-Entangled Reconfigurable Logic and Interconnect

The configuration bitstream is a persistent source of security vulnerability in FPGA designs. A possible compromise of configuration data by the attacker poses significant threats for deployed systems in the field. These threats include cloning the FPGA configuration for use in counterfeit/unauthorized systems, modification of the FPGA configuration to increase side-channel emissions and adding malicious Trojan hardware into the compromised design. In order to address these security concerns, FPGA vendors have implemented various countermeasures to secure the configuration data. Among these are bitstream encryption, bitstream authentication/validation, flash FPGAs, and active defense mechanisms on FPGA test and support ports. However, a number of successful attacks on these countermeasures have been demonstrated including direct probing of the configuration storage cells, side-channel attacks on the decryption blocks, and attacks on the scan chain.

In this seminar, I am going to talk about these attacks and the limitations of the existing countermeasures against those attacks. Then, I am going to present an FPGA design that never stores the configuration data in the clear, even at the lowest level of the hardware. We deeply hardware-entangle the reconfigurable logic and interconnect by one-time pad encrypting the bitstream using a Physical Unclonable Function (PUF) response. By leveraging our recent work in high performance, high density, high reliability, and low power PUF design, we tightly integrate a PUF bit with every configuration bit. This has significant security benefits including high resistance to probing attacks and unique per-die configuration bitstreams, while only requiring minor modification of the conventional FPGA design. Based on overheads from a PUF implementation in an industrial 65nm bulk CMOS process, we simulate such an FPGA design and achieve modest overheads in power, area, and performance across multiple security-focused benchmark applications.

Bio:Burak Erbagci is a PhD candidate at Carnegie Mellon University and advised by Prof. Ken Mai. He holds a BS degree in Electronics Engineering from Sabanci University Istanbul (2009) and an MS degree in Electrical Engineering from EPFL Switzerland (2011).  His research interests include hardware security and high performance and efficient VLSI design.

 

[start_dates] => Array ( [0] => 2015-12-24 11:40:00 ) [end_dates] => Array ( [0] => 2015-12-24 12:40:00 ) [where] => Fens L048 [headline] => [comments_count] => 0 [created] => 1450701425 [error] => [errorcode] => 0 ) --> EE Seminar | Mühendislik ve Doğa Bilimleri Fakültesi
EE Seminar

You are here

 

Deeply Hardware-Entangled Reconfigurable Logic and Interconnect

The configuration bitstream is a persistent source of security vulnerability in FPGA designs. A possible compromise of configuration data by the attacker poses significant threats for deployed systems in the field. These threats include cloning the FPGA configuration for use in counterfeit/unauthorized systems, modification of the FPGA configuration to increase side-channel emissions and adding malicious Trojan hardware into the compromised design. In order to address these security concerns, FPGA vendors have implemented various countermeasures to secure the configuration data. Among these are bitstream encryption, bitstream authentication/validation, flash FPGAs, and active defense mechanisms on FPGA test and support ports. However, a number of successful attacks on these countermeasures have been demonstrated including direct probing of the configuration storage cells, side-channel attacks on the decryption blocks, and attacks on the scan chain.

In this seminar, I am going to talk about these attacks and the limitations of the existing countermeasures against those attacks. Then, I am going to present an FPGA design that never stores the configuration data in the clear, even at the lowest level of the hardware. We deeply hardware-entangle the reconfigurable logic and interconnect by one-time pad encrypting the bitstream using a Physical Unclonable Function (PUF) response. By leveraging our recent work in high performance, high density, high reliability, and low power PUF design, we tightly integrate a PUF bit with every configuration bit. This has significant security benefits including high resistance to probing attacks and unique per-die configuration bitstreams, while only requiring minor modification of the conventional FPGA design. Based on overheads from a PUF implementation in an industrial 65nm bulk CMOS process, we simulate such an FPGA design and achieve modest overheads in power, area, and performance across multiple security-focused benchmark applications.

Bio:Burak Erbagci is a PhD candidate at Carnegie Mellon University and advised by Prof. Ken Mai. He holds a BS degree in Electronics Engineering from Sabanci University Istanbul (2009) and an MS degree in Electrical Engineering from EPFL Switzerland (2011).  His research interests include hardware security and high performance and efficient VLSI design.