Presentation is loading. Please wait.

Presentation is loading. Please wait.

Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,"— Presentation transcript:

1 http://vsp2.ecs.umass.edu/vspg/vspg.html http://lester.univ-ubs.fr/ Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1, Guy Gogniat 1, Wayne Burleson 2 1 LESTER Lab Université de Bretagne Sud Lorient, France lilian.bossuet@univ-ubs.fr 2 Department of Electrical and Computer Engineering University of Massachusetts, Amherst, USA burleson@ecs.umass.edu

2 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 2 Outline u Design Security u Actual Solutions u Propositions u Conclusion

3 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 3 FPGA and Security … Protecting FPGA data and resources System Security using FPGA FPGA Design Security Protect the FPGA configuration Bitstream encryption Watermarking Protect the FPGA Data encryption scheme Protection against hardware damage Use the FPGA to protect Network isolation (firewalls) Smart cards Sensor networks FPGA Design Security

4 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 4 Design Security

5 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 5 Need for Design Security Protection against è Cloning A competitor makes copy of the boot ROM or intercepts the bitstream and copies the code. è Reverse Engineering A competitor copies a design by reconstructing a “schematic” or netlist level representation; in the process, he understands how the design works and how to improve it, or modify it with malicious intent Attack Types è Noninvasive Monitored by external means such as brute force key generation, changing voltages to discover hidden test modes, etc è Invasive Decapped and then microprobed using focused ion beams, or other sophisticated techniques to determine the contents of the device

6 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 6 Levels of Semiconductor Security u #3 Can be broken into in a government sponsored lab (e.g. USA NSA or France DGA) u #2 Can theoretically be broken into with time and expensive equipment u #1 Not secure, easily compromised with low costs tools #3 #2 #1 Time Cost Source : IBM systems journal Vol. 30 No 2 - 1991 D. G. Abraham, G. M. Dolan, G. P. Double, J. V. Stevens. Transaction Security System

7 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 7 Actual Semiconductor Level of Security Source : ACTEL DEVICESSECURITY u SRAM FPGALEVEL 1 u ASIC Gate ArrayLEVEL 2 - u Cell-Based ASIC LEVEL 2 - u SRAM FPGA with Bitstream encryptionLEVEL 2 u Flash FPGALEVEL 2 + u Antifuse FPGALEVEL 2 +

8 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 8 Actual Solutions

9 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 9 u Very good for design security è No bitstream can be intercepted in the field (no bitstream transfer, no external configuration device) è Need a Scanning Electron Microscope (SEM) to try to know the antifuse states (an Actel AX2OOO antifuse FPGA contains 53 million antifuses with only 2-5% programmed in an average design) u BUT not really “reconfigurable” just configurable... Flash and Antifuses FPGA ©ACTEL Flash and Antifuse FPGA  10 % SRAM FPGA  90 %

10 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 10 Xilinx Solution u Need of an external battery to save the keys u The decryption circuit takes FPGA resources (silicon)… u No flexibility for the decryption algorithm u Partial reconfiguration is no more available encrypted configuration EPROM FPGA Virtex -II decryption circuit keys storage +- external battery CAD TOOL configuration generator encryption software secret keys (Triple DES - 3 x 56 bits) configuration memory secret keys (Triple DES - 3 x 56 bits) Protection against cloning and reverse engineering

11 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 11 Altera Solution u The decryption circuit takes FPGA resources (silicon)… u No flexibility for the decryption algorithm encrypted configuration EPROM FPGA Stratix -II decryption circuit keys storage CAD TOOL configuration generator encryption software secret key (AES 128 bits) configuration memory secret key (AES 128 bits)

12 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 12 Algotronix (U.K.) Proposition Tom Kean. Secure Configuration of a Field Programmable Gate Array. FPL 2001 and FCCM 2001. u A secret cryptographic key can be stored on each FPGA u No need for the CAD tools or any person to have knowledge of the key u The Encryption Decryption circuit takes FPGA resources (silicon)… u No flexibility for the decryption algorithm encrypted configuration FLASH Serial EPROM FPGA encryption circuit secret key configuration circuit configuration memory JTAG encrypted configuration FLASH Serial EPROM FPGA decryption circuit secret key configuration circuit configuration memory a) Initial programming of secure FPGA b) Normal configuration of secure FPGA

13 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 13 Propositions...

14 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 14 Desirable Characteristics u Strong protection against cloning and reverse engineering for SRAM FPGA u No additional battery => the key is embedded (laser) u Choice of the suitable encryption algorithm and architecture (security policy) u No use of FPGA application-dedicated resources

15 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 15 IP1 IP3 IP5 IP2 IP4 Security Policy Actual solutions: the whole design (all IPs) has the same security policy IP1 IP3 IP5 IP2 IP4 Proposition: Each IP can be encrypted with its own algorithm

16 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 16 Security Policy u Application partitioning with necessary security levels u All of the application doesn’t need to be encrypted (free available IP) Security-Critical Part: your Intellectual property which needs higher security due to development cost potential security breach No critical Parts: Generic functions and cores such as communication protocols, etc. IP1 (SCP) IP3 IP5 IP2 (SCP) IP4

17 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 17 Encryption - Decryption management u Once the FPGA is configured encryption and decryption circuits do not use FPGA resources u Use of partial dynamic reconfiguration u Use of self-reconfiguration (to configure each IP with the corresponding decryption circuit) u Embedded secret key

18 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 18 Encryption Management (in the lab.) IP1 (SCP1) algorithm 1 IP3 (NCP) IP2 (SCP2) algorithm 2 FPGA : secret KEY Encryption circuit1 Encryption circuit1 SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1

19 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 19 Encryption Management (in the lab.) IP1 (SCP1) algorithm 1 IP3 (NCP) IP2 (SCP2) algorithm 2 FPGA : secret KEY Encryption circuit2 Encryption circuit2 SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2

20 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 20 Encryption Management (in the lab.) IP1 (SCP1) algorithm 1 IP3 (NCP) IP2 (SCP2) algorithm 2 FPGA : secret KEY SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP

21 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 21 Decryption circuit1 Decryption Management (at power up) SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY Configuration Controller

22 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 22 Decryption Management (at power up) SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP IP1 Decryption circuit1 FPGA : secret KEY Configuration Controller u Partial and self reconfiguration

23 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 23 Decryption circuit2 Decryption Management (at power up) SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY IP1 Configuration Controller u Partial and self reconfiguration u The decryption circuit1 is replaced by the decryption circuit2

24 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 24 IP2 Decryption circuit2 Decryption Management (at power up) SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY IP1 Configuration Controller u Partial and self reconfiguration u The decryption circuit1 is replaced by the decryption circuit2

25 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 25 IP2 IP3 Decryption Management (at power up) Configuration Controller SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY IP1 u Partial and self reconfiguration u The decryption circuit1 is replaced by the decryption circuit2 u The decryption circuit2 is replaced by the non critical part that is not encrypted

26 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 26 Main issues u Partial and self-reconfiguration u Area related to the decryption algorithms u Keys management for each encryption/decryption circuit u Configuration controller to perform the configuration management

27 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 27 Area related to the decryption algorithms u Once the last encrypted bitstream is configured the last decryption algorithm can be replace by non critical parts u ICAP performance: 66 Mbits/s, throughput is not the major concern but area Algorithm#slices of the cryptographic core Rijndael431253022902 Serpent125079644438 RC6174931891139 Twofish280930531076 ~ 100 Mbits/s< Throughput < ~400 Mbiys/s

28 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 28 Keys management u Secret key is define during the fabrication process (laser) u Define a large key e.g. 1024 bits that is used to generate each secret key (56 bits, 128 bits) u Hardwired key generator u Hardwired mechanism to authenticate each decryption circuit and encrypted bitstream (signature)

29 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 29 Configuration Controller IP2 IP3 Configuration Controller SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY IP1

30 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 30 Advantages / Inconveniences u The encryption/decryption circuit doesn’t take FPGA resources u Choice of a suitable encryption algorithm and architecture ( to obtain a required security level) u Only designer knows the chosen algorithm and architecture u The system can be upgraded with new encryption algorithms u No additional battery with an embedded secret key u Complex system, keys management u Management of partial, self and dynamic reconfiguration u Take time during the system set up - - - + + + + +

31 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 31 Conclusion...

32 http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 32 Conclusion u In consequence of the rise of the FPGA, it is necessary to prevent piracy and reverse engineering of FPGA Bistream u Existing SRAM FPGA are insecure u We propose original solutions that take advantage of the partial and dynamic FPGA configuration, with a no-fixed encryption algorithm and architecture u It is a first step toward security policy for FPGA and the solutions still to be improved...

33 http://vsp2.ecs.umass.edu/vspg/vspg.html http://lester.univ-ubs.fr/ Comments? Questions? Thank you

Download ppt "Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,"

Similar presentations

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Lecture 7 FPGA technology. 2 Implementation Platform Comparison.

Lecture 7 FPGA technology. 2 Implementation Platform Comparison.
1 Reconfigurable Hardware Thomas Polzer 0325077. 2 Overview Definition Definition Methods Methods Devices Devices Applications Applications Problems Problems.

1 Reconfigurable Hardware Thomas Polzer Overview Definition Definition Methods Methods Devices Devices Applications Applications Problems Problems.
LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe.

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Steven Koelmeyer BDS(hons)1 Reconfigurable Hardware for use in Ad Hoc Sensor Networks Supervisors Charles Greif Nandita Bhattacharjee.

Steven Koelmeyer BDS(hons)1 Reconfigurable Hardware for use in Ad Hoc Sensor Networks Supervisors Charles Greif Nandita Bhattacharjee.
Lecture 2: Field Programmable Gate Arrays I September 5, 2013 ECE 636 Reconfigurable Computing Lecture 2 Field Programmable Gate Arrays I.

Lecture 2: Field Programmable Gate Arrays I September 5, 2013 ECE 636 Reconfigurable Computing Lecture 2 Field Programmable Gate Arrays I.
Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet,

Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet,
Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,

Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,
FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.

FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
VHDL AES 128 Encryption/Decryption

VHDL AES 128 Encryption/Decryption
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.

Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.

Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Similar presentations

Ads by Google