Download presentation
Presentation is loading. Please wait.
1
http://vsp2.ecs.umass.edu/vspg/vspg.html http://lester.univ-ubs.fr/ Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1, Guy Gogniat 1, Wayne Burleson 2 1 LESTER Lab Université de Bretagne Sud Lorient, France lilian.bossuet@univ-ubs.fr 2 Department of Electrical and Computer Engineering University of Massachusetts, Amherst, USA burleson@ecs.umass.edu
2
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 2 Outline u Design Security u Actual Solutions u Propositions u Conclusion
3
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 3 FPGA and Security … Protecting FPGA data and resources System Security using FPGA FPGA Design Security Protect the FPGA configuration Bitstream encryption Watermarking Protect the FPGA Data encryption scheme Protection against hardware damage Use the FPGA to protect Network isolation (firewalls) Smart cards Sensor networks FPGA Design Security
4
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 4 Design Security
5
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 5 Need for Design Security Protection against è Cloning A competitor makes copy of the boot ROM or intercepts the bitstream and copies the code. è Reverse Engineering A competitor copies a design by reconstructing a “schematic” or netlist level representation; in the process, he understands how the design works and how to improve it, or modify it with malicious intent Attack Types è Noninvasive Monitored by external means such as brute force key generation, changing voltages to discover hidden test modes, etc è Invasive Decapped and then microprobed using focused ion beams, or other sophisticated techniques to determine the contents of the device
6
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 6 Levels of Semiconductor Security u #3 Can be broken into in a government sponsored lab (e.g. USA NSA or France DGA) u #2 Can theoretically be broken into with time and expensive equipment u #1 Not secure, easily compromised with low costs tools #3 #2 #1 Time Cost Source : IBM systems journal Vol. 30 No 2 - 1991 D. G. Abraham, G. M. Dolan, G. P. Double, J. V. Stevens. Transaction Security System
7
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 7 Actual Semiconductor Level of Security Source : ACTEL DEVICESSECURITY u SRAM FPGALEVEL 1 u ASIC Gate ArrayLEVEL 2 - u Cell-Based ASIC LEVEL 2 - u SRAM FPGA with Bitstream encryptionLEVEL 2 u Flash FPGALEVEL 2 + u Antifuse FPGALEVEL 2 +
8
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 8 Actual Solutions
9
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 9 u Very good for design security è No bitstream can be intercepted in the field (no bitstream transfer, no external configuration device) è Need a Scanning Electron Microscope (SEM) to try to know the antifuse states (an Actel AX2OOO antifuse FPGA contains 53 million antifuses with only 2-5% programmed in an average design) u BUT not really “reconfigurable” just configurable... Flash and Antifuses FPGA ©ACTEL Flash and Antifuse FPGA 10 % SRAM FPGA 90 %
10
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 10 Xilinx Solution u Need of an external battery to save the keys u The decryption circuit takes FPGA resources (silicon)… u No flexibility for the decryption algorithm u Partial reconfiguration is no more available encrypted configuration EPROM FPGA Virtex -II decryption circuit keys storage +- external battery CAD TOOL configuration generator encryption software secret keys (Triple DES - 3 x 56 bits) configuration memory secret keys (Triple DES - 3 x 56 bits) Protection against cloning and reverse engineering
11
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 11 Altera Solution u The decryption circuit takes FPGA resources (silicon)… u No flexibility for the decryption algorithm encrypted configuration EPROM FPGA Stratix -II decryption circuit keys storage CAD TOOL configuration generator encryption software secret key (AES 128 bits) configuration memory secret key (AES 128 bits)
12
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 12 Algotronix (U.K.) Proposition Tom Kean. Secure Configuration of a Field Programmable Gate Array. FPL 2001 and FCCM 2001. u A secret cryptographic key can be stored on each FPGA u No need for the CAD tools or any person to have knowledge of the key u The Encryption Decryption circuit takes FPGA resources (silicon)… u No flexibility for the decryption algorithm encrypted configuration FLASH Serial EPROM FPGA encryption circuit secret key configuration circuit configuration memory JTAG encrypted configuration FLASH Serial EPROM FPGA decryption circuit secret key configuration circuit configuration memory a) Initial programming of secure FPGA b) Normal configuration of secure FPGA
13
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 13 Propositions...
14
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 14 Desirable Characteristics u Strong protection against cloning and reverse engineering for SRAM FPGA u No additional battery => the key is embedded (laser) u Choice of the suitable encryption algorithm and architecture (security policy) u No use of FPGA application-dedicated resources
15
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 15 IP1 IP3 IP5 IP2 IP4 Security Policy Actual solutions: the whole design (all IPs) has the same security policy IP1 IP3 IP5 IP2 IP4 Proposition: Each IP can be encrypted with its own algorithm
16
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 16 Security Policy u Application partitioning with necessary security levels u All of the application doesn’t need to be encrypted (free available IP) Security-Critical Part: your Intellectual property which needs higher security due to development cost potential security breach No critical Parts: Generic functions and cores such as communication protocols, etc. IP1 (SCP) IP3 IP5 IP2 (SCP) IP4
17
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 17 Encryption - Decryption management u Once the FPGA is configured encryption and decryption circuits do not use FPGA resources u Use of partial dynamic reconfiguration u Use of self-reconfiguration (to configure each IP with the corresponding decryption circuit) u Embedded secret key
18
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 18 Encryption Management (in the lab.) IP1 (SCP1) algorithm 1 IP3 (NCP) IP2 (SCP2) algorithm 2 FPGA : secret KEY Encryption circuit1 Encryption circuit1 SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1
19
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 19 Encryption Management (in the lab.) IP1 (SCP1) algorithm 1 IP3 (NCP) IP2 (SCP2) algorithm 2 FPGA : secret KEY Encryption circuit2 Encryption circuit2 SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2
20
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 20 Encryption Management (in the lab.) IP1 (SCP1) algorithm 1 IP3 (NCP) IP2 (SCP2) algorithm 2 FPGA : secret KEY SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP
21
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 21 Decryption circuit1 Decryption Management (at power up) SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY Configuration Controller
22
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 22 Decryption Management (at power up) SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP IP1 Decryption circuit1 FPGA : secret KEY Configuration Controller u Partial and self reconfiguration
23
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 23 Decryption circuit2 Decryption Management (at power up) SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY IP1 Configuration Controller u Partial and self reconfiguration u The decryption circuit1 is replaced by the decryption circuit2
24
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 24 IP2 Decryption circuit2 Decryption Management (at power up) SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY IP1 Configuration Controller u Partial and self reconfiguration u The decryption circuit1 is replaced by the decryption circuit2
25
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 25 IP2 IP3 Decryption Management (at power up) Configuration Controller SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY IP1 u Partial and self reconfiguration u The decryption circuit1 is replaced by the decryption circuit2 u The decryption circuit2 is replaced by the non critical part that is not encrypted
26
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 26 Main issues u Partial and self-reconfiguration u Area related to the decryption algorithms u Keys management for each encryption/decryption circuit u Configuration controller to perform the configuration management
27
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 27 Area related to the decryption algorithms u Once the last encrypted bitstream is configured the last decryption algorithm can be replace by non critical parts u ICAP performance: 66 Mbits/s, throughput is not the major concern but area Algorithm#slices of the cryptographic core Rijndael431253022902 Serpent125079644438 RC6174931891139 Twofish280930531076 ~ 100 Mbits/s< Throughput < ~400 Mbiys/s
28
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 28 Keys management u Secret key is define during the fabrication process (laser) u Define a large key e.g. 1024 bits that is used to generate each secret key (56 bits, 128 bits) u Hardwired key generator u Hardwired mechanism to authenticate each decryption circuit and encrypted bitstream (signature)
29
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 29 Configuration Controller IP2 IP3 Configuration Controller SCP1 Encrypted SCP1 Encrypted EPROM Decryption circuit1 Decryption circuit1 SCP2 Encrypted SCP2 Encrypted Decryption circuit2 Decryption circuit2 NCP FPGA : secret KEY IP1
30
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 30 Advantages / Inconveniences u The encryption/decryption circuit doesn’t take FPGA resources u Choice of a suitable encryption algorithm and architecture ( to obtain a required security level) u Only designer knows the chosen algorithm and architecture u The system can be upgraded with new encryption algorithms u No additional battery with an embedded secret key u Complex system, keys management u Management of partial, self and dynamic reconfiguration u Take time during the system set up - - - + + + + +
31
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 31 Conclusion...
32
http://lester.univ-ubs.fr/ http://vsp2.ecs.umass.edu/vspg/vspg.html 32 Conclusion u In consequence of the rise of the FPGA, it is necessary to prevent piracy and reverse engineering of FPGA Bistream u Existing SRAM FPGA are insecure u We propose original solutions that take advantage of the partial and dynamic FPGA configuration, with a no-fixed encryption algorithm and architecture u It is a first step toward security policy for FPGA and the solutions still to be improved...
33
http://vsp2.ecs.umass.edu/vspg/vspg.html http://lester.univ-ubs.fr/ Comments? Questions? Thank you
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.