Journal of Computer Science and Technology

, Volume 32, Issue 2, pp 329–339 | Cite as

Enhancing Security of FPGA-Based Embedded Systems with Combinational Logic Binding

  • Ji-Liang Zhang
  • Wei-Zheng Wang
  • Xing-Wei Wang
  • Zhi-Hua Xia
Regular Paper
  • 67 Downloads

Abstract

With the increasing use of field-programmable gate arrays (FPGAs) in embedded systems and many embedded applications, the failure to protect FPGA-based embedded systems from cloning attacks has brought serious losses to system developers. This paper proposes a novel combinational logic binding technique to specially protect FPGA-based embedded systems from cloning attacks and provides a pay-per-device licensing model for the FPGA market. Security analysis shows that the proposed binding scheme is robust against various types of malicious attacks. Experimental evaluations demonstrate the low overhead of the proposed technique.

Keywords

cloning attack reverse engineering FPGA (field-programmable gate array) security hardware security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Supplementary material

11390_2017_1700_MOESM1_ESM.pdf (391 kb)
ESM 1 (PDF 390 kb)

References

  1. [1]
    Lv Y, Zhou Q, Cai Y et al. Trusted integrated circuits: The problem and challenges. J. Comput. Sci. Technol., 2014, 29(5): 918-928.CrossRefGoogle Scholar
  2. [2]
    Fu H, Gan L, Clapp R et al. Scaling reverse time migration performance through reconfigurable dataflow engines. IEEE Micro, 2014, 34(1): 30-40.CrossRefGoogle Scholar
  3. [3]
    Zhang J, Qu Q. A survey on security and trust of FPGAbased systems. In Proc. International Conference on Field-Programmable Technology (ICFPT), Dec. 2014, pp.147-152.Google Scholar
  4. [4]
    Kean T. Cryptographic rights management of FPGA intellectual property cores. In Proc. ACM/SIGDA Symp. Field-Programmable Gate Arrays (FPGA), Feb. 2002, pp.113-118.Google Scholar
  5. [5]
    Qu G, Potkonjak M, Stojcev M. Intellectual Property Protection in VLSI Designs: Theory and Practice. Kluwer Academic Publishers, 2003.Google Scholar
  6. [6]
    Hori Y, Satoh A, Sakane H et al. Bitstream encryption and authentication with AES-GCM in dynamically reconfigurable systems. In Proc. International Conference on Field Programmable Logic and Applications, Sept. 2008, pp.23-28.Google Scholar
  7. [7]
    Trimberger S, Moore J, LuW. Authenticated encryption for FPGA bitstreams. In Proc. the 19th ACM/SIGDA Symp. Field-Programmable Gate Arrays (FPGA), Feb.27-Mar.1, 2011, pp.83-86.Google Scholar
  8. [8]
    Drimer S. Security for volatile FPGAs [Ph.D. Thesis], Computer Laboratory, University of Cambridge, Nov uCAMCL-TR-763, 2009.Google Scholar
  9. [9]
    Herder C, Yu M, Koushanfar F, Devadas S. Physical unclonable functions and applications: A tutorial. Proceedings of the IEEE, 2014, 102(8): 1126-1141.CrossRefGoogle Scholar
  10. [10]
    Gora M, Maiti A, Schaumont P. A flexible design flow for software IP binding in FPGA. IEEE Trans. Ind. Informatics, 2010, 6(4): 719-728.CrossRefGoogle Scholar
  11. [11]
    Koushanfar F. Integrated circuits metering for piracy protection and digital rights management. In Proc. the 21st Great Lakes Symposium on VLSI, May 2011, pp.449-454.Google Scholar
  12. [12]
    Roy J, Koushanfar F, Markov I. EPIC: Ending piracy of integrated circuits. In Proc. Design, Automation and Test in Europe, March 2008, pp.1069-1074.Google Scholar
  13. [13]
    Note J, Rannaud E. From the bitstream to the netlist. In Proc. the 16th ACM/SIGDA International Symposium on Field Programmable Gate Arrays, Feb. 2008, p.264.Google Scholar
  14. [14]
    Xia Z, Wang X, Sun X, Wang Q. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Transactions on Parallel and Distributed Systems, 2016, 27(2): 340-352.CrossRefGoogle Scholar
  15. [15]
    Fu Z, Wu X, Guan C, Sun X, Ren K. Towards efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Transactions on Information Forensics and Security, 2016, 11(12): 2706-2716.CrossRefGoogle Scholar
  16. [16]
    Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K. A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 2016, 11(11): 2594-2608.CrossRefGoogle Scholar
  17. [17]
    Fu Z, Ren K, Shu J, Sun X, Huang F. Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Transactions on Parallel and Distributed Systems, 2016, 27(9): 2546-2559.CrossRefGoogle Scholar
  18. [18]
    Fu Z, Sun X, Liu Q, Zhou L, Shu J. Achieving efficient cloud search services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Transactions on Communications, 2015, E98-B(1): 190-200.CrossRefGoogle Scholar
  19. [19]
    Guo P, Wang J, Li B, Lee S. A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology, 2014, 15(6): 929-936.Google Scholar
  20. [20]
    Ma T, Zhou J, Tang M, Tian Y, Al-Dhelaan A, Al-Rodhaan M, Lee S. Social network and tag sources based augmenting collaborative recommender system. IEICE Transactions on Information and Systems, 2015, E98-D(4): 902-910.CrossRefGoogle Scholar
  21. [21]
    Ren Y, Shen J, Wang J, Han J, Lee S. Mutual verifiable provable data auditing in public cloud storage. Journal of Internet Technology, 2015, 16(2): 317-323.Google Scholar
  22. [22]
    Li J, Li X, Yang B, Sun X. Segmentation-based image copy-move forgery detection scheme. IEEE Transactions on Information Forensics and Security, 2015, 10(3): 507-518.CrossRefGoogle Scholar
  23. [23]
    Xia Z, Wang X, Sun X, Liu Q, Xiong N. Steganalysis of LSB matching using differences between nonadjacent pixels. Multimedia Tools and Applications, 2016, 75(4): 1947-1962.CrossRefGoogle Scholar
  24. [24]
    Xia Z, Wang X, Sun X, Wang B. Steganalysis of least significant bit matching using multi-order differences. Security and Communication Networks, 2014, 7(8): 1283-1291.CrossRefGoogle Scholar
  25. [25]
    Yuan C, Sun X, Lv R. Fingerprint liveness detection based on multi-scale LPQ and PCA. China Communications, 2016, 13(7): 60-65.CrossRefGoogle Scholar
  26. [26]
    Zhou Z, Wang Y, Wu Q, Yang C, Sun X. Effective and efficient global context verification for image copy detection. IEEE Transactions on Information Forensics and Security, 2016, 12(1): 48-63.CrossRefGoogle Scholar
  27. [27]
    Zhang Y, Sun X, Wang B. Efficient algorithm for k-barrier coverage based on integer linear programming. China Communications, 2016, 13(7): 16-23.CrossRefGoogle Scholar
  28. [28]
    Xie S, Wang Y. Construction of tree network with limited delivery latency in homogeneous wireless sensor networks. Wireless Personal Communications, 2014, 78(1): 231-246.CrossRefGoogle Scholar
  29. [29]
    Shen J, Tan H, Wang J, Wang J, Lee S. A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology, 2015, 16(1): 171-178.Google Scholar
  30. [30]
    Zhang J, Qu G, Lv Y, Zhou Q. A survey on silicon PUFs and recent advances in ring oscillator PUFs. J. Comput. Sci. Technol., 2014, 29(4): 664-678.CrossRefGoogle Scholar
  31. [31]
    Atallah M, Bryant E, Korb J, Rice J. Binding software to specific native hardware in a VM environment. In Proc. the 1st ACM Workshop on Virtual Machine Security, Oct. 2008, pp.45-48.Google Scholar
  32. [32]
    Suh G, Devadas S. Physical unclonable functions for device authentication and secret key generation. In Proc. the 44th ACM/IEEE Design Automation Conference, June 2007, pp.9-14.Google Scholar
  33. [33]
    Holcomb D, Burleson W, Fu K. Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Computers, 2009, 58(9): 1198-1210.MathSciNetCrossRefGoogle Scholar
  34. [34]
    Lim D, Lee J, Gassport B et al. Extracting secret keys from integrated circuits. IEEE Trans. VLSI Syst., 2005, 13(10): 1200-1205.CrossRefGoogle Scholar
  35. [35]
    Lach J, Mangione-Smith W, Potkonjak M. Fingerprinting techniques for field-programmable gate array intellectual property protection. IEEE Trans. Comput. Des. Integr. Circuits Syst., 2001, 20(10): 1253-1261.CrossRefGoogle Scholar
  36. [36]
    Merli D, Schuster D, Stumpf F, Sigl G. Side-channel analysis of PUFs and fuzzy extractors. In Proc. the 4th International Conference on Trust and Trustworthy Computing, June 2011, pp.33-47.Google Scholar
  37. [37]
    Zhang J, Lin Y, Qu G. Reconfigurable binding against FPGA replay attacks. ACM Trans. Des. Autom. Electron. Syst., 2015, 20(2): 33:1-33:20.Google Scholar
  38. [38]
    Gao M, Lai K, Qu G. A highly flexible ring oscillator PUF. In Proc. the 51th ACM/IEEE Design Automation Conference (DAC), June 2014, pp.89:1-89:6.Google Scholar
  39. [39]
    Zhang J, Wu Q, Ding Y et al. Techniques for design and implementation of an FPGA-specific physical unclonable function. Journal of Computer Science and Technology, 2016, 31(1): 124-136.CrossRefGoogle Scholar
  40. [40]
    Majzoobi M, Koushanfar F, Potkonjak M. Techniques for design and implementation of secure reconfigurable PUFs. ACM Trans. Reconfigurable Technology and Systems, 2009, 2(1): 5:1-5:33.Google Scholar
  41. [41]
    Yin C, Qu G, Zhou Q. Design and implementation of a group-based RO PUF. In Proc. Design, Automation and Test in Europe Conference and Exhibition (DATE), March 2013, pp.416-421.Google Scholar
  42. [42]
    Guajardo J, Kumar S, Schrijen G, Tuyls P. FPGA intrinsic PUFs and their use for IP protection. In Proc. the 9th Int. Conf. Cryptographic Hardware and Embedded Systems, Sept. 2007, pp.63-80.Google Scholar
  43. [43]
    Anderson J. A PUF design for secure FPGA-based embedded systems. In Proc. the 15th Asia and South Pacific Design Automation Conference (ASP-DAC), Jan. 2010, pp.1-6.Google Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  • Ji-Liang Zhang
    • 1
    • 2
  • Wei-Zheng Wang
    • 3
  • Xing-Wei Wang
    • 1
  • Zhi-Hua Xia
    • 4
  1. 1.Software CollegeNortheastern UniversityShenyangChina
  2. 2.Key Laboratory of Computer Network and Information Integration (Southeast University), Ministry of EducationNanjingChina
  3. 3.Department of Computer and Communication EngineeringChangsha University of Science and TechnologyChangshaChina
  4. 4.School of Computer and SoftwareNanjing University of Information Science and TechnologyNanjingChina

Personalised recommendations