Skip to main content
SpringerLink
Log in

Unraveling the Security Puzzle: A Distributed Framework to Build Trust in FPGAs

  • Conference paper
  • First Online:
Network and System Security (NSS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9408))

Included in the following conference series:

Abstract

Extensive use of third party IP cores (e.g., HDL, netlist) and open source tools in the FPGA application design and development process in conjunction with the inadequate bitstream protection measures have raised crucial security concerns in the past for reconfigurable hardware systems. Designing high fidelity and secure methodologies for FPGAs are still infancy and in particular, there are almost no concrete methods/techniques that can ensure trust in FPGA applications not entirely designed and/or developed in a trusted environment. This work strongly suggests the need for an anomaly detection capability within the FPGAs that can continuously monitor the behavior of the underlying FPGA IP cores and the communication activities of IP cores with other IP cores or peripherals for any abnormalities. To capture this need, we propose a technique called FIDelity Enhancing Security (FIDES) methodology for FPGAs that uses a combination of access control policies and behavior learning techniques for anomaly detection.

FIDES essentially comprises of two components: (i) Trusted Wrappers, a layer of monitors with sensing capabilities distributed across the FPGA fabric; these wrappers embed the output of each IP core i with a tag \(\tau _i\) according to the pre-defined security policy \(\varPi \) and also verifies the embeddings of each input to the IP core to detect any violation of policies. The use of tagging and tracking enables us to capture the normal interactions of each IP core with its environment (e.g., other IP cores, memory, OS or I/O ports). Trusted Wrappers also monitors the statistical properties exhibited by each IP core module on execution such as power consumption, number of clock cycles and timing variations to detect any anomalous operations; (ii) a Trusted Anchor that monitors the communication between the IP cores and the peripherals with regard to the centralized security policies \(\varPsi \) as well as the statistical properties produced by the peripherals. To thwart an adversary from tampering or disabling the proposed security components during the deployment stage, our architecture generates a secure bitstream blob consisting of the IP cores, Trusted Wrappers and Trusted Anchor, secured using public key cryptography. We implemented FIDES architecture on a Xilinx Zynq 7020 device running a red-black system comprising of sensitive and non-sensitive IP cores. Our results show that the FIDES implementation leads to only 1-2% overhead in terms of the logic resources per wrapper and incurs minimal latency per wrapper for tag verification and embedding. On the other hand, as compared to the baseline implementation, when all the communications within the system are routed to the Trusted Anchor for centralized policy checking and verification, a latency of 1.5X clock cycles is observed; this clearly manifests the advantage of using distributed wrappers as opposed to centralized policy checking.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abramovici, M., Bradley, P.: Integrated circuit security: new threats and solutions. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, p. 55. ACM (2009)

    Google Scholar 

  2. Adee, S.: The Hunt For The Kill Switch. IEEE Spectrum 45(5), 34–39 (2008)

    Article  Google Scholar 

  3. Bilzor, M., Huffmire, T., Irvine, C., Levin, T.: Security checkers: detecting processor malicious inclusions at runtime. In: 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 34–39. IEEE (2011)

    Google Scholar 

  4. Chakraborty, R., Bhunia, S.: Security against hardware Trojan through a novel application of design obfuscation. In: IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers, ICCAD 2009, pp. 113–116 (2009)

    Google Scholar 

  5. Chakraborty, R., Saha, I., Palchaudhuri, A., Naik, G.: Hardware Trojan Insertion by Direct Modification of FPGA Configuration Bitstream. IEEE Design Test 30(2), 45–54 (2013)

    Article  Google Scholar 

  6. Defense Advanced Research Projects Agency (DARPA), Microsystems Technology Office/MTO Broad Agency Announcement,: Supply chain hardware integrity for electronics defense (SHIELD) (2014)

    Google Scholar 

  7. Farag, M.M., Lerner, L.W., Patterson, C.D.: Interacting with hardware Trojans over a network. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 69–74. IEEE (2012)

    Google Scholar 

  8. Gebotys, C.H.: Security in embedded devices. Springer Science & Business Media (2009)

    Google Scholar 

  9. Haider, S.K., Jin, C., Ahmad, M., Shila, D.M., Khan, O., van Dijk, M.: HaTCh: Hardware Trojan Catcher. Cryptology ePrint Archive, Report 2014/943 (2014). http://eprint.iacr.org

  10. Hicks, M., Finnicum, M., King, S.T., Martin, M., Smith, J.M.: Overcoming an untrusted computing base: detecting and removing malicious hardware automatically. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 159–172. IEEE (2010)

    Google Scholar 

  11. Huffmire, T., Brotherton, B., Wang, G., Sherwood, T., Kastner, R., Levin, T., Nguyen, T., Irvine, C.: Moats and drawbridges: an isolation primitive for reconfigurable hardware based systems. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 281–295, May 2007

    Google Scholar 

  12. Huffmire, T., Levin, T., Nguyen, T., Irvine, C., Brotherton, B., Wang, G., Sherwood, T., Kastner, R.: Security primitives for reconfigurable hardware-based systems. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 3(2), 10 (2010)

    Google Scholar 

  13. Huffmire, T., Prasad, S., Sherwood, T., Kastner, R.: Policy-driven memory protection for reconfigurable hardware. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 461–478. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  14. Huffmire, T., Sherwood, T., Kastner, R., Levin, T.: Enforcing memory policy specifications in reconfigurable hardware. Computers & Security 27(5), 197–215 (2008)

    Article  Google Scholar 

  15. Intelligence Advanced Research Projects Activity (IARPA): Trusted Integrated Chips (TIC) Program Broad Agency Announcement 11–09 (2011)

    Google Scholar 

  16. Jin, Y., Makris, Y.: Hardware Trojans in Wireless Cryptographic ICs. IEEE Design Test of Computers 27(1), 26–35 (2010)

    Article  Google Scholar 

  17. King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. LEET 8, 1–8 (2008)

    Google Scholar 

  18. Lamberti, J., Manikantan Shila, D., Venugopal, V.: xDEFENSE: an extended DEFENSE for mitigating next generation intrusions (abstract only). In: Proceedings of the 2014 ACM/SIGDA International Symposium on Field-programmable Gate Arrays, FPGA 2014, pp. 253–253. ACM, New York (2014)

    Google Scholar 

  19. Myers, A.C., Liskov, B.: A decentralized model for information flow control, vol. 31. ACM (1997)

    Google Scholar 

  20. Shila, D.M., Venugopal, V.: Design, implementation and security analysis of hardware Trojan threats in FPGA. In: 2014 IEEE International Conference on Communications (ICC), pp. 719–724, June 2014

    Google Scholar 

  21. Skorobogatov, S., Woods, C.: Breakthrough silicon scanning discovers backdoor in military chip. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 23–40. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Tehranipoor, M., Koushanfar, F.: A survey of hardware trojan taxonomy and detection. IEEE Design Test of Computers 27(1), 10–25 (2010)

    Article  Google Scholar 

  23. Waksman, A., Suozzo, M., Sethumadhavan, S.: FANCI: identification of stealthy malicious logic using boolean functional analysis. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security, pp. 697–708. ACM (2013)

    Google Scholar 

  24. Xilinx Inc.: LogiCORE IP AXI Interconnect v2.1 Product Guide (2014)

    Google Scholar 

  25. Zhang, J., Yuan, F., Wei, L., Sun, Z., Xu, Q.: VeriTrust: verification for hardware trust. In: Proceedings of the 50th Annual Design Automation Conference, p. 61. ACM (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. United Technologies Research Center, 411 Silver Lane, E Hartford, CT, USA

    Devu Manikantan Shila & Vivek Venugopalan

  2. Bradley Department of ECE, Virginia Tech, Blacksburg, VA, USA

    Cameron D. Patterson

Authors
  1. Devu Manikantan Shila
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vivek Venugopalan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cameron D. Patterson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vivek Venugopalan .

Editor information

Editors and Affiliations

  1. Apt. 2A, NEW YORK, New York, USA

    Meikang Qiu

  2. University of Texas, San Antonio, Texas, USA

    Shouhuai Xu

  3. Dept. of Computer Science, Columbia University, New York, New York, USA

    Moti Yung

  4. University of Otago, Dunedin, New Zealand

    Haibo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Shila, D.M., Venugopalan, V., Patterson, C.D. (2015). Unraveling the Security Puzzle: A Distributed Framework to Build Trust in FPGAs. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25645-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25644-3

  • Online ISBN: 978-3-319-25645-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation