Skip to main content
SpringerLink
Log in

Embedded Systems Security for FPGA

  • Chapter
Security Trends for FPGAS

Abstract

The main goal of this chapter is to study FPGA devices in the field of secured applications. We mainly address data protection based on a well defined threat model. When dealing with FPGAs at the system level, two kinds of data are of paramount importance: bitstream and external memory. To cover these topics, we first review state of the art FPGA security mechanisms and good practices, followed by performance analysis achievable using hardware implementation of cryptographic algorithms in current FPGAs. We then tackle external memory protection and how FPGAs can provide an efficient solution. Next, we highlight security issues specific to FPGAs, bitstream replay attacks, for example, and suggest solutions to improve bitstream management security, focusing on secure remote updating of FPGA bitstreams. Finally we give the results of a concrete case, i.e., a platform based on an FPGA device. This last section provides both a practical and an industrial point of view that will enable readers to evaluate the pertinence of the solutions proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that the choice of the data address as nonce also prevents spoofing and splicing attacks on RO data when MAC functions are used as authentication primitives.

  2. 2.

    TEC-Tree uses nonce in its design as redundancy for the block level AREA techniques. In [15], we first proposed to build a tree—called PRV-Tree, for PE-ICE protected Random Value Tree—similar to TEC-Tree except that it uses random numbers instead of nonces. The purpose of the PRV-Tree is to decrease the probability for an adversary of succeeding a replay by increasing the length of the random number while limiting the on chip memory overhead to the storage of a single random number (the root of PRV-Tree).

  3. 3.

    [18] give a different formula for their memory overhead because they consider ways to optimize it (e.g. the use of the address in the constitution of the nonce). For the sake of clarity, we give a simplified formula of the TEC-Tree memory overhead by considering that the whole nonce is made of a counter value.

References

  1. The Embedded Microprocessor Benchmark Consortium (EEMBC)

    Google Scholar 

  2. Fips Pub 197: “Advanced Encryption Standard (AES)” (2001)

    Google Scholar 

  3. In-System Programming (ISP) of Actel low-power flash devices using Flashpro3. Microsemi (ex Actel) corporation. Version 1.5 (August 2009)

    Google Scholar 

  4. Actel: Implementation of security in Actel’s ProASIC and ProASICPLUS flash-based FPGAs. URL. http://www.actel.com/documents/Flash_Security_AN.pdf (2003)

  5. Actel: Fusion FPGA Handbook. URL. http://www.actel.com/documents/Fusion_HB.pdf (2008)

  6. Actel: ProASIC3 Handbook. URL. http://www.actel.com/documents/PA3_HB.pdf (2008)

  7. Alderighi, M., D’Angelo, S., Mancini, M., Sechi, G.R.: A fault injection tool for SRAM-based FPGAs. In: IEEE International On-Line Testing Symposium, p. 129 (2003). doi:10.1109/OLT.2003.1214379

    Google Scholar 

  8. Altera: Design Security in Stratix III Devices. URL. http://www.altera.com/literature/wp/wp-01010.pdf (2006)

  9. Badrignans, B., Champagne, D., Elbaz, R., Gebotys, C.H., Torres, L.: Sarfum: security architecture for remote FPGA update and monitoring. ACM Trans. Reconfigurable Technol. Syst. 3(2), 8 (2010)

    Article  Google Scholar 

  10. Blum, M., Evans, W., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: Annual IEEE Symposium on Foundations of Computer Science pp. 90–99 (1991). doi:10.1109/SFCS.1991.185352

    Google Scholar 

  11. Daemen, J., Rijmen, V.: AES proposal: Rijndael (1998)

    Google Scholar 

  12. Drimer, S.: Authentication of FPGA bitstreams: why and how. In: Applied Reconfigurable Computing. Lecture Notes in Computer Science, vol. 4419, pp. 73–84 (2007)

    Chapter  Google Scholar 

  13. Drimer, S.: Volatile FPGA design security—a survey (v0.96) (April 2008)

    Google Scholar 

  14. Eisenbarth, T., Güneysu, T., Paar, C., Sadeghi, A.-R., Schellekens, D., Wolf, M.: Reconfigurable trusted computing in hardware. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, STC ’07, pp. 15–20. ACM, New York (2007). doi:10.1145/1314354.1314360

    Chapter  Google Scholar 

  15. Elbaz, R.: Hardware mechanisms for secured processor memory transactions in embedded systems. PhD thesis, University of Montpellier (December 2006)

    Google Scholar 

  16. Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., Martinez, A.: A comparison of two approaches providing data encryption and authentication on a processor memory bus. In: Vounckx, J., Azemard, N., Maurine, P. (eds.) Integrated Circuit and System Design. Power and Timing Modeling, Optimization and Simulation. Lecture Notes in Computer Science, vol. 4148, pp. 267–279. Springer, Berlin (2006). doi:10.1007/11847083_26

    Chapter  Google Scholar 

  17. Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., Martinez, A.: A parallelized way to provide data encryption and integrity checking on a processor-memory bus. In: Proceedings of the 43rd Annual Design Automation Conference, DAC ’06, pp. 506–509. ACM, New York (2006). doi:10.1145/1146909.1147042

    Chapter  Google Scholar 

  18. Elbaz, R., Champagne, D., Lee, R., Torres, L., Sassatelli, G., Guillemin, P.: TEC-tree: a low-cost, parallelizable tree for efficient defense against memory replay attacks. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2007. Lecture Notes in Computer Science, vol. 4727, pp. 289–302. Springer, Berlin (2007). doi:10.1007/978-3-540-74735-2_20

    Chapter  Google Scholar 

  19. Fischer, V., Bernard, F., Bochard, N., Varchola, M.: Enhancing security of ring oscillator-based RNG implemented in FPGA. In: Field-Programable Logic and Applications (FPL), September, pp. 245–250 (2008)

    Google Scholar 

  20. Fruhwirth, C.: New methods in hard disk encryption. Technical report, Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology (2005)

    Google Scholar 

  21. Gaj, K., Chodowiec, P.: Fast implementation and fair comparison of the final candidates for advanced encryption standard using field programmable gate arrays (2001)

    Google Scholar 

  22. Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and Merkle trees for efficient memory integrity verification. In: Proceedings of Ninth International Symposium on High Performance Computer Architecture, February (2003)

    Google Scholar 

  23. GORE: GORE tamper respondent surface enclosure. Commercial Brochure (2007)

    Google Scholar 

  24. Hall, W.E., Jutla, C.S.: Parallelizable authentication trees. In: Selected Areas in Cryptography, pp. 95–109 (2005)

    Google Scholar 

  25. Hendry, M.: Multi-application Smart Cards: Technology and Applications. Cambridge University Press, Cambridge (2007).

    Book  Google Scholar 

  26. Hori, Y., Satoh, A., Sakane, H., Toda, K.: Bitstream encryption and authentication using AES-GCM in dynamically reconfigurable systems. In: Matsuura, K., Fujisaki, E. (eds.) Advances in Information and Computer Security. Lecture Notes in Computer Science, vol. 5312, pp. 261–278. Springer, Berlin (2008). doi:10.1007/978-3-540-89598-5_18

    Chapter  Google Scholar 

  27. Lattice: LatticeXP2 Family Handbook. URL. http://www.latticesemi.com/dynamic/view_document.cfm?document_id=24315 (2008)

  28. Lie, D., Thekkath, C.A., Horowitz, M.: Implementing an untrusted operating system on trusted hardware. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP ’03, pp. 178–192. ACM, New York (2003). doi:10.1145/945445.945463

    Chapter  Google Scholar 

  29. Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press, Boca Raton (1996). ISBN 0849385237

    Book  Google Scholar 

  30. Merkle, R.C.: Protocols for public key cryptography. In: Proceedings of IEEE Symp. on Security and Privacy, pp. 122–134 (1980)

    Google Scholar 

  31. Netheos: Official Netheos Website. URL. http://www.netheos.net (2010)

  32. Note, J.-B., Rannaud, E.: From the bitstream to the netlist. In: Proceedings of the 16th International ACM/SIGDA Symposium on Field Programmable Gate Arrays, FPGA ’08, pp. 264–264. ACM, New York (2008). doi:10.1145/1344671.1344729

    Chapter  Google Scholar 

  33. OpenCores.org: WISHBONE system-on-chip interconnection architecture for portable IP cores specification revision B.3. URL. www.opencores.org/downloads/wbspec_b3.pdf (2002)

  34. OpenSSL.org: OpenSSL cryptography and SSL/TLS toolkit, engine documentation. URL. http://www.openssl.org/docs/crypto/engine.html

  35. Parelkar, M.M., Gaj, K.: Implementation of EAX mode of operation for FPGA bitstream encryption and authentication. In: Brebner, G.J., Chakraborty, S., Wong, W.-F. (eds.) FPT, pp. 335–336. IEEE Press, Singapore (2005)

    Google Scholar 

  36. Schellekens, D., Tuyls, P., Preneel, B.: Embedded trusted computing with authenticated non-volatile memory. In: Proceedings of the 1st International Conference on Trusted Computing and Trust in Information Technologies: Trusted Computing—Challenges and Applications, Trust ’08, pp. 60–74. Springer, Berlin (2008). doi:10.1007/978-3-540-68979-9_5

    Google Scholar 

  37. Suh, G.E., O’Donnell, C.W., Devadas, S.: AEGIS: a single-chip secure processor. IEEE Des. Test 24, 570–580 (2007). doi:10.1109/MDT.2007.179

    Article  Google Scholar 

  38. Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: architecture for tamper-evident and tamper-resistant processing. In: Proceedings of the 17th Annual International Conference on Supercomputing, ICS ’03, pp. 160–171. ACM, New York (2003). doi:10.1145/782814.782838

    Chapter  Google Scholar 

  39. Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Efficient memory integrity verification and encryption for secure processors. In: Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 36, p. 339. IEEE Comput. Soc., Washington (2003)

    Google Scholar 

  40. Suh, G.E., O’Donnell, C.W., Sachdev, I., Devadas, S.: Design and implementation of the AEGIS single-chip secure processor using physical random functions. In: Proceedings of the 32nd Annual International Symposium on Computer Architecture, ISCA ’05, pp. 25–36. IEEE Comput. Soc., Washington (2005). doi:10.1109/ISCA.2005.22

    Google Scholar 

  41. Thales: Security architecture reinforced in two or three physically separated sections. Commercial Brochure (2007)

    Google Scholar 

  42. Unknown: Open freebox project website. URL. http://www.f-x.fr/ (2006)

  43. Xilinx: Virtex-5 FPGA configuration user guide. URL. http://www.xilinx.com/support/documentation/user_guides/ug191.pdf (2008)

  44. Xilinx: Xilinx Ug360 Virtex-6 FPGA configuration user guide. URL. www.xilinx.com/support/documentation/user_guides/ug360.pdf (2010)

  45. Yang, J., Zhang, Y., Gao, L.: Fast secure processor for inhibiting software piracy and tampering. In: Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 36, p. 351. IEEE Comput. Soc., Washington (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Netheos, Montpellier, France

    B. Badrignans & F. Devic

  2. LIRMM—UMR CNRS 5506, University of Montpellier 2, Montpellier, France

    F. Devic, L. Torres, G. Sassatelli & P. Benoit

Authors
  1. B. Badrignans
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. F. Devic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. L. Torres
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. G. Sassatelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. P. Benoit
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. Badrignans .

Editor information

Editors and Affiliations

  1. Netheos Company, rue Auguste Broussonnet 300, Montpellier, 34090, France

    Benoit Badrignans

  2. Communications et Electronique, Ecole Nationale Superieure de Telecom., rue Barrault 46, Paris, 75013, France

    Jean Luc Danger

  3. Cryptography, University of St. Etienne, St. Etienne, France

    Viktor Fischer

  4. Lab-STICC-CNRS, UMR 3192, Centre de Recherche, Universite de Bretagne Sud - UEB, Centre de Recherche - BP 92116, Lorient Cedex, 56321, France

    Guy Gogniat

  5. Microelectronics, University Monpellier 2, Rue ADA 161, Montpellier 2, 34392, France

    Lionel Torres

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

Badrignans, B., Devic, F., Torres, L., Sassatelli, G., Benoit, P. (2011). Embedded Systems Security for FPGA. In: Badrignans, B., Danger, J., Fischer, V., Gogniat, G., Torres, L. (eds) Security Trends for FPGAS. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-1338-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-1338-3_6

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-1337-6

  • Online ISBN: 978-94-007-1338-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation