Hardware-Entangled Inherently Secure Field Programmable Gate Arrays

Abstract

Field programmable gate arrays (FPGAs) are one of the most attractive programmable platforms because they combine the flexibility of software programmedCPUs and the performance and efficiency of custom ASICs. FPGAs enable rapid prototyping and development of complex ASICs and facilitate deployment of embeddedsystems with performance nearing ASICs. Consequently, FPGAs are now the workhorses behind a broad variety of applications including aerospace, supercomputing, high-speed signal processing, and cryptography. Additionally, FPGAs are a highly attractive implementation platform for secure systems due their lack of application design information at manufacture-time, which mitigates the risk if the supply chain is compromised. Cryptographic applications and security protocols can be efficiently implemented on FPGAs and they can easily be modified in the field unlike their ASIC counterparts.The configuration bitstream is a persistent source of security vulnerability in FPGA designs. The possible compromise of configuration data by the attacker poses significant threats for deployed systems in the field. These threats include cloning the FPGA configuration for use in counterfeit/unauthorized systems, modifying theFPGA configuration to increase side-channel emissions, and adding malicious Trojan hardware into the compromised design. To ensure design protection, FPGA manufacturershave implemented bitstream encryption and authentication, flash FPGAs, and active defense mechanisms for FPGA test and support circuits. However, thesesecurity measures can be circumvented in a number of ways, which includes direct probing the key storage, side-channel attacks on the bitstream decryption logic, andattacks on the test and verification support circuits. Furthermore, as is common with hardware implementations, cryptographic systems implemented on FPGAs leak inadvertent side-channel information (i.e., power, timing, electromagnetic emissions) that can be exploited by an attacker to bypass the security of the algorithms. One highly effective and easy-to-mount side-channel attack is power analysis, which exploits the data-dependent power consumption in the hardware. Hiding and maskingcountermeasures seek to achieve resistance against power side-channel attacks at the expense of significant timing, area, and energy overheads; however, these techniquesare vulnerable against a number of successful side-channel attacks. In this thesis, we present a secure hardware-entangled FPGA design in order to address these FPGA security concerns. The proposed FPGA design never stores the configuration data in the clear, even at the lowest level of the hardware. We deeply hardware-entangle both the reconfigurable logic and interconnect by one-time padencrypting the bitstream using a secret die-specific response. Physical unclonable functions (PUFs) are used in the implementation as a mechanism to generate this secretresponse. By leveraging our recent work in efficient PUF design with both low VLSI overheads (i.e., area, power, delay) and strong security metrics (i.e., randomness,uniqueness, reliability), we tightly integrate a PUF bit with every configuration bit. This has significant security benefits that include high resistance to probing attacksand unique per-die configuration bitstreams. Also, PUFs can be fired on-the-fly during FPGA operation for enhanced security against probing attacks. In additionto bitstream protection, the proposed FPGA fabric has resistance to power analysis attacks embedded within the reconfigurable fabric that enables side-channel secureoperation. The fabric uses post-charged dynamic logic with self-timed discharge operation to ensure secure operation of user designs. Hardware-entangled secure FPGAs are a promising alternative to layering countermeasures on top of insecure conventional-off-the-shelf (COTS) FPGAs.