Secure Boot for Reconfigurable Architectures

Ali Shuja Siddiqui,Fareena Saqib,Yutian Gui

doi:10.3390/cryptography4040026

Ali Shuja Siddiqui, Fareena Saqib + Show 1 more

Open Access

https://doi.org/10.3390/cryptography4040026

Copy DOI

Journal: Cryptography	Publication Date: Sep 25, 2020
Citations: 5	License type: CC BY 4.0

Affiliation: University of North Carolina at Charlotte

Abstract

Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things (IoT) devices. Reconfigurable computing architectures have found their place in safety-critical infrastructures such as the automotive industry. As the target architecture evolves, it also needs to be updated remotely on the target platform. This process is susceptible to remote hijacking, where the attacker can maliciously update the reconfigurable hardware target with tainted hardware configuration. This paper proposes an architecture of establishing Root of Trust at the hardware level using cryptographic co-processors and Trusted Platform Modules (TPMs) and enable over the air updates. The proposed framework implements a secure boot protocol on Xilinx based FPGAs. The project demonstrates the configuration of the bitstream, boot process integration with TPM and secure over-the-air updates for the hardware reconfiguration.

Highlights

Internet of Things (IoT) are ubiquitous devices with limited functionality and computational resources, enabled with networking features and connectivity to the Internet
The proposed framework was implemented on a Xilinx Zedboard FPGA board equipped with a Zynq-7000 XC7Z020-CLG484
The security extensions of reconfigurable logic-based embedded device are proposed to enable secure boot processes and the firmware updates to reconfigure the hardware and software to run on the device in an untrusted field

Summary

Introduction

Internet of Things (IoT) are ubiquitous devices with limited functionality and computational resources, enabled with networking features and connectivity to the Internet. These devices have a longer life cycle, where the updates/changes are deployed through software or firmware updates. RSA asymmetric authentication is used to ensure an authenticated source These functions are implemented as a hardware-based function on the FPGA fabric and their configuration is integrated in the EDA tools. The implementation of this core is not open to the end-user [7]. In the Zynq 7000 architecture, there are two ways of key storage: Battery-Backed RAM (BBRAM) and one-time programmable fuses

Methods

Results

Conclusion