Secure controllers: Requirements of S*FSM

Abstract

We propose a high level methodology for Finite State Machine (FSM) protection on a set of insecure FSMs. Hardware controllers, from those used in low-power authentication devices to those coordinating UAVs, as well as stream-based encoders rely on classically derived and implemented FSMs. As the proliferation of electronic devices that process sensitive data and provide authentication continues so do the potential attack vectors to circumvent them. These attack vectors include side-channel attacks that use physical byproducts to reconstruct the internal operation of a device. With the increased need for complete device security, designers need to focus on topdown security constructs to protect more than just cryptographic primitives. While low level cell solutions exist, they require significant overhead, customized cells, and increased design automation complexity downstream. The proposed high level methodology is validated using a set of insecure FSMs ranging in both size (4-60) as well as internal transitions (8-216). The two-part methodology physically restructures the machines, requiring on average 72% additional states and a doubling in the number of required transitions - though in most cases only a 67% increase in the bits needed to create a secure encoding over a the original binary implementation. The methodology, validated using preliminary hardware synthesis results, removes the correlation between common attack models and both underlying FSM logic as well as the associated power consumption.