Flexible and low-cost HSM based on non-volatile FPGAs

  title={Flexible and low-cost HSM based on non-volatile FPGAs},
  author={Diogo Parrinha and Ricardo Chaves},
  journal={2017 International Conference on ReConFigurable Computing and FPGAs (ReConFig)},
  • Diogo Parrinha, R. Chaves
  • Published 1 December 2017
  • Computer Science
  • 2017 International Conference on ReConFigurable Computing and FPGAs (ReConFig)
Embedded systems supported on FPGAs are increasingly playing a bigger role on safety-critical areas. [] Key Method The presented solution operates as a versatile certification system that provides key management, digital signature services and is able to issue trustworthy certificates. The solution can be used, for example, in IT security applications through an integration with the included PKCS#11 interface.

Figures and Tables from this paper

SmartFusion2 SoC as a security module for the IoT world
This work analyzes the several security services of the SmartFusion2 SoC, their advantages, and possible trade-offs, and evaluates the SoC viability as a security module and/or a more adaptable HSM alternative for the IoT.
Fortified Multi-Party Computation: Taking Advantage of Simple Secure Hardware Modules
This work presents the first MPC protocols that protect the remotely hacked parties’ inputs and outputs from leaking, and proposes the UC with Fortified Security (UC#) framework, a variant of the Universal Composability (UC) framework.
A Pattern for a Secure Actuator Node
This work introduces Secure Actuator Node, a pattern that addresses the design of a secure actuator that considers the identification of threats and their respective countermeasures to mitigate or eliminate these types of security issues.


Compact and On-the-Fly Secure Dynamic Reconfiguration for Volatile FPGAs
The proposed solution changes the encryption key of the remotely received bitstream by a randomly generated key, unique for each configuration, when storing them in the external unsecured memory, which allows for an improved countermeasure against replay attack and wrongful bitstream usage.
FPGAs for trusted cloud computing
  • Ken Eguro, R. Venkatesan
  • Computer Science
    22nd International Conference on Field Programmable Logic and Applications (FPL)
  • 2012
This paper describes how protected bitstreams can also be used to create a root of trust for the clients of cloud computing services, and examines how this approach can be applied to the specific application of handling sensitive health data.
A survey on security features in modern FPGAs
The goal of this paper is to evaluate whether the security features embedded on the current FPGAs address the threat model and compare relevant functionalities of the most advanced products of Altera, Microsemi and Xilinx.
Secure partial reconfiguration of FPGAs
  • A. Zeineddini, K. Gaj
  • Computer Science
    Proceedings. 2005 IEEE International Conference on Field-Programmable Technology, 2005.
  • 2005
Two schemes based on hard-wired PowerPC processor core and the MicroBlaze soft processor core have been compared and contrasted in terms of speed and FPGA resource usage.
A Key Management Architecture for Securing Off-Chip Data Transfers
An architecture that manages cryptographic keys for a secure memory interface on an FPGA is presented that includes functional units that serve to authenticate a user, create a key with multiple layers of security, and encrypt an external memory interface using that key.
FPGA based Rekeying for cryptographic key management in Storage Area Network
  • Yi (Estelle) Wang, Yajun Ha
  • Computer Science
    2013 23rd International Conference on Field programmable Logic and Applications
  • 2013
This work proposed a FPGA based flexible and low-cost rekeying management to improve the security and reduce the processing time, and proposes index extraction solution to shorten bit width of transformation from 256-bit to only 32-bit.
A Certification Authority for Elliptic Curve X.509v3 Certificates
The purpose of this work is to design and implement a free open-source Certification Authority able to issue X.509v3 certificates using ECC, and contributes to the development of freeopen-source tools for network security based on ECC.
Authentication and key management for Advanced Metering Infrastructures utilizing physically unclonable functions
This paper proposes an approach based on PUF (physically unclonable function) technology for providing strong hardware based authentication of smart meters and efficient key management to assure the confidentiality and integrity of messages exchanged between smart meter and the utility.
Efficient transmission of PKI certificates using elliptic curve cryptography and its variants
Elliptic Curve Cryptography (ECC) is proved to be the best suited one for resource constrained applications and it is found that ECC-based signatures on a certificate are smaller and faster to create; and the public key that the certificate holds is smaller as well.
Orthogonal Security with Cipherbase
The design of the Cipherbase secure hardware and its implementation using FPGAs is presented and how the hardware / software co-design was addressed in the cipherbase system is shown.