Managing Security in FPGA-Based Embedded Systems

  title={Managing Security in FPGA-Based Embedded Systems},
  author={Ted Huffmire and Brett Brotherton and Timothy Sherwood and Ryan Kastner and Timothy E. Levin and Thuy D. Nguyen and Cynthia E. Irvine},
  journal={IEEE Design \& Test of Computers},
FPGAs combine the programmability of processors with the performance of custom hardware. As they become more common in critical embedded systems, new techniques are necessary to manage security in FPGA designs. This article discusses FPGA security problems and current research on reconfigurable devices and security, and presents security primitives and a component architecture for building highly secure systems on FPGAs. 

Figures from this paper

New techniques to enhance FPGA based system security
This paper proposes some threat models and defense models against possible attacks for FPGA based systems, and considers security aspects of FPGAs as the primary interest.
A Novel Technique to Enhance Security of Logic Circuits Using a Modified Programmable Secured Logic Module
This paper proposes a new technique which enhances security of digital systems and design of a programmable logic module for secured systems which works on the principle of the new technique.
A novel PUF-based encryption protocol for embedded System on Chip
A novel security mechanism for sensitive data stored, acquired or processed by a complex electronic circuit implemented as System-on-Chip (SoC) on an FPGA reconfigurable device based on encrypted and authenticated communications between the microprocessor cores, FPGAs fabric and peripherals inside the SoC.
A security embedded system base on TCM and FPGA
In this solution, a security FPGA checked the integrity of instructions and data in flash chip before running of the embedded processor, and indicated that the content in the flash chip was modified.
FPGA-Based Remote-Code Integrity Verification of Programs in Distributed Embedded Systems
The use of reconfigurable computing is proposed to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity.
Recent Attacks and Defenses on FPGA-based Systems
This survey reviews the security and trust issues related to FPGA-based systems from the market perspective, where the market is model with the following parties: FGPA vendors, foundries, IP vendors, EDA tool vendors, FPGAs-based system developers, and end-users.
In-place Logic Obfuscation for Emerging Nonvolatile FPGAs
A hardware security scheme for nonvolatile resistive random access memory (RRAM) based FPGA, in which internal block RAM (BRAMs) are used for configuration and temporary data storage, and a encrypted addressing to secure communication ports with encrypted address is proposed.
Secure On-Chip Communication Architecture for Reconfigurable Multi-Core Systems
A secure communication architecture has been presented by designing an identity and address verification (IAV) security module, which is embedded in each router at the communication level, and has presented reduced area and power consumption overhead when compared with similar existing solutions.
A novel zero overhead obfuscation technique for securing FPGA designs
  • A. Tiwari
  • Computer Science
    2013 International Conference on Advances in Computing, Communications and Informatics (ICACCI)
  • 2013
The main post-configuration vulnerabilities of FPGAs through JTAG are identified and preventive obfuscation models to guarantee secure platforms are proposed and the proposed obfuscation circuitry provides robust security features to overcome and prevent reverse engineering and unauthorized operation of the JTAG port.
Achieving hardware security for reconfigurable systems on chip by a proof-carrying code approach
This paper discusses the hardware trust and threat models behind proof-carrying hardware, the employed open-source tool chain for the runtime verification of combinational equivalence and the bitstream format for an abstract FPGA architecture that allows us to experimentally validate the feasibility of the approach.


Designing secure systems on reconfigurable hardware
The goal of this project is to evaluate recently proposed security primitives for reconfigurable hardware by building a real embedded system with several cores on a single FPGA and implementing these primitives on the system.
New technology is introduced that will provide the industry with an FPGA-based single chip cryptographic solution for type I Cryptographic equipment.
Trusted Design in FPGAs
  • S. Trimberger
  • Computer Science
    2007 44th ACM/IEEE Design Automation Conference
  • 2007
Using FPGAs, a designer can separate the design process from the manufacturing flow. Therefore, the owner of a sensitive design need not expose the design to possible theft and tampering during its
Reconfigurable computing: a survey of systems and software
The hardware aspects of reconfigurable computing machines, from single chip architectures to multi-chip systems, including internal structures and external coupling are explored, and the software that targets these machines is focused on.
Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems
This work proposes an isolation primitive, moats and drawbridges, that are built around four design properties: logical isolation, interconnect traceability, secure reconfigurable broadcast, and configuration scrubbing, and each is a fundamental operation with easily understood formal properties, yet maps cleanly and efficiently to a wide variety of reconfigured devices.
A cautionary note regarding the data integrity capacity of certain secure systems
This work discusses the general integrity property that systems can only be trusted to manage modifiable data whose integrity is at or below that of their interface components, and describes some of these systems as a class of architecture subject to these limitations.
Computer Security Technology Planning Study
This document is intended to assist in the management of government procurement operations and will not be used for other purposes other than a definitely related government procurement operation.
Subversion as a Threat in Information Warfare
A constructive system engineering technique to mitigate the subversion threat is identified and will be defined and characterized as a warfare tool.
A quick safari through the reconfiguration jungle
This work organizes this design space as the reconfiguration hierarchy, and discusses the design methods that deal with it, and surveys existing commercial platforms that support reconfigured systems and situate them in the reconfigured jungle.