research-article

Reconfigurable Binding against FPGA Replay Attacks

Authors:
Jiliang Zhang

Hunan University, Changsha, China

Hunan University, Changsha, China
View Profile

,
Yaping Lin

Hunan University, Changsha, China

Hunan University, Changsha, China
View Profile

,
Gang Qu

University of Maryland, College Park, MD

University of Maryland, College Park, MD
View Profile

ACM Transactions on Design Automation of Electronic Systems Volume 20 Issue 2Article No.: 33pp 1–20https://doi.org/10.1145/2699833

Published:02 March 2015Publication History

ACM Transactions on Design Automation of Electronic Systems

Abstract

The FPGA replay attack, where an attacker downgrades an FPGA-based system to the previous version with known vulnerabilities, has become a serious security and privacy concern for FPGA design. Current FPGA intellectual property (IP) protection mechanisms target the protection of FPGA configuration bitstreams by watermarking or encryption or binding. However, these mechanisms fail to prevent replay attacks. In this article, based on a recently reported PUF-FSM binding method that protects the usage of configuration bitstreams, we propose to reconfigure both the physical unclonable functions (PUFs) and the locking scheme of the finite state machine (FSM) in order to defeat the replay attack. We analyze the proposed scheme and demonstrate how replay attack would fail in attacking systems protected by the reconfigurable binding method. We implement two ways to build reconfigurable PUFs and propose two practical methods to reconfigure the locking scheme. Experimental results show that the two reconfigurable PUFs can generate significantly distinct responses with average reconfigurability of more than 40%. The reconfigurable locking schemes only incur a timing overhead less than 1%.

References

Y. Alkabani and F. Koushanfar. 2007. Active hardware metering for intellectual property protection and security. In Proceedings of the USENIX Security Symposium (SS'07). 291--306. Google ScholarDigital Library
S. Drimer. 2009. Security for volatile FPGAs. Ph.D. dissertation, Computer Laboratory, University of Cambridge. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-763.pdf.Google Scholar
Z. Dyka, C. Walczyk, D. Walczyk, C. Wenger, and P. Langendoerfer. 2012. Side channel attacks and the non volatile memory of the future. In Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems (CASES'12). 13--16. Google ScholarDigital Library
I. Eichhorn, P. Koeberl, and V. van der Leest. 2011. Logically reconfigurable PUFs: Memory-based secure key storage. In Proceedings of the ACM Workshop on Scalable Trusted Computing (STC'11). 59--64. Google ScholarDigital Library
D. Ganta and L. Nazhandali. 2014. Study of IC aging on ring oscillator physical unclonable functions. In Proceedings of the International Symposium on Quality Electronic Design (ISQED'14). 461--466.Google Scholar
M. Gao, K. Lai, and G. Qu. 2014. A highly flexible ring oscillator PUF. In Proceedings of the 51^st ACM/IEEE Design Automation Conference (DAC'14). 1--6. Google ScholarDigital Library
J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. 2007. FPGA intrinsic PUFs and their use for IP protection. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES'07). 63--80. Google ScholarDigital Library
C. Helfmeier, C. Boit, D. Nedospasov, and J.-P. Seifert. 2013. Cloning physically unclonable functions. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'13). 1--6.Google ScholarCross Ref
D. E. Holcomb, W. P. Burleson, and K. Fu. 2009. Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58, 9, 1198--1210. Google ScholarDigital Library
S. Katzenbeisser, U. Kocabas, V. van der Leest, A. Sadeghi, G. Schrijen, H. Schroder, and C. Wachsmann. 2011. Recyclable PUFs: Logically reconfigurable PUFs. J. Cryptograph. Engin. 1, 3, 177--186.Google ScholarCross Ref
T. Kean. 2002. Cryptographic rights management of FPGA intellectual property cores. In Proceedings of the ACM/SIGDA Symposium on Field-Programmable Gate Arrays (FPGA'02). 113--118. Google ScholarDigital Library
M. S. Kirkpatrick, S. Kerr, and E. Bertino. 2011. PUF roks: A hardware approach to read-once keys. In Proceedings of the ACM Symposium on Information, Computer, and Communications Security (ASIACCS'11). 155--164. Google ScholarDigital Library
F. Koushanfar. 2012. Provably secure active IC metering techniques for piracy avoidance and digital rights management. IEEE Trans. Inf. Forens. Secur. 7, 1, 51--63. Google ScholarDigital Library
Y. Lao and K. K. Parhi. 2011. Reconfigurable architectures for silicon physical unclonable functions. In Proceedings of the IEEE International Conference on Electro/Information Technology (EIT'11). 1--7.Google Scholar
D. Lim, J. W. Lee, B. Gassport, G. E. Suh, M. van Dijk, and S. Devadas. 2005. Extracting secret keys from integrated circuits. IEEE Trans. VLSI Syst. 13, 10, 1200--1205. Google ScholarDigital Library
M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, et al. 2013. PHANTOM: Practical oblivious computation in a secure processor. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS'13). 311--324. Google ScholarDigital Library
R. Maes, D. Schellekens, and I. Verbauwhede. 2012a. A pay-per-use licensing scheme for hardware IP cores in recent SRAM-FPGAs. IEEE Trans. Inf. Forens. Secur. 7, 1, 98--108. Google ScholarDigital Library
R. Maes, A. van Herrewege, and I. Verbauwhede. 2012b. PUFKY: A fully functional puf-based crypto-graphic key generator. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES'12). 302--319. Google ScholarDigital Library
R. Maes and V. van der Leest. 2014. Countering the effects of silicon aging on SRAM PUFs. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'14). 148--153.Google Scholar
A. Maiti and P. Schaumont. 2009. Improving the quality of a physical unclonable function using configurable ring oscillators. In Proceedings of the International Conference on Field Programmable Logic and Applications (FPL'09). 703--707.Google Scholar
A. Maiti, L. McDougall, and P. Schaumont. 2011. The impact of aging on an FPGA-based physical unclonable function. In Proceedings of the International Conference on Field Programmable Logic and Applications (FPL'11). 151--156. Google ScholarDigital Library
M. Majzoobi, F. Koushanfar, and M. Potkonjak. 2009. Techniques for design and implementation of secure reconfigurable PUFs. ACM Trans. Reconfig. Technol. Syst. 2, 1, 1--33. Google ScholarDigital Library
D. Merli, J. Heyszl, B. Heinz, D. Schuster, F. Stumpf, and G. Sigl. 2013. Localized electromagnetic analysis of RO PUFs. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'13). 19--24.Google Scholar
R. Newell. 2014. Securing reconfigurable devices and designs against insiders and other supply chain threats. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'14).Google Scholar
Z. Paral and S. Devadas. 2011. Reliable and efficient PUF-based key generation using pattern matching. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'11). 128--133.Google Scholar
C. Pruteanu. 2000. Kiss to verilog FSM converter. http://codrin.freeshell.org.Google Scholar
C. Pruteanu and C. Haba. 2008. GenFSM: A finite state machine generation tool. In Proceedings of the International Conference on Developing Application Systems (DAS'08). 165--168.Google Scholar
G. Qu and M. Potkonjak. 2003. Intellectual Property Protection in VLSI Designs: Theory and Practice. Kluwer Academic Publishers.Google Scholar
M. Rahman, D. Forte, J. Fahrny, and M. Tehranipoor. 2014. ARO-PUF: An aging-resistant ring oscillator PUF design. In Proceedings of the Design, Automation, and Test in Europe Conference and Exhibition (DATE'14). 1--6. Google ScholarDigital Library
U. Ruhrmair, J. Solter, F. Sehnke, X. Xu, A. Mahmoud, et al. 2013. PUF modeling attacks on simulated and silicon data. IEEE Trans. Inf. Forens. Secur. 8, 11, 1876--1891. Google ScholarDigital Library
Ses Lab. 2014. Research on physical unclonable functions (PUFs) At, Vt. http://rijndael.ece.vt.edu/puf/main.html.Google Scholar
E. Simpson and P. Schaumont. 2006. Offline hardware/software authentication for reconfigurable platforms. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES'06). 311--323. Google ScholarDigital Library
P. Srinivasan and J. Princen. 2013. Programming non-volatile memory in a secure processor. Patent no. 8601247, filed October 9, 2009, Issued Aug. Dec 3, 2013.Google Scholar
G. E. Suh and S. Devadas. 2007. Physical unclonable functions for device authentication and secret key generateion. In Proceedings of the ACM/IEEE Design Automation Conference (DAC'07). 9--14. Google ScholarDigital Library
S. Trimberger, J. Moore, and W. Lu. 2011. Authenticated encryption for FPGA bitstreams. In Proceedings of the ACM/SIGDA Symposium on Field-Programmable Gate Arrays (FPGA'11). 83--86. Google ScholarDigital Library
C. Yin and G. Qu. 2009. Temperature-aware cooperative ring oscillator PUF. In Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust (HOST'09). 36--42. Google ScholarDigital Library
J. Zhang, Y. Lin, Q. Wu, and W. Che. 2012a. Watermarking FPGA bitfile for intellectual property protection. Radioengin. 21, 2, 764--771.Google Scholar
J. Zhang, Y. Lin, W. Che, Q. Wu, Y. Lu, and K. Zhao. 2012b. Efficient verification of IP watermarks in FPGA designs through lookup table content extracting. IEICE Electron. Express 9, 22, 1735--1741.Google ScholarCross Ref
J. Zhang, Y. Lin, Y. Lyu, G. Qu, R. C. C. Cheung, et al. 2013a. FPGA IP protection by binding finite state machine to physical unclonable functions. In Proceedings of the 23^rd IEEE International Conference on Field Programmable Logic and Applications (FPL'13). 1--4.Google ScholarCross Ref
J. Zhang, Q. Wu, Y. Lyu, Q. Zhou, Y. Cai, et al. 2013b. Design and implementation of a delay-based PUF for FPGA IP protection. In Proceedings of the13^th IEEE International Conference on Computer-Aided Design and Computer Graphics (CADGRAPHICS'13). 107--114. Google ScholarDigital Library
J. Zhang, G. Qu, Y. Lyu, and Q. Zhou. 2014. A survey on silicon PUFs and recent advances in ring oscillator PUFs. J. Comput. Sci. Technol. 29, 4, 664--678.Google ScholarCross Ref
J. Zhang and G. Qu. 2014. A survey on security and trust of FPGA-based systems. In Proceedings of the International Conference on Field-Programmable Technology (ICFPT'14). 147--152.Google Scholar
J. Zhang, Y. Lin, Y. Lyu, and G. Qu. 2015. A PUF-FSM binding scheme for FPGA IP protection and pay-per-device licensing. IEEE Trans. Inf. Forensics Security.Google Scholar

Index Terms

Reconfigurable Binding against FPGA Replay Attacks

Recommendations

A PUF-FSM Binding Scheme for FPGA IP Protection and Pay-Per-Device Licensing
With its reprogrammability, low design cost, and increasing capacity, field-programmable gate array (FPGA) has become a popular design platform and a target for intellectual property (IP) infringement. Currently available IP protection solutions are ...
Read More
Delay-on-Squash: Stopping Microarchitectural Replay Attacks in Their Tracks
MicroScope and other similar microarchitectural replay attacks take advantage of the characteristics of speculative execution to trap the execution of the victim application in a loop, enabling the attacker to amplify a side-channel attack by executing it ...
Read More
Floating-point FPGA: architecture and modeling

This paper presents an architecture for a reconfigurable device that is specifically optimized for floating-point applications. Fine-grained units are used for implementing control logic and bit-oriented operations, while parameterized and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Design Automation of Electronic Systems Volume 20, Issue 2
February 2015
404 pages
ISSN:1084-4309
EISSN:1557-7309
DOI:10.1145/2742143
Editor:
Naehyuck Chang
Korea Advanced Institute of Science and Technology, Korea
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 2 March 2015
- Revised: 1 September 2014
- Accepted: 1 September 2014
- Received: 1 March 2014
Published in todaes Volume 20, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Replay attacks
binding
field-programmable gate array (FPGA)
intellectual property (IP) protection
physical unclonable functions (PUFs)
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 26
  Total Citations
  View Citations
- 537
  Total Downloads
- Downloads (Last 12 months)16
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Reconfigurable Binding against FPGA Replay Attacks

ACM Transactions on Design Automation of Electronic Systems

Abstract

References

Cited By

Index Terms

Recommendations

A PUF-FSM Binding Scheme for FPGA IP Protection and Pay-Per-Device Licensing

Delay-on-Squash: Stopping Microarchitectural Replay Attacks in Their Tracks

Floating-point FPGA: architecture and modeling