Abstract
The FPGA replay attack, where an attacker downgrades an FPGA-based system to the previous version with known vulnerabilities, has become a serious security and privacy concern for FPGA design. Current FPGA intellectual property (IP) protection mechanisms target the protection of FPGA configuration bitstreams by watermarking or encryption or binding. However, these mechanisms fail to prevent replay attacks. In this article, based on a recently reported PUF-FSM binding method that protects the usage of configuration bitstreams, we propose to reconfigure both the physical unclonable functions (PUFs) and the locking scheme of the finite state machine (FSM) in order to defeat the replay attack. We analyze the proposed scheme and demonstrate how replay attack would fail in attacking systems protected by the reconfigurable binding method. We implement two ways to build reconfigurable PUFs and propose two practical methods to reconfigure the locking scheme. Experimental results show that the two reconfigurable PUFs can generate significantly distinct responses with average reconfigurability of more than 40%. The reconfigurable locking schemes only incur a timing overhead less than 1%.
- Y. Alkabani and F. Koushanfar. 2007. Active hardware metering for intellectual property protection and security. In Proceedings of the USENIX Security Symposium (SS'07). 291--306. Google ScholarDigital Library
- S. Drimer. 2009. Security for volatile FPGAs. Ph.D. dissertation, Computer Laboratory, University of Cambridge. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-763.pdf.Google Scholar
- Z. Dyka, C. Walczyk, D. Walczyk, C. Wenger, and P. Langendoerfer. 2012. Side channel attacks and the non volatile memory of the future. In Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems (CASES'12). 13--16. Google ScholarDigital Library
- I. Eichhorn, P. Koeberl, and V. van der Leest. 2011. Logically reconfigurable PUFs: Memory-based secure key storage. In Proceedings of the ACM Workshop on Scalable Trusted Computing (STC'11). 59--64. Google ScholarDigital Library
- D. Ganta and L. Nazhandali. 2014. Study of IC aging on ring oscillator physical unclonable functions. In Proceedings of the International Symposium on Quality Electronic Design (ISQED'14). 461--466.Google Scholar
- M. Gao, K. Lai, and G. Qu. 2014. A highly flexible ring oscillator PUF. In Proceedings of the 51st ACM/IEEE Design Automation Conference (DAC'14). 1--6. Google ScholarDigital Library
- J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. 2007. FPGA intrinsic PUFs and their use for IP protection. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES'07). 63--80. Google ScholarDigital Library
- C. Helfmeier, C. Boit, D. Nedospasov, and J.-P. Seifert. 2013. Cloning physically unclonable functions. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'13). 1--6.Google ScholarCross Ref
- D. E. Holcomb, W. P. Burleson, and K. Fu. 2009. Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58, 9, 1198--1210. Google ScholarDigital Library
- S. Katzenbeisser, U. Kocabas, V. van der Leest, A. Sadeghi, G. Schrijen, H. Schroder, and C. Wachsmann. 2011. Recyclable PUFs: Logically reconfigurable PUFs. J. Cryptograph. Engin. 1, 3, 177--186.Google ScholarCross Ref
- T. Kean. 2002. Cryptographic rights management of FPGA intellectual property cores. In Proceedings of the ACM/SIGDA Symposium on Field-Programmable Gate Arrays (FPGA'02). 113--118. Google ScholarDigital Library
- M. S. Kirkpatrick, S. Kerr, and E. Bertino. 2011. PUF roks: A hardware approach to read-once keys. In Proceedings of the ACM Symposium on Information, Computer, and Communications Security (ASIACCS'11). 155--164. Google ScholarDigital Library
- F. Koushanfar. 2012. Provably secure active IC metering techniques for piracy avoidance and digital rights management. IEEE Trans. Inf. Forens. Secur. 7, 1, 51--63. Google ScholarDigital Library
- Y. Lao and K. K. Parhi. 2011. Reconfigurable architectures for silicon physical unclonable functions. In Proceedings of the IEEE International Conference on Electro/Information Technology (EIT'11). 1--7.Google Scholar
- D. Lim, J. W. Lee, B. Gassport, G. E. Suh, M. van Dijk, and S. Devadas. 2005. Extracting secret keys from integrated circuits. IEEE Trans. VLSI Syst. 13, 10, 1200--1205. Google ScholarDigital Library
- M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, et al. 2013. PHANTOM: Practical oblivious computation in a secure processor. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS'13). 311--324. Google ScholarDigital Library
- R. Maes, D. Schellekens, and I. Verbauwhede. 2012a. A pay-per-use licensing scheme for hardware IP cores in recent SRAM-FPGAs. IEEE Trans. Inf. Forens. Secur. 7, 1, 98--108. Google ScholarDigital Library
- R. Maes, A. van Herrewege, and I. Verbauwhede. 2012b. PUFKY: A fully functional puf-based crypto-graphic key generator. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES'12). 302--319. Google ScholarDigital Library
- R. Maes and V. van der Leest. 2014. Countering the effects of silicon aging on SRAM PUFs. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'14). 148--153.Google Scholar
- A. Maiti and P. Schaumont. 2009. Improving the quality of a physical unclonable function using configurable ring oscillators. In Proceedings of the International Conference on Field Programmable Logic and Applications (FPL'09). 703--707.Google Scholar
- A. Maiti, L. McDougall, and P. Schaumont. 2011. The impact of aging on an FPGA-based physical unclonable function. In Proceedings of the International Conference on Field Programmable Logic and Applications (FPL'11). 151--156. Google ScholarDigital Library
- M. Majzoobi, F. Koushanfar, and M. Potkonjak. 2009. Techniques for design and implementation of secure reconfigurable PUFs. ACM Trans. Reconfig. Technol. Syst. 2, 1, 1--33. Google ScholarDigital Library
- D. Merli, J. Heyszl, B. Heinz, D. Schuster, F. Stumpf, and G. Sigl. 2013. Localized electromagnetic analysis of RO PUFs. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'13). 19--24.Google Scholar
- R. Newell. 2014. Securing reconfigurable devices and designs against insiders and other supply chain threats. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'14).Google Scholar
- Z. Paral and S. Devadas. 2011. Reliable and efficient PUF-based key generation using pattern matching. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust (HOST'11). 128--133.Google Scholar
- C. Pruteanu. 2000. Kiss to verilog FSM converter. http://codrin.freeshell.org.Google Scholar
- C. Pruteanu and C. Haba. 2008. GenFSM: A finite state machine generation tool. In Proceedings of the International Conference on Developing Application Systems (DAS'08). 165--168.Google Scholar
- G. Qu and M. Potkonjak. 2003. Intellectual Property Protection in VLSI Designs: Theory and Practice. Kluwer Academic Publishers.Google Scholar
- M. Rahman, D. Forte, J. Fahrny, and M. Tehranipoor. 2014. ARO-PUF: An aging-resistant ring oscillator PUF design. In Proceedings of the Design, Automation, and Test in Europe Conference and Exhibition (DATE'14). 1--6. Google ScholarDigital Library
- U. Ruhrmair, J. Solter, F. Sehnke, X. Xu, A. Mahmoud, et al. 2013. PUF modeling attacks on simulated and silicon data. IEEE Trans. Inf. Forens. Secur. 8, 11, 1876--1891. Google ScholarDigital Library
- Ses Lab. 2014. Research on physical unclonable functions (PUFs) At, Vt. http://rijndael.ece.vt.edu/puf/main.html.Google Scholar
- E. Simpson and P. Schaumont. 2006. Offline hardware/software authentication for reconfigurable platforms. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES'06). 311--323. Google ScholarDigital Library
- P. Srinivasan and J. Princen. 2013. Programming non-volatile memory in a secure processor. Patent no. 8601247, filed October 9, 2009, Issued Aug. Dec 3, 2013.Google Scholar
- G. E. Suh and S. Devadas. 2007. Physical unclonable functions for device authentication and secret key generateion. In Proceedings of the ACM/IEEE Design Automation Conference (DAC'07). 9--14. Google ScholarDigital Library
- S. Trimberger, J. Moore, and W. Lu. 2011. Authenticated encryption for FPGA bitstreams. In Proceedings of the ACM/SIGDA Symposium on Field-Programmable Gate Arrays (FPGA'11). 83--86. Google ScholarDigital Library
- C. Yin and G. Qu. 2009. Temperature-aware cooperative ring oscillator PUF. In Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust (HOST'09). 36--42. Google ScholarDigital Library
- J. Zhang, Y. Lin, Q. Wu, and W. Che. 2012a. Watermarking FPGA bitfile for intellectual property protection. Radioengin. 21, 2, 764--771.Google Scholar
- J. Zhang, Y. Lin, W. Che, Q. Wu, Y. Lu, and K. Zhao. 2012b. Efficient verification of IP watermarks in FPGA designs through lookup table content extracting. IEICE Electron. Express 9, 22, 1735--1741.Google ScholarCross Ref
- J. Zhang, Y. Lin, Y. Lyu, G. Qu, R. C. C. Cheung, et al. 2013a. FPGA IP protection by binding finite state machine to physical unclonable functions. In Proceedings of the 23rd IEEE International Conference on Field Programmable Logic and Applications (FPL'13). 1--4.Google ScholarCross Ref
- J. Zhang, Q. Wu, Y. Lyu, Q. Zhou, Y. Cai, et al. 2013b. Design and implementation of a delay-based PUF for FPGA IP protection. In Proceedings of the13th IEEE International Conference on Computer-Aided Design and Computer Graphics (CADGRAPHICS'13). 107--114. Google ScholarDigital Library
- J. Zhang, G. Qu, Y. Lyu, and Q. Zhou. 2014. A survey on silicon PUFs and recent advances in ring oscillator PUFs. J. Comput. Sci. Technol. 29, 4, 664--678.Google ScholarCross Ref
- J. Zhang and G. Qu. 2014. A survey on security and trust of FPGA-based systems. In Proceedings of the International Conference on Field-Programmable Technology (ICFPT'14). 147--152.Google Scholar
- J. Zhang, Y. Lin, Y. Lyu, and G. Qu. 2015. A PUF-FSM binding scheme for FPGA IP protection and pay-per-device licensing. IEEE Trans. Inf. Forensics Security.Google Scholar
Index Terms
- Reconfigurable Binding against FPGA Replay Attacks
Recommendations
A PUF-FSM Binding Scheme for FPGA IP Protection and Pay-Per-Device Licensing
With its reprogrammability, low design cost, and increasing capacity, field-programmable gate array (FPGA) has become a popular design platform and a target for intellectual property (IP) infringement. Currently available IP protection solutions are ...
Delay-on-Squash: Stopping Microarchitectural Replay Attacks in Their Tracks
MicroScope and other similar microarchitectural replay attacks take advantage of the characteristics of speculative execution to trap the execution of the victim application in a loop, enabling the attacker to amplify a side-channel attack by executing it ...
Floating-point FPGA: architecture and modeling
This paper presents an architecture for a reconfigurable device that is specifically optimized for floating-point applications. Fine-grained units are used for implementing control logic and bit-oriented operations, while parameterized and ...
Comments