Security And Trust Of FPGA-based Systems

Field-programmable gate arrays(FPGAs)are the semiconductor devices that can be reprogrammed by end-users to implement any digital system.With its re-configurability,continuous improvement in quality(such as performance,area and power)and the decrease of production cost,FPGA has become a design platform for a large.variety of systems,which we refer to as FPGA-based systems.However,with the popularity of FPGA,FPGA systems are facing increasingly serious security problems such as cloning,overbuilding,hardware Trojans,reverse engineering,side-channel attacks and replay attacks.Therefore,developing effective security mechanisms against these attacks has become a hot research topic nowadays.This dissertation presents the first in-depth research on the security and trust of FPGA systems in China and proposes some effective defenses against these attacks.The main contributions are summarized as follows.(1)A zero overhead and verifiable FPGA intellectual property(IP)watermarking technique is proposed.As reuse-based design methodology has prevailed in integrated circuit(IC)design field,the IC design industry is confronted with the increasing threat of IP infringement which leads to the loss of revenue and market share.Digital watermarking has become an innovative technology for IP protection in recent years.Existing watermarking techniques have successfully embedded watermarks into IP cores.However,many of these techniques share two specific weaknesses:1)they have extra overheads,and are likely to degrade the performance of the design;2)inefficiency of the watermark verification.We propose a novel watermarking technique for FPGA bitfile to address these weaknesses.In our proposed watermarking method,IP watermarks are hidden in the unused LUTs of used Slices and extracted from the binary bit-file through lookup table content extracting.Experimental results and analysis show that the proposed technique incurs zero overhead and can fast verify the authorship.(2)A chaotic-based publicly verifiable FPGA IP watermark detection scheme is proposed.Existing FPGA watermarking techniques may give away sensitive information during the public verification,which enables malicious verifiers or third.parties to remove the watermarks and resell the design.Zero-knowledge watermarking verification schemes are able to address the sensitive information leakage issue but are vulnerable to embedding attacks,which makes it ineffective in preventing un-trusted buyers(verifiers)from denying infringement.This paper presents a new chaotic-based publicly verifiable zero knowledge watermark detection scheme for the FPGA IP protection.This scheme is both resilient against the sensitive information leakage issue and removing attacks,thus robust to cheating from malicious provers,verifiers or the third party.In the proposed scheme,chaotic systems are sensitive to initial values and convenient to produce numerous pseudo-random numbers with ultra-low coefficients and perfect statistical property.These advantages match the specific requirements for the random location permutation of the LUTs in the FPGA bit-stream file in the zero knowledge protocol,bringing an ultra-high robustness of LUT location permutation.The timestamp mechanism is also introduced in this paper to resist embedding attacks against denial of infringement from un-trusted IP buyers(verifiers).Experimental results and analysis show that the proposed scheme is significantly better than the latest related literatures in both watermarking overheads and robustness of location permutation.(3)The first non-encryption based FPGA IP protection and pay-per-device licensing technique is proposed.Current encryption-based FPGA configuration bitstream protection methods have three shortcomings:1)the commercial methods are limited to the protection of single large FPGA configurations;2)they cannot support the pay-per-device licensing;3)the previous encryption-based HWIP protection methods require permanent key storage and on-chip cryptographic modules to decrypt the bitstream,which introduces some security vulnerabilities and high overhead.In this dissertation,we propose a novel IP protection mechanism to overcome these limitations.The proposed mechanism can restrict IP's execution only on specific FPGA devices in order to efficiently protect IPs from being used with unauthorized integration.This mechanism can also enforce the pay-per-device licensing which enables the system developers to purchase IPs from the core vendors at the low price based on usage instead of paying the expensive unlimited IP license fees.In our proposed binding mechanism,FPGA vendors embed into each enrolled FPGA device with a PUF customized for FPGAs;IP vendors embed augmented finite state machines(FSM)into the original IPs such that the FSM can be activated by the PUF responses from the FPGA device.We propose protocols to lock and unlock FPGA IPs,demonstrate how PUF can be embedded onto FPGA devices,and analyze the security vulnerabilities of our PUF-FSM binding method.We implement a 128-bit delay-based PUF on 28nm FPGAs with only 258 RAM-LUTs and 256 flip-flops.The PUF responses are unique and reliable against environment changes.We also synthesize a variety of FSM benchmark circuits.On large benchmarks,the average timing overhead is 0.64%and power overhead is 0.01%.(4)A reconfigurable binding method against replay attacks is proposed.FPGA replay attack,where an attacker downgrades an FPGA-based system to the previous version with known vulnerabilities,has become a serious security and privacy concern for FPGA design.For example,if system developers detect Trojan existing in some integrated IP cores in their developed systems,they must replace these untrusted 1P cores with the trusted ones and even develop the IP cores by themselves in order to ensure the trust of FPGA systems.Therefore,system developers urgently need to develop an effective security mechanism to prevent attackers from replaying attacks.Current FPGA IP protection mechanisms target the protection of FPGA configuration bitstreams by watermarking or encryption or binding.However,they fail to prevent replay attacks.In this paper,we propose to reconfigure both the PUF and the locking scheme of the FSM in order to defeat the replay attack.We analyze the proposed scheme and demonstrate how replay attack would fail in attacking systems protected by the reconfigurable binding method.We implement two ways to build reconfigurable PUFs and propose two practical methods to reconfigure the locking scheme.Experimental results show that the two reconfigurable PUFs can generate significantly distinct responses with average reconfigurability more than 40%.The reconfigurable locking schemes only incur a timing overhead less than 1%.