Abstract
Modern field programmable gate arrays (FPGAs) have evolved significantly in recent years and have found applications in various fields like cryptography, defense, aerospace, and many more. The integration of FPGA with highly efficient modules like DSP and block RAMs has increased the performance of FPGA significantly. This paper addresses the lesser explored feature of modern FPGA called as reconfigurable LUT (RLUT) whose content can be updated internally, even during run-time. We describe the basic functionality of RLUT and discuss its potential applications for security from both destructive and constructive point of view, highlighting the conflicted usage of RLUTs. Several use cases exploiting RLUT feature in security-critical scenarios (physical attacks related in particular) are studied in detail. The paper proposes design of stealthy hardware Trojans having zero payload overhead to highlight destructive applications which can be built using hardware Trojans. On the other hand, this paper also highlights several constructive applications based on RLUT features, starting from lightweight side-channel countermeasures to kill switch to prevent the FPGA hardware from environmental hazards and malicious attack attempts.
Similar content being viewed by others
References
Trimberger S, Moore J (2014) FPGA security: Motivations, features, and applications. Proc IEEE 102 (8):1248–1265
Trimberger S M, Moore J J (2014) FPGA security: Motivations, features, and applications. Proc IEEE 102(8):1248–1265
Güneysu T, Moradi A (2011) Generic side-channel countermeasures for reconfigurable devices. In: Preneel B, Takagi T (eds) CHES, ser. LNCS, vol 6917. Springer, pp 33–48
Bhasin S, He W, Guilley S, Danger J-L (2013) Exploiting FPGA block memories for protected cryptographic implementations. In: ReCoSoC. IEEE, pp 1–8
Güneysu T, Paar C (2008) Ultra high performance ECC over NIST primes on commercial FPGAs.. In: CHES, pp 62–78
Roy DB, Mukhopadhyay D, Izumi M, Takahashi J (2014) Tile before multiplication: An efficient strategy to optimize DSP multiplier for accelerating prime field ECC for NIST curves.. In: The 51st annual design automation conference 2014, DAC ’14. ACM, San Francisco, CA, pp 1–6. [Online]. http://doi.acm.org/10.1145/2593069.2593234
Güneysu T Getting post-quantum crypto algorithms ready for deployment
He W, Otero A, de la Torre E, Riesgo T (2012) Automatic generation of identical routing pairs for FPGA implemented DPL logic.. In: ReConFig. IEEE, pp 1–6
Kumm M, Möller K, Zipf P (2013) Reconfigurable FIR filter using distributed arithmetic on FPGAs. In: 2013 IEEE international symposium on circuits and systems (ISCAS2013). IEEE, Beijing, China, pp 2058–2061. https://doi.org/10.1109/ISCAS.2013.6572277
Sasdrich P, Moradi A, Mischke O, Gu̇neysu T (2015) Achieving side-channel protection with dynamic logic reconfiguration on modern FPGAs.. In: IEEE international symposium on hardware oriented security and trust, HOST 2015. Washington, DC, pp 130–136
Kutzner S, Poschmann A, Stȯttinger M (2013) TROJANUS: an ultra-lightweight side-channel leakage generator for fpgas.. In: 2013 international conference on field-programmable technology, FPT 2013. Kyoto, Japan, pp 160–167
Bogdanov A, Knudsen L R, Leander G, Paar C, Poschmann A, Robshaw M J B, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. Springer, Berlin Heidelberg, Berlin, pp 450–466
Madlener F, Sotttinger M, Huss S (2009) Novel hardening techniques against differential power analysis for multiplication in G F(2n). In: International conference on field-programmable technology, 2009. FPT 2009, pp 328–334
Xilinx Xilinx Partial Reconfiguration User Guide (UG702). http://www.xilinx.com/support/documentation/sw_manuals/xilinx14_1/ug702.pdf
Brier É, Clavier C, Olivier F (2004) Correlation power analysis with a leakage model, vol 3156. Springer, Cambridge, pp 16–29
Ali S, Chakraborty R S, Mukhopadhyay D, Bhunia S (2011) Multi-level attacks: an emerging security concern for cryptographic hardware. In: Design, automation and test in Europe, DATE 2011. Grenoble, France, pp 1176–1179
Chakraborty R S, Narasimhan S, Bhunia S (2009) Hardware trojan: threats and emerging solutions. In: IEEE international high level design validation and test workshop, HLDVT 2009. San Francisco, CA, pp 166–171
Tehranipoor M, Forte D (2014) Tutorial T4: All you need to know about hardware Trojans and Counterfeit ICs. In: 2014 27th international conference on VLSI design and 2014 13th international conference on embedded systems. Mumbai, India, pp 9–10
Chen Z, Guo X, Nagesh R, Reddy A, Gora M, Maiti A Hardware trojan designs on basys FPGA board
Johnson AP, Saha S, Chakraborty RS, Mukhopadhyay D, Gören S (2014) Fault attack on AES via hardware trojan insertion by dynamic partial reconfiguration of FPGA over ethernet. In: Proceedings of the 9th workshop on embedded systems security, ser. WESS ’14. ACM, New York, NY, pp 1:1–1:8. http://doi.acm.org/10.1145/2668322.2668323
Shende R, Ambawade D D (2016) A side channel based power analysis technique for hardware trojan detection using statistical learning approach. In: 2016 thirteenth international conference on wireless and optical communications networks (WOCN), pp 1–4
Bhasin S, Danger J-L, Guilley S, Ngo XT, Sauvage L (2013) Hardware trojan horses in cryptographic IP cores. In: Fischer W, Schmidt J-M (eds) FDTC. IEEE, pp 15–29
Note J-B, Rannaud E (2008) From the Bitstream to the Netlist. In: Proceedings of the 16th international ACM/SIGDA symposium on field programmable gate arrays, ser. FPGA ’08. ACM, New York, NY, pp 264–264. http://doi.acm.org/10.1145/1344671.1344729
Benchmarks https://www.trust-hub.org/resources/benchmarks, accessed: 2015-01-30
Homma N, Hayashi Y, Miura N, Fujimoto D, Tanaka D, Nagata M, Aoki T (2014) EM attack is non-invasive? - Design methodology and validity verification of EM attack sensor. In: Proceedings of the 16th international workshop on cryptographic hardware and embedded systems - CHES 2014. Busan, South Korea, pp 1–16
Ng X T, Naj Z, Bhasin S, Roy D B, Danger J-L, Guilley S (2015) Integrated sensor: a backdoor for hardware trojan insertions?. In: 2015 Euromicro conference on digital system design (DSD). IEEE, pp 415–422
Xilinx, Virtex-5 fpga system monitor. http://www-inst.eecs.berkeley.edu/cs150/fa13/resources/ug192.pdf
Piret G, Quisquater J-J (2003) A Differential fault attack technique against spn structures, with application to the AES and Khazad. In: CHES, ser. LNCS, vol. 2779. Springer, Cologne, Germany, pp 77–88
Tunstall M, Mukhopadhyay D, Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna CA, Zhou J (eds) WISTP, ser. Lecture notes in computer science, vol 6633. Springer, pp 224–233
Ali S, Mukhopadhyay D, Tunstall M (2013) Differential fault analysis of AES: towards reaching its limits. J Cryptogr Eng 3(2):73–97
Aysu A, Gulcan E, Schaumont P (2014) Simon says: Break area records of block ciphers on fpgas. IEEE Embed Syst Lett 6(2):37–40
Poschmann A, Ling S, Wang H (2010) 256 bit standardized crypto for 650 GE - GOST revisited. In: Mangard S, Standaert FS (eds) Cryptographic hardware and embedded systems, CHES 2010, ser. Lecture notes in computer science, vol 6225. Springer, Berlin Heidelberg, pp 219–233. https://doi.org/10.1007/978-3-642-15031-9_15
Hajra S, Rebeiro C, Bhasin S, Bajaj G, Sharma S, Guilley S, Mukhopadhyay D (2014) DRECON: DPA resistant encryption by construction. In: Pointcheval D, Vergnaud D (eds) AFRICACRYPT, ser. Lecture notes in computer science, vol 8469. Springer, pp 420–439. https://doi.org/10.1007/978-3-319-06734-6
Sasdrich P, Mischke O, Moradi A, Güneysu T (2015) Side-channel protection by randomizing look-up tables on reconfigurable hardware - pitfalls of memory primitives. Cryptology ePrint Archive, Report 2015/198. http://eprint.iacr.org/2015/198
Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. In: CHES, ser. LNCS, vol 4727. Springer, Vienna, Austria, pp 450–466
Virtex-5 family overview (ds100). https://www.xilinx.com/support/documentation/data_sheets/ds100.pdf. Accessed 1 Jan 2018
Bhasin S, Danger J-L, Guilley S, Najm Z (2014) NICV: normalized inter-class variance for detection of side-channel leakage. In: International symposium on electromagnetic compatibility (EMC ’14 / Tokyo). IEEE, Session OS09: EM Information Leakage. Hitotsubashi Hall (National Center of Sciences), Chiyoda, Tokyo, Japan
Goodwill G, Jun B, Jaffe J, Rohatgi P (2011) A testing methodology for side-channel resistance validation. NIST Non-Invasive Attack Testing Workshop. http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/08_Goodwill.pdf
security-monitor-ip-core-product-brief.pdf. https://www.xilinx.com/support/documentation/product-briefs/security-monitor-ip-core-product-brief.pdf. Accessed 24 Jan 2018
Adee S (2008) The hunt for the kill switch. IEEE Spectr 45(5):34–39. https://doi.org/10.1109/MSPEC.2008.4505310
Pedersen B, Reese D, Joyce J (2012) Method and apparatus for securing a programmable device using a kill switch uS Patent App. 13/097,816. http://www.google.com/patents/US20120274351
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Roy, D.B., Bhasin, S., Danger, JL. et al. The Conflicted Usage of RLUTs for Security-Critical Applications on FPGA. J Hardw Syst Secur 2, 162–178 (2018). https://doi.org/10.1007/s41635-018-0035-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-018-0035-4