Skip to main content
SpringerLink
Log in

The Conflicted Usage of RLUTs for Security-Critical Applications on FPGA

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Modern field programmable gate arrays (FPGAs) have evolved significantly in recent years and have found applications in various fields like cryptography, defense, aerospace, and many more. The integration of FPGA with highly efficient modules like DSP and block RAMs has increased the performance of FPGA significantly. This paper addresses the lesser explored feature of modern FPGA called as reconfigurable LUT (RLUT) whose content can be updated internally, even during run-time. We describe the basic functionality of RLUT and discuss its potential applications for security from both destructive and constructive point of view, highlighting the conflicted usage of RLUTs. Several use cases exploiting RLUT feature in security-critical scenarios (physical attacks related in particular) are studied in detail. The paper proposes design of stealthy hardware Trojans having zero payload overhead to highlight destructive applications which can be built using hardware Trojans. On the other hand, this paper also highlights several constructive applications based on RLUT features, starting from lightweight side-channel countermeasures to kill switch to prevent the FPGA hardware from environmental hazards and malicious attack attempts.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

References

  1. Trimberger S, Moore J (2014) FPGA security: Motivations, features, and applications. Proc IEEE 102 (8):1248–1265

    Article  Google Scholar 

  2. Trimberger S M, Moore J J (2014) FPGA security: Motivations, features, and applications. Proc IEEE 102(8):1248–1265

    Article  Google Scholar 

  3. Güneysu T, Moradi A (2011) Generic side-channel countermeasures for reconfigurable devices. In: Preneel B, Takagi T (eds) CHES, ser. LNCS, vol 6917. Springer, pp 33–48

  4. Bhasin S, He W, Guilley S, Danger J-L (2013) Exploiting FPGA block memories for protected cryptographic implementations. In: ReCoSoC. IEEE, pp 1–8

  5. Güneysu T, Paar C (2008) Ultra high performance ECC over NIST primes on commercial FPGAs.. In: CHES, pp 62–78

  6. Roy DB, Mukhopadhyay D, Izumi M, Takahashi J (2014) Tile before multiplication: An efficient strategy to optimize DSP multiplier for accelerating prime field ECC for NIST curves.. In: The 51st annual design automation conference 2014, DAC ’14. ACM, San Francisco, CA, pp 1–6. [Online]. http://doi.acm.org/10.1145/2593069.2593234

  7. Güneysu T Getting post-quantum crypto algorithms ready for deployment

  8. He W, Otero A, de la Torre E, Riesgo T (2012) Automatic generation of identical routing pairs for FPGA implemented DPL logic.. In: ReConFig. IEEE, pp 1–6

  9. Kumm M, Möller K, Zipf P (2013) Reconfigurable FIR filter using distributed arithmetic on FPGAs. In: 2013 IEEE international symposium on circuits and systems (ISCAS2013). IEEE, Beijing, China, pp 2058–2061. https://doi.org/10.1109/ISCAS.2013.6572277

  10. Sasdrich P, Moradi A, Mischke O, Gu̇neysu T (2015) Achieving side-channel protection with dynamic logic reconfiguration on modern FPGAs.. In: IEEE international symposium on hardware oriented security and trust, HOST 2015. Washington, DC, pp 130–136

  11. Kutzner S, Poschmann A, Stȯttinger M (2013) TROJANUS: an ultra-lightweight side-channel leakage generator for fpgas.. In: 2013 international conference on field-programmable technology, FPT 2013. Kyoto, Japan, pp 160–167

  12. Bogdanov A, Knudsen L R, Leander G, Paar C, Poschmann A, Robshaw M J B, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. Springer, Berlin Heidelberg, Berlin, pp 450–466

    MATH  Google Scholar 

  13. Madlener F, Sotttinger M, Huss S (2009) Novel hardening techniques against differential power analysis for multiplication in G F(2n). In: International conference on field-programmable technology, 2009. FPT 2009, pp 328–334

  14. Xilinx Xilinx Partial Reconfiguration User Guide (UG702). http://www.xilinx.com/support/documentation/sw_manuals/xilinx14_1/ug702.pdf

  15. Brier É, Clavier C, Olivier F (2004) Correlation power analysis with a leakage model, vol 3156. Springer, Cambridge, pp 16–29

    MATH  Google Scholar 

  16. Ali S, Chakraborty R S, Mukhopadhyay D, Bhunia S (2011) Multi-level attacks: an emerging security concern for cryptographic hardware. In: Design, automation and test in Europe, DATE 2011. Grenoble, France, pp 1176–1179

  17. Chakraborty R S, Narasimhan S, Bhunia S (2009) Hardware trojan: threats and emerging solutions. In: IEEE international high level design validation and test workshop, HLDVT 2009. San Francisco, CA, pp 166–171

  18. Tehranipoor M, Forte D (2014) Tutorial T4: All you need to know about hardware Trojans and Counterfeit ICs. In: 2014 27th international conference on VLSI design and 2014 13th international conference on embedded systems. Mumbai, India, pp 9–10

  19. Chen Z, Guo X, Nagesh R, Reddy A, Gora M, Maiti A Hardware trojan designs on basys FPGA board

  20. Johnson AP, Saha S, Chakraborty RS, Mukhopadhyay D, Gören S (2014) Fault attack on AES via hardware trojan insertion by dynamic partial reconfiguration of FPGA over ethernet. In: Proceedings of the 9th workshop on embedded systems security, ser. WESS ’14. ACM, New York, NY, pp 1:1–1:8. http://doi.acm.org/10.1145/2668322.2668323

  21. Shende R, Ambawade D D (2016) A side channel based power analysis technique for hardware trojan detection using statistical learning approach. In: 2016 thirteenth international conference on wireless and optical communications networks (WOCN), pp 1–4

  22. Bhasin S, Danger J-L, Guilley S, Ngo XT, Sauvage L (2013) Hardware trojan horses in cryptographic IP cores. In: Fischer W, Schmidt J-M (eds) FDTC. IEEE, pp 15–29

  23. Note J-B, Rannaud E (2008) From the Bitstream to the Netlist. In: Proceedings of the 16th international ACM/SIGDA symposium on field programmable gate arrays, ser. FPGA ’08. ACM, New York, NY, pp 264–264. http://doi.acm.org/10.1145/1344671.1344729

  24. Benchmarks https://www.trust-hub.org/resources/benchmarks, accessed: 2015-01-30

  25. Homma N, Hayashi Y, Miura N, Fujimoto D, Tanaka D, Nagata M, Aoki T (2014) EM attack is non-invasive? - Design methodology and validity verification of EM attack sensor. In: Proceedings of the 16th international workshop on cryptographic hardware and embedded systems - CHES 2014. Busan, South Korea, pp 1–16

  26. Ng X T, Naj Z, Bhasin S, Roy D B, Danger J-L, Guilley S (2015) Integrated sensor: a backdoor for hardware trojan insertions?. In: 2015 Euromicro conference on digital system design (DSD). IEEE, pp 415–422

  27. Xilinx, Virtex-5 fpga system monitor. http://www-inst.eecs.berkeley.edu/cs150/fa13/resources/ug192.pdf

  28. Piret G, Quisquater J-J (2003) A Differential fault attack technique against spn structures, with application to the AES and Khazad. In: CHES, ser. LNCS, vol. 2779. Springer, Cologne, Germany, pp 77–88

  29. Tunstall M, Mukhopadhyay D, Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna CA, Zhou J (eds) WISTP, ser. Lecture notes in computer science, vol 6633. Springer, pp 224–233

  30. Ali S, Mukhopadhyay D, Tunstall M (2013) Differential fault analysis of AES: towards reaching its limits. J Cryptogr Eng 3(2):73–97

    Article  Google Scholar 

  31. Aysu A, Gulcan E, Schaumont P (2014) Simon says: Break area records of block ciphers on fpgas. IEEE Embed Syst Lett 6(2):37–40

    Article  Google Scholar 

  32. Poschmann A, Ling S, Wang H (2010) 256 bit standardized crypto for 650 GE - GOST revisited. In: Mangard S, Standaert FS (eds) Cryptographic hardware and embedded systems, CHES 2010, ser. Lecture notes in computer science, vol 6225. Springer, Berlin Heidelberg, pp 219–233. https://doi.org/10.1007/978-3-642-15031-9_15

  33. Hajra S, Rebeiro C, Bhasin S, Bajaj G, Sharma S, Guilley S, Mukhopadhyay D (2014) DRECON: DPA resistant encryption by construction. In: Pointcheval D, Vergnaud D (eds) AFRICACRYPT, ser. Lecture notes in computer science, vol 8469. Springer, pp 420–439. https://doi.org/10.1007/978-3-319-06734-6

  34. Sasdrich P, Mischke O, Moradi A, Güneysu T (2015) Side-channel protection by randomizing look-up tables on reconfigurable hardware - pitfalls of memory primitives. Cryptology ePrint Archive, Report 2015/198. http://eprint.iacr.org/2015/198

  35. Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. In: CHES, ser. LNCS, vol 4727. Springer, Vienna, Austria, pp 450–466

  36. Virtex-5 family overview (ds100). https://www.xilinx.com/support/documentation/data_sheets/ds100.pdf. Accessed 1 Jan 2018

  37. Bhasin S, Danger J-L, Guilley S, Najm Z (2014) NICV: normalized inter-class variance for detection of side-channel leakage. In: International symposium on electromagnetic compatibility (EMC ’14 / Tokyo). IEEE, Session OS09: EM Information Leakage. Hitotsubashi Hall (National Center of Sciences), Chiyoda, Tokyo, Japan

  38. Goodwill G, Jun B, Jaffe J, Rohatgi P (2011) A testing methodology for side-channel resistance validation. NIST Non-Invasive Attack Testing Workshop. http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/08_Goodwill.pdf

  39. security-monitor-ip-core-product-brief.pdf. https://www.xilinx.com/support/documentation/product-briefs/security-monitor-ip-core-product-brief.pdf. Accessed 24 Jan 2018

  40. Adee S (2008) The hunt for the kill switch. IEEE Spectr 45(5):34–39. https://doi.org/10.1109/MSPEC.2008.4505310

    Article  Google Scholar 

  41. Pedersen B, Reese D, Joyce J (2012) Method and apparatus for securing a programmable device using a kill switch uS Patent App. 13/097,816. http://www.google.com/patents/US20120274351

Download references

Author information

Authors and Affiliations

  1. SEAL, Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, India

    Debapriya Basu Roy & Debdeep Mukhopadhyay

  2. Temasek Laboratories, Nanyang Technological University, Singapore, Singapore

    Shivam Bhasin & Zakaria Najm

  3. Institut MINES-TELECOM and Secure-IC SAS, Paris, France

    Jean-Luc Danger & Sylvain Guilley

  4. Shield Lab, Central Research Institute, Huawei International Pte. Ltd, Singapore, Singapore

    Wei He

  5. Secure-IC SAS, Cesson-Sévigné, France

    Xuan Thuy Ngo

Authors
  1. Debapriya Basu Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shivam Bhasin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Luc Danger
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wei He
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Debdeep Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Zakaria Najm
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Xuan Thuy Ngo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Debapriya Basu Roy.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Roy, D.B., Bhasin, S., Danger, JL. et al. The Conflicted Usage of RLUTs for Security-Critical Applications on FPGA. J Hardw Syst Secur 2, 162–178 (2018). https://doi.org/10.1007/s41635-018-0035-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-018-0035-4

Keywords

Search

Navigation