Abstract
Reconfigurable platforms such as field-programmable gate arrays (FPGAs) are widely used as an optimized platform with fast design time. New features such as dynamic reconfiguration make the bitstream vulnerable to clone/modification attacks which raise a security concern in today’s heterogeneous computing architecture. A widely adopted countermeasure is by providing a secure boot mechanism as root-of-trust to authenticate the unmodified firmware to prevent attackers from manipulating it. In this work, we propose an automated security-aware design flow scheme by integrating the logic-locking scheme for secure boot in Xilinx FPGAs. The proposed design implements FPGA-based logic obfuscation, with a pre-boot in-field device authentication scheme implemented using ARM TrustZone enabled with Trusted Platform Modules (TPM) key provisioning. This scheme constructs security features that can protect the IPs during the design process and integrates the primitives with FPGAs secure boot process and enhances bitstream security.
Similar content being viewed by others
References
Zhang Jiliang, Gang Qu (2019) Recent attacks and defenses on FPGA-based systems. ACM Trans Reconfigurable Technol Syst 12:1–24. https://doi.org/10.1145/3340557
Rajendran J, Sam M, Sinanoglu O, Karri R (2013) Security analysis of integrated circuit camouflaging. In: ACM/SIGSAC Conference on Computer and Communications Security, pp 709–720
Jarvis RW, McIntyre MG (2007) Split manufacturing method for advanced semiconductor circuits. US Patent 7(195):931
Chakraborty RS, Bhunia S (2009) HARPOON: an obfuscation-based SoC design methodology for hardware protection. IEEE Trans Comput Aided Des Integr Circuits Syst 28(10):1493–1502
Xilinx Inc. (2014) Zynq-7000 all programmable SoC secure boot. https://www.xilinx.com/support/documentation/user-guides/ug1025-zynq-secure-boot-gsg.pdf
Trusted Computing Group (2017) TCG PC client platform TPM profile (PTP) specification family ‘2.0’ TCG public review
Benhani EM, Bossuet L, Aubert A (2019) The security of ARM TrustZone in a FPGA-based SoC. IEEE Trans Comput 68(8):1238–1248. https://doi.org/10.1109/TC.2019.2900235
Xilinx (2017) Understanding FPGA architecture. https://www.xilinx.com/html-docs/xilinx2017-2/sdaccel-doc/topics/devices/con-fpga-architecture.html/
Cowan C, Pu C, Maier D, Hintony H, Walpole J, Bakke P, Beattie S, Grier A, Wagle P, Zhang Q (1998) StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Usenix, p 5
Prandini M, Ramilli M (2012) Return-oriented programming, pp 84–87
Xilinx (2013) Zynq-7000 All Programmable SoC Software Developers Guide. Tech Rep. https://www.xilinx.com/support/documentation/user-guides/ug821-zynq-7000swdev.pdf
Xilinx and Inc. (2017) Using encryption and authentication to secure an ultraScale/ultraScale+ FPGA bitstream application note (XAPP1267), XAPP1267
Siddiqui AS, Gui Y, Saqib F (2020) Secure boot for reconfigurable architectures. Cryptography 4(4):26. https://doi.org/10.3390/cryptography4040026
Siddiqui AS et al (2019) Multilayer camouflaged secure boot for SoCs. In: 2019 20th international workshop on microprocessor/SoC test, security and verification (MTV), pp 56–61
Pocklassery G, Che W, Saqib F, Areno M, Plusquellic J (2018) Self-authenticating secure boot for FPGAs. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, pp 221–226
Haj-Yahya J, Wong MM, Pudi V, Bhasin S, Chattopadhyay A (2019) Lightweight secure-boot architecture for RISC-V system-on-chip. In: 20th International Symposium on Quality Electronic Design (ISQED), pp 216-223. https://doi.org/10.1109/ISQED.2019.8697657
Hosseinzadeh S, Sequeiros B, Inácio PR, Leppänen V (2020) Recent trends in applying TPM to cloud computing. Secur Priv 3: n. pag
Zuo X, Liu W (2007) TPM based key backup and recovery. Int Conf Mach Learn Cybern 2007:2164–2167. https://doi.org/10.1109/ICMLC.2007.4370503
Shin J, Kim Y, Park W, Park C (2012) DFCloud: A TPM-based secure data access control method of cloud storage in mobile devices. In: 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings, pp 551–556. https://doi.org/10.1109/CloudCom.2012.6427606
Yasin M, Mazumdar B, Rajendran JJ, Sinanoglu O (2016) SARLock: Sat attack resistant logic locking. In: 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp 236–241
Yasin M, Mazumdar B, Rajendran JJ, Sinanoglu O (2017) TTLock: Tenacious and traceless logic locking. In: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), p 166
Xie Y, Srivastava A (2018) Anti-sat: Mitigating sat attack on logic locking. IEEE Trans Comput Aided Des Integr Circuits Syst 38(2):199–207
Yasin M, Sengupta A, Nabeel MT, Ashraf M, Rajendran J, Sinanoglu O (2017) Provably-secure logic locking: From theory to practice. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp 1601–1618
Rajendran J, Pino Y, Sinanoglu O, Karri R (2012) Logic encryption: A fault analysis perspective. In: 2012 Design, Automation and Test in Europe Conference and Exhibition (DATE), pp 953–958
Ngabonziza B, Martin D, Bailey A, Cho H, Martin S (2016) TrustZone explained: architectural features and use cases. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC). Pittsburgh, PA, pp 445–451. https://doi.org/10.1109/CIC.2016.065
Pinto S, Santos N (2019) Demystifying arm trustZone: a comprehensive survey. ACM Comput Surv 51(6):1–36. https://doi.org/10.1145/3291047
Balisane RA, Martin A (2016) Trusted execution environment-based authentication gauge (TEEBAG). In: Proceedings of the 2016 New Security Paradigms Workshop (NSPW ’16). Association for Computing Machinery. New York, NY, USA, pp 61–67. https://doi.org/10.1145/3011883.3011892
Zhao B, Xiao Y, Huang Y, Cui X (2017) A private user data protection mechanism in trustzone architecture based on identity authentication. Tsinghua Sci Technol 22(2):218–225. https://doi.org/10.23919/TST.2017.7889643
Gross M et al (2019) Breaking trustzone memory isolation through malicious hardware on a modern FPGA-SoC. Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop
Zhang J, Lin Y, Qu G (2015) Reconfigurable binding against FPGA replay attacks. ACM Trans Des Autom Electron Syst 20(2):1–20
Xilinx Inc., UG 470 - 7 Series FPGAs Configuration. https://www.xilinx.com/support/documentation/user-guides/ug470-7Series-Config.pdf. Accessed 20 Aug 2018
Chakraborty RS, Saha I, Palchaudhuri A, Naik GK (2013) Hardware trojan insertion by direct modification of FPGA configuration bitstream. IEEE Des Test 30(2):45–54
Aarestad J, Ortiz P, Acharyya D, Plusquellic J (2013) HELP: a hardware-embedded delay PUF. IEEE Des Test 30(2):17–25. https://doi.org/10.1109/MDT.2013.2247459
Zhang T, Wang J, Guo S, Chen Z (2019) A comprehensive FPGA reverse engineering tool-chain: from bitstream to RTL code. IEEE Access 7:38379–38389. https://doi.org/10.1109/ACCESS.2019.2901949
Berkeley Logic Synthesis and Verification Group (2005) ABC: a system for sequential synthesis and verification
Hyung Ki Lee and Dong Sam Ha (1996) HOPE: an efficient parallel fault simulator for synchronous sequential circuits. IEEE Trans Comput Aided Des Integr Circuits Syst 15(9):1048–1058. https://doi.org/10.1109/43.536711
Hansen MC, Yalcin H, Hayes JP (1999) Unveiling the iscas-85 benchmarks: A case study in reverse engineering. IEEE Des Test Comput 16(3):72–80
Rajendran J et al (2015) Fault analysis-based logic encryption. IEEE Trans Comput 64(2):410–424. https://doi.org/10.1109/TC.2013.193
Siddiqui AS, Saqib F. HEADS-UNCC/TPM-Baremetal-Drivers: TPM Baremetal for FPGAs and other Embedded Systems. https://github.com/HEADS-UNCC/TPM-baremetal-drivers. Accessed 30 Sept 2020
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Nicholas, G.S., Siddiqui, A.S., Joseph, S.R. et al. A Secure Boot Framework with Multi-security Features and Logic-Locking Applications for Reconfigurable Logic. J Hardw Syst Secur 5, 260–268 (2021). https://doi.org/10.1007/s41635-021-00123-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-021-00123-3