Abstract
A novel trust-based design method for FPGA circuits that uses error-correcting code (ECC) structures for detecting design tampers (changes, deletion of existing logic, and addition of extradesign logic-like Trojans) is proposed in this article. We determine ECC-based CLB (configuration logic block) parity groups and embed the check CLBs for each parity group in the FPGA circuit. During a trust-checking phase, a Test-Pattern Generator (TPG) and an Output Response Analyzer (ORA), configured in the FPGA, are used to check that each parity group of CLB outputs produce the expected parities. We use two levels of randomization to thwart attempts by an adversary to discover the parity groups and inject tampers that mask each other, or to tamper with the TPG and ORA so that design tampers remain undetected: (a) randomization of the mapping of the ECC parity groups to the CLB array; (b) randomization within each parity group of odd and even parities for different input combinations (classically, all ECC parity groups have even parities across all inputs). These randomizations along with the error-detecting property of the underlying ECC lead to design tampers being uncovered with very high probabilities, as we show both analytically and empirically. We also classify different CLB function structures and impose a parity group selection in which only similarly structured functions are randomly selected to be in the same parity group in order to minimize check function complexity. Using the 2D code as our underlying ECC and its 2-level randomization, our experiments with inserting 1-10 circuit CLB tampers and 1-5 extraneous logic CLBs in two medium-size circuits and a RISC processor circuit implemented on a Xilinx Spartan-3 FPGA show promising results of 100% tamper detection and 0% false alarms, obtained at a hardware overhead of only 7-10%.
- Adell, P. and Allen, G. 2008. Assessing and mitigating radiation effects in Xilinx FPGAs. JPL Publication 08-9, Jet Propulsim Laboratory, California Institute of Technology.Google Scholar
- Bolchini, C., Quarta, D., and Santambrogio, M. D. 2007. SEU mitigation for SRAM-based FPGAs through dynamic partial reconfiguration. In Proceedings of the 17th ACM Symposium on VLSI. 55--60. Google ScholarDigital Library
- Carmichael, C., Caffrey, M., and Salazar, A. 2000. Correcting single event upsets through virtex partial configuration. Xilinx Application Note XAPP 216. http://www.xilinx.com/support/documentation/application_notes/xapp216.pdf.Google Scholar
- Clayton, J. 2002. http://www.opencores.org/projects.cgi/web/risc16f84/overview.Google Scholar
- DARPA. DARPA: TRUST in Integrated Circuits (TRUST) webpage: http://www.darpa.mil/mto/programs/trust/index.html.Google Scholar
- Dipert, B. 2000. Cunning circuits confound crooks. http://www.e-insite.net/ednmag/contents/images/21df2.pdf.Google Scholar
- Dutt, S. and Mahapatra, N. R. 1997. Node-covering, error-correcting codes and multiprocessors with very high average fault tolerance. IEEE Trans. Comput. 46, 9, 997--1015. Google ScholarDigital Library
- Dyer, J., Lindemann, M., Perez, R., Sailer, R., Smith, S. W., van Doorn, L., and Weingart, S. 2001. Building the IBM 4758 secure coprocessor. IEEE Computer. Google ScholarDigital Library
- Gibson, G. A., Hellerstein, L., Karp, R. M., Katz, R. H., and Patterson, D. A. 1989. Failure correction techniques for large disk arrays. In Proceedings of the 3rd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 123--132. Boston. Google ScholarDigital Library
- Heiner, J., Collins, N., and Wirthlin, M. 2008. Fault tolerant ICAP controller for high-reliable internal scrubbing. In Proceedings of the Aerospace Conference. 1--10.Google Scholar
- Herveille, R. 2001. http://www.opencores.org/projects.cgi/web/i2c/overview.Google Scholar
- Kocher, P., Jaffe, J., and Jun, B. 1999. Differential power analysis. In Proceedings of the Advances in Cryptology (CRYPTO’99). Lecture Notes in Computer Science, vol. 1666. Springer-Verlag, 388--397. Google ScholarDigital Library
- Kommerling, O. and Kuhn, M. 1999. Design principles for tamper-resistant smartcard processors. In Proceedings of the USENIX Workshop on Smartcard Technology (Smartcard’99). 9--20. Google ScholarDigital Library
- Saxena, N. R., Franco, P., and McCluskey, E. J. 1992. Simple bounds on serial signature analysis aliasing for random testing. IEEE Trans. Comput. (Special Issue on Fault Tolerant Computing) 41, 5, 638--645. Google ScholarDigital Library
- Steiner, N. J. 2002. A standalone wire database for routing and tracing in Xilinx Virtex, Virtex-E, and Virtex-II FPGAs. Master Thesis of Electrical Engineering, Virginia Polytechnic Institute and State University.Google Scholar
- Trimberger, S. 2007. Trusted design in FPGAs. In Proceedings of the Design Automation Conference (DAC). 5--8. Google ScholarDigital Library
- Weingart, S. H. 2000. Physical security devices for computer subsystems: A survey of attacks and defenses. Workshop on Cryptographic Hardware and Embedded Systems. Google ScholarDigital Library
- Wollinger, T. and Paar, C. 2003. How secure are FPGAs in cryptographic applications? In Proceedings of the International Conference on Field Programmable Logic and Applications (FPL).Google Scholar
- Wollinger, T., Guajardo, J., and Paar, C. 2003. Cryptography on FPGAs: State of the art implementations and attacks. ACM Trans. Embed. Comput. Syst. (Special Issue on Embedded Systems and Security). Google ScholarDigital Library
- Yang, B., Wu, K. and Karri, R. 2005. Secure scan: A design-for-test architecture for crypto chips. In Proceedings of the Design Automation Conference (DAC). Google ScholarDigital Library
Index Terms
- Trust-Based Design and Check of FPGA Circuits Using Two-Level Randomized ECC Structures
Recommendations
Fast and compact sequential circuits for the FPGA-based reconfigurable systems
Special issue: Reconfigurable systemsReconfigurable systems fill the flexibility, performance, power dissipation, and development and fabrication cost gap between the application specifc systems implemented with hard-wired application specific integrated circuits and systems based on the ...
A Construction Method of High-Speed Decoders Using ROM's for Bose-Chaudhuri-Hocquenghem and Reed-Solomon Codes
In this paper, some efficient methods of solving equations over Galois field GF(2m) are proposed. Using these algorithms, decoders for triple-and quadruple-error-correcting Bose-Chaudhuri-Hocquenghem (BCH) codes are shown. More- over, we propose a new ...
An FPGA implementation of (3, 6)-regular low-density parity-check code decoder
Because of their excellent error-correcting performance, low-density parity-check (LDPC) codes have recently attracted a lot of attention. In this paper, we are interested in the practical LDPC code decoder hardware implementations. The direct fully ...
Comments