research-article

Authenticated encryption for FPGA bitstreams

Authors:

Stephen Trimberger,

Jason Moore, and

Weiguang LuAuthors Info & Claims

FPGA '11: Proceedings of the 19th ACM/SIGDA international symposium on Field programmable gate arrays

February 2011

Pages 83 - 86

https://doi.org/10.1145/1950413.1950432

Published: 27 February 2011 Publication History

Get Access

Abstract

FPGA bitstream encryption blocks theft of the design in the FPGA bitstream by preventing unauthorized copy and reverse engineering. By itself, encryption does not protect against tampering with the bitstream, so without additional capabilities, bitstream encryption cannot prevent the FPGA from executing an unauthorized bitstream. An unauthorized bitstream might be generated by trial and error to cause the FPGA to leak confidential data, including the decrypted bitstream. Strong authentication detects tampering with the bitstream, providing a root of trust that enables applications that require protection of sensitive data in a hostile environment. This paper describes the SHA HMAC-based bitstream authentication algorithm and protocol in Virtex-6 FPGAs and shows how they are integrated in the bitstream.

References

[1]

J. Black, "Authenticated Encryption", http://www.cs.colorado.edu/~jrblack/papers/ae.pdf, 2004.

Google Scholar

[2]

Drimer, S., "Authentication of FPGA Bitstreams, Why and How," in Applied Reconfigurable Computing, v 4419 of LNCS, 2007, http://www.cl.cam.ac.uk/~sd410/papers/bsauth.pdf

Digital Library

Google Scholar

[3]

Drimer, S. "Security for Volatile FPGAs", PhD Dissertation, Cambridge University, 2009.

Google Scholar

[4]

"Secure Hash Standard", FIPS PUB 180-2 + Change Notice to include SHA-224; August 1, 2002, http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf

Google Scholar

[5]

FIPS, "The Keyed-Hash Message Authentication Code (HMAC)", FIPS PUB 198; March 6, 2002, http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf

Google Scholar

[6]

S. Knapp, "Authentication for Information Provided to an Integrated Circuit", US Patent 7768293

Google Scholar

[7]

NIST, Recommendation for Block Cipher Modes of Operation, NIST Special Publication 800--38A, 2001, http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

Google Scholar

[8]

M. Parlekar, "Authenticated Encryption in Hardware", Master's Thesis, GMU, 2005

Google Scholar

[9]

D. Parlour, "Intellectual property protection in a programmable logic device", US Patent 6,904,527

Google Scholar

[10]

S. Trimberger, "Trusted Design in FPGAs," Design Automation Conference, 2007, ACM.

Digital Library

Google Scholar

[11]

J. B. Webb, "Methods for Securing the Integrity of FPGA Configurations", MS Thesis, Virginia Polytechnic Institute and State University, 2006

Google Scholar

[12]

Xilinx, "Virtex-6 FPGA Configuration User Guide", UG360, July 30, 2010, http://www.xilinx.com/support/documentation/user_guides/ug360.pdf

Google Scholar

Cited By

View all

S. DMahammad SK N(2024)Scalable and Accelerated Self-healing Control Circuit Using Evolvable HardwareACM Transactions on Design Automation of Electronic Systems10.1145/363468229:2(1-29)Online publication date: 15-Feb-2024
https://dl.acm.org/doi/10.1145/3634682
Jimale MZ'aba MKiah MIdris MJamil NMohamad MRohmad M(2022)Authenticated Encryption Schemes: A Systematic ReviewIEEE Access10.1109/ACCESS.2022.314720110(14739-14766)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3147201
Skipper GSozio CDuncan ALukefahr ASwany M(2020)ReCon: From the Bitstream to Piracy Detection2020 IEEE Physical Assurance and Inspection of Electronics (PAINE)10.1109/PAINE49178.2020.9337563(1-6)Online publication date: 15-Dec-2020
https://doi.org/10.1109/PAINE49178.2020.9337563
Show More Cited By

Index Terms

Authenticated encryption for FPGA bitstreams
1. Hardware
  1. Very large scale integration design
    1. Application-specific VLSI designs

Recommendations

Convertible multi-authenticated encryption scheme

A convertible authenticated encryption (CAE) scheme allows the signer to generate a valid authenticated ciphertext on his chosen message such that only the designated recipient can retrieve the message. Further, the recipient has the ability to convert ...
Read More
200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards
ASHES '18: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security

We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first ...
Read More
Practical convertible authenticated encryption schemes using self-certified public keys

A convertible authenticated encryption scheme allows a designated receiver to recover and verify a message simultaneously, during which the recipient can prove the dishonesty of the sender to any third party if the sender repudiates her signature later. ...
Read More

Comments

Information & Contributors

Information

Published In

FPGA '11: Proceedings of the 19th ACM/SIGDA international symposium on Field programmable gate arrays

February 2011

300 pages

ISBN:9781450305549

DOI:10.1145/1950413

General Chair:
John Wawrzynek
University of California, Berkeley, USA
,
Program Chair:
Katherine Compton
University of Wisconsin-Madison, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 February 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

FPGA '11

Sponsor:

SIGDA

FPGA '11: ACM/SIGDA International Symposium on Field Programmable Gate Arrays

February 27 - March 1, 2011

CA, Monterey, USA

Acceptance Rates

Overall Acceptance Rate 125 of 627 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
539
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)2

Other Metrics

View Author Metrics

Citations

Cited By

View all

S. DMahammad SK N(2024)Scalable and Accelerated Self-healing Control Circuit Using Evolvable HardwareACM Transactions on Design Automation of Electronic Systems10.1145/363468229:2(1-29)Online publication date: 15-Feb-2024
https://dl.acm.org/doi/10.1145/3634682
Jimale MZ'aba MKiah MIdris MJamil NMohamad MRohmad M(2022)Authenticated Encryption Schemes: A Systematic ReviewIEEE Access10.1109/ACCESS.2022.314720110(14739-14766)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3147201
Skipper GSozio CDuncan ALukefahr ASwany M(2020)ReCon: From the Bitstream to Piracy Detection2020 IEEE Physical Assurance and Inspection of Electronics (PAINE)10.1109/PAINE49178.2020.9337563(1-6)Online publication date: 15-Dec-2020
https://doi.org/10.1109/PAINE49178.2020.9337563
Zhang JQu G(2019)Recent Attacks and Defenses on FPGA-based SystemsACM Transactions on Reconfigurable Technology and Systems10.1145/334055712:3(1-24)Online publication date: 21-Aug-2019
https://dl.acm.org/doi/10.1145/3340557
Rufina JJenifarPon PPrasanna GPriya SLivingston J(2019)FPGA Implementation of PIR based security alert system using BASYS 3 kit2019 2nd International Conference on Signal Processing and Communication (ICSPC)10.1109/ICSPC46172.2019.8976738(384-387)Online publication date: Mar-2019
https://doi.org/10.1109/ICSPC46172.2019.8976738
Maes RSchellekens DVerbauwhede I(2018)A Pay-per-Use Licensing Scheme for Hardware IP Cores in Recent SRAM-Based FPGAsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2011.21696677:1(98-108)Online publication date: 25-Dec-2018
https://dl.acm.org/doi/10.1109/TIFS.2011.2169667
Swierczynski PBecker GMoradi APaar C(2018)Bitstream Fault Injections (BiFI)–Automated Fault Attacks Against SRAM-Based FPGAsIEEE Transactions on Computers10.1109/TC.2016.264636767:3(348-360)Online publication date: 1-Mar-2018
https://doi.org/10.1109/TC.2016.2646367
Ziener DPirkl JTeich J(2018)Configuration Tampering of BRAM-based AES Implementations on FPGAs2018 International Conference on ReConFigurable Computing and FPGAs (ReConFig)10.1109/RECONFIG.2018.8641692(1-7)Online publication date: Dec-2018
https://doi.org/10.1109/RECONFIG.2018.8641692
Zhang JLiu L(2017)Publicly Verifiable Watermarking for Intellectual Property Protection in FPGA DesignIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2016.261968225:4(1520-1527)Online publication date: 1-Apr-2017
https://dl.acm.org/doi/10.1109/TVLSI.2016.2619682
Zhang JWang WWang XXia Z(2017)Enhancing Security of FPGA-Based Embedded Systems with Combinational Logic BindingJournal of Computer Science and Technology10.1007/s11390-017-1700-832:2(329-339)Online publication date: 13-Mar-2017
https://doi.org/10.1007/s11390-017-1700-8
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Convertible multi-authenticated encryption scheme

200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

Practical convertible authenticated encryption schemes using self-certified public keys

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Convertible multi-authenticated encryption scheme

200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

Practical convertible authenticated encryption schemes using self-certified public keys

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations