Abstract:We present an AES cipher implementation that is based on the BlockRAM and DSP units embedded within FPGAs. An iterative "basic" module outputs a 32 bit column of an AES round each clock cycle, with a throughput of 1.76 Gbit/s when processing two 128 bit inputs. This construct is replicated four times for a 128 bit datapath for a full AES round with 6.21 Gbit/s throughput when processing eight inputs. Finally, the "round" module is replicated ten times for a fully unrolled design that yields over 55 Gbit/s of … Show more
“…2 2) The Core Vendor (CV): offers access to its soft IP cores, i.e., innovative logical circuits for configuration on FPGAs, by licensing other parties to use them. We focus on pay-per-use licensing schemes with technical enforcement measures.…”
Abstract-Currently achievable intellectual property (IP) protection solutions for field-programmable gate arrays (FPGAs) are limited to single large "monolithic" configurations. However, the ever growing capabilities of FPGAs and the consequential increasing complexity of their designs ask for a modular development model, where individual IP cores from multiple parties are integrated into a larger system. To enable such a model, the availability of IP protection at the modular level is imperative. In this work, we propose an IP protection mechanism for FPGA designs at the level of individual IP cores, by making use of the self-reconfiguring capabilities of modern FPGAs and deploying a trusted third party to run a metering service, similar to the work of Güneysu et al. and Drimer et al. The proposed scheme makes it possible to enforce a pay-per-use licensing scheme which holds considerable advantages, both for IP core providers as well as for system integrators. Moreover, the scheme has a minimal implementation overhead and is the first of its kind to be solely based on primitives that are already available in recent commercially available FPGA devices. This allows for an immediate and feasible deployment, in contrast to earlier proposed solutions.Index Terms-Cloning, design security, field-programmable gate array (FPGA), hardware metering, intellectual property (IP) protection, reverse-engineering, soft intellectual property (IP).
“…2 2) The Core Vendor (CV): offers access to its soft IP cores, i.e., innovative logical circuits for configuration on FPGAs, by licensing other parties to use them. We focus on pay-per-use licensing schemes with technical enforcement measures.…”
Abstract-Currently achievable intellectual property (IP) protection solutions for field-programmable gate arrays (FPGAs) are limited to single large "monolithic" configurations. However, the ever growing capabilities of FPGAs and the consequential increasing complexity of their designs ask for a modular development model, where individual IP cores from multiple parties are integrated into a larger system. To enable such a model, the availability of IP protection at the modular level is imperative. In this work, we propose an IP protection mechanism for FPGA designs at the level of individual IP cores, by making use of the self-reconfiguring capabilities of modern FPGAs and deploying a trusted third party to run a metering service, similar to the work of Güneysu et al. and Drimer et al. The proposed scheme makes it possible to enforce a pay-per-use licensing scheme which holds considerable advantages, both for IP core providers as well as for system integrators. Moreover, the scheme has a minimal implementation overhead and is the first of its kind to be solely based on primitives that are already available in recent commercially available FPGA devices. This allows for an immediate and feasible deployment, in contrast to earlier proposed solutions.Index Terms-Cloning, design security, field-programmable gate array (FPGA), hardware metering, intellectual property (IP) protection, reverse-engineering, soft intellectual property (IP).
“…As compared to other architectures we found that sbox in LUT proves to be most robust implementation. We make an attempt to relate our scenario with what has been published elsewhere [11], [20]. In terms of cost, the sbox in LUT consumes the maximum area followed by sbox inGF(2 4 ) and RAM respectively.…”
Section: Discussionmentioning
confidence: 99%
“…A sbox which gets faulty at lower voltage is more secure because it is more likely that some other part of the design stops working at lower voltages. Recently, few methods have been reported [20] which suggest to synthesize the bulky parts of AES like SubBytes & MixColumns into the peripherals like block RAM, DSPs etc. These methods reduce the logic utilization in the FPGA and hence are cost effective.…”
Section: B Security Evaluation Of the Three Architectures Against Dfamentioning
Abstract-Security evaluation of various AES implementation against practical power attacks has been reported in literature. However, to the authors' knowledge, very few of the fault attacks reported on AES have been practically realized. Since sbox is a crucial element in AES, in this article, we evaluate the security of some unprotected AES implementations differing in sbox construction, targeted for FPGA. Here the faults have been generated practically by underpowering the targeted circuit. Then we correlate our results with the underlying architecture, along a methodology already suggested in other articles, albeit theoretically. We also carry out an extensive characterization of the faults, in terms of temporal localization. On the basis of our results, we reach the conclusion that the two cheaper implementations in terms of silicon area are also the more vulnerable against DFA when implemented without countermeasures.
“…The design and presentation of our protocol was influenced by our experience with an ongoing logic-circuit implementation on a Virtex-5 evaluation board, using the publicly available AES design by Drimer et al [12].…”
Abstract. We present a security protocol for the remote update of volatile FPGA configurations stored in non-volatile memory. Our approach can be implemented on existing FPGAs, as it sits entirely in user logic. Our protocol provides for remote attestation of the running configuration and the status of the upload process. It authenticates the uploading party both before initiating the upload and before completing it, to both limit a denial-of-service attack and protect the integrity of the bitstream. Encryption protects bitstream confidentiality in transit; we either decrypt it before non-volatile storage, or pass on ciphertext if the configuration logic can decrypt it. We discuss how tamper-proofing the connection between the FPGA and the non-volatile memory, as well as space for multiple bitstreams in the latter, can improve resilience against downgrading and denial-of-service attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.