SCA Secure and Updatable Crypto Engines for FPGA SoC Bitstream Decryption

Florian Unterstein, Nisha Jacob, Neil Hanley, Chongyan Gu, Johann Heyzl

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)
214 Downloads (Pure)

Abstract

FPGA system on chips (SoCs) are ideal computing platforms for edge devices in applications which require high performance through hardware acceleration and updatability due to long operation in the field. A secure update of hardware functionality can in general be achieved by using built-in cryptographic engines and provided secretkey storage. However, reported examples have shown that suchcryptographic engines may become insecure against side-channel attacks at any later point in time. This leaves already deployed systems vulnerable without any clear mitigation options. To solve this, we propose a comprehensive concept that uses an alternative and side-channel protected cryptographic engine within the FPGA logic instead of the built-in one for the crucial task of bit streamd ecryption. Remarkably this concept even allows to update the cryptographic engine itself. As proof of concept, we describe anapplication to the Xilinx Zynq-7020 FPGA SoC in detail using a leakage resilient decryption engine. The lack of accessible secretkey storage poses a significant challenge and requires the use of a physical unclonable function (PUF) to generate a device intrinsic secret within the FPGA logic. At the same time this means that no manufacturer provided secret key storage or cryptography is required anymore; only a public key for signature verification of the first stage bootloader and initial static bit stream. We provide empirical results proving the side-channel security of the protected cryptographic engine as well as an evaluation of the PUF quality.The full design and source code is made available to encourage further research in this direction.
Original languageEnglish
Title of host publicationASHES 2019 - Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop
PublisherACM
Pages45-53
Number of pages9
ISBN (Electronic)9781450368391
ISBN (Print)978-1-4503-6839-1
DOIs
Publication statusPublished - 15 Nov 2019
Event3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop, ASHES 2019, a Post-Conference Satellite Workshop of the ACM Conference on Computer and Communications Security, CCS 2019 - London, United Kingdom
Duration: 15 Nov 2019 → …

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop, ASHES 2019, a Post-Conference Satellite Workshop of the ACM Conference on Computer and Communications Security, CCS 2019
CountryUnited Kingdom
CityLondon
Period15/11/2019 → …

Keywords

  • AES
  • Leakage resilience
  • PUF
  • Secure boot
  • Zynq

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'SCA Secure and Updatable Crypto Engines for FPGA SoC Bitstream Decryption'. Together they form a unique fingerprint.

Cite this