39
SECURE PARTIAL RECONFIGURATION OF FPGAs Amir S. Zeineddini Kris Gaj
SECURE PARTIALRECONFIGURATION OFFPGAs
Amir S. ZeineddiniKris Gaj
Outline
FPGAs Security
Our scheme
Implementation approach
Experimental results
Conclusions
FPGAs SECURITYFPGAs SECURITY
SRAM FPGA Security
Designer/Vendor should be able to remotely modify theconfiguration of FPGA without revealing its contents
or accepting malicious changes introduced by an attacker
BitstreamBitstream
ConfigurationLogic
SRAM FPGA
ConfigurationInterface
ConfigurationConfigurationMemoryMemory
Configuration Device
101110101011100101001010011101
• JTAG• SelectMAP• Slave/Master Serial• ICAPCorrespond toconfiguration modes
A series ofcommandand data
Types of Attacks
Cloning
Reverse Engineering
Tampering
Countermeasures:
Encryption and Authentication
101110101011100101001010011101
Bitstream
101110101011100101001010011101
Bitstream
101110101011100101001010011101
Bitstream
101110101011100101001010011101
Exact Copy
001110101111100101000010000001
Tampered Copy
Netlist
Xilinx Solution
ConfigurationMemory
Decryptor
KeysExternal Battery
XILINX ISE
Keys
BitstreamGenerator
EncryptionSoftware
XILINX FPGA
Key Storage
Configuration Device
Major Disadvantages:
No flexibility
Need of an external battery
Partial reconfiguration via the external configurationinterfaces is not permitted for encrypted bitstreams.
101110101011100101001010011101
Encrypted Bitstream
Algotronix Solution
Secret Key
Configuration Device
ConfigurationLogic
SRAM FPGA
ConfigurationInterface
EncryptionEncryptionCircuitCircuit
Non-encryptedBitstream
Configuration Device
Initial Programming: Normal Configuration:
ConfigurationMemory
Secret Key
ConfigurationLogic
SRAM FPGA
ConfigurationInterface
DecryptionDecryptionCircuitCircuit
101110101011100101001010011101
Encrypted Bitstream
101110101011100101001010011101
Encrypted Bitstream
ConfigurationMemory
Tom Kean. Secure Configuration of a Field Programmable Gate Array. FPL 2001 and FCCM 2001.
Solution by Bossuet et al.
Major Advantages:
No hard-wiredencryption/decryptioncircuits
No additional battery
Major Disadvantages:
Not feasible
Management of partialreconfiguration
Complex system, keysmanagement
IP 3
ConfigurationConfiguration
ControllerController
DecryptionCircuit 2
IP 2Encrypted
DecryptionCircuit 1
IP 1Encrypted
IP 2
IP 3
IP 1
Configuration Storage
FPGA
L. Bossuet, G. Gogniat, and W. Burleson.Dynamically configurable security for SRAM FPGA bitstreams. RAW2004.
Keys
OUR SCHEMEOUR SCHEME
Desirable Characteristics
Strong protection against:
Cloning
Reverse engineering
Tampering
Flexibility Providing the key
Choice of a suitable algorithm(security policy)
Least amount of fixedresources (hard IP)
Our Solution
IP 3
IP 2Encrypted
IP 1Encrypted
IP 2IP 3 IP 1
External Memory
ProcessorIP Cores
PowerPCPowerPCoror
MicroBlazeMicroBlaze
Xilinx FPGA
ConfigurationConfigurationControllerController
ApplicationApplicationSystemSystem
Our Solution (cont.)
Solution for a secure partial reconfigurationafter initial configuration
Method exploits: Embedded processor cores
Dynamic Partial Reconfiguration
Software Control
Scheme provides: Flexibility (arbitrary algorithm for encryption/decryption)
NIST approved authentication
IMPLEMENTATIONIMPLEMENTATION
Virtex-II Pro Architecture
22
44
66
11
55
33 Features:
1. Processor Block
2. RocketIO Multi-GigabitTransceivers
3. CLB and Configurable Logic
4. SelectIO-Ultra
5. Digital Clock Managers
6. Multipliers and BlockSelectRAM
We are interested in: Embedded processor core
Dynamic partialreconfigurability
Processor Block
PPC 405Core
BRAM BRAM
BRAM BRAM
FP
GA
CL
BA
rra
y
ControlControl
OC
MC
on
tro
ller
OC
MC
on
tro
ller
Interface Logic OC
MC
on
tro
ller
OC
MC
on
tro
ller
Contains four components:
Embedded IBM PowerPC 405-D5 RISC CPU core
On-Chip Memory (OCM)controllers and interface
Clock/control interface logic
CPU-FPGA Interfaces
IBM CoreConnect BusArchitecture Features:
Processor Local Bus (PLB)
On-chip Peripheral Bus (OPB)
Device Control Register (DCR)Bus
Partial Reconfiguration
Loading only a subset of frames into the FPGA
Different forms: Static: Rest of the device is in reset (shutdown)
Dynamic: Rest of the device remains operational Advantages:
Runtime reconfiguration
Efficient resource utilization
Self-reconfiguration: dynamic reconfiguration + specificcircuit on the FPGA to control partial reconfiguration
Xilinx ML310 Evaluation Board
Virtex-II Pro
XC2VP30FF896
System ACERS232
SMBus
SPI EEPROM
GPIO / LEDs
256 DDR SDRAM
High SpeedPM 1
High SpeedPM 2
CompactFlash
IDE(2)
USB(2)
AMDFlash
GPIO
ParallelPort
SMBus
RS232(2)
PS/2K/M
ALi M1535D+
South Bridge
Intel 10/100Ethernet NIC
RJ45
TI PCI2250
5V PCISlots(2)
3.3V PCISlots(2)
Audio
3.3V PCI
Design Tools
Xilinx Embedded Development Kit(EDK)
Xilinx ISE Foundation designenvironment
Software Libraries: AES encryption / decryption algorithm
HMAC-SHA1 authentication algorithm(Both implemented by Dr. B. Gladman)
EDK Tools Flow
Processor IPMPD Files
SystemConstraint
File
PlatGen
Data2MEM
Download to FPGA
Libraries
MicroprocessorSoftware
Specification File
MicroprocessorHardware
Specification File
Executable
Linker
C / C++ Code
Compiler
Bitstream
VHDL / Verilog
Hardware Flow
ISE / Xflow
Software Flow
Synthesizer
Object FilesEDIF IP Netlists
LibGen
PowerPC System
Virtex-II Pro
PowerPC405
PL
B
PL
B-t
o-O
PB
Bri
dg
e
OP
B
JTAGController
ICAP
HWICAPBRAM
ICAP Controller
OPB Controller
User Interface
OPB DDRController
UART
ML310DDR SDRAM
JTAGInterface XMD
PLB = Processor Local BusOPB = On-chip Peripheral BusICAP = Internal Configuration Access PortHWICAP = Hardware ICAPXMD = Xilinx Microprocessor Debugger
Hardware Internal Configuration Access Port
(HWICAP) Hardware ICAP
(HWICAP) is used for: Configuration read/write
Loading partial bitstreams
ICAP: Subset of SelectMAP
interface
Located in the lower rightcorner of the device
OPBDual-
portedBRAM
ICAPController
OPBController
ICAP
MicroBlaze System
Virtex-II Pro
User Interface
OP
B
OPB DDRController
UART
ML310DDR SDRAM
ILMB
MicroBlaze
DLMB
DebugModule
Du
alP
ort
BR
AM
OPB WdTimer
ICAP
HWICAPBRAM
ICAP Controller
OPB Controller
JTAGInterface XMD
ILMB = Instruction-side Local Memory BusDLMB = Data-side Local Memory BusOPB = On-chip Peripheral BusOPB Wd Timer = OPB Watchdog TimerICAP = Internal Configuration Access PortHWICAP = Hardware ICAPXMD = Xilinx Microprocessor Debugger
EXPERIMENT METHODOLOGYEXPERIMENT METHODOLOGY
Xilinx Partial Reconfiguration Styles
DifferenceDifference--basedbased ModuleModule--basedbased
LargeLargeSmallSmall
Top-level Module
Active ModuleImplementation
(Map, Place, Route)
Initial Budgeting
Final Assembly(Map, Place, Route)
Design EntryHDL Entry/Synthesis
Modified Design‘.ncd’ file
Initial DesignBitstream
BitGen generatesa partial bitstream
Front-end Modification(HDL Entry, Synthesis,
Implementation)
Back-end Modification(Using FPGA Editor)
Extent ofExtent ofPartial ReconfigurationPartial Reconfiguration
?
Module-based Flow
VirtexVirtex--II ProII Pro
ICAPICAP
JTAGJTAGInterfaceInterface
PowerPCPowerPC(left)(left)
ML310 LEDs
ML
310
DD
RS
DR
AM
Static Module Reconfigurable Module
XMD
PowerPCPowerPC(right)(right)
BusMacro
BusMacro
BusMacro
24-bit Bus MacroXHWICAP
PowerPC selfPowerPC self--reconfiguringreconfiguringplatform areaplatform area
(IPs not shown)(IPs not shown)
PowerPC systemPowerPC systemin reconfigurable areain reconfigurable area
(IPs not shown)(IPs not shown)
Bus Macro
Module-based Flow (cont.)
PowerPCSelf-reconfiguring
Platform
PowerPCSystem
ICAP
JTAG
SpecialBus Macro
Module-based Flow Evaluation
Automation and bounded routingBenefitsBenefits
Requires:
A full design for initial reconfiguration
Special consideration for inter-modulecommunications
Different constraints for modules
PracticalPracticallimitationslimitations
Limited with frequent errors especially forcomplex designs
Level of support ofLevel of support ofexisting toolsexisting tools
High; needs more than average acquaintancewith the tool
Level of requiredLevel of requiredefforteffort
Difference-based Flow
VirtexVirtex--II ProII Pro
User Interface
ICAPICAP
JTAGJTAGInterfaceInterface
PowerPCPowerPCoror
MicroBlazeMicroBlaze
PowerPC / MicroBlazePowerPC / MicroBlazeSelfSelf--reconfigurable platform areareconfigurable platform area
(IPs not shown)(IPs not shown)
8K of BRAM8K of BRAMpartially reconfiguredpartially reconfigured
in MicroBlaze system areain MicroBlaze system area
ML310 LEDs
ML
310
DD
RS
DR
AM
Static Area Reconfigurable Area
XMD
MicroBlazeMicroBlazeCPU CoreCPU Core
GPIOGPIO
OPBOPB
DOPBDOPB
ILMBILMB DLMBDLMB
DualDual--portedportedBRAMBRAM
Difference-based Flow (cont.)
PowerPCSelf-reconfiguring
PlatformMicroBlaze
System
ICAP
Difference-based Flow Evaluation
Small partial bitstreams (Multiple-frame Write)BenefitsBenefits
Not recommended if routing changes aredesired
PracticalPracticallimitationslimitations
Acceptable with occasional errors andproblems
Level of support ofLevel of support ofexisting toolsexisting tools
Medium depending on the changes made andlevel of acquaintance with the tool
Level of requiredLevel of requiredefforteffort
RESULTS AND CONCLUSIONSRESULTS AND CONCLUSIONS
Phases of the program running on the processor core of theconfiguration controller:
Timing Measurement MethodTiming Measurement Method
Authentication Decryption Configuration
10 measurements10 measurements10 measurements
Difference-based Flow: 10 measurements for
each phase(clock cycles)
PowerPC system:no extra component(time-base register)
MicroBlaze system:OPB Watchdog Timer
Size of partial bitstream:14112 bytes
Timing Results I
Phase
#
1
2
3
4
5
6
7
8
9
10
Std. Dev.
Mean
% Error
Phase
#
1
2
3
4
5
6
7
8
9
10
Std. Dev.
Mean
% Error
DecryptionAuthentication Configuration
20,838,776
20,838,876
20,838,776
20,838,769
20,838,876
20,838,769
20,838,769
3,175,943
3,175,996
20,838,879
20,838,769
5,628,993
5,631,037
1.34%
756
5,630,131
Configuration
3,175,996
PowerPC System
3,175,996
3,175,996
3,175,952
3,176,008
3,175,964
3,175,420
3,175,996
13,862,591
5,630,038
5,631,061
5,630,038
5,630,038
13,862,435
13,862,591
13,862,486
13,862,435
20,838,76913,862,500
13,862,575
13,862,591
13,862,575
5,631,037
5,630,038
5,628,993
5,630,038
13,862,486
77,649,436 147,201,543
65
13,862,527
51
20,838,803
Authentication Decryption
MicroBlaze System
77,649,453 147,201,601
77,649,510 147,201,675
77,649,597 147,201,639
77,649,416 147,201,543
77,649,510 147,201,675
77,648,899 147,201,639
0.05% 0.02%
77,649,597 147,201,675
77,649,515 147,201,451
77,649,349 147,201,675
0.03% 0.01% 0.56%
201 77 179
77,649,428 147,201,612 3,175,927
Comparison of the timing results for eachphase PowerPC Faster authentication and decryption time
Slower configuration time
Timing Results II
PowerPC
MicroBlaze
PowerPC
MicroBlaze
Ratio PPC / MB 0.65.6 7.0
System
Clock Cycles /
Byte
MicroBlaze 900
Clock Cycles /
16 Bytes Block
Clock Cycles /
4 Bytes Word
PowerPC
1472
68
10
System
Ave. Time(ms)
Throughput
(KB/s)
DecryptionAuthentication Configuration
208 56
32
251
444
139
776
102
18
982
5,502 166,895
23,627 1,596
Device Utilization SummaryPowerPC System
Number of MULT18X18s 0 out of 136 0%
Number of RAMB16s 5 out of 136 3%
Number of SLICEs 1334 out of 13696 9%
Number of PPC405s 1 out of 2 50%
Number of BUFGMUXs 7 out of 16 43%
Number of DCMs 2 out of 8 25%
Number of JTAGPPCs 1 out of 1 100%
Number of ICAPs 1 out of 1 100%
MicroBlaze System
Number of MULT18X18s 3 out of 136 2%
Number of RAMB16s 5 out of 136 3%
Number of SLICEs 1706 out of 13696 12%
Number of BUFGMUXs 8 out of 16 50%
Number of DCMs 2 out of 8 25%
Number of BSCANs 1 out of 1 100%
Number of ICAPs 1 out of 1 100%
Resource usage: PowerPC ≈ MicroBlaze
Xilinx MicroBlaze soft processor ~950 logic cells (475 Slices)
Future Improvements
Security Improvements:
Storing the partial bitstream in internal memory
Storing the key in the battery-powered storage
Use of synthesizable Intellectual Property (soft IP)cores which can be readily incorporated into anFPGA for faster decryption and authentication
Use of an embedded OS
Conclusion
It is necessary to improve the security of SRAM FPGAs againstdifferent attacks.
We propose a solution for secure partial reconfiguration that takesadvantage of embedded processor cores and dynamic partialreconfiguration. It provides: Feasible implementation for both hard/soft processor cores Flexibility by using any arbitrary encryption/authentication software core Reasonable resource utilization especially for processor-based systems
Analyzing the available methods of partial reconfiguration for XilinxFPGAs show: A simple methodology along with more support and automation from
tools are needed to: Increase the ease of use for designers Decrease the development time
Comments?Comments?
Questions?Questions?
Thank youThank you
