Erbagci_cmu_0041E_10302.pdf (10.91 MB)
Download file

Hardware-Entangled Inherently Secure Field Programmable Gate Arrays

Download (10.91 MB)
posted on 13.09.2018, 00:00 by Burak ErbagciBurak Erbagci
Field programmable gate arrays (FPGAs) are one of the most attractive programmable platforms because they combine the flexibility of software programmed
CPUs and the performance and efficiency of custom ASICs. FPGAs enable rapid prototyping and development of complex ASICs and facilitate deployment of embedded
systems with performance nearing ASICs. Consequently, FPGAs are now the workhorses behind a broad variety of applications including aerospace, supercomputing, high-speed signal processing, and cryptography. Additionally, FPGAs are a highly attractive implementation platform for secure systems due their lack of application design information at manufacture-time, which mitigates the risk if the supply chain is compromised. Cryptographic applications and security protocols can be efficiently implemented on FPGAs and they can easily be modified in the field unlike their ASIC counterparts.
The configuration bitstream is a persistent source of security vulnerability in FPGA designs. The possible compromise of configuration data by the attacker poses significant threats for deployed systems in the field. These threats include cloning the FPGA configuration for use in counterfeit/unauthorized systems, modifying the
FPGA configuration to increase side-channel emissions, and adding malicious Trojan hardware into the compromised design. To ensure design protection, FPGA manufacturers
have implemented bitstream encryption and authentication, flash FPGAs, and active defense mechanisms for FPGA test and support circuits. However, these
security measures can be circumvented in a number of ways, which includes direct probing the key storage, side-channel attacks on the bitstream decryption logic, and
attacks on the test and verification support circuits. Furthermore, as is common with hardware implementations, cryptographic systems implemented on FPGAs leak inadvertent side-channel information (i.e., power, timing, electromagnetic emissions) that can be exploited by an attacker to bypass the security of the algorithms. One highly effective and easy-to-mount side-channel attack is power analysis, which exploits the data-dependent power consumption in the hardware. Hiding and masking
countermeasures seek to achieve resistance against power side-channel attacks at the expense of significant timing, area, and energy overheads; however, these techniques
are vulnerable against a number of successful side-channel attacks. In this thesis, we present a secure hardware-entangled FPGA design in order to address these FPGA security concerns. The proposed FPGA design never stores the configuration data in the clear, even at the lowest level of the hardware. We deeply hardware-entangle both the reconfigurable logic and interconnect by one-time pad
encrypting the bitstream using a secret die-specific response. Physical unclonable functions (PUFs) are used in the implementation as a mechanism to generate this secret
response. By leveraging our recent work in efficient PUF design with both low VLSI overheads (i.e., area, power, delay) and strong security metrics (i.e., randomness,
uniqueness, reliability), we tightly integrate a PUF bit with every configuration bit. This has significant security benefits that include high resistance to probing attacks
and unique per-die configuration bitstreams. Also, PUFs can be fired on-the-fly during FPGA operation for enhanced security against probing attacks. In addition
to bitstream protection, the proposed FPGA fabric has resistance to power analysis attacks embedded within the reconfigurable fabric that enables side-channel secure
operation. The fabric uses post-charged dynamic logic with self-timed discharge operation to ensure secure operation of user designs. Hardware-entangled secure FPGAs are a promising alternative to layering countermeasures on top of insecure conventional-off-the-shelf (COTS) FPGAs.




Degree Type



Electrical and Computer Engineering

Degree Name

  • Doctor of Philosophy (PhD)


Ken Mai