Uses Node-Locked Bitstreams to Enable Device and IP Security, While Using Significantly Less Energy and Space
This Field Programmable Gate Array (FPGA) prevents unauthorized in-field programming and intellectual property (IP) piracy without encryption. FPGAs have become increasingly popular, being deployed in diverse applications, including the Internet of Things (IoT) and “smart” devices. The smart device market alone is projected to grow to 50 billion devices by 2020. FPGA bitstream security, however, is decidedly lacking, especially during wireless reconfiguration. These security issues arise in even state-of-the-art devices Available bitstream encryption techniques incur a high area overhead for area/energy-constrained devices and are susceptible to side channel attacks, as well as reverse-engineering and unauthorized reprogramming. Moreover, they are still vulnerable to piracy and malicious alteration during in-field upgrade. Researchers at the University of Florida have constructed a device architecture using a fundamentally different approach to FPGA security that can prevent unauthorized in-field reprogramming and intellectual property piracy without encryption. This device architecture yields a high level of security with significantly less area and power overhead compared to optimized encryption blocks.
Apparatus for the generation of secure bitstreams to protect against malicious reconfiguration and IP piracy in FPGAs while conserving energy and space in devices
- Resilient to brute force, side channel, and destructive reverse engineering attacks, ensuring device and IP security
- Maintains a simple architecture, minimizing production and recurring costs
- Low area and power overhead, optimizing device volume to energy ratio
- Capable of restricting reconfiguration to authorized parties, further enhancing security measures beyond existing technologies
This device relies on a node-locked bitstream approach, similar to the software domain, in which the device-to-bitstream association is changed from device to device. This programmable logic device prevents bitstream tampering by making the bitstreams more difficult to understand, since an attacker would be unable to figure out the functionality of the bitstream by observing how the bits get stored. This field programmable gate array (FPGA) comprises an external interface, a first circuit configured to generate an identifier, a second circuit configured to obtain the identifier, and a third circuit configured to complicate the understanding of a bitstream based in part on the identifier. This technology specifically employs node-locked bitstreams to complicate the bitstream, giving it added protection from brute force attacks, reverse engineering, and malicious modification; only the proper key can reveal how the bits finally execute in a running FPGA. This technology may then be extended to microcontroller and CPU security due to a similar firmware-securing system as FPGAs.