Offline Hardware/Software Authentication for Reconfigurable Platforms

  • Eric Simpson
  • Patrick Schaumont
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4249)

Abstract

Many Field-Programmable Gate Array (FPGA) based systems utilize third-party intellectual property (IP) in their development. When they are deployed in non-networked environments, the question raises how this IP can be protected against non-authorized use. We describe an offline authentication scheme for IP modules. The scheme implements mutual authentication of the IP modules and the hardware platform, and enables us to provide authentication and integrity assurances to both the system developer and IP provider. Compared to the Trusted Computing Platform’s approach to hardware, software authentication, our solution is more lightweight and tightly integrates with existing FPGA security features. We are able to demonstrate an implementation of the authentication scheme that requires a symmetric cipher and a Physically Unclonable Function (PUF). In addition to the low hardware requirements, our implementation does not require any on-chip, non-volatile storage.

References

  1. 1.
    Moyer, B.: Using softcore-based FPGAs to balance hardware/software needs in a multicore design. Embedded System Design Magazine (2006)Google Scholar
  2. 2.
    Feng, J.: FPGA design security. ECN Magazine, 23–24 (2006)Google Scholar
  3. 3.
    Inc., X.: Using bitstream encryption. Handbook of the Virtex II Platform (2003)Google Scholar
  4. 4.
    Gassend, B.: Physical Random Functions. Master’s thesis, Massachusetts Institute of Technology (2003)Google Scholar
  5. 5.
    Suh, G.E., O’Donnell, C.W., Sachdev, I., Devadas, S.: Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions. SIGARCH Comput. Archit. News 33, 25–36 (2005)CrossRefGoogle Scholar
  6. 6.
    Kahng, A.B., Lach, J., Mangione-Smith, W.H., Mantik, S., Markov, I.L., Potkonjak, M., Tucker, P., Wang, H., Wolfe, G.: Watermarking techniques for intellectual property protection. In: Design Automation Conference, pp. 776–781 (1998)Google Scholar
  7. 7.
    Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. J. Cryptol. 1, 77–94 (1988)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Bellare, M., Palacio, A.: Gq and schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 162–177. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Otway, D., Rees, O.: Efficient and timely mutual authentication. Operating Systems Review 21, 8–10 (1987)CrossRefGoogle Scholar
  10. 10.
    Schaumont, P., Ching, D.: GEZEL homepage (2006), http://rijndael.ece.vt.edu/gezel2
  11. 11.
    Cohen, B., Laurie, B.: AES-Hash. NIST: Modes of Operation for Symmetric Key Block Ciphers (2001)Google Scholar
  12. 12.
    Group, T.C.: TCG Specification Architecture Overview (2004)Google Scholar
  13. 13.
    DoCoMo, N.: IBM, Corporation, I.: Trusted Mobile Platform Hardware Architecture Description (2004)Google Scholar
  14. 14.
    Kuhn, U., Kursawe, K., Lucks, S., Sadeghi, A.R., Stuble, C.: Secure Data Management in Trusted Computing. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 324–338. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Khan, M., Seifert, J., Wheeler, D.M., Brizek, J.P.: A platform-level trust-architecture for hand-held devices. In: Cryptographic Advances in Secure Hardware (CRASH 2005) (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Eric Simpson
    • 1
  • Patrick Schaumont
    • 1
  1. 1.Virginia TechBlacksburgUSA

Personalised recommendations