(ReCo)Fuse Your PRC or Lose Security: Finally Reliable Reconfiguration-Based Countermeasures on FPGAs

  • Kenneth SchmitzEmail author
  • Buse Ustaoglu
  • Daniel Große
  • Rolf Drechsler
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11444)


Partial reconfiguration is a powerful technique to adapt the functionality of Field Programmable Gate Arrays (FPGAs) at run time. When performing partial reconfiguration a dedicated Intellectual Property (IP) component of the FPGA vendor, i.e. the Partial Reconfiguration Controller (PRC), among a wide range of IP components has to be used. While ensuring the functional safety of FPGA designs is well understood, ensuring hardware security is still very challenging. This applies in particular to reconfiguration-based countermeasures which are intensively used to form a moving target for the attacker. However, from the system security perspective a critical component is the above mentioned PRC as noticed by many papers implementing reconfiguration-based countermeasures against SCA/DPA attacks. In this work, we leverage a new proposed safety mechanism which creates a container around an IP, to encapsulate and thereby to protect and observe the PRC of an FPGA. The proposed encapsulation scheme results in an architecture consisting of so-called ReCoFuses (RCFs), each capturing a specific protective goal which have to be fulfilled at any time during PRC operation. The terminology follows the classical electric installation including a fuse box. In our scheme we employ formal verification to guarantee the correctness in detecting a security violation. Only after successful verification, the RCFs are integrated into the ReCoFuse Container. Experimental results demonstrate the advantage of our approach by preventing attacks on the PRC of a system secured by reconfiguration.


  1. 1.
    Emmert, J., Stroud, C., Skaggs, B., Abramovici, M.: Dynamic fault tolerance in FPGAs via partial reconfiguration. In: FCCM, pp. 165–174 (2000)Google Scholar
  2. 2.
    Paulsson, K., Hübner, M., Bayar, S., Becker, J.: Exploitation of run-time partial reconfiguration for dynamic power management in Xilinx spartan III-based systems. In: ReCoSoC, pp. 1–6 (2007)Google Scholar
  3. 3.
    Noguera, J., Kennedy, I.O.: Power reduction in network equipment through adaptive partial reconfiguration. In: FPL, pp. 240–245 (2007)Google Scholar
  4. 4.
    Trimberger, S., Carberry, D., Johnson, A., Wong, J.: A time-multiplexed FPGA. In: FCCM, pp. 22–28 (1997)Google Scholar
  5. 5.
    Bloem, R., Könighofer, B., Könighofer, R., Wang, C.: Shield synthesis: runtime enforcement for reactive systems. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 533–548. Springer, Heidelberg (2015). Scholar
  6. 6.
    Drechsler, R., Kühne, U.: Safe IP integration using container modules. In: ISED, pp. 1–4 (2014)Google Scholar
  7. 7.
    Chandrasekharan, A., Schmitz, K., Kühne, U., Drechsler, R.: Ensuring safety and reliability of IP-based system design - a container approach. In: RSP, pp. 76–82 (2015)Google Scholar
  8. 8.
    Schmitz, K., Chandrasekharan, A., Filho, J.G., Große, D., Drechsler, R.: Trust is good, control is better: hardware-based instruction-replacement for reliable processor-IPs. In: ASP-DAC, pp. 57–62 (2017)Google Scholar
  9. 9.
    Hategekimana, F., Whitaker, T.J., Pantho, M.J.H., Bobda, C.: Secure integration of non-trusted IPs in SOCs. In: AsianHOST, pp. 103–108 (2017)Google Scholar
  10. 10.
    Mentens, N., Gierlichs, B., Verbauwhede, I.: Power and fault analysis resistance in hardware through dynamic reconfiguration. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 346–362. Springer, Heidelberg (2008). Scholar
  11. 11.
    Vipin, K., Fahmy, S.A.: ZyCAP: efficient partial reconfiguration management on the Xilinx Zynq. ESL 6(3), 41–44 (2014)Google Scholar
  12. 12.
    Pezzarossa, L., Schoeberl, M., Sparsø, J.: A controller for dynamic partial reconfiguration in FPGA-based real-time systems. In: ISORC, pp. 92–100 (2017)Google Scholar
  13. 13.
    Straka, M., Kastil, J., Kotasek, Z.: Generic partial dynamic reconfiguration controller for fault tolerant designs based on FPGA. In: NORCHIP, pp. 1–4 (2010)Google Scholar
  14. 14.
    Kepa, K., Morgan, F., Kosciuszkiewicz, K., Surmacz, T.: SeReCon: a secure reconfiguration controller for self-reconfigurable systems. IJCCBS 1(1–3), 86–103 (2010)CrossRefGoogle Scholar
  15. 15.
  16. 16.
    Lemke-Rust, K., Paar, C.: An adversarial model for fault analysis against low-cost cryptographic devices. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 131–143. Springer, Heidelberg (2006). Scholar
  17. 17.
    Schneider, T., Moradi, A.: Leakage assessment methodology. JCEN 6(2), 85–99 (2016)Google Scholar
  18. 18.
    Bhasin, S., Danger, J.-L., Guilley, S., Ngo, X., Sauvage, L.: Hardware Trojan horses in cryptographic IP cores. In: FDTC, pp. 15–29 (2013)Google Scholar
  19. 19.
    Zhao, M., Suh, G.E.: FPGA-based remote power side-channel attacks. In: S&P, pp. 229–244, May 2018Google Scholar
  20. 20.
    Xilinx: Xilinx official website - user guide - partial reconfiguration, January 2018.
  21. 21.
    Xilinx: User guide - 7 series FPGAs configuration, March 2018.
  22. 22.
    Li, H., Du, G., Shao, C., Dai, L., Xu, G., Guo, J.: Heavy-Ion microbeam fault injection into SRAM-based FPGA implementations of cryptographic circuits. IEEE Trans. Nuclear Sci. 62(3), 1341–1348 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Cyber -Physical Systems, DFKI GmbHBremenGermany
  2. 2.Institute of Computer ArchitectureUniversity of BremenBremenGermany

Personalised recommendations