Advertisement

Introduction and Motivation

  • Ted HuffmireEmail author
  • Cynthia Irvine
  • Thuy D. Nguyen
  • Timothy Levin
  • Ryan Kastner
  • Timothy Sherwood

Abstract

From Bluetooth transceivers to the NASA Mars Rover, FPGAs have become one of the mainstays of embedded system design. By merging properties of hardware and software, reconfigurable devices provide an attractive tradeoff between the performance of application-specific hardware and the programmability of CPUs. Although this flexibility allows developers to quickly prototype and deploy embedded systems with performance close to ASICs, this programmability can also be exploited to disrupt critical functionality, eavesdrop on encrypted communication, or even destroy a chip. Creating systems which are both efficient and flexible, yet fundamentally sound from a security point of view, is an exceedingly challenging endeavor for both researchers and practitioners. All too often the security aspects of a reconfigurable design are not addressed until far too late in the design process, resulting in systems that are protected only by their obscurity. This chapter presents an overview of Field Programmable Gate Array (FPGA) technologies from the viewpoint of security, specifically how and why these devices have grown in importance over the last decade to become one of the most trusted and critical elements of modern computer systems. This chapter also discusses their changing role from a platform for prototyping to a deployable solution, the architecture of a modern FPGA, the security ramifications of their increased use, and some of the lessons from the security community that may be applicable in this domain.

Keywords

Field Programmable Gate Array Intrusion Detection System Side Channel Attack SRAM Cell Application Specific Integrate Circuit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    A. Abraham, It is I: an authentication system for a reconfigurable radio. M.S. thesis, Virginia Tech, August 2002 Google Scholar
  2. 2.
    Actel Corporation, FPGAs for military, avionics, and high-reliability applications. White Paper, Actel Corporation, 2008 Google Scholar
  3. 3.
    R. Anderson, Why cryptosystems fail, in Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993, pp. 215–227 Google Scholar
  4. 4.
    M. Attig, S. Dharmapurikar, J. Lockwood, Implementation results of bloom filters for string matching, in Proceedings of the Field-Programmable Custom Computing Machines, 12th Annual IEEE Symposium on (FCCM’04) (IEEE Comput. Soc., Los Alamitos, 2004), pp. 322–323 CrossRefGoogle Scholar
  5. 5.
    Z.K. Baker, V.K. Prasanna, A methodology for synthesis of efficient intrusion detection systems on FPGAs, in Proceedings of the Field-Programmable Custom Computing Machines, 12th Annual IEEE Symposium on (FCCM’04) (IEEE Comput. Soc., Los Alamitos, 2004), pp. 135–144 CrossRefGoogle Scholar
  6. 6.
    Z.K. Baker, V.K. Prasanna, Time and area efficient pattern matching on FPGAs, in Proceeding of the 2004 ACM/SIGDA 12th International Symposium on Field Programmable Gate Arrays (ACM, New York, 2004), pp. 223–232 CrossRefGoogle Scholar
  7. 7.
    V. Betz, J.S. Rose, A. Marquardt, Architecture and CAD for Deep-Submicron FPGAs (Kluwer Academic, Dordrecht, 1999) CrossRefGoogle Scholar
  8. 8.
    A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich, A. Shamir, Key recovery attacks of practical complexity on AES variants with up to 10 rounds. IARC ePrint Report 2009/374, August 2009 Google Scholar
  9. 9.
    K. Bondalapati, V.K. Prasanna, Reconfigurable computing systems. Proc. IEEE 90(7), 1201–1217 (2002) CrossRefGoogle Scholar
  10. 10.
    U. Bondhugula, A. Devulapalli, J. Fernando, P. Wyckoff, P. Sadayappan, Parallel FPGA-based all-pairs shortest-paths in a directed graph, in Proceedings of the 20th IEEE International Parallel and Distributed Processing Symposium (IPDPS’06), April 2006 Google Scholar
  11. 11.
    L. Bossuet, G. Gogniat, W. Burleson, Dynamically configurable security for SRAM FPGA bitstreams, in Proceedings of the 18th International Parallel and Distributed Processing Symposium (IPDPS’04), Santa Fe, NM, April 2004 Google Scholar
  12. 12.
    D.A. Buell, K.L. Pocek, Custom computing machines: an introduction. J. Supercomput. 9(3), 219–29 (1995) CrossRefGoogle Scholar
  13. 13.
    Y.H. Cho, S. Navab, W.H. Mangione-Smith, Specialized hardware for deep network packet filtering, in 12th International Conference on Field-Programmable Logic and Applications, 2002 Google Scholar
  14. 14.
    C.R. Clark, D.E. Schimmel, Efficient reconfigurable logic circuits for matching complex network intrusion detection patterns, in Proceedings of FPL, Lisbon, Portugal, 2003 Google Scholar
  15. 15.
    K. Compton, S. Hauck, Reconfigurable computing: a survey of systems and software. ACM Comput. Surv. (CSUR) 34(2), 171–210 (2002) CrossRefGoogle Scholar
  16. 16.
    S. Craven, P. Athanas, Examining the viability of FPGA supercomputing. EURASIP J. Embed. Syst. 2007(1) (2007) Google Scholar
  17. 17.
    J. Deepakumara, H.M. Heys, R. Venkatesan, FPGA implementation of MD5 hash algorithm, in Canadian Conference on Electrical and Computer Engineering, 2001 Google Scholar
  18. 18.
    A. DeHon, Comparing computing machines, in SPIE-Int. Soc. Opt. Eng. Proceedings of SPIE—the International Society for Optical Engineering, vol. 3526, pp. 124–33, 1998 Google Scholar
  19. 19.
    A. DeHon, J. Wawrzynek, Reconfigurable computing: what, why, and implications for design automation, in Proceedings of the 36th ACM/IEEE Conference on Design Automation, New Orleans, LA, June 1999 Google Scholar
  20. 20.
    Design and Reuse Magazine, TTP controller IP in Altera’s low-cost cyclone FPGA Families for Aerospace Applications, in Design and Reuse Magazine, 23 October 2007 Google Scholar
  21. 21.
    S. Dharmapurikar, M. Attig, J. Lockwood, Deep packet inspection using parallel bloom filters. IEEE Micro 24(1), 52–61 (2004) CrossRefGoogle Scholar
  22. 22.
    S. Drimer, Volatile FPGA design security: a survey. Unpublished, Cambridge University, April 2008 Google Scholar
  23. 23.
    Electronic Design Magazine, Actel FPGAs in Mars Rover, in Electronic Design Magazine, 6 August 2007 Google Scholar
  24. 24.
    G. Estrin, Reconfigurable computer origins: the UCLA fixed-plus-variable (F+V) structure computer. IEEE Ann. Hist. Comput. 24(4), 3–9 (2002) MathSciNetCrossRefGoogle Scholar
  25. 25.
    O.D. Fidanci, D. Poznanovic, K. Gaj, T. El-Ghazawi, N. Alxeandridis, Performance and overhead in a hybrid reconfigurable computer, in Proceedings of the 2003 International Parallel and Distributed Processing Symposium (IPDPS), Nice, France, April 2003 Google Scholar
  26. 26.
    M. Gokhale, D. Dubois, A. Dubois, M. Boorman, S. Poole, V. Hogsett, Granidt: towards gigabit rate network intrusion detection technology, in Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications (Springer, Berlin, 2002), pp. 404–413 CrossRefGoogle Scholar
  27. 27.
    J. Goodman, A.P. Chandrakasan, An energy-efficient reconfigurable public-key cryptography processor. IEEE J. Solid-State Circuits 36(11), 1808–1820 (2001) CrossRefGoogle Scholar
  28. 28.
    S. Govindavajhala, A. Appel, Using memory errors to attack a virtual machine, in Proceedings of the 2003 IEEE Symposium on Security and Privacy, Oakland, CA, May 2003 Google Scholar
  29. 29.
    C. Grabbe, M. Bednara, J.  von zur Gathen, J. Shokrollahi, J. Teich, A high performance VLIW processor for finite field arithmetic, in Proceedings of the International Parallel and Distributed Processing Symposium, 2003 Google Scholar
  30. 30.
    I. Hadzic, S. Udani, J. Smith, FPGA viruses, in Proceedings of the Ninth International Workshop on Field-Programmable Logic and Applications (FPL’99), Glasgow, UK, August 1999 Google Scholar
  31. 31.
    S. Harper, P. Athanas, A security policy based upon hardware encryption, in Proceedings of the 37th Hawaii International Conference on System Sciences, 2004 Google Scholar
  32. 32.
    S. Harper, R. Fong, P. Athanas, A versatile framework for FPGA field updates: an application of partial self-reconfiguration, in Proceedings of the 14th IEEE International Workshop on Rapid System Prototyping, June 2003 Google Scholar
  33. 33.
    S. Hauck, L. Zhiyuan, E. Schwabe, Configuration compression for the Xilinx XC6200 FPGA, in Proceedings of Symposium on FPGAs for Custom Computing Machines, 1998, pp. 138–46 Google Scholar
  34. 34.
    T. Hill, AccelDSP synthesis tool floating-point to fixed-point conversion of MATLAB algorithms targeting FPGAs. White Paper, Xilinx Inc., San Jose, CA, April 2006 Google Scholar
  35. 35.
    T. Huffmire, B. Brotherton, T. Sherwood, R. Kastner, T. Levin, T. Nguyen, C. Irvine, Managing security in FPGA-based embedded systems. IEEE Des. Test Comput. 25(6), 590–598 (2008) CrossRefGoogle Scholar
  36. 36.
    B.L. Hutchings, R. Franklin, D. Carver, Assisting network intrusion detection with reconfigurable hardware, in Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM’02) (IEEE Comput. Soc., Los Alamitos, 2002), p. 111 CrossRefGoogle Scholar
  37. 37.
    Y.K. Kang, D.W. Kim, T.W. Kwon, J.R. Choi, An efficient implementation of hash function processor for IPsec, in Proceedings of the Third IEEE Asia-Pacific Conference on ASICs, 2002 Google Scholar
  38. 38.
    P.A. Karger, R.R. Schell, Multics security evaluation: vulnerability analysis. Tech. Rep. ESD-TR-74-193, vol. II, HQ Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731, June 1974 Google Scholar
  39. 39.
    R. Kastner, T. Huffmire, Threats and challenges in reconfigurable hardware security, in International Conference on Engineering of Reconfigurable Systems and Algorithms (ERSA), Las Vegas, NV, July 2008, pp. 334–345 Google Scholar
  40. 40.
    R. Kastner, A. Kaplan, M. Sarrafzadeh, Synthesis Techniques and Optimizations for Reconfigurable Systems (Kluwer Academic, Dordrecht, 2004) Google Scholar
  41. 41.
    T. Kean, Secure configuration of field programmable gate arrays, in Proceedings of the 11th International Conference on Field Programmable Logic and Applications (FPL’01), Belfast, UK, August 2001 Google Scholar
  42. 42.
    T. Kean, Cryptographic rights management of FPGA intellectual property cores, in Tenth ACM International Symposium on Field-Programmable Gate Arrays (FPGA’02), Monterey, CA, February 2002 Google Scholar
  43. 43.
    P. Kitsos, O. Koufopavlou, Efficient architecture and hardware implementation of the Whirlpool hash function. IEEE Trans. Consum. Electron. 50(1), 208–313 (2004) CrossRefGoogle Scholar
  44. 44.
    P. Kocher, R. Lee, G. McGraw, A. Raghunathan, S. Ravi, Security as a new dimension in embedded system design, in Proceedings of the 41st Design Automation Conference (DAC’04), San Diego, CA, June 2004 Google Scholar
  45. 45.
    I. Kuon, J. Rose, Measuring the Gap between FPGAs and ASICs, in Proceedings of the International Symposium on FPGAs, Monterey, CA, February 2006 Google Scholar
  46. 46.
    J. Lach, W. Mangione-Smith, M. Potkonjak, FPGA fingerprinting techniques for protecting intellectual property, in Proceedings of the 1999 IEEE Custom Integrated Circuits Conference, San Diego, CA, May 1999 Google Scholar
  47. 47.
    J. Lach, W. Mangione-Smith, M. Potkonjak, Robust FPGA intellectual property protection through multiple small watermarks, in Proceedings of the 36th ACM/IEEE Conference on Design Automation (DAC’99), New Orleans, LA, June 1999 Google Scholar
  48. 48.
    P.H.W. Leong, I.K.H. Leung, A microcoded elliptic curve processor using FPGA technology. IEEE Trans. VLSI Syst. 10(5), 550–559 (2002) CrossRefGoogle Scholar
  49. 49.
    J.R. Lewis, B. Martin, Cryptol: High assurance, retargetable crypto development and validation, in IEEE Military Communications Conference (MILCOM), Boston, MA, October 2003 Google Scholar
  50. 50.
    Z. Li, K. Compton, S. Hauck, Configuration caching management techniques for reconfigurable computing, in Proceedings of Symposium on Field-Programmable Custom Computing Machines, 2000, pp. 22–36 Google Scholar
  51. 51.
    W.H. Mangione-Smith, B. Hutchings, D. Andrews, A. DeHon, C. Ebeling, R. Hartenstein, O. Mencer, J. Morris, K. Palem, V.K. Prasanna, H.A.E. Spaanenburg, Seeking solutions in configurable computing. Computer 30(12), 38–43 (1997) CrossRefGoogle Scholar
  52. 52.
    The Math Works Inc. MATLAB user’s guide. White Paper, The Math Works Inc., Natick, MA, 2006 Google Scholar
  53. 53.
    D. McGrath, Gartner Dataquest analyst gives ASIC, FPGA markets clean bill of health. EE Times, 13 June 2005 Google Scholar
  54. 54.
    C. McIvor, M. McLoone, J.V. McCanny, Fast Montgomery modular multiplication and RSA cryptographic processor architectures, in 37th IEEE Asilomar Conference on Signals, Systems, and Computers, 2003 Google Scholar
  55. 55.
    M. McLoone, J.V. McCanny, A single-chip IPsec cryptographic processor, in IEEE Workshop on Signal Processing Systems, 2002 Google Scholar
  56. 56.
    Military and Aerospace Electronics, F-35 Joint Strike Fighter uses Actel FPGAs for engine electronics, in Military and Aerospace Electronics, 1 September 2004 Google Scholar
  57. 57.
    Military and Aerospace Electronics, FPGA processors keep Mars Rovers moving, in Military and Aerospace Electronics, 11 January 2005 Google Scholar
  58. 58.
    K. Morris, Cray goes FPGA, in FPGA and Structured ASIC Journal, 5 April 2005 Google Scholar
  59. 59.
    H. Ngo, R. Gottumukkal, V. Asari, A flexible and efficient hardware architecture for real-time face recognition based on Eigenface, in Proceedings of the IEEE Computer Society Annual Symposium on VLSI, 2005 Google Scholar
  60. 60.
    C. Paar, B. Chetwynd, T. Connor, S.Y. Deng, S. Marchang, An algorithm-agile cryptographic co-processor based on FPGAs, in SPIE’s Symposium on Voice, Video, and Data Communications, 1999 Google Scholar
  61. 61.
    J. Saltzer, M. Schroeder, The protection of information in computer systems. Commun. ACM 17(7), 388–402 (1974) CrossRefGoogle Scholar
  62. 62.
    P. Schaumont, I. Verbauwhede, K. Keutzer, M. Sarrafzadeh, A quick safari through the reconfiguration jungle, in Proceedings of the Design Automation Conference, 2001, pp. 172–177 Google Scholar
  63. 63.
    R. Schell, Computer security: the Achilles heel of the electronic Air Force? Air Univ. Rev. 30(2), 16–33 (1979) Google Scholar
  64. 64.
    G. Selimis, N. Sklavos, O. Koufopavlou, VLSI implementation of the keyed-hash message authentication code for the wireless application protocol, in IEEE International Conference on Electronics, Circuits, and Systems, 2003 Google Scholar
  65. 65.
    A. Senior, S. Pankanti, A. Hampapur, L. Brown, Y.-L. Tian, A. Ekin, Blinkering surveillance: enabling video privacy through computer vision. Technical Report RC22886, IBM, 2003 Google Scholar
  66. 66.
    Z. Shi, R.B. Lee, Bit permutation instructions for accelerating software cryptography, in Proc. of the IEEE International Conference on Application-specific Systems, Architectures and Processors, 2000 Google Scholar
  67. 67.
    Silicon Graphics, Inc., Extraordinary acceleration of workflows with reconfigurable application-specific computing from SGI. White Paper, Silicon Graphics, Inc., 2004 Google Scholar
  68. 68.
    Silicon Graphics Inc., SGI builds world’s largest FPGA supercomputer, boosts nucleotide query performance by more than 900 times over 68-node cluster. White Paper, Silicon Graphics, Inc., 8 November 2007 Google Scholar
  69. 69.
    S. Sivaswamy, G. Wang, C. Ababei, K. Bazargan, R. Kaster, E. Bozorgzadeh, HARP: Hardwired routing pattern FPGAs, in Proceedings of the International Symposium on FPGAs, Monterey, CA, February 2005 Google Scholar
  70. 70.
    N. Sklavos, O. Koufopavlou, On the hardware implementations of the SHA-2 (256, 384, 512) hash functions, in Proceedings of IEEE International Symposium on Circuits and Systems, 2003 Google Scholar
  71. 71.
    M.C. Smith, J.S. Vetter, X. Liang, Accelerating scientific applications with the SRC-6 reconfigurable computer: methodologies and analysis, in Proceedings of the 19th IEEE Parallel and Distributed Processing Symposium (IPDPS), Denver, CO, April 2005 Google Scholar
  72. 72.
    I. Sourdis, D. Pnevmatikatos, Pre-decoded CAMs for efficient and high-speed NIDS pattern matching, in Proceedings of the Field-Programmable Custom Computing Machines, 12th Annual IEEE Symposium on (FCCM’04) (IEEE Comput. Soc., Los Alamitos, 2004), pp. 258–267 CrossRefGoogle Scholar
  73. 73.
    F. Standaert, L. Oldenzeel, D. Samyde, J. Quisquater, Power analysis of FPGAs: how practical is the attack? Field-Program. Logic Appl. 2778(2003), 701–711 (2003) CrossRefGoogle Scholar
  74. 74.
    K. Underwood, FPGAs vs. CPUs: trends in peak floating-point performance, in Proceedings of the 2004 ACM/SIGDA 12th International Symposium on Field Programmable Gate Arrays, Monterey, CA, February 2004 Google Scholar
  75. 75.
    J.E. Vuillemin, P. Bertin, D. Roncin, M. Shand, H.H. Touati, P. Boucard, Programmable active memories: reconfigurable systems come of age. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 4(1), 56–69 (1996) CrossRefGoogle Scholar
  76. 76.
    T. Wollinger, J. Guajardo, C. Paar, Security on FPGAs: State-of-the-art implementations and attacks. ACM Trans. Embed. Comput. Syst. 3(3), 534–574 (2004) CrossRefGoogle Scholar
  77. 77.
    L. Wu, C. Weaver, T. Austin, Cryptomaniac: a fast flexible architecture for secure communication, in International Symposium on Computer Architecture, 2001 Google Scholar
  78. 78.
    Xilinx Inc., Getting started with the Embedded Development Kit (EDK). White Paper, Xilinx Inc., San Jose, CA, 2006 Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2010

Authors and Affiliations

  • Ted Huffmire
    • 1
    Email author
  • Cynthia Irvine
    • 1
  • Thuy D. Nguyen
    • 1
  • Timothy Levin
    • 1
  • Ryan Kastner
    • 2
  • Timothy Sherwood
    • 3
  1. 1.Department of Computer ScienceNaval Postgraduate SchoolMontereyUSA
  2. 2.Dept. of Computer Science and Eng.University of California, San DiegoLa JollaUSA
  3. 3.Department of Computer ScienceUC, Santa BarbaraSanta BarbaraUSA

Personalised recommendations