Managing Securities in FPGA-
Based Embedded Systems
Pratheep Joe Siluvai Iruthayaraj
● Better performance.
○ Large number of bit level operations can be performed.
○ shifting, permutations are achieved ny just wiring.
○ extreme level of parallelism
○ low overheads
● Rapid time to market
● Truth tables or Lookup tables are used for hw acceleration.
○ Face recognition systems, wireless networks, cryptographic
applications, supercomputers and many security applications.
● Cryptographic algorithms are generally implemented on
● Encryption devices require strong isolation to segregate
plaintext(red) from ciphertext(black).
● Unencrypted data should be unavailable for black
● Shared resources in system
○ Shared DRAM, shared bus and
shared AES encryption core.
○ MicroBlaze0, RS-232, Distinct
○ MicroBlaze1, an Ethernet interface,
another distinct partition of memory
Applications need separation of data
● Aviation field.
○ Uses Commercial off-the-shelf (COTS) FPGA components.
○ Sensitive and non-sensitive data is processed in same device.
○ This isolation of the sensitive and non-sensitive data is achieved in
● Intelligent video surveillance
○ FPGA provides deep computation pipelining and isolation.
○ Rely on 3 cores
■ Video interface for decoding
■ Encryption mechanism for processing the video
■ Network interface for sending data.
FPGA System Flow
● Cores can be generated by
hand or by software like
Development Kit (EDK).
● Bitstream is the final code
that goes to the core.
● Malicious design could destroy FPGA because of short circuit.
● Trusted tools should be used to develop trusted cores.
● Xilinx provide signed cores.
● As final design, we can trust the design as much as the least-trusted design path.
● Systems can be composed on
○ Device level
■ one or more IP cores resides on single chip
○ Board level
■ one or more chips on a single board
○ Network level
■ Multiple boards are connected through network
● Now, it is possible to copy the hardware from existing products.
● Protected IP could be a solution.
● a separate chip for each core can be used which can provide security advantage
Security issues with COTS
● COTS : Commercial off-the-shelf
● Manufacturer should not insert unintended functionalities into FPGA.
● All cores should be flawless so that attacker can’t exploit.
● Security flaws should not exist in running software or the compiler.
● Embedded device depends on other parts of larger nw should not be malicious.
Trusted-Foundry Problem and Bitstream
● Trusted-Foundry Problem
○ ASIC is having problem of IP theft.
○ FPGA provide important security benefit over ASIC in this issue.
● Bitstream Protection
○ Securely Bitstream uploading is essential to avoid the IP-theft
○ These theft impacts the “Bottom Line”
○ Some FPGA’s can remotely updated in the field.
■ Requires secure channel and authentication.
Reconfigurable security solutions
● Life-cycle management
○ Configuration management stores software with version numbers.
○ Any new version is thoroughly tested before assignment of new version.
○ Control on development environment and tools can support accountability.
○ Alternative is to build a custom set of trusted tools for security critical HW.
○ A critical function of life-cycle protection ensure that o/p is not malicious.
● Secure Architecture
○ FPGA provides self-protected security mechanism at a low cost.
■ Memory Protection
■ Spatial Isolation
■ Secure Communication
● Memory Protection
○ Reference monitor is well known method for legal sharing of memory.
○ Reference monitor possesses
■ Enforcement mechanisms cannot be bypassed.
■ Correct and complete.
● Spatial Isolation
○ Control on layout function provide spatial isolation in
Secure Architecture cont..
○ Ability to track information and its transformation as it flows through
○ Tag is metadata that can be attached to each piece of system data.
○ Tag can be used in FPGA at different granularity.
● Secure Communication
○ Cores need to share data so can’t be isolated.
○ Currently FPGA system use
■ Shared Memory
■ Direct connection
■ Shared Bus
● Multicore Systems
○ Chip multiprocessors running multiple threads
○ SoCs with multiple single-purpose cores on single ASIC.
○ New techniques are needed to mediate secure, efficient communication of
multi core system.
● Integration of security primitives.
○ If computing units are shared among security domains then temporal scheme
might be required.
○ Spatial schemes, temporal scheme or tags should be designed which can meet
security requirement and minimize overhead.
● Reconfigurable Updates
○ Latest FPGA are capable of changing configuration on runtime.
○ These dynamic systems need more communication between core.
○ Cores state can be changed from executing to updated.
○ These are complicated systems and require new primitives for security.
● Channels and information leakage
○ Core are isolated still need communication through covert channel which can
○ Another attack can be side channel attack. E.g Power-analysis attack.
● A Successful approach must combine life-cycle management and a
coherent security architecture.
● Designing any trustworthy complex system is challenging.
● Hardware security is getting more and more important.