Review on security techniques for field programmable gate array

Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14)
30 – 31, December 2014, Ernakulam, India
124
REVIEW ON SECURITY TECHNIQUES FOR FIELD
PROGRAMMABLE GATE ARRAY
Silpa Shaju1
, Parvathy R2
, Aryalakshmy M S3
, Dr. K. Gnana Sheela4
1, 2, 3, 4
(ECE Department, TIST/ CUSAT, Arakunnam, India)
ABSTRACT
Nowadays FPGAs have been used in a wide variety of electronic devices in differenttypes of industry, from
simple switches to complex factories, medical apparatus or building automation and control systems. Besides the
advantages of the increasing use of FPGA devices such as: cost reduction, time to market, programmability, reliability, or
high performance designs, security issues also start to appear.During the manufacturing process, the FPGA passes
through different processes of different manufacturers. During this time, hardware threats the exposed the design.
Therefore protection against hardware attacks is important. Digital circuits, like Ring Oscillators (ROs), which undergo
process variations during the physical execution ofFPGA are a promising method for security of FPGA. This paper
presents and analyzes the method of generating a unique identifier for FPGA security, based on a ROs security primitive.
Keywords: Challenge-Response Pairs (CRPs), Physical Uncloneable Functions (PUFs), Ring oscillators (RO), Integrated
circuit(IC), Field Programmable Gate Array (FPGA)
I. INTRODUCTION
Several biometric technologies include those that support the use of behavioural or physiological human
characteristic to determine the individual identity for an example is the human fingerprint. Since the FPGAs have been
largely used in common applications and the types of hardware attacks have grown in that area. Then the researchers
attempted to create a unique identifier, which is dependent on the intrinsic properties of the integrated circuit. The
process variations within the circuit are used for the circuit.
Fig.1: FPGA manufacturing flow
INTERNATIONAL JOURNAL OF ELECTRONICS AND
COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)
ISSN 0976 – 6464(Print)
ISSN 0976 – 6472(Online)
Volume 5, Issue 12, December (2014), pp. 124-129
© IAEME: http://www.iaeme.com/IJECET.asp
Journal Impact Factor (2014): 7.2836 (Calculated by GISI)
www.jifactor.com
IJECET
© I A E M E

125
The application design creation on an FPGA also implies certain stages such as system development or system
manufacturing, as it can be seen in Fig.2. All these steps, described in Fig. 1 and Fig. 2 are vulnerable to hardware
attacks like cloning, mislabeling, overproducing, reverse engineering the bitstream, read back, side channels based on
power analysis, EMF analysis, timing analysis; brute force, crippling or fault injection [8]. A main ingredient that is
required to protect FPGAs against hardware attacks is a secret key generated for each device, which cannot be obtained
or duplicated a chip fingerprint. Ring Oscillators that emphasize the process variations, are a good method for generating
such a fingerprint. Although integrated circuits that are subjects to the same manufacturing processes, there will be some
differences between circuits on the same wafer or on different wafers. This causes differences in physical imperfections
that may arise during the execution phase of the integrated circuits (Fig. 1). Involuntary deviations of physical parameters
from the normal values may arise due to the manufacturing process of the integrated circuits. The electrical parameter
such as sheet resistance and threshold voltage changes by this method. There are several sources of parameter variability
that can be attributed to different steps of the manufacturing process such as: the photolithography and etching processes,
non uniformity in the process of oxide growth, and non uniformity in the process of dopant implantation, dosage, and
diffusion. This paper provides a method to implement an optimized and secure technique for authentication of
integrated circuits, using ring oscillators. This technique is a alternative method for protecting the integrated circuits
against cloning, overproducing or stealing the implemented application (bitstream) based on ring oscillators in which the
process variations are used to create a unique identifier for each FPGA device.
In the present paper, the section 1 gives a brief overview of the previous work on ring oscillators and
authentication of FPGAs using ring oscillators is made. Also, the algorithm used to generate a unique identifier for
FPGA, based on ring oscillators is introduced. In section II, detailed study of different papers that related to FPGA
protection is given .In section III, experimental results of comparative study that shown as a table is presented. Finally,
the summarized is given in the last section.
Fig.2: Creating an application design on FPGA
II. RELATED WORK
Kean T et al(2001), describes that, although SRAM programmed Field Programmable Gate Array (FPGA) have
come to dominate the industry due to their density and performance advantages over non-volatile technologies they have
a serious weakness in that they are vulnerable to piracy and reverse engineering of the use design[1]. This is becoming
increasingly important as the size of chips and hence the value of customer designs - increases. FPGA's are now being
used in consumer products where piracy is more common. Further, reconfiguration of FPGA's in the field is becoming
increasingly popular particularly in networking applications and it is vital to provide security against malicious parties
interfering with equipment functionality through this mechanism. The proposed security technology offers key
advantages compared with alternative schemes it does not affect system reliability, it does not require additional
components, it is compatible with standard CMOS processing, it does not require support from CAD software and it is
based on standardized cryptographic protocols.
Gassend B et al(2004) presented modern cryptographic protocols are based on the premise that only authorized
participants can obtain secret keys and access to information systems[2]. However, various kinds of tampering methods
have been devised to extract secret keys from conditional access systems. The physical unclonable functions (PUFs)
exploit the statistical delay variation of wires and transistors across integrated circuits (ICs). It is used in manufacturing
processes to build unclonable secret keys. It fabricated arbiter-based PUFs in custom silicon and thus investigated the

126
identification capability, reliability, and security of this scheme. Experimental results and theoretical studies indicates
that a sufficient amount of inter-chip variation existed for enabling each IC to be identified from environmental
variations such as temperature and power supply voltage. It show that arbiter-based PUFs are realizable and which is
suitable to build key-cards that need to be resistant to physical attacks.
Tuyls P et al(2005) described a technique that exploits the statistical delay variations of wires and transistors
across ICs to build a secret key unique to each IC. To explore its feasibility, it fabricated a candidate circuit in order to
generate a response on the basis of its delay characteristics [3]. It shows that there exists enough delay variation across
ICs implementing. The evaluation indicates that there exists significant delay variations of wires and transistors across
ICs implementing this circuit and that idea of leveraging this variation to uniquely identify and authenticate an IC is
promising. Physical Uncloneable Functions (PUFs) can be used as a cost-effective method to store key material in an
uncloneable way. Because of this fact, noise is inevitably present in each readout of the key material obtained by
performing measurements on a physical system. It presents a number of methods that increase the robustness of bit-string
extraction from noisy PUF measurements and in particular for optical PUFs. It describes a practical implementation in
the case of optical PUFs and shows the obtained results.
Edward G et al (2007) provided Physical Unclonable Functions (PUFs) are innovative circuitprimitives that
extract secrets from physical characteristics of integrated circuits[4]. As electronic devices become ubiquitous and
interconnected, people are increasingly relying on integrated circuits (ICs) for performing security sensitive tasks as well
as handling sensitive information. For example, an RFID is oftenused as a key card to control access to buildings, smart
cards carry out financial transactions, and mobile phones often contain sensitive data such as confidential documents,
personal emails, etc. Therefore, it is critical for ICs to be able to perform operations such as authentication of devices,
protection of confidential information, and secure communication in an inexpensive yet highly secure way.
A common ingredient that is required to enable the above security operations is a secret on each IC, which an
adversary cannot obtain or duplicate. The current best practice is to place a secret key in non-volatile memory such as
fuses and EEPROM, and use cryptographic primitives such as digital signature and encryption to authenticate a device
and protect confidential information. PUFs significantly increase physical security by generating volatilesecrets that only
exist in a digital form when a chip is powered on and running. This immediately requires the adversary to mount an
attack while the IC is running and using the secret, a significantly harder proposition than discovering non-volatile keys;
an invasive attack must accurately measure PUF delays without changing the delays or discover volatile keys in registers
without cutting power or tamper-sensing wires that clear out the registers. This paper discusses how PUFs can enable
low-cost authentication of ICs and generate volatile secret keys for cryptographic operations. We also introduce a new
PUF circuit design based on ring oscillators, which has advantages in the ease of implementation and reliability over
previously proposed designs. The PUF circuits can also be used as hardware random number generators. However, this
paper only focuses on device authentication and key generation. In this paper Physical Unclonable Functions (PUFs)
and showed PUFs can provide low-cost authentication of ICs and generate volatile keys for both symmetric and
asymmetric cryptographic operations. Ongoing work includes the implementation of PUF-enabled RFIDs and the
development of a secure processor that uses a PUF to generate cryptographic keys that are only known to the processor.
Guajardo J (2007) et al described that IP protection of FPGA hardware designs has become an important factor
for many IP vendors[5]. The end solutions have been proposed on the basis of the idea of bitstream encryption,
symmetric-key primitives, and the use of Physical Unclonable Functions (PUFs). This paper proposed new protocols for
the IP protection problem on FPGAs based on public-key cryptography which analyzes the advantages and costs and
finally describes the PUF intrinsic to current FPGAs based on SRAM properties. The main advantage of using Public
Key based protocols is that they do not require the private key stored in the FPGA to leave the device which increases
security. This security provided by the additional hardware resources but it does not cause any significant performance
degradation.
Patterson M et al (2007) presented Physical Unclonable Function (PUF) is a function in some physical device
that is easy to evaluate but hard to predict [6]. It is equivalent to the mathematical one-way function. Every challenge
should map to a specific response but the disadvantage is that this mapping is impossible for predicting and different for
every physical device. On-chip PUF is useful for several reasons. First, it provides a way to uniquely identify a given
device. This could be used for secure chip authentication or for protection of Intellectual Property. Second, since an
FPGA PUF is based on intrinsic randomness, it could also serve as a Random Number Generator. Finally, and most
importantly, a PUF provides all this functionality without storing any secret information on the chip. Most solutions to
the previously listed problems involve storing some type of key or seed value on the chip. This poses many security
hazards. However, a PUF relies on the characteristics of the chip itself, which are considered impossible to observe and
duplicate.
Huffmire T et al (2008) describes that FPGAs combine the programmability of processors with the performance
of custom hardware [7]. It is more common in critical embedded systems. Thus new techniques are necessary to manage
security in FPGA designs. FPGA security problems and current research on reconfigurable devices and security, and
presents security primitives and component architecture for building highly secure systems on FPGAs are discussed here.
It is due to the fact that FPGAs can provide a useful balance between rapid time to market, performance, and flexibility;

127
they have become the primary source of computation in many critical embedded systems. The aerospace industry, for
example, relies on FPGAs to control everything from the Joint Strike Fighter to the Mars Rover. In 2005 alone, an
estimated 80,000 different commercial FPGA design projects began.3 because major IC manufacturers outsource most of
their operations, 4 IP theft from a foundry is a serious concern.
FPGAs provide a viable solution to this problem because the sensitive IP is not loaded onto the device until after
it has been manufactured and delivered, making it harder for adversaries to target a specific application or user.
Furthermore, modern FPGAs use bitstream encryption and other methods to protect IP once it is loaded onto the FPGA
or external memory. However, techniques beyond bitstream encryption are necessary to ensure FPGA design security.
To save time and money, FPGA systems are typically cobbled together from a collection of existing computational cores,
often obtained from third parties. These cores can be subverted during the design phase, by tampering with the tools used
to translate the design to the cores or by tampering with the cores themselves. Building every core and tool from scratch
is not economically feasible in most cases, and subversion can affect both third-party cores and cores developed in-
house. Therefore, embedded designers need methods for securely composing systems comprising both trusted and
untrusted components.
Braeken et al (2009) describes an overview of contemporary FPGA-related technologies and techniques that can
be used for data and system security [8]. As such we will give an overview of the currently available features in
commonly used FPGAs and link these features to established security techniques. The main goal is to evaluate the pros
and contras of the different techniques and technologies in order to give directions on the security strategy. The
incredible growth of FPGA capabilities in recent years and the new included features have made them more and more
attractive for numerous embedded systems. There is however an important shortcoming concerning security of data and
design. Data security implies the protection of the FPGA application in the sense that the data inside the circuit and the
data transferred to/from the peripheral circuits during the communication are protected. System security concerns the
protection of the design against cloning, reverse engineering and intellectual property (IP) theft.
This pyramid consists of 5 levels.
• Protocol level includes the type of protocol used between user and system.
• Algorithm level consists of the algorithm described in the protocols.
• Architecture level consists of secure HW/SW partitioning.
• Micro-architecture level deals with the HW design of the modules.
• Circuit level describes implementation techniques on transistor and package level
It mainly focuses on the security obtained in the architecture level. Nevertheless, we want to stress that security
in all other levels needs to be obtained in order to design a sound and secure system. For example, a very secure IDcheck
function could be bypassed or fooled due to vulnerability in another layer. Most of the FPGA manufacturers anticipated
on this problem of security by providing on-chip cryptographic hardware and the possibility to send encrypted
configurations over the internet to the FPGA. The main goal of this paper is to present a survey of the contemporary
FPGA-related technologies and techniques that are nowadays used for data and system security. As a consequence, we
want to create awareness of the pros and contras when choosing a specific device/design.
Schaumont et al (2009) proposes that an FPGA is a collection of programmable gates embedded in a flexible
interconnect network that can contain several hard or soft microprocessors [9]. In order to implement logic gates, flip-
flops for timing and registers, switchable interconnects to route logic signals between different units, and I/O blocks for
transferring data between the devices , FPGAs use truth tables or lookup tables (LUTs). A circuit can be mapped to an
FPGA by using the method of loading the LUTs and switch boxes with a configuration, that is analogous to the way a
traditional circuit might be mapped to a set of AND and OR gates. A bitstream is used to programme an FPGA. This
binary data, loaded into the FPGA through specific I/O ports on the device, defines how the internal resources are used
for performing logic operations.
The architecture works together to separate cores. A successful approach must combine life-cycle management
and coherent security architecture for policy enforcement. The security architecture we describe here uses a set of
primitives that complement one another, including a reference monitor for memory protection and a separation strategy
that uses spatial isolation and interconnect tracing. Designing any trustworthy complex system is challenging, and given
the relative immaturity of current FPGA design approaches in which multiple computational cores from different sources
are combined using commercial tools, the current state of embedded systems security leaves much to be desired. Industry
and its customers can no longer take hardware security for granted. Clearly, embedded-design practitioners must become
acquainted with these problems and with related new developments from the computer security research field, such as
the security primitives we’ve described here. Practitioners must also adapt the rich body of life-cycle management tools
and techniques that have been created for trustworthy software development and apply them to hardware design. A path
toward ensuring the security of the tools and the resulting product is necessary to provide accountability throughout the
development process. The holistic approach to system design we’ve described here is a significant step in that direction.

128
Stumpf F et al (2010) describes that Physical Unclonable Functions (PUFs) based on Ring Oscillators (ROs) are
a promising primitive for FPGA security [10]. However, the quality of their implementation depends on several design
parameters. It shows that ring oscillator frequencies mostly depend on surrounding logic. Based on these, propose a
strategy for improving the quality of RO PUF designs by placing and comparing ROs in a chain-like structure. It also
show that quality of a RO PUF mainly depend on an increased RO runtime and RO disabling. It implemented a RO PUF
key generation system on an FPGA using this design strategy. This result shows that the proposed design strategy can
significantly increase the quality of implementation a RO PUF. Field Programmable Gate Arrays (FPGAs) gain
increasingly in importance as highly edible alternative to Application Specific Integrated Circuits (ASICs). Their
reconfiguration property enables fast prototyping and updates for hardware devices even after market launch.
A promising approach towards holistic embedded security arises through the application of PUFs. These
physical structures enable the exploitation of unavoidable variations in manufacturing processes, e.g., lithographic
processes. Signal properties, such as the propagation delay on metal lines of a microchip, depend on these variations.
Circuits measuring and comparing these properties can extract PUF responses. These bit strings are noisy by nature and
not uniformly distributed, but sufficiently unique to identify a silicon device. A PUF can be seen as a function mapping a
response to a challenge input in an unpredictable way. In contrast to challenge-response authentication, where a PUF has
to generate a big amount of responses to given challenges, i.e., Challenge-Response Pairs (CRPs), for the purpose of
secure key generation, only a small number of challenges or even only a single one is applied. PUFs based on Ring
Oscillators (ROs) currently seem to be the most reasonable PUF construction to securely identify FPGAs. Their quality
has been evaluated in several analyses recently and enjoys great interest within the scientific community.
MajzoobiM et al (2011) introduces a novel technique to authenticate and identify field-programmable gate
arrays (FPGAs). The technique uses the reconfigurability feature of FPGAs to perform self-characterization and extract
the unique timing of the FPGA building blocks over the space of possible inputs[11]. The characterization circuit is then
exploited for constructing a physically unclonable function (PUF). The PUF can accept different forms of challenges
including pulse width, digital binary, and placement challenges. The authentic device is the only entity which can
respond within a particular time constraint. The gap between the speed of PUF evaluation on authentic hardware and
simulation of its behavior the constraint. An authentication protocols is introduced based on the time-bounded
mechanism. The responses should be robust to fluctuations in operational conditions such as temperature and voltage
variations by employing: 1) a linear calibration mechanism that adjusts the clock frequency by a feedback from on-chip
temperature and voltage sensor readings, and 2) a structure of differential PUF with real-valued responses that cancels
out the common impact of variations on delays.
Zhang Jet al(2013) says that, Physical Unclonable Function (PUF) makes use of the uncontrollable process
variations during the production of IC to generate a unique signature for each IC[12]. It has a wide application in security
such as FPGA Intellectual Property (IP) protection, digital rights management and key generation. Ring Oscillator (RO)
based PUF and Arbiter-based PUF are the most popular PUFs. But these are not specially designed for FPGA. RO-based
PUF incurs high resource overhead during when obtaining less challenge-response pairs, and requires hard macros to
implement on FPGA. Since its structure is hard to be mapped on FPGA, the arbiter-based PUF brings low resource
overhead. Anderson’s PUF can address these weaknesses. However, it cannot be directly implement on the new
generation FPGAs, and this lead to the scalability issue. The paper presents a delay-based PUF using the intrinsic
structure of FPGA inorder to address these problems.
According to Chongyan et al (2014), a new field-programmable gate array (FPGA) identification generator
circuit is introduced based on physically unclonable function (PUF) technology[13]. The new identification generator is
able to convert flip-flop delay path variations to unique n-bit digital identifiers (IDs), while requiring only a single slice
per ID bit by using 1-bit ID cells formed as hard-macros. When an exemplary 128-bit identification generator is
implemented on ten Xilinx Spartan-6 FPGA devices, the experimental results show an uniqueness of 48.52%, and
reliability of 92.41% over 10% fluctuation in supply voltage and 25◦C to 70◦C temperature range.
According to StanciuA et al, FPGA designs need tobe protected against hardware attacks [15]. The process
variations in digital circuits like ring oscillators, thatappear during the physical execution of FPGA are a
promisingprimitive for FPGA security. Itanalyzes the experimental results of the technique that generate a unique
identifier for FPGA security, based on a ROs securityprimitive.This paper describes how to implement an optimized
andsecure technique for integrated circuits authentication, usingring oscillators. This technique may be an alternative for
protecting the integrated circuits against cloning, overproducing or stealing the implemented application (bitstream) and
it is based on ring oscillators which use the process variations to create a unique identifier for each FPGA device.
The process of implementing an optimized and secured FPGA authentication method based on ring oscillators.
This implementation is an alternative method to protect the integrated circuits against cloning and stealing of the
implemented applications. The process variations which appear during the manufacturing flow of an FPGA used for
authentication. According to the experimental results it succeeded to validate the use of the ring oscillators to generate a
unique identifier for FPGA chips, in normal conditions. As future work it also intends to also analyze the effects of other
factors that may influence integrated circuits identifier (aging, voltage and temperature fluctuations). Also the details of
implementation related to the error correction and detection are presented in our paper. It optimized the process of

129
implementing the authentication method by: reducing the number of counters used at generating the ID, the use of the
algorithm that uses minimum costs in term of hardware resource, the choice of BRAM memories to store the polynomial
coefficient powers and the sequentiality of some portions of the implemented algorithm.
III. CONCLUSION
This paper had been presented the process of implementing an optimized and secured FPGA authentication
method based on ring oscillators. This implementation is an alternative method for protection of the integrated circuits
against cloning and stealing of the implemented applications. The authentication process is based on the process
variations that occur during the manufacturing flow of an FPGA. According to the results of experiments it succeeded to
validate the use of the ring oscillators to generate a unique identifier for FPGA chips, in normal conditions. As future
work also analyzes the effects of other factors that may influence integrated circuits’ identifier such as aging, voltage and
temperature fluctuations. Also the implementation details related to the error correction and detection are presented in
this paper. It optimized the implementation process of the authentication method by: reducing the number of counters
used for generating the ID, the choice of the algorithm which causes minimum costs in term of hardware resource usage,
the use of BRAM memories for storing the polynomial coefficient powers and the sequentiality of some portions of the
implemented algorithm.
REFERENCES
[1] TomKean.Secure Configuration of Field Programmable Gate Arrays. Lecture Notes in Computer Science
Volume 2147, (2001),142-151
[2] J.-W. Lee, D. Lim, B. Gassend, G. E. Suh, M. van Dijk, and S. Devadas. A technique to build a secret key in
integrated circuits with identification and authentication applications. Proc. IEEE conf. On VLSI Circuits
Symposium, June 2004
[3] B. Skoric, P. Tuyls, and W. Ophey. Robust key extraction from physical unclonable function. Proc. Applied
Cryptography and Network Security Conference 2005,3531.
[4] G. Edward Suh, S. Devadas, Physical Unclonable Functions for Device Authentication and Secret Key
Generation.Proc. 44th ACM/IEEEDesign Automation Conference paper, 2007
[5] Jorge Guajardo, Sandeep S. Kumar, Geert-Jan Schrijen, PimTuyls. Physical unclonable functions and public-
key crypto for fpgaip Protection., 2007.
[6] Michael Patterson; JosephZambreno; Chris Sabotta; SudhanshuVyas; Aaron Mills. Ring Oscillator PUF Design
and Results. Report 2007
[7] Ted Huffmire, Ryan Kastner, Brett Brotherton. Managing Security in FPGA-Based Embedded Systems.
Published in:Design& Test of Computers, IEEE 25(6), 2008
[8] Braeken A, Kubera, S. , Trouillez, F. , Touhafi, A.Secure FPGA technologies and techniques. Published in Field
Programmable Logic and Applications, 2009,560 – 563
[9] A. Maiti, P. Schaumont. Improving the quality of a physical unclonable function using configurable ring
oscillators. IEEExplore, Virginia Tech, 2009
[10] D. Merli, F. Stumpf, C. Eckert. Improving the Quality of Ring Oscillator PUFs on FPGAs. Proc.5th Workshop
on Embedded Systems Security. WESS 2010, Scottsdale, USA, October24, 2010
[11] Mazjoobi. FPGA Time-Bounded Unclonable Authentication. Lecture Notes in Computer Science, 6387,
2010,1-16
[12] Jiliang Zhang; Qiang Wu; YongqiangLyu; Qiang Zhou; YiciCai; Yaping Lin; Gang Qu§. Design and
Implementation of a Delay-based PUF for FPGA IP Protection. Proc. International Conference on Computer-
Aided Design and Computer Graphics, 2013
[13] ChongyanGu, Julian Murphy and MaireO’Neil .A Unique and Robust Single Slice FPGA Identification
Generator.IEEE International Symposium on Circuits and Systems (ISCAS), 2014,1223 - 1226
[14] Alexandra Stanciu; Adrian Crăciun. Generating an Unique Identifier for FPGA Devices. IEEE,2014
[15] M. Gora, A.Maiti, P. Schaumont, A flexible Design Flow for Software Binding in FPGA. IEEE Transactions on
Industrial Informatics, vol. 6, issue 4, November, 2010, 719-728.
[16] Ibrahim A.Murdas and Riyad A.Alalwany, “Wireless on Line Solution to Voltage Stability Problem of
Electrical Power System using Field Programmable Gate Array (FPGA) Circuit”, International Journal of
Advanced Research in Engineering & Technology (IJARET), Volume 5, Issue 2, 2014, pp. 109 - 120,
ISSN Print: 0976-6480, ISSN Online: 0976-6499.

Review on security techniques for field programmable gate array

More Related Content

What's hot (20)

Similar to Review on security techniques for field programmable gate array (20)

More from IAEME Publication (20)

Recently uploaded (20)

Review on security techniques for field programmable gate array