Archive | 2019
(ReCo)Fuse Your PRC or Lose Security: Finally Reliable Reconfiguration-Based Countermeasures on FPGAs
Abstract
Partial reconfiguration is a powerful technique to adapt the functionality of Field Programmable Gate Arrays (FPGAs) at run time. When performing partial reconfiguration a dedicated Intellectual Property (IP) component of the FPGA vendor, i.e. the Partial Reconfiguration Controller (PRC), among a wide range of IP components has to be used. While ensuring the functional safety of FPGA designs is well understood, ensuring hardware security is still very challenging. This applies in particular to reconfiguration-based countermeasures which are intensively used to form a moving target for the attacker. However, from the system security perspective a critical component is the above mentioned PRC as noticed by many papers implementing reconfiguration-based countermeasures against SCA/DPA attacks. In this work, we leverage a new proposed safety mechanism which creates a container around an IP, to encapsulate and thereby to protect and observe the PRC of an FPGA. The proposed encapsulation scheme results in an architecture consisting of so-called ReCoFuses (RCFs), each capturing a specific protective goal which have to be fulfilled at any time during PRC operation. The terminology follows the classical electric installation including a fuse box. In our scheme we employ formal verification to guarantee the correctness in detecting a security violation. Only after successful verification, the RCFs are integrated into the ReCoFuse Container. Experimental results demonstrate the advantage of our approach by preventing attacks on the PRC of a system secured by reconfiguration.