Jérémie Crenne

Ultra-Fast Downloading of Partial Bitstreams through Ethernet

In this paper we present a partial bitstreams ultra-fast downloading process through a standard Ethernet network. These Virtex-based and partially reconfigurable systems use a specific data-link level protocol to communicate with remote bistreams servers. Targeted applications cover portable communicating low cost equipments, multi-standards software defined radio, automotive embedded electronics, mobile robotics or even spacecrafts where dynamic reconfiguration of FPGAs reduces the components count: hence the price, the weight, the power consumption, etc... These systems require a local network controller and a very small internal memory to support this specific protocol. Measures, based on real implementations, show that our systems can download partial bistreams with a speed twenty times faster (a sustained rate of 80 Mbits/s over Ethernet 100 Mbit/s) than best known solutions with memory requirements in the range of 10th of KB.

Efficient key-dependent message authentication in reconfigurable hardware

Cryptographic message authentication is a growing need for FPGA-based embedded systems. In this paper a customized FPGA implementation of a GHASH function that is used in AES-GCM, a widely-used message authentication protocol, is described. The implementation limits GHASH logic utilization by specializing the hardware implementation on a per-key basis. The implemented module can generate a 128bit message authentication code in both pipelined and unpipelined versions. The pipelined GHASH version achieves an authentication throughput of more than 14 Gbit/s on a Spartan-3 FPGA and 292 Gbit/s on a Virtex-6 device. To promote adoption in the field, the complete source code for this work has been made publically-available.

Reconfigurable Data Planes for Scalable Network Virtualization

Network virtualization presents a powerful approach to share physical network infrastructure among multiple virtual networks. Recent advances in network virtualization advocate the use of field-programmable gate arrays (FPGAs) as flexible high performance alternatives to conventional host virtualization techniques. However, the limited on-chip logic and memory resources in FPGAs severely restrict the scalability of the virtualization platform and necessitate the implementation of efficient forwarding structures in hardware. The research described in this manuscript explores the implementation of a scalable heterogeneous network virtualization platform that integrates virtual data planes implemented in FPGAs with software data planes created using host virtualization techniques. The system exploits data plane heterogeneity to cater to the dynamic service requirements of virtual networks by migrating networks between software and hardware data planes. We demonstrate data plane migration as an effective technique to limit the impact of traffic on unmodified data planes during FPGA reconfiguration. Our system implements forwarding tables in a shared fashion using inexpensive off-chip memories and supports both Internet Protocol (IP) and non-IP-based data planes. Experimental results show that FPGA-based data planes can offer two orders of magnitude better throughput than their software counterparts, and FPGA reconfiguration can facilitate data plane customization within 12 seconds. An integrated system that supports up to 15 virtual networks has been validated on the NetFPGA platform.

Configurable memory security in embedded systems

System security is an increasingly important design criterion for many embedded systems. These systems are often portable and more easily attacked than traditional desktop and server computing systems. Key requirements for system security include defenses against physical attacks and lightweight support in terms of area and power consumption. Our new approach to embedded system security focuses on the protection of application loading and secure application execution. During secure application loading, an encrypted application is transferred from on-board flash memory to external double data rate synchronous dynamic random access memory (DDR-SDRAM) via a microprocessor. Following application loading, the core-based security technique provides both confidentiality and authentication for data stored in a microprocessors system memory. The benefits of our low overhead memory protection approaches are demonstrated using four applications implemented in a field-programmable gate array (FPGA) in an embedded system prototyping platform. Each application requires a collection of tasks with varying memory security requirements. The configurable security core implemented on-chip inside the FPGA with the microprocessor allows for different memory security policies for different application tasks. An average memory saving of 63% is achieved for the four applications versus a uniform security approach. The lightweight circuitry included to support application loading from flash memory adds about 10% FPGA area overhead to the processor-based system and main memory security hardware.

SecURe DPR: Secure update preventing replay attacks for dynamic partial reconfiguration

Dynamic partial reconfiguration is a growing need for SRAM FPGA-based embedded systems. This feature allows reconfiguring parts of the FPGA while others continue to run. But it may introduce security breaches affecting FPGA configuration. In this paper, a secure protocol to ensure confidentiality, integrity, authenticity and up-to-dateness is described and applied to dynamic partial reconfiguration. Two common threat models are addressed for industrially-driven use cases. The implementation can perform both secure update and reconfiguration without significantly affecting performances.

Distributed Security for Communications and Memories in a Multiprocessor Architecture

The need for security in embedded systems has strongly increased since several years. Nowadays, it is possible to integrate several processors in a single chip. The design of such multiprocessor systems-on-chip (MPSoC) must be done with a lot of care as the execution of applications may lead to potential vulnerabilities such as revelation of critical data and private information. Thus it becomes mandatory to deal with security issues all along the design cycle of the MPSoC in order to guarantee a global protection. Among the critical points, the protection of the communications is very sensible as most of the data are exchanged through the communication architecture of the system. This paper targets this point and proposes a solution with distributed enhancements to secure data exchanges and to monitor communications within a MPSoC. In order to validate our contribution, a case study based on a generic multiprocessor architecture is considered.

Lightweight reconfiguration security services for AXI-based MPSoCs

Nowadays, security is a key constraint in MPSoC development as many critical and secret information can be stored and manipulated within these systems. Addressing the protection issue in an efficient way is challenging as information can leak from many points. However one strategic component of a bus-based MPSoC is the communication architecture as all information that an attacker could try to extract or modify would be visible on the bus. Thus monitoring and controlling communications allows an efficient protection of the whole system. Attacks can be detected and discarded before system corruption. In this work, we propose a lightweight solution to dynamically update hardware firewall enhancements which secure data exchanges in a bus-based MPSoC. It provides a standalone security solution for AXI-based embedded systems where no user intervention is required for security mechanisms update. An FPGA implementation demonstrates an area overhead of around 11% for the adaptive version of the hardware firewall compared to the static one.

Modeling dynamic partial reconfiguration in the dataflow paradigm

An important number of studies have shown the benefit of dynamic partial reconfiguration in reconfigurable computing. Signal processing applications can make use of this technology in such a way that it allows greater flexibility, performances and cost reduction. However several points still need to be addressed and represent critical challenges. One of them concerns architectures modeling as abstraction is strongly required to help designers in building efficient designs. Dataflow is a well adopted modeling paradigm for signal processing application to allow early stage system properties evaluation. This paper describes a first attempt to model dynamic partial reconfiguration in the dataflow paradigm. Our proposal leads to an efficient and simple approach suitable for signal processing systems.

End-to-End Bitstreams Repository Hierarchy for FPGA Partially Reconfigurable Systems

This chapter presents an end-to-end hierarchy of bitstreams repository for FPGA-based networked and partially reconfigurable systems. This approach targets embedded systems with very scare hardware resources taking advantage of dynamic, specific and optimized architectures. The hierarchy is based on three specific levels: FPGA local repository, local network repository and wide network repository. It allows the download of partial bitstreams depending on FPGA embedded resources and gives access to local or remote servers when a complete portfolio of bitstreams is needed. Based on real implementations and measurements, results show that the proposal is functional, use a very little of hardware and software memory, and exhibits a download and reconfiguration time faster than state of the art solutions.

Bitstreams Repository Hierarchy for FPGA Partially Reconfigurable Systems

In this paper we present a hierarchy of bitstreams repositories for FPGA-based networked and partially reconfigurable systems. These systems target embedded systems with very scarce hardware resources taking advantage of dynamic, specific and optimized architectures. Based on FPGA integrated circuits, they require a single FPGA with a network controller and less external memories to store reconfiguration software, bitstreams and buffer pools used by today¿s standard communication protocols. Our measures, based on a real implementation, show that our repository hierarchy is functional and can download bitstreams with a reconfiguration speed ten times faster than known solutions.