Jonathan Graf

Wires on Demand: Run-Time Communication Synthesis for Reconfigurable Computing

In systems typified by software defined radio, existing flows for run-time FPGA reconfiguration limit resource efficiency when constructing a variety of datapaths. Our approach allocates a sandbox region in which modules from a library can be flexibly placed and interconnected. An efficient run-time framework makes use of lightweight placement and routing techniques to respond on-demand to application requests. Compile time tools automate the task of adding interface wrappers to modules, insulating the designer from reconfiguration details.

Design and Characterization of a Hardware Encryption Management Unit for Secure Computing Platforms

Software protection is increasingly necessary for uses in commercial systems, digital content distributors, and military systems. The Secure Software (SecSoft) architecture is one of several architectures attempting to provide hardware enforced software protection. The advantage of the SecSoft architecture is increased software protection without alteration to the fundamental interaction of software, operating systems, and developer tools. This work presents the design, implementation, and performance analysis of a fast, flexible hardware Encryption Management Unit (EMU) for such architectures. The EMU provides selective decryption of software instructions residing in page-sized sections of memory, without modification to the core processor. Results are derived from a FPGA based prototype platform containing different cryptographic routines operating with a standard processor.

How Threats Drive the Development of Secure Reconfigurable Devices

SRAM-based FPGAs are becoming an attractive target technology for the deployment of secure and cryptographic operations. Because of this, much work has been done in exposing the security vulnerabilities of reconfigurable computing devices. Direct probing, side channel, fault injection, and replay attacks are among the many that can be variously applied to steal secret configurations, keys, data, and access. Here we review the threats faced by FPGAs and propose and analyze security solutions implementable by both FPGA application designers and FPGA vendors. We also look at the particular case of configuration security and use game theory to model the attacker/defender relationship as a 2-person strategic game.

A Key Management Architecture for Securing Off-Chip Data Transfers

Data security is becoming ever more important in embedded and portable electronic devices. The sophistication of the malicious techniques used by attackers is amazingly advanced. Defensive measures for protecting a device must be even more sophisticated and robust. This paper presents an architecture that manages cryptographic keys for a secure memory interface on an FPGA. The architecture includes functional units that serve to authenticate a user, create a key with multiple layers of security, and encrypt an external memory interface using that key. Cryptographic methods built into the system include an RSA-related secure key exchange, the Secure Hash Algorithm, a certificate storage system, and the Data Encryption Standard algorithm in counter mode.

Towards system-level adversary attack surface modeling for microelectronics trust

Models of trust for microelectronic systems are difficult to create due to the large variety of adversarial strategies available. Building on previous work, we present a new adversary model that considers the large heterogeneous attack surface that is realistically available on a diverse microelectronic system. We also present an expanded game theoretic model that permits reasoning about optimal adversarial and defensive strategies across this varied attack surface.