Krzysztof Kepa

SeReCon: a secure reconfiguration controller for self-reconfigurable systems

A risk of covert insertion of circuitry into reconfigurable computing (RC) systems exists. This paper reviews risks of hardware attack on field programmable gate array (FPGA)-based RC systems and proposes a method for secure system credentials generation (unique, random and partially anonymous) and trusted self-reconfiguration, using a secure reconfiguration controller (SeReCon) and partial reconfiguration (PR). SeReCon provides a root of trust (RoT) for RC systems, incorporating novel algorithms for security credentials generation and trusted design verification. Credentials are generated internally, during system certification. The private credential element never leaves the SeReCon security perimeter. To provide integrity-maintaining self-reconfiguration, SeReCon performs analysis of each new IP core structure prior to reconfiguration. An unverified IP core can be used provided that its spatial isolation is retained. SeReCon provides encrypted storage for installed IP cores. Resource usage for a prototype SeReCon system is presented. The protection provided by SeReCon is illustrated in a number of security attack scenarios.

Run-Time Management of Reconfigurable Hardware Tasks Using Embedded Linux

This paper describes an approach to run-time management of reconfigurable hardware tasks executing under supervision of a Linux OS. The proposed system offers transparent integration of reconfigurable resources within the software design and execution flow. The implementation of the reconfigurable task manager architecture is described. Optimizations important for throughput between software and hardware tasks are presented. Mixed hardware-software AES and IDEA implementations on a Xilinx Virtex- H-Pro FPGA demonstrate and evaluate key points of the proposed approach.

SeReCon: A Secure Dynamic Partial Reconfiguration Controller

As reconfigurable computing systems become more popular, concerns arise about their security and integrity. Runtime access to the configuration memory of dynamic partially reconfigurable FPGA devices offers new design possibilities, but also introduces security threats. This paper discusses various security threats present in such systems. The paper proposes a secure reconfiguration controller (SeReCon) which provides secure runtime management of designs downloaded to the DPR FPGA system and protects the design IP. SeReCon requires minor modification to the FPGA fabric. A prototype implementation of SeReCon is evaluated.

High Speed Optical Wavefront Sensing with Low Cost FPGAs

High Speed Optical Wavefront Sensing with Low Cost FPGAs This paper outlines a study into deployment of a parallel processing scheme on an FPGA to meet the needs of high bandwidth processing in adaptive optics wavefront sensing. By exploiting a multi-stage pipeline approach we have significantly reduced the processing time needed to perform the wavefront sensing operation. The paper details the design, implementation, and performance testing results of the proposed FPGA-based wavefront sensing system.

Temperature-based covert channel in FPGA systems

This paper reports the temperature-based covert communication channel implemented in FPGA system. The channel enables bidirectional transmission and exchange of an arbitrary bit stream between two, electrically separated parts of the FPGA circuit during its normal operation. Transmission to and from the FPGA device is also reported. Transmitter and receiver modules are based on ring-oscillator which utilize 60 and 51 look-up tables respectively. The proof of concept was implemented in the Xilinx Spartan-IIE device and allows for transmission speed of 1/8 bit/s between FPGA and external transceiver. Internal communication is faster and allows to transmit up to 1 bit per second.

Remote FPGA Lab with Interactive Control and Visualisation Interface

This paper describes a scalable and extendable Remote Field Programmable Gate Array Laboratory (Remote FPGA) which can be used to enhance the learning of digital systems and FPGA applications. The web-based console provides an always-on, real-time, interactive control and visualisation interface to/from a bank of remote FPGAs. A Xilinx ISE project template enables integration of user HDL-based designs to execute on the Remote FPGA. Host-FPGA communication is supported using a register-based interface. Users can create real-time, interactive and visual demonstrators of digital systems components. The paper presents a demonstrator for a Finite State Machine (FSM) application, and illustrates the use of web-based control and visualisation for enhanced learning of FSM behaviour. The paper also presents a case study of the use of Remote FPGA in undergraduate teaching.

IP protection in Partially Reconfigurable FPGAs

As FPGA technology and related EDA tools develop, design IP protection and licensing requires increasing consideration. The current multi-player, Partial-Reconfiguration (PR) design flow does not facilitate bitstream-level IP core license enforcement, e.g, timelimited or pay-per-use. This paper proposes the use of a Secure Reconfigurable Controller (SeReCon) for accounting of IP core usage, e.g. total runtime, no. of activations etc, in a PR system. This paper extends the reported SeReCon root-of-trust to support license enforcement within the PR flow and to facilitate confidentiality of the IP core during the PR system life-cycle. A prototype IP-aware SeReCon demonstrator, implemented on Virtex-5 and supporting reconfiguration of a PCIe accelerator with cryptographic IP cores is described.

Design Assurance Strategy and Toolset for Partially Reconfigurable FPGA Systems

The growth of the Reconfigurable Computing (RC) systems community exposes diverse requirements with regard to functionality of Electronic Design Automation (EDA) tools. Low-level design tools are increasingly required for RC bitstream debugging and IP core design assurance, particularly in multiparty Partially Reconfigurable (PR) designs. While tools for low-level analysis of design netlists do exist, there is increasing demand for automated and customisable bitstream analysis tools. This article discusses the need for low-level IP core verification within PR-enabled FPGA systems and reports FDAT (FPGA Design Analysis Tool), a versatile, modular and open tools framework for low-level analysis and verification of FPGA designs. FDAT provides a set of high-level Application Programming Interfaces (APIs) abstracting the Xilinx FPGA fabric, the implemented design (e.g., placed and routed netlist) and the related bitstream. A lightweight graphic front-end allows custom visualisation of the design within the FPGA fabric. The operation of FDAT is governed by “recipe” scripts which support rapid prototyping of the abstract algorithms for system-level design verification. FDAT recipes, being Python scripts, can be ported to embedded FPGA systems, for example, the previously reported Secure Reconfiguration Controller (SeReCon) which enforces an IP core spatial isolation policy in order to provide run-time protection to the PR system. The paper illustrates the application of FDAT for bit-pattern analysis of Virtex-II Pro and Virtex-5 inter-tile routing and verification of the spatial isolation between designs.

SeReCon: A Trusted Environment for SoPC Design

Problems of fraud, theft, impersonation and counterfeiting have migrated into computing and digital communication technology. Reconfigurable computing (RC) (e.g., FPGA) systems blur the boundary between hardware and software. As reconfigurable computing systems become more popular, concerns arise about their security and privacy. Run-time partial reconfiguration provides the flexibility of hardware, but at the same time may compromise security and integrity of the embedded system design. This paper discusses potential threats to such systems and describes SeReCon, a secure reconfiguration controller, as a countermeasure. SeReCon supports intellectual property protection within the FPGA and provides secure run-time management of designs within FPGA. The fundamentals of the SeReCon trusted computing base are described. Various IP Block processing scenarios are proposed. Early implementation results are reported.

FPGA-based HPC application design for non-experts

In the current era of big-data computing, most non-engineer domain experts lack the skills needed to design FPGA-based hardware accelerators to address big-data problems. This work presents bFlow, a development environment that facilitates the assembly of such accelerators, specifically those targeting FPGA-based hybrid computing platforms, such as the Convey HC series. This framework attempts to address the above problem by making use of an abstracted, graphical front-end more friendly to users without computer engineering backgrounds than traditional tools, as well as by accelerating bitstream compilation by means of incremental implementation techniques. bFlows performance, usability, and application to big-data life-science problems was tested by participants of an NSF-funded Summer Institute organized by the Virginia Bioinformatics Institute (VBI). In about one week, a group of four non-engineering participants made significant modifications to a reference Smith-Waterman implementation, adding functionality and scaling theoretical throughput by a factor of 32.