Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

2
2 2 1
2
Reset filters

Settings
Now showing 1 - 2 of 2
  • Publication
    SCA secure and updatable crypto engines for FPGA SoC bitstream decryption: extended version
    ( 2021)
    Unterstein, F.
    ;
    Jacob, N.
    ;
    Hanley, N.
    ;
    Gu, C.
    ;
    Heyszl, J.
    FPGA system on chips (SoCs) are ideal computing platforms for edge devices in applications which require high performance through hardware acceleration and updatability due to long operation in the field. A secure update of hardware functionality can in general be achieved by using built-in cryptographic engines and provided secret key storage. However, reported examples have shown that such cryptographic engines may become insecure against side-channel attacks at any later point in time. This leaves already deployed systems vulnerable without any clear mitigation options. To solve this, we propose a comprehensive concept that uses an alternative and side-channel protected cryptographic engine within the FPGA logic instead of the built-in one for the crucial task of bitstream decryption. Remarkably this concept even allows to update the cryptographic engine itself. As proof of concept, we describe an application to the Xilinx Zynq-7020 FPGA SoC in detail. We provide two options for a leakage resilient decryption engine which are based on the same primitive, a leakage resilient pseudorandom function (LR-PRF). Depending on a side-channel evaluation of this primitive on the target platform, either a version with additional side-channel countermeasures or a more efficient variant is deployed. The lack of accessible secret key storage poses a significant challenge and requires the use of a physical unclonable function (PUF) to generate a device intrinsic secret within the FPGA logic. At the same time this means that manufacturer-provided secret key storage or cryptography is no longer required; only a public key for signature verification of the first stage bootloader and initial static bitstream. We provide empirical results proving the side-channel security of the protected cryptographic engine as well as an evaluation of the PUF quality. The full design and source code is made available to encourage further research in this direction.
  • Publication
    Hardware Trojans. Current challenges and approaches
    ( 2014)
    Jacob, N.
    ;
    Merli, D.
    ;
    Heyszl, J.
    ;
    Sigl, G.
    More and more manufacturers outsource parts of the design and fabrication of integrated circuits (ICs) for cost reduction. Recent publications show that such outsourcing can pose serious threats to governments and corporations, as they lose control of the development process. Until now, the threat of hardware Trojans is mostly considered during fabrication. Third party intellectual properties (IPs) are also gaining importance as companies wish to reduce costs and shorten the time-to-market. Through this study, the authors argue that the threat of Trojans is spread throughout the whole IC development chain. They give a survey of both hardware Trojan insertion possibilities and detection techniques. Furthermore, they identify the key vulnerabilities at each stage of IC development and describe costs of hardware Trojan insertion and detection. This way, the threat level based on feasibility of Trojan insertion and the practicability of Trojan detection techniques is evaluated. Lately, detection techniques address the issue of including third party IP. However, those techniques are not sufficient and need more research to effectively protect the design. In this way, the authors' analysis provides a solid base to identify the issues during IC development, which should be addressed with higher priority by all entities involved in the IC development.