SARFUM: Security Architecture for Remote FPGA Update and Monitoring

  • Authors:

  • Benoît Badrignans;David Champagne;Reouven Elbaz;Catherine Gebotys;Lionel Torres

  • Affiliations:

  • S.A.S. Netheos and University of Montpellier;Princeton University;Intel Corporation;University of Waterloo;University of Montpellier

  • Venue:
  • ACM Transactions on Reconfigurable Technology and Systems (TRETS)
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

Remote update of hardware platforms or embedded systems is a convenient service enabled by Field Programmable Gate Array (FPGA)-based systems. This service is often essential in applications like space-based FPGA systems or set-top boxes. However, having the source of the update be remote from the FPGA system opens the door to a set of attacks that may challenge the confidentiality and integrity of the FPGA configuration, the bitstream. Existing schemes propose to encrypt and authenticate the bitstream to thwart these attacks. However, we show that they do not prevent the replay of old bitstream versions, and thus give adversaries an opportunity for downgrading the system. In this article, we propose a new architecture called sarfum that, in addition to ensuring bitstream confidentiality and integrity, precludes the replay of old bitstreams. sarfum also includes a protocol for the system designer to remotely monitor the running configuration of the FPGA. Following our presentation and analysis of the security protocols, we propose an example of implementation with the CCM (Counter with CBC-MAC) authenticated encryption standard. We also evaluate the impact of our architecture on the configuration time for different FPGA devices.