Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
IEEE Transactions on Computers
Authentication of FPGA bitstreams: why and how
ARC'07 Proceedings of the 3rd international conference on Reconfigurable computing: architectures, tools and applications
SeReCon: a secure reconfiguration controller for self-reconfigurable systems
International Journal of Critical Computer-Based Systems
Secure Protocol Implementation for Remote Bitstream Update Preventing Replay Attacks on FPGA
FPL '10 Proceedings of the 2010 International Conference on Field Programmable Logic and Applications
HCrypt: A Novel Concept of Crypto-processor with Secured Key Management
RECONFIG '10 Proceedings of the 2010 International Conference on Reconfigurable Computing and FPGAs
An area-efficient universal cryptography processor for smart cards
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Offline hardware/software authentication for reconfigurable platforms
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
In data security systems, general purpose processors (GPPs) are often extended by a cryptographic accelerator. The article presents three ways of extending GPPs for symmetric key cryptography applications. Proposed extensions guarantee secure key storage and management even if the system is facing protocol, software and cache memory attacks. The system is partitioned into processor, cipher, and key memory zones. The three security zones are separated at protocol, system, architecture and physical levels. The proposed principle was validated on Altera NIOS II, Xilinx MicroBlaze and Microsemi Cortex M1 soft-core processor extensions. We show that stringent separation of the cipher zone is helpful for partial reconfiguration of the security module, if the enciphering algorithm needs to be dynamically changed. However, the key zone including reconfiguration controller must remain static in order to maintain the high level of security required. We demonstrate that the principle is feasible in partially reconfigurable field programmable gate arrays (FPGAs) such as Altera Stratix V or Xilinx Virtex 6 and also to some extent in FPGAs featuring hardwired general purpose processors such as Cortex M3 in Microsemi SmartFusion FPGA. Although the three GPPs feature different data interfaces, we show that the processors with their extensions reach the required high security level while maintaining partial reconfiguration capability.