Peptide mass fingerprinting using field-programmable gate arrays

The reconfigurable computing paradigm, which exploits the flexibility and versatility of field-programmable gate arrays (FPGAs), has emerged as a powerful solution for speeding up time-critical algorithms. This paper describes a reconfigurable computing solution for processing raw mass spectrometric data generated by MALDI-TOF instruments. The hardware-implemented algorithms for denoising, baseline correction, peak identification, and deisotoping, running on a Xilinx Virtex-2 FPGA at 180 MHz, generate a mass fingerprint that is over 100 times faster than an equivalent algorithm written in C, running on a Dual 3-GHz Xeon server. The results obtained using the FPGA implementation are virtually identical to those generated by a commercial software package MassLynx

Digital Fingerprinting of Field Programmable Gate Arrays

Commercial off-the-shelf (COTS) component usage is becoming more prevalent in military applications due to current Department of Defense (DoD) policies. The easy accessibility of COTS will give reverse engineers a higher probability of successfully tampering, coping, or reverse engineering circuits that contain critical capabilities. To prevent this and verify the trustworthiness of hardware, circuit identification tags or serials numbers can be used. However, these values can be easily obtained and forged. To protect critical DoD technologies from possible exploitation, there is an urgent need for a reliable method to confirm a circuit’s identity using a set of unique unforgettable metrics. This research proposes the concept of creating a circuit identifier, or digital fingerprint, for application specific integrated circuits (ASIC) and field programmable gate arrays (FPGAs). The digital fingerprint would be a function of the natural variations in the semiconductor manufacturing process and the functionality of the circuit allowing the creation of a unique identifier for a specific chip that can not be duplicated or forged. The proposed digital fingerprint allows the use of any arbitrary node or set of nodes internal to the circuit and the circuit outputs as monitoring locations. Changes in the signal on a selected node or output can be quantified digitally over a period of time or at a specific instance of time. Two monitoring methods are proposed, one using cumulative observation of the nodes and the other samples the nodes based on a signal transition. Testing of the two monitoring methods was performed on a small sample of twenty Xilinx® Virtex-II Pro FPGAs. Both methods successfully created unique identifiers for each FPGA

Watermarking FPGA Bitfile for Intellectual Property Protection

Intellectual property protection (IPP) of hardware designs is the most important requirement for many Field Programmable Gate Array (FPGA) intellectual property (IP) vendors. Digital watermarking has become an innovative technology for IPP in recent years. Existing watermarking techniques have successfully embedded watermark into IP cores. However, many of these techniques share two specific weaknesses: 1) They have extra overhead, and are likely to degrade performance of design; 2) vulnerability to removing attacks. We propose a novel watermarking technique to watermark FPGA bitfile for addressing these weaknesses. Experimental results and analysis show that the proposed technique incurs zero overhead and it is robust against removing attacks

A Chaotic IP Watermarking in Physical Layout Level Based on FPGA

A new chaotic map based IP (Intellectual Property) watermarking scheme at physical design level is presented. An encrypted watermark is embedded into the physical layout of a circuit by configuring LUT (Lookup Table) as specific functions when it is placed and routed onto the FPGA (Field-Programmable Gate Array). The main contribution is the use of multiple chaotic maps in the processes of watermark design and embedding, which efficiently improves the security of watermark. A hashed chaotic sequence is used to scramble the watermark. Secondly, two pseudo-random sequences are generated by using chaotic maps. One is used to determine unused LUT locations, and the other divides the watermark into groups. The watermark identifies original owner and is difficult to detect. This scheme was tested on a Xilinx Virtex XCV600-6bg432 FPGA. The experimental results show that our method has low impact on functionality, short path delay and high robustness in comparison with other methods

Gotcha! I Know What You are Doing on the FPGA Cloud: Fingerprinting Co-Located Cloud FPGA Accelerators via Measuring Communication Links

In recent decades, due to the emerging requirements of computation acceleration, cloud FPGAs have become popular in public clouds. Major cloud service providers, e.g. AWS and Microsoft Azure have provided FPGA computing resources in their infrastructure and have enabled users to design and deploy their own accelerators on these FPGAs. Multi-tenancy FPGAs, where multiple users can share the same FPGA fabric with certain types of isolation to improve resource efficiency, have already been proved feasible. However, this also raises security concerns. Various types of side-channel attacks targeting multi-tenancy FPGAs have been proposed and validated. The awareness of security vulnerabilities in the cloud has motivated cloud providers to take action to enhance the security of their cloud environments. In FPGA security research papers, researchers always perform attacks under the assumption that attackers successfully co-locate with victims and are aware of the existence of victims on the same FPGA board. However, the way to reach this point, i.e., how attackers secretly obtain information regarding accelerators on the same fabric, is constantly ignored despite the fact that it is non-trivial and important for attackers. In this paper, we present a novel fingerprinting attack to gain the types of co-located FPGA accelerators. We utilize a seemingly non-malicious benchmark accelerator to sniff the communication link and collect performance traces of the FPGA-host communication link. By analyzing these traces, we are able to achieve high classification accuracy for fingerprinting co-located accelerators, which proves that attackers can use our method to perform cloud FPGA accelerator fingerprinting with a high success rate. As far as we know, this is the first paper targeting multi-tenant FPGA accelerator fingerprinting with the communication side-channel.Comment: To be published in ACM CCS 202

A Survey of hardware protection of design data for integrated circuits and intellectual properties

International audienceThis paper reviews the current situation regarding design protection in the microelectronics industry. Over the past ten years, the designers of integrated circuits and intellectual properties have faced increasing threats including counterfeiting, reverse-engineering and theft. This is now a critical issue for the microelectronics industry, mainly for fabless designers and intellectual properties designers. Coupled with increasing pressure to decrease the cost and increase the performance of integrated circuits, the design of a secure, efficient, lightweight protection scheme for design data is a serious challenge for the hardware security community. However, several published works propose different ways to protect design data including functional locking, hardware obfuscation, and IC/IP identification. This paper presents a survey of academic research on the protection of design data. It concludes with the need to design an efficient protection scheme based on several properties

Utilizing the Digital Fingerprint Method for Secure Key Generation

This research examines a new way to generate an uncloneable secure key by taking advantage of the delay characteristics of individual transistors. The user profiles the circuit to deduce the glitch count of each output line for each number of selectable buffers added to the circuit. The user can then use this information to generate a specific glitch count on each output line, which is passed to an encryption algorithm as its key. The results detail tests of two configurations for adding a selectable amount of buffers into each glitch circuit in order to induce additional delay. One configuration adds up to seven buffers that is equivalent to the binary digits used on the three SELECT lines of a multiplexer. The second, referred to as the cascaded design, has eight different quantities of selectable buffers, but they all connect to one multiplexer. Each successive line connects to the previous line and adds a certain number of buffers. The linear selection implementation produces almost 15% more usable output lines over the cascaded design, where a usable line is defined as one that has at least one ‘1’ and one ‘0’ glitch count in response to every buffer count. Tests were also performed to determine the optimal number of buffers added to each output using the linear buffer selection configuration. Using three input bits to the buffer unit produced 30.94% usable outputs. Four bits generated nearly 25% more usable outputs, while the use of six bits gave less than a 5% improvement over four bits. The average repeatability of the glitch count is 94.85% using this method. The overall distinguishability of the generated glitch counts for each output line is 10.46%

Critical Information Technology on FPGAs through Unique Device Specific Keys

Field Programmable Gate Arrays (FPGAs) are being used for military and other sensitive applications, the threat of an adversary attacking these devices is an ever present danger. While having the ability to be reconfigured is helpful for development, it also poses the risk of its hardware design being cloned. Static random access memory (SRAM) FPGA\u27s are the most common type of FPGA used in industry. Every time an SRAM-FPGA is powered up, its configuration must be downloaded. If an adversary is able to obtain that configuration, they can clone sensitive designs to other FPGAs. A technique that can be used to protect FPGAs from these types of attacks is known as Digital Fingerprinting (DF). DF takes advantage of the manufacturing variability that naturally occurs in the integrated circuit fabrication process. If another factor can be introduced making the FPGA\u27s operation dependent on more than the design specified within its configuration and response to external outputs, we can defend against cloning. This solution would allow for an FPGA\u27s operation to be dependent on how the downloaded configuration interacts with the hardware itself. This research uses DF technology to create unique device specific keys for use as encryption keys or control values for polymorphic circuits to protect information on FPGAs