FPGA based remote code integrity verification of programs in distributed embedded systems

The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems

10281 Abstracts Collection -- Dynamically Reconfigurable Architectures

From 11.07.10 to 16.07.10, Dagstuhl Seminar 10281 ``Dynamically Reconfigurable Architectures \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Two IP Protection Schemes for Multi-FPGA Systems

International audienceThis paper proposes two novel protection schemes for multi-FPGA systems providing high security of IP designs licensed by IP vendors to system integrators and installed remotely in a hostile environment. In the first scheme, these useful properties are achieved by storing two different configuration keys inside an FPGA, while in the second scheme, they are obtained using a hardware white-box cipher for creating a trusted environment. Thanks to the proposed principles, FPGA configurations coming from different IP owners cannot be cloned or reverse-engineered by any involved party, including system integrator and other IP owners. The proposed schemes can be directly implemented in recent FPGAs such as Xilinx Spartan 6 and Virtex 6

Remote reconfiguration of FPGA-based wireless sensor nodes for flexible Internet of Things

Recently, sensor nodes in Wireless Sensor Networks (WSNs) have been using Field Programmable Gate Arrays (FPGA) for high-speed, low-power processing and reconfigurability. Reconfigurability enables adaptation of functionality and performance to changing requirements. This paper presents an efficient architecture for full remote reconfiguration of FPGA-based wireless sensors. The novelty of the work includes the ability to wirelessly upload new configuration bitstreams to remote sensor nodes using a protocol developed to provide full remote access to the flash memory of the sensor nodes. Results show that the FPGA can be remotely reconfigured in 1.35 s using a bitstream stored in the flash memory. The proposed scheme uses negligible amount of FPGA logic and does not require a dedicated microcontroller or softcore processor. It can help develop truly flexible IoT, where the FPGAs on thousands of sensor nodes can be reprogrammed or new configuration bitstreams uploaded without requiring physical access to the nodes. © 202

Using embedded hardware monitor cores in critical computer systems

The integration of FPGA devices in many different architectures and services makes monitoring and real time detection of errors an important concern in FPGA system design. A monitor is a tool, or a set of tools, that facilitate analytic measurements in observing a given system. The goal of these observations is usually the performance analysis and optimisation, or the surveillance of the system. However, System-on-Chip (SoC) based designs leave few points to attach external tools such as logic analysers. Thus, an embedded error detection core that allows observation of critical system nodes (such as processor cores and buses) should enforce the operation of the FPGA-based system, in order to prevent system failures. The core should not interfere with system performance and must ensure timely detection of errors. This thesis is an investigation onto how a robust hardware-monitoring module can be efficiently integrated in a target PCI board (with FPGA-based application processing features) which is part of a critical computing system. [Continues.

Security enhancements for FPGA-based MPSoCs: a boot-to-runtime protection flow for an embedded Linux-based system

International audienceNowadays, embedded systems become more and more complex: the hardware/software codesign approach is a method to create such systems in a single chip which can be based on reconfigurable technologies such as FPGAs (Field-Programmable Gate Arrays). In such systems, data exchanges are a key point as they convey critical and confidential information and data are transmitted between several hardware modules and software layers. In case of an FPGA development life cycle, OS (Operating System) / data updates as runtime communications can be done through an insecure link: attackers can use this medium to make the system misbehave (malicious injection) or retrieve bitstream-related information (eavesdropping). Recent works propose solutions to securely boot a bitstream and the associated OS while runtime transactions are not protected. This work proposes a full boot-to-runtime protection flow of an embedded Linux kernel during boot and confidentiality/integrity protection of the external memory containing the kernel and the main application code/data. This work shows that such a solution with hardware components induces an area occupancy of 10% of a xc6vlx240t Virtex-6 FPGA while having an improved throughput for Linux booting and lowlatency security for runtime protection

A TrustZone-assisted hypervisor supporting dynamic partial reconfiguration

Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresTraditionally, embedded systems were dedicated single-purpose systems characterised by hardware resource constraints and real-time requirements. However, with the growing computing abilities and resources on general purpose platforms, systems that were formerly divided to provide different functions are now merging into one System on Chip. One of the solutions that allows the coexistence of heterogeneous environments on the same hardware platform is virtualization technology, usually in the form of an hypervisor that manage different instances of OSes and arbitrate their execution and resource usage, according to the chosen policy. ARM TrustZone has been one of the technologies used to implement a virtualization solution with low overhead and low footprint. µRTZVisor a TrustZoneassisted hypervisor with a microkernel-like architecture - is a bare-metal embedded hypervisor that relies on TrustZone hardware to provide the foundation to implement strong spatial and temporal isolation between multiple guest OSes. The use of Partial Reconfiguration allows the designer to define partial reconfigurable regions in the FPGA and reconfigure them during runtime. This allows the system to have its functionalities changed during runtime using Dynamic Partial Reconfiguration (DPR), without needing to reconfigure all the FPGA. This is a major advantage, as it decreases the configuration overhead since partial bitstreams are smaller than full bitstreams and the reconfiguration time is shorter. Another advantage is reducing the need for larger logic areas and consequently reducing their power consumption. Therefore, a hypervisor that supports DPR brings benefits to the system. Aside from better FPGA resources usage, another improvement that it brings, is when critical hardware modules misbehave and the hardware module can be replaced. It also enables the controlling and changing of hardware accelerators dynamically, which can be used to meet the guest OSes requests for hardware resources as the need appears. The propose of this thesis is extending the µRTZVisor to have a DPR mechanism.Tradicionalmente, os sistemas embebidos eram sistemas dedicados a uma única tarefa e apenas limitados pelos seus requisitos de tempo real e de hardware. Contudo, como as plataformas de uso geral têm cada vez mais recursos e capacidade de processamento, muitos dos sistemas que executavam separadamente, passaram a apenas um sistema em plataforma recorrendo à tecnologia de virtualização, normalmente como um hipervisor que é capaz de gerir múltiplos sistemas operativos arbitrando a sua execução e acesso aos recursos da plataforma de acordo com uma politica predefinida. A tecnologia TrustZone da ARM tem sido uma das soluções implementadas sem ter grande impacto na performance dos sistemas operativos. µRTZVisor é um dos hipervisores baseados na TrustZone para implementar um isolamento espacial e temporal entre múltiplos sistemas operativos, sendo que defere de outras uma vez que é de arquitectura microkernel. O uso de Reconfiguração Parcial Dinâmica (RPD) permite ao designer definir várias regiões reconfiguráveis no FPGA que podem ser dinamicamente reconfiguradas durante o período de execução. Esta é uma grande vantagem, porque reduz os tempos de reconfiguração de módulos reconfiguráveis uma vez que os seus bitstreams são mais pequenos que bitstreams para a plataforma toda. A tecnologia também permite que nos FPGAs não sejam necessárias áreas lógicas tão grandes, o que também reduz o consumo de energia da plataforma. Um hipervisor que suporte RPD traz grandes benefícios para o sistema, nomeadamente melhor uso dos recursos de FPGA, implementação de aceleradores em hardware dinamicamente reconfiguráveis, e tratamento de falhas no hardware. Se houverem módulos que estejam a demonstrar comportamentos inesperados estes podem ser reconfigurados. O uso de aceleradores reconfiguráveis permite que o hardware seja adaptável conforme a necessidade destes pelos diferentes sistemas operativos. A proposta desta dissertação é então estender o µRTZVisor para ter a capacidade de usar módulos reconfiguráveis por RPD