Security enhancements for FPGA-based MPSoCs: a boot-to-runtime protection flow for an embedded Linux-based system

International audienceNowadays, embedded systems become more and more complex: the hardware/software codesign approach is a method to create such systems in a single chip which can be based on reconfigurable technologies such as FPGAs (Field-Programmable Gate Arrays). In such systems, data exchanges are a key point as they convey critical and confidential information and data are transmitted between several hardware modules and software layers. In case of an FPGA development life cycle, OS (Operating System) / data updates as runtime communications can be done through an insecure link: attackers can use this medium to make the system misbehave (malicious injection) or retrieve bitstream-related information (eavesdropping). Recent works propose solutions to securely boot a bitstream and the associated OS while runtime transactions are not protected. This work proposes a full boot-to-runtime protection flow of an embedded Linux kernel during boot and confidentiality/integrity protection of the external memory containing the kernel and the main application code/data. This work shows that such a solution with hardware components induces an area occupancy of 10% of a xc6vlx240t Virtex-6 FPGA while having an improved throughput for Linux booting and lowlatency security for runtime protection

Security Architecture for Point-to-Point Splitting Protocols

International audienceThe security of industrial supervisory control and data acquisition systems (SCADA) has become a major concern since the Stuxnet worm in 2010. As these systems are connected to the physical world, this makes them possibly hazardous if a malicious attacker is able to take over their control. SCADA can live up to 40 years, are particularly hard to patch, and quite often have no security feature at all. Thus, rather than securing them, network segregation is often used to prevent attackers from entering the industrial system. In this paper, we propose a generic solution: embed a point-to-point splitting protocol within a physical device, thus able to physically isolate networks, perform deep packet inspection and also provide encryption if necessary. We obtain a kind of next generation firewall, encompassing at least both diode and firewall features, for which conformity to security policies can be ensured. Then we define a set of associated security properties for such devices and the requirements for such a device's security architecture and filtering rules. Finally, we propose a secure hardware implementation

SecBoot — lightweight secure boot mechanism for Linux-based embedded systems on FPGAs

International audienceIn recent years, the need in security for embedded devices and data centers has increased sharply. The possible consequences of attacks on these equipments make them privileged targets. In these fields, FPGA are increasingly used because of their flexibility and constantly decreasing power consumption and cost: they can embed several hard/soft processors running Linux enhancing system integration. This paper discusses the security issues related to operating system boot security on FPGAs. We show how the software early boot stages can be protected using FPGA built-in security mechanisms and user logic. We consider that external memories can be tampered by software attacks or board level attacks. By using open source elements and standard tools, we present and implement a lightweight solution. We show that the dynamic reconfiguration has nearly no impact on usable resources of the FPGA matrix at the end of the boot process

FPGA Implementation of Pattern Matching for Industrial Control Systems

International audienceNetwork cybersecurity solutions, like Intrusion Detection Systems (IDS) or Intrusion Protection Systems (IPS), address the concern of industrial infrastructures cybersecurity through pattern matching engine to identify threats among network data. However they present vulnerabilities inherent to their software implementation. Furthermore, industrial networks have specific constraints that are not always covered by solutions coming from classical IT networks (such as low-latency or support of specific industrial protocols). To cope with it, hardware solutions are more and more investigated. Literature offers various approaches to perform pattern matching. In this article, various implementations of pattern matching on FPGA are discussed and experimental results are used to provide design guidelines

Secure Protocol Implementation for Remote Bitstream Update Preventing Replay Attacks on FPGA

International audienc

SecURe DPR: Secure update preventing replay attacks for dynamic partial reconfiguration

International audienceDynamic partial reconfiguration is a growing need for SRAM FPGA-based embedded systems. This feature allows reconfiguring parts of the FPGA while others continue to run. But it may introduce security breaches affecting FPGA configuration. In this paper, a secure protocol to ensure confidentiality, integrity, authenticity and up-to-dateness is described and applied to dynamic partial reconfiguration. Two common threat models are addressed for industrially-driven use cases. The implementation can perform both secure update and reconfiguration without significantly affecting performances

A Cryptographic Coarse Grain Reconfigurable Architecture Robust Against DPA

International audienceThis work addresses the problem of information leakage of cryptographic devices, by using the reconfiguration technique allied to an RNS based arithmetic. The information leaked by circuits, like power consumption, electromagnetic emissions and time to compute may be used to find cryptographic secrets. The results issue of prototyping shows that our coarse grained reconfigurable architecture is robust against power analysis attacks

A Leak Resistant Architecture Against Side Channel Attacks

International audienceHardware implementations of cryptographic algorithms may leak some information that can be used to recover cryptographic keys. This work combines reconfigurable techniques with the recently proposed Leak Resistant Arithmetic (LRA) to thwart some Side Channel Attacks (SCA). The introduced architecture outcomes the performance of classical implementation of modular multiplication, for key size exceeding 2048 bits, with a reasonable extra area overhead. Nevertheless, this is not a drawback, but a cost, since the main issue of the proposed architecture is the improved robustness in terms of security

Security Trends for FPGAS

International audienceThis book is designed for all those who would like to upgrade their knowledge in the field of security and digital platforms including reconfigurable FPGAs. It is the result of a national project (ICTER) funded by the French National Research Agency (ANR) and involving four research centers (Montpellier, Paris, Lorient, Saint-Etienne) and a private company. This book details several solutions for secure application execution and application update. It presents an analysis of current threats against embedded systems and especially FPGAs. The discussion includes requirements to build a secure system, according to the FIPS standard. New secure schemes are proposed to ensure data confidentiality, integrity and authentication. These new schemes fit the tight requirements of embedded systems (performance, memory footprint, logic area and energy consumption). The cost of different architectures for performance, memory, and energy are estimated. Innovative solutions for remote reconfigurations are also detailed, taking into account security when downloading a new bitstream. Since the replay of an old bitstream in the field is a major threat for embedded systems, this issue is discussed and an original solution proposed. * Proposes solutions at the logical, architecture and system levels in order to provide a global solution * Clearly defines the security boundaries for a system * Describes different hierarchical levels of a design, from application to technological level

Security FPGA Analysis

International audienceSecurity is becoming since several years a major issue in the domain of embedded systems. Fine grain reconfigurable architectures like FPGAs are providing many interesting features to be selected as an efficient target for embedded systems when security is an important concern. In this chapter we propose an overview of some existing attacks, a classification of attackers and the different levels of security as promoted by the FIPS 140-2 standard. We identify the main vulnerabilities of FPGAs to tackle the security requirements based on the security pyramid concept. We propose a presentation of some existing countermeasures at the different levels of the security pyramid to guarantee a defense-in-depth approach