Techniques for Fully Integrated Embedding of Design and Verification Logic for Trusted FPGA Circuits by Marco Maggioni [email protected]Thesis committee: Advisor and chair : Shantanu Dutt Other members : Marco Santambrogio, Jon Solworth UIC Thesis Defense: December, 12
46
Embed
Techniques for Fully Integrated Embedding of Design and Verification Logic for Trusted FPGA Circuits by Marco Maggioni [email protected] Thesis committee:
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Techniques for Fully Integrated Embedding of Design and Verification
Problem statementTrusted FPGA Design : ensuring that the design process produces a final product that performs only the designed functionality and no more.
Innovative contributionFully Integrated Embedding : approach in which the trusted FPGA is deployed as a monolithic design containing self-checking circuit
3
AimsAims
Efficient implementation of a Fully Integrated Embedded Trusted FPGA Design
Adaptation of the two level randomized 2D ECC structure proposed by a previous work
Reduction the hardware overhead necessary to implement the on-chip functionality based self-checking phase
4
OutlineOutline
Introduction
Background
FIE Trusted FPGA Architecture
Proposed Solution
Experimental Results
Concluding remarks and future work
5
OutlineOutline
Introduction
Background
FIE Trusted FPGA Architecture
Proposed Solution
Experimental Results
Concluding remarks and future work
6
FPGAFPGA
FPGA technologyJoin HW performance with SW flexibilityCost efficient for low volume specific product
Sensitive commercial applicationsSensitive government & military applications
Definition Trusted FPGA Design
It is an FPGA-based deployed application in which the functionality currently implemented is exactly what designed and no moreIt implies a trusted design workflow to secure a relative untrusted process
7
TamperingTampering
Tampering a FPGA circuit It is a modification of some CLBs Can be also logic insertion in the not-occupied CLBs
The current FPGAs devices offers some security feature
Bitstream Encoding and EncryptingProtect the Intellectual Property of the application
Bitstream SignatureProtect the IP cores integrity
Not enough to tackle all the shown weaknessIt is necessary a trust-checking technique
Functionality basedOn chipCapable to detect added logic
9
This Thesis is about...This Thesis is about...
We will present a completely integrated approach...
Add self-checking circuits besides the original design
Basic problem in its architectureBased on multiplexers implemented on FPGA logic
Really expensive in term of area– A 2:1 mux is implemented with an entire k-LUT
10
This Thesis is about...This Thesis is about...
We will propose...An architectural modification to the self-checking structureSome algorithmic approaches to reduce the hardware overhead due to multiplexers
11
What's next...What's next...
Introduction
BackgroundS. Dutt and L. Li, “Trust-Based Design and Check of FPGA Circuits Using Two-Level Randomized ECC Structures, accepted (subject to minor revisions), ACM Transaction on Reconfigurable Technology and Systems (TRETS), Special Issue on Security in Reconfigurable Systems Design , 2008.
FIE Trusted FPGA Architecture
Proposed Solution
Experimental Results
Concluding remarks and future work
12
ECC parity codeECC parity code
ECC parity schema is a well known technique for errors detection
Organize data in Parity Groups (PG)Rows and columns
Based on information redundancyA parity bit c for each PG
Even (XOR) or odd (XNOR) parity
Possible masking4 tamper placed in a 2x2 subarray
13
BackgroundBackground
The cited article provides a complete technique for trusted FPGA design
On ChipThe deployed design is capable to start a self-checking phase in which each tamper is detected
Functionality basedAn Error Correction Code is applied to all the CLBs outputs and so we detect functionality changes
Test Pattern Generator and Output Response Analyzer
Added components used to stimulate each possible input combination and to verify it
Two level randomizationMakes the masking virtually impossible (low probability)
14
2D ECC parity code on FPGA 2D ECC parity code on FPGA arrayarray
Basic idea...We impose the same ECC schema on the reconfigurable elements of the FPGA...
This means...Parity Groups composed by CLBs outputsAdd a TPG in way to stimulate all the CLB functionality with an exaustive set of test vectors Ii
Add a parity function for each PG in way to check if the parity of the other elements is not modifiedAdd a ORA in way to produce a Parity Vector (case even PV = [0 0 ... 0]) that is the parity of PG for each test vector Ii
Fail or passes depending if the PV is the expected one (case even is zero vector)
15
2D ECC parity code on FPGA 2D ECC parity code on FPGA arrayarray
Overall architecture...
Each tamper is detected as functionality change2D code covers also the unused CLB
this prevent added logics insertion
16
Randomized Parity GroupsRandomized Parity Groups
2D rows and columns PG placement It is easily defeated by masking
Solution : randomize the PGs composition
17
Randomized PolarityRandomized Polarity
2D ECC schema doesn't cover the TPG and ORATrivial tampering
Change TPG in way to supply a certain test vectorChange ORA in way to show always an even parity
For each test vector and each PG, we randomly choose the expected parity as even or odd
Example of expected PV = [0 1 0 0 1 .... 1 1 0]Each inserted tamper doesn't know the polarities, so it is very difficult that it corresponds to the correct one for each PG
Non Integrated Embedding (NIE)TPG, ORA and parity function are loaded and routed dynamically onto the FPGA at the trust-checking phase
Partially Integrated Embedding (PIE)TPG, ORA and parity functions are already placed and the trust-checking phase corresponds to a re-routing
Fully Integrated Embedding (FIE)TPG, multiple ORAs and parity functions are already placed and routed onto the FPGA. This tecnique requires a considerable amount of overhead.
20
What's next...What's next...
Introduction
Background
FIE Trusted FPGA ArchitectureBasic structure and multiplexers overheadCones based architecture
Proposed Solution
Experimental Results
Concluding remarks and future work
21
FIE Trusted FPGA ArchitectureFIE Trusted FPGA Architecture
Consider as basic functional element the FPGA slice...
• Experimental purpose...– Show multiplexers overhead for each algorithmic
approach besides the solution quality improvement– Estimate the total overhead (considering TPG,ORAs
and check logic) associated to each solution
37
Results for algorithmic Results for algorithmic approaches approaches
• Fan based approach...
• Net driven approach...
38
Results for algorithmic Results for algorithmic approaches approaches
• Net driven look-ahead approach...
• Net driven look-ahead with combinations approach...
39
Results for algorithmic Results for algorithmic approaches approaches
• Comparative results…
40
Simulation of a cones Parity Simulation of a cones Parity Group Group
• Benchmark b14 ITC'99– Generation of 5 cones with an arbitrary approach– Behavioural simulation of the cone PG– Insertion of 25 different tampers (logic/seq/int)