Fast, secure, and remote multiboot of FPGAs

Abstract

The purpose of this thesis is to develop an efficient framework to implement secure FPGA-based (Field Programmable Gate Array) systems. An FPGA is a reconfigurable device that has the ability to adapt the hardware during runtime by loading a new circuit on the reconfigurable fabric. However, a circuit design formed as configuration data (bitstream) can be easily counterfeited and needs to be protected against the risks of cloning, overbuilding, and reverse-engineering. Although many applications could be implemented on low-cost FPGAs, protection schemes and dedicated hardware are mostly available on high-end FPGAs. In addition to this, only high-end FPGAs support dynamic partial self reconfiguration (DPSR), which is the ability to change a part of a design at runtime. This thesis focuses on developing a security scheme leveraging hardware intrinsic features on low-cost FPGAs by using physical unclonable functions (PUFs). A PUF provides a way to extract security keys which are unique to each device. This thesis combines PUFs with another security scheme called obfuscation. Obfuscation is the act of intentionally modifying the description or structure of a circuit in order to conceal its functionality. Obfuscation is implemented in this thesis at RTL-level and is used to authenticate and control the device by using the keys by exploiting the PUF technique within a finite state machine (FSM). These methods are further used to implement ?secure MultiBoot?. The MultiBoot feature allows to reconfigure the FPGA fully at runtime as opposed to DPSR for devices which do not support partial reconfiguration. This thesis also establishes a framework that enables secure remote MultiBoot. A bitstream compression technique is applied to reduce the transmission time over the network. A proof-of-concept example is implemented using the proposed framework.