1 Software College, Northeastern University, Shenyang 110169, China;
2 Key Laboratory of Computer Network and Information Integration(Southeast University), Ministry of Education Nanjing 210096, China;
3 Department of Computer and Communication Engineering, Changsha University of Science and Technology Changsha 410014, China;
4 School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing 210044, China
Abstract With the increasing use of field-programmable gate arrays (FPGAs) in embedded systems and many embedded applications, the failure to protect FPGA-based embedded systems from cloning attacks has brought serious losses to system developers. This paper proposes a novel combinational logic binding technique to specially protect FPGA-based embedded systems from cloning attacks and provides a pay-per-device licensing model for the FPGA market. Security analysis shows that the proposed binding scheme is robust against various types of malicious attacks. Experimental evaluations demonstrate the low overhead of the proposed technique.
This work is supported by the National Natural Science Foundation of China under Grant Nos. 61602107, 61572123, 61303042, and the Fundamental Research Funds for the Central Universities of China under Grant No. N161704006.
About author: Ji-Liang Zhang received his Ph.D. degree in computer science and technology from Hunan University, Changsha, in 2015. In 2013 2014, he worked as a research scholar at the Maryland Embedded Systems and Hardware Security Laboratory, University of Maryland, College Park. He is currently an associate professor in the Department of Information Security, Software College, Northeastern University, Shenyang. He authored over 30 papers in refereed international conferences and journals such as IEEE-TIFS, ACM-TODAES, IEEE-TVLSI, ACM/IEEE Design Automation Conference and so on. His research interests include hardware/hardware-assisted security, field programmable gate array, embedded system and emerging technologies.
Cite this article:
Ji-Liang Zhang, Wei-Zheng Wang, Xing-Wei Wang, Zhi-Hua Xia.Enhancing Security of FPGA-Based Embedded Systems with Combinational Logic Binding[J] Journal of Computer Science and Technology, 2017,V32(2): 329-339
 Lv Y, Zhou Q, Cai Y et al. Trusted integrated circuits:The problem and challenges. J. Comput. Sci. Technol., 2014, 29(5):918-928. Fu H, Gan L, Clapp R et al. Scaling reverse time migration performance through reconfigurable dataflow engines. IEEE Micro, 2014, 34(1):30-40. Zhang J, Qu Q. A survey on security and trust of FPGAbased systems. In Proc. International Conference on Field-Programmable Technology (ICFPT), Dec. 2014, pp.147-152. Kean T. Cryptographic rights management of FPGA intellectual property cores. In Proc. ACM/SIGDA Symp. Field-Programmable Gate Arrays (FPGA), Feb. 2002, pp.113-118. Qu G, Potkonjak M, Stojcev M. Intellectual Property Protection in VLSI Designs:Theory and Practice. Kluwer Academic Publishers, 2003. Hori Y, Satoh A, Sakane H et al. Bitstream encryption and authentication with AES-GCM in dynamically reconfigurable systems. In Proc. International Conference on Field Programmable Logic and Applications, Sept. 2008, pp.23-28. Trimberger S, Moore J, LuW. Authenticated encryption for FPGA bitstreams. In Proc. the 19th ACM/SIGDA Symp. Field-Programmable Gate Arrays (FPGA), Feb.27-Mar.1, 2011, pp.83-86. Drimer S. Security for volatile FPGAs[Ph.D. Thesis], Computer Laboratory, University of Cambridge, Nov uCAMCL-TR-763, 2009. Herder C, Yu M, Koushanfar F, Devadas S. Physical unclonable functions and applications:A tutorial. Proceedings of the IEEE, 2014, 102(8):1126-1141. Gora M, Maiti A, Schaumont P. A flexible design flow for software IP binding in FPGA. IEEE Trans. Ind. Informatics, 2010, 6(4):719-728. Koushanfar F. Integrated circuits metering for piracy protection and digital rights management. In Proc. the 21st Great Lakes Symposium on VLSI, May 2011, pp.449-454. Roy J, Koushanfar F, Markov I. EPIC:Ending piracy of integrated circuits. In Proc. Design, Automation and Test in Europe, March 2008, pp.1069-1074. Note J, Rannaud E. From the bitstream to the netlist. In Proc. the 16th ACM/SIGDA International Symposium on Field Programmable Gate Arrays, Feb. 2008, p.264. Xia Z, Wang X, Sun X, Wang Q. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Transactions on Parallel and Distributed Systems, 2016, 27(2):340-352. Fu Z, Wu X, Guan C, Sun X, Ren K. Towards efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Transactions on Information Forensics and Security, 2016, 11(12):2706-2716. Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K. A privacypreserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 2016, 11(11):2594-2608. Fu Z, Ren K, Shu J, Sun X, Huang F. Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Transactions on Parallel and Distributed Systems, 2016, 27(9):2546-2559. Fu Z, Sun X, Liu Q, Zhou L, Shu J. Achieving efficient cloud search services:Multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Transactions on Communications, 2015, E98-B(1):190-200. Guo P, Wang J, Li B, Lee S. A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology, 2014, 15(6):929-936. Ma T, Zhou J, Tang M, Tian Y, Al-Dhelaan A, Al-Rodhaan M, Lee S. Social network and tag sources based augmenting collaborative recommender system. IEICE Transactions on Information and Systems, 2015, E98-D(4):902-910. Ren Y, Shen J, Wang J, Han J, Lee S. Mutual verifiable provable data auditing in public cloud storage. Journal of Internet Technology, 2015, 16(2):317-323. Li J, Li X, Yang B, Sun X. Segmentation-based image copymove forgery detection scheme. IEEE Transactions on Information Forensics and Security, 2015, 10(3):507-518. Xia Z, Wang X, Sun X, Liu Q, Xiong N. Steganalysis of LSB matching using differences between nonadjacent pixels. Multimedia Tools and Applications, 2016, 75(4):1947-1962. Xia Z, Wang X, Sun X, Wang B. Steganalysis of least significant bit matching using multi-order differences. Security and Communication Networks, 2014, 7(8):1283-1291. Yuan C, Sun X, Lv R. Fingerprint liveness detection based on multi-scale LPQ and PCA. China Communications, 2016, 13(7):60-65. Zhou Z, Wang Y, Wu Q, Yang C, Sun X. Effective and efficient global context verification for image copy detection. IEEE Transactions on Information Forensics and Security, 2016, 12(1):48-63. Zhang Y, Sun X, Wang B. Efficient algorithm for k-barrier coverage based on integer linear programming. China Communications, 2016, 13(7):16-23. Xie S, Wang Y. Construction of tree network with limited delivery latency in homogeneous wireless sensor networks. Wireless Personal Communications, 2014, 78(1):231-246. Shen J, Tan H, Wang J, Wang J, Lee S. A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology, 2015, 16(1):171-178. Zhang J, Qu G, Lv Y, Zhou Q. A survey on silicon PUFs and recent advances in ring oscillator PUFs. J. Comput. Sci. Technol., 2014, 29(4):664-678. Atallah M, Bryant E, Korb J, Rice J. Binding software to specific native hardware in a VM environment. In Proc. the 1st ACM Workshop on Virtual Machine Security, Oct. 2008, pp.45-48. Suh G, Devadas S. Physical unclonable functions for device authentication and secret key generation. In Proc. the 44th ACM/IEEE Design Automation Conference, June 2007, pp.9-14. Holcomb D, BurlesonW, Fu K. Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Computers, 2009, 58(9):1198-1210. Lim D, Lee J, Gassport B et al. Extracting secret keys from integrated circuits. IEEE Trans. VLSI Syst., 2005, 13(10):1200-1205. Lach J, Mangione-Smith W, Potkonjak M. Fingerprinting techniques for field-programmable gate array intellectual property protection. IEEE Trans. Comput. Des. Integr. Circuits Syst., 2001, 20(10):1253-1261. Merli D, Schuster D, Stumpf F, Sigl G. Side-channel analysis of PUFs and fuzzy extractors. In Proc. the 4th International Conference on Trust and Trustworthy Computing, June 2011, pp.33-47. Zhang J, Lin Y, Qu G. Reconfigurable binding against FPGA replay attacks. ACM Trans. Des. Autom. Electron. Syst., 2015, 20(2):33:1-33:20. Gao M, Lai K, Qu G. A highly flexible ring oscillator PUF. In Proc. the 51th ACM/IEEE Design Automation Conference (DAC), June 2014, pp.89:1-89:6. Zhang J, Wu Q, Ding Y et al. Techniques for design and implementation of an FPGA-specific physical unclonable function. Journal of Computer Science and Technology, 2016, 31(1):124-136. Majzoobi M, Koushanfar F, Potkonjak M. Techniques for design and implementation of secure reconfigurable PUFs. ACM Trans. Reconfigurable Technology and Systems, 2009, 2(1):5:1-5:33. Yin C, Qu G, Zhou Q. Design and implementation of a group-based RO PUF. In Proc. Design, Automation and Test in Europe Conference and Exhibition (DATE), March 2013, pp.416-421. Guajardo J, Kumar S, Schrijen G, Tuyls P. FPGA intrinsic PUFs and their use for IP protection. In Proc. the 9th Int. Conf. Cryptographic Hardware and Embedded Systems, Sept. 2007, pp.63-80. Anderson J. A PUF design for secure FPGA-based embedded systems. In Proc. the 15th Asia and South Pacific Design Automation Conference (ASP-DAC), Jan. 2010, pp.1-6. Ruhrmair U, Solter J, Sehnke F et al. PUF modeling attacks on simulated and silicon data. IEEE Trans. Information Forensics and Security, 2013, 8(11):1876-1891.