Securing HECAD

When designing a security monitor, it is necessary to consider the trade-off of security vs. information gathering ability. The idea behind developing HECAD was to design a cyber- attack monitor that was capable of gathering as much information about the system as possible to maximize the detection capabilities. In order to cross the hardware/software boundary and monitor the hardware peripherals of the system, it was required to integrate the monitor onto the hardware of the FCS in order to not only monitor the hardware peripherals but isolate the slave devices. By integrating the security monitor on-board it also creates an additional attack surface, where an adversary could disable HECAD, therefore disabling the whole system. It was decided that the amount of effort required to disable HECAD would be very high and require physical access to the FCS, and therefore focused on gathering as much information as possible over securing the security. Nevertheless, various methods for securing FPGAs do exist. Common threats to FPGAs may include an adversary cloning an existing FPGA bitstream and promoting it as their own, reverse engineering a

bitstream, where an adversary recovers the bitstream through the circuit design, tampering through added logic, spoofing by replacing the bitstream and re-selling the device, or destruction of the FPGA and/or replacing the FPGA with an identically manufactured one. Methods to secure FPGAs were surveyed in [68] and a brief overview of the methods will follow.

SRAM and Anti-fuse

The FPGA bitstream can be stored on the FPGA using SRAM, Flash, or Anti-fuse. An SRAM configuration is volatile memory, therefore requiring power to keep its contents and requires external permanent storage, which is possible for an adversary to attack. Flash memory is a form of non-volatile permanent storage; however, it commonly requires In System Programming (ISP), which exposes the FPGA to the same issue as SRAM. Lastly, an Antifuse FPGA is a one-time programmable method that is disconnected by the manufacturer, providing a non-accessible permanent memory storage, however since it can only be programmed once, it poses other security concerns.

Bitstream Encryption

An FPGA implementation is inherently more secure over a general processor since it uses a bitstream over program memory, and would take significantly more time to reverse engineer, however, for further protection bitstream encryption can be used. The most common method of securing and FPGA is to use a method of encryption on the bitstream. FPGA vendors such as Xilinx and Altera provide tools that allow the bitstream to be encrypted and written into SRAM. Encrypting the bitstream defends against Trojan insertions where an adversary could partially reconfigure the FPGA and insert malicious logic into the bitstream. The advantage that encryption has is that the design tools provided

by Xilinx and Altera will not allow partial reconfiguration mixing encrypted and unencrypted reconfigurations.

Battery Backup Random Access Memory (BBRAM)

Key storage secrecy is fundamental in security, in order to keep the key secret it requires a way of keeping the register in memory confidential on the FPGA. One way of keeping the key secret is through using BBRAM, which allows for key agility and zeroization. When primary power is applied, the BBRAM is powered through the power supply, which would permit replacing the battery in the field. Xilinx provides an internal interface to zero out the specified key space in the event of an adversary tampering with the device. However, it does have the disadvantage that if the BBRAM loses connection or battery power when no primary power is available, the contents could be erased. BBRAM is said to be more physically secure than nonvolatile key storage, and to steal the key an adversary would have to scan the bits using expensive hard to obtain equipment, and attacking BBRAM is said to be beyond all but the most sophisticated adversaries.

eFuse

An alternative to using BBRAM is to use an eFuse memory, which is a one-time programmable non-volatile memory, typically programmed by electro-migration using high current. Additional processing complexity and/or high voltage are not required for eFuse; however, it does require a lot of logic circuitry and is only practical for low memory key storage.

Internal Temperature and Power Monitoring

An embedded analog to digital converter (ADC) is included in Xilinx FPGAs to monitor voltage and temperature inside and outside of the FPGA; users can configure the circuitry to accommodate the operating temperatures of the environment for specific applications. If a threshold is reached, user specific actions can be taken such as clearing crypto registers, RAM, zeroing keys, or clearing configurations and shutting the device down.

Fencing and Redundancy

Xilinx Isolation Design Flow (IDF) provides containment of faults at the FPGA level, allowing for the use of modular redundancy, watchdog alarms, segregation, and isolation of test logic to minimize single chip faults. The concept of isolation in the FPGA is performed by using configurable logic blocks as a fencing mechanism to isolate different systems in the programmable logic. Triple modular redundancy is the most popular method of reducing single point failures as well as providing and extra level of security through verification of sub systems, commonly incorporated through a voting scheme [69].