SARFUM
2010; Association for Computing Machinery; Volume: 3; Issue: 2 Linguagem: Inglês
10.1145/1754386.1754389
ISSN1936-7414
AutoresBenoît Badrignans, David Champagne, Reouven Elbaz, Catherine H. Gebotys, Lionel Torres,
Tópico(s)Cryptographic Implementations and Security
ResumoRemote update of hardware platforms or embedded systems is a convenient service enabled by Field Programmable Gate Array (FPGA)-based systems. This service is often essential in applications like space-based FPGA systems or set-top boxes. However, having the source of the update be remote from the FPGA system opens the door to a set of attacks that may challenge the confidentiality and integrity of the FPGA configuration, the bitstream. Existing schemes propose to encrypt and authenticate the bitstream to thwart these attacks. However, we show that they do not prevent the replay of old bitstream versions, and thus give adversaries an opportunity for downgrading the system. In this article, we propose a new architecture called sarfum that, in addition to ensuring bitstream confidentiality and integrity, precludes the replay of old bitstreams. sarfum also includes a protocol for the system designer to remotely monitor the running configuration of the FPGA. Following our presentation and analysis of the security protocols, we propose an example of implementation with the CCM (Counter with CBC-MAC) authenticated encryption standard. We also evaluate the impact of our architecture on the configuration time for different FPGA devices.
Referência(s)