Abstract
Field-Programmable Gate Arrays (FPGAs) are widely used for custom hardware implementations, including in many security-sensitive industries, such as defense, communications, transportation, medical, and more. Compiling source hardware descriptions to FPGA bitstreams requires the use of complex computer-aided design (CAD) tools. These tools are typically proprietary and closed-source, and it is not possible to easily determine that the produced bitstream is equivalent to the source design.
In this work, we present various FPGA design flows that leverage pre-synthesizing or pre-implementing parts of the design, combined with open-source synthesis tools, bitstream-to-netlist tools, and commercial equivalence-checking tools, to verify that a produced hardware design is equivalent to the designer’s source design.
We evaluate these different design flows on several benchmark circuits and demonstrate that they are effective at detecting malicious modifications made to the design during compilation. We compare our proposed design flows with baseline commercial design flows and measure the overheads to area and runtime.
- [1] . 2008. The hunt for the kill switch. IEEE Spectrum 45, 5 (2008), 34–39.
DOI : https://doi.org/10.1109/MSPEC.2008.4505310 Google ScholarDigital Library
- [2] . 2016. Hardware trojans: Lessons learned after one decade of research. 22, 1 (2016), 6:1–6:23.
DOI : https://doi.org/10.1145/2906147 Google ScholarDigital Library
- [3] . 2017. Toggle MUX: How x-optimism can lead to malicious hardware. In Design Automation Conference (DAC) (2017-06). 1–6.
DOI : https://doi.org/10.1145/3061639.3062328 Google ScholarDigital Library
- [4] . 2016. Malicious LUT: A stealthy FPGA trojan injected and triggered by the design flow. In International Conference on Computer-aided Design (ICCAD) (2016-11). 1–8.
DOI : https://doi.org/10.1145/2966986.2967054 Google ScholarDigital Library
- [5] . 2015. FPGA trojans through detecting and weakening of cryptographic primitives. 34, 8 (2015), 1236–1249.
DOI : https://doi.org/10.1109/TCAD.2015.2399455Google Scholar - [6] . 2018. Using physical and functional comparisons to assure 3rd-Party IP for modern FPGAs. In International Verification and Security Workshop (IVSW) (2018-07). 80–86.
DOI : https://doi.org/10.1109/IVSW.2018.8494874Google Scholar - [7] . 2020. Project IceStorm. Retrieved from http://www.clifford.at/icestorm/.Google Scholar
- [8] . 2020. 360 EC-FPGA – OneSpin Solutions. Retrieved from /products/360-ec-fpga.Google Scholar
- [9] . 2012. A novel technique for improving hardware trojan detection and reducing trojan activation time. 20, 1 (2012), 112–125.
DOI : https://doi.org/10.1109/TVLSI.2010.2093547 Google ScholarDigital Library
- [10] . 2015. VeriTrust: Verification for hardware trust. 34, 7 (2015), 1148–1161.
DOI : https://doi.org/10.1109/TCAD.2015.2422836Google Scholar - [11] . 2017. Hardware trojan detection through chip-free electromagnetic side-channel statistical analysis. 25, 10 (2017), 2939–2948.
DOI : https://doi.org/10.1109/TVLSI.2017.2727985Google Scholar - [12] . 2016. TERO-based detection of hardware trojans on FPGA implementation of the AES algorithm. In Euromicro Conference on Digital System Design (DSD) (2016-08). 678–681.
DOI : https://doi.org/10.1109/DSD.2016.47Google ScholarCross Ref
- [13] . 2017. Thermal sensor based hardware trojan detection in FPGAs. In Euromicro Conference on Digital System Design (DSD) (2017–08). 268–273. https://doi.org/10.1109/DSD.2017.36Google Scholar
Cross Ref
- [14] . 2017. An on-chip technique to detect hardware trojans and assist counterfeit identification. 25, 12 (2017), 3317–3330.
DOI : https://doi.org/10.1109/TVLSI.2016.2627525Google Scholar - [15] . 2010. Multiple-parameter side-channel analysis: A non-invasive hardware trojan detection approach. In International Symposium on Hardware-oriented Security and Trust (HOST) (2010–06). 13–18.
DOI : https://doi.org/10.1109/HST.2010.5513122Google Scholar - [16] . 2013. Detection of trojans using a combined ring oscillator network and off-chip transient power analysis. 9, 3 (2013), 25:1–25:20.
DOI : https://doi.org/10.1145/2491677 Google ScholarDigital Library
- [17] . 2020. The unpatchable silicon: A full break of the bitstream encryption of Xilinx 7-series FPGAs. In USENIX Conference on Security Symposium. USENIX Association, 1803–1819. Google Scholar
Digital Library
- [18] . 2018. Recent advances in FPGA reverse engineering. 7, 10 (2018), 246.
DOI : https://doi.org/10.3390/electronics7100246Google Scholar - [19] . 2020. Power-hammering through glitch amplification—Attacks and mitigation. In International Symposium on Field-programmable Custom Computing Machines (FCCM) (2020–05). 65–69.
DOI : https://doi.org/10.1109/FCCM48280.2020.00018Google Scholar - [20] . 2014. A power side-channel-based digital to analog converter for Xilinx FPGAs. In Symposium on Field-programmable Gate Arrays (FPGA) (2014-02-26). 113–116.
DOI : https://doi.org/10.1145/2554688.2554770 Google ScholarDigital Library
- [21] . 1999. FPGA viruses. In Conference on Field Programmable Logic and Applications (FPL) (1999), , , and (Eds.). 291–300.
DOI : https://doi.org/10.1007/978-3-540-48302-1_30 Google ScholarDigital Library
- [22] . 2020. Using novel configuration techniques for accelerated FPGA aging. In 30th International Conference on Field-programmable Logic and Applications (FPL) (2020-08). 169–175.
DOI : https://doi.org/10.1109/FPL50879.2020.00037ISSN: 1946-1488. Google ScholarCross Ref
- [23] 2020. Symbiflow/Prjuray. https://github.com/SymbiFlow/prjuray.Google Scholar
- [24] 2020. Symbiflow/Prjxray. https://github.com/SymbiFlow/prjxray.Google Scholar
- [25] . 2018. Checking for electrical level security threats in bitstreams for multi-tenant FPGAs. In International Conference on Field-programmable Technology (FPT) (2018–12). 286–289.
DOI : https://doi.org/10.1109/FPT.2018.00055Google ScholarCross Ref
- [26] . 2020. FPGADefender: Malicious self-oscillator scanning for Xilinx ultrascale + FPGAs. 13, 3 (2020), 15:1–15:31.
DOI : https://doi.org/10.1145/3402937 Google ScholarDigital Library
- [27] . 2010. Design assurance strategy and toolset for partially reconfigurable FPGA systems. 4, 1 (2017), 4:1–4:26.
DOI : https://doi.org/10.1145/1857927.1857931 Google ScholarDigital Library
- [28] . 2021. Yosys Open SYnthesis Suite. Retrieved from https://github.com/YosysHQ/yosys.Google Scholar
- [29] . 2014. Practical graph isomorphism, II. 60 (2014), 94–112.
DOI : https://doi.org/10.1016/j.jsc.2013.09.003 Google ScholarDigital Library
- [30] . 2004. A (sub)graph isomorphism algorithm for matching large graphs. 26, 10 (2004), 1367–1372.
DOI : https://doi.org/10.1109/TPAMI.2004.75Google Scholar
Index Terms
Approaches for FPGA Design Assurance
Recommendations
Design Assurance Strategy and Toolset for Partially Reconfigurable FPGA Systems
The growth of the Reconfigurable Computing (RC) systems community exposes diverse requirements with regard to functionality of Electronic Design Automation (EDA) tools. Low-level design tools are increasingly required for RC bitstream debugging and IP ...
FPGA Analysis Tool: High-Level Flows for Low-Level Design Analysis in Reconfigurable Computing
ARC '09: Proceedings of the 5th International Workshop on Reconfigurable Computing: Architectures, Tools and ApplicationsThe growth of the reconfigurable systems community exposes diverse requirements with regard to functionality of Electronic Design Automation (EDA) tools. Those targeting reconfigurable design analysis and manipulation require low-level design tools for ...
Conjoining soft-core FPGA processors
ICCAD '06: Proceedings of the 2006 IEEE/ACM international conference on Computer-aided designSoft-core programmable processors on field-programmable gate arrays (FPGAs) can be custom synthesized to instantiate only those hardware units, such as multipliers and floating-point units, that an application requires to meet performance demands, thus ...






Comments