Secure Intellectual Property Management in Reconfigurable Computing Systems
MetadataShow full item record
This item's downloads: 5317 (view details)
Krzysztof Michał Kępa (2010) Secure Intellectual Property Management in Reconfigurable Computing Systems. Thesis
This thesis contributes to Intellectual Property (IP) security and IP usage accounting in Partially Reconfigurable (PR) Xilinx Field-Programmable Gate Array (FPGA)-based Reconfigurable Computing (RC) systems.The outsourcing of RC system design to external entities results in an extended, multi-player design environment and implicit chains of trust between various parties. A consequence is an increased risk to system integrity and to design IP protection, e.g. design IP theft, cloning, counterfeiting and tampering. Reported research on IP infringement countermeasures within RC devices has not considered the security risks caused by including erroneous or malicious IP cores in the PR-enabled RC system. Also, current security measures do not support system usage accounting and IP license enforcement in a multi-party design flow and in deployed PR-enabled RC systems. This hinders massive-scale adoption of third-party IP cores in high assurance RC systems.This thesis proposes a new IP-aware method for the development of trustworthy PR systems and reports the implementation of a trusted Secure Reconfiguration Controller (SeReCon) IP core which is a Root of Trust (RoT) for RC systems. SeReCon provides design IP protection and maintains the integrity of the RC system by analysing the IP core structure prior to RC system reconfiguration and by mediating access to the internal Xilinx FPGA reconfiguration port. SeReCon protects the RC system from structural issues resulting from the inclusion of malicious IP cores. SeReCon supports the use of untrusted third-party IP cores in high-assurance RC systems. SeReCon also protects IP of third party designs and provides design IP license enforcement within the deployed system. The thesis proposes and describes a modification to the FPGA fabric to enable SeReCon security credentials to be generated and stored internally (within the FPGA) during the RoT certification process. In the SeReCon-based IP management scheme the Trusted Authority party participates only during certification of the RC system RoT. This policy reduces the risk of security credentials leakage and reduces the chain-of-trust requirements in a multi-player design flow.The thesis also describes the development and application of the FPGA Design Analysis Tool (FDAT), which supports rapid prototyping of FPGA CAD applications for FPGA system-level design, design verification and application porting to SeReCon. FDAT provides a set of high-level FDAT APIs which abstract the Xilinx FPGA fabric, the implemented design (placed and routed netlist) and the associated FPGA configuration bitstream. The operation of FDAT is governed by recipe scripts and a lightweight graphic front-end.A SeReCon-enabled RC system prototype has been implemented in a Xilinx Virtex-5 FPGA and targets a Software-Defined-Radio (SDR) application incorporating dynamically loadable IP cores. The RC system prototype includes a number of PR IP cores, e.g. AES cipher and decipher, in order to demonstrate the feasibility of the SeReCon-based IP management scheme. The SeReCon demonstrator application provides detailed and interactive insight into the operation of the RC system during SeReCon initialisation and operation, and illustrates that even genuine IP cores, when developed in multi-party environment, could include implicit communication channels and could therefore introduce security risks.