AEGIS-Based Efficient Solution for Secure Reconfiguration ... · Karim M. Abdellatif, Roselyne Chotin-Avot, Habib Mehrez [email protected] 1/24. AEGIS-Based E cient Solution

AEGIS-Based Efficient Solution for Secure Reconfiguration of FPGAs

AEGIS-Based Efficient Solution for SecureReconfiguration of FPGAs

Karim M. Abdellatif, Roselyne Chotin-Avot, Habib Mehrez

[email protected]

1 / 24


Motivation

Motivation

Authenticated Encryption (AE) algorithms

Low Cost Solutions for Secure FPGA Reconfiguration

Conclusion and future work2 / 24


Motivation

Encryption and authentication

I First approach

Authentication

Decryption

Key1

Key2

Computed

Match? Y/NMAC

MAC

Message

Receiver

Message

Key1

Encryption

Message

Authentication

Sender

Key2

Insecure Channel

MA

C

Encrypted Message

Encrypted Message

Match?

I Second approach

Encrypted Message

MA

C

AuthenticatedEncryption

Computed MAC

Key1

Y/NMatch?MAC

MessageMessage

Receiver

Message

Sender

AuthenticatedEncryption

Key1

Insecure Channel

Encrypted

2 / 24


Motivation

Advantages and applications of the second approach

I One can expect that this is more efficient since encryption andauthentication can share a part of the computation.

I AE algorithms use only one key for encryption andauthentication. Therefore, the key exchange and storageissues are better compared to using two separated algorithms.

AE has been used in many widely standards such as:Secure Sockets Layer / Transport Layer Security (SSL/TLS) [7],IPsec [7], and IEEE 802.11 (Wi-Fi) [10].

3 / 24


Motivation

FPGAs

I They offer the capability to develop the most suitable circuitarchitecture of the application in a similar way to SoC systems.

I They are cost efficient, easier to manage, can immediately beput into operation and, they can continuously bereprogrammed during and after the design.

000010011100110101101001

Application

User Logic

SRA

M M

emor

y C

ellsStatic Part

FPGA

Bitstream

4 / 24


Motivation

Reconfiguration FPGAs

Application

User Logic

SRA

M M

emor

y C

ellsStatic Part

FPGA

Bitstream

Non Volatile Memory (NVM)

IPs loaded on the FPGAs represent a kind of investment thatrequires protection.

5 / 24



Motivation



Conclusion and future work

6 / 24



Counter with Cipher Block Chaining-MessageAuthentication Code(CCM)

CCM has been specified in:

I IEEE 802.11i

I IEEE 802.15

I IEEE 802.16

I Disadvantages:It is not suitable for on lineapplications as all datamust be stored in memorybefore CCM processing.

+ +

S[i]

P[i]

C[i]

S[0]

Y

MAC

AES

S[L]

AES

KeyCTR[0]

S[0]

AES

KeyCTR[1]

S[1]

AES

KeyCTR[2]

S[2]

CTR[n] Key

AES

+ + +

AES AES AES

Key Key Key Key

Y

CBC mode

N

A p[L]

CTR mode

p[1]

7 / 24



Galois Counter Mode (GCM)

It presets high intrinsic degreeof pipelining and parallelism.

I wireless, optical, andmagnetic recordingsystems.

I high intrinsic degree ofpipelining and parallelism.

I IEEE 802.1ae and NIST800-38D.

AES

Key

AESAES AES AES

+ + +

+ ++

+

GF(2128 )Multiplier

GF(2128 )Multiplier

GF(2128 )Multiplier

GF(2128 )Multiplier

GF(2128

) GF(2128

) GF(2128

) GF(2128

)

"00..00" CTR[2]CTR[1]CTR[0] Key Key Key Key

H

H H H HA

P[1] P[2]

C[1] C[2]

MAC

Encryption using CTR mode

Authentication using GF multiplier

C[L]

P[L]

CTR[L]

Multiplier Multiplier Multiplier Multiplier

8 / 24



Competition for Authenticated Encryption: Security,Applicability, and Robustness (CAESAR)

I CAESAR competition is a move towards selecting a portfolioof AE schemes that should improve upon the state of the art.

I There are some AE schemes have been proposed, and moreare expected to join the ranks with the ongoing CAESAR.

I we present an overview on AEGIS [36] which is considered oneof the candidates to CAESAR.

9 / 24



AEGIS-128

+

+ + + ++

S S S S S

S S S S S

i,0 i,1 i,2 i,3 i,4

i+1,0 i+1,1 i+1,2 i+1,3 i+1,4

ww

SubBytes

Shift Rows

SubBytes

Shift Rows

SubBytes

Shift Rows

SubBytes SubBytes

Shift Rows Shift Rows

MixColumnsMixColumnsMixColumnsMixColumns MixColumns

m i

Si+1,0 = AESRound(Si ,4, Si ,0 ⊕mi )Si+1,1 = AESRound(Si ,0, Si ,1)Si+1,2 = AESRound(Si ,1, Si ,2)Si+1,3 = AESRound(Si ,2, Si ,3)Si+1,4 = AESRound(Si ,3, Si ,4).

(1)

10 / 24



Initialization of AEGIS

1. Load the key and IV into the state as follows:S−10,0 = IV128

S−10,1 = Const1S−10,2 = Const0S−10,3 = K128 ⊕ Const0S−10,4 = K128 ⊕ Const1.

2. For i = -5 to -1, m2i = K128, m2i+1 = K128 ⊕ IV128.

3. For i = -10 to -1, Si+1 = StateUpdate128(Si ,mi ).

11 / 24



Encryption of AEGIS

1. If the last plaintext block is not a full block, use 0 bits to padit to 128 bits.

2. For i = 0 to (msglen128 − 1), the state is updated to perform

encryption.

Ci = Pi ⊕ Si ,1 ⊕ Si ,4 ⊕ (Si ,2&Si ,3)Si+1 = StateUpdate128(Si ,Pi ).

(2)

12 / 24



Authentication of AEGIS

1. Let tmp = lenA‖msglen, where lenA and msglen arerepresented as 64-bit integers

2. For i= (msglen128 ) to (msglen

128 + 6), mi = Smsglen128

,3⊕ tmp

3. For i= (msglen128 ) to (msglen

128 + 6), the state is updated:Si+1 = StateUpdate128(Si ,Pi )

4. The authentication MAC is generated from the statemsglen

128 + 7 as follows:

MAC = ⊕4i=0(S

(msglen128

+7),i). (3)

13 / 24



Motivation




14 / 24



Remote reconfiguration

Application

FPGA

User LogicSR

AM

Mem

ory

Cel

lsStatic Part

Public Network

Bitstream

Bitstream

Development

Location

Bitstream

Non Volatile Memory (NVM)

15 / 24



Previous Solutions

Example: Virtex-4 and Virtex-5:

User Logic

SRA

M M

emor

y C

ells

Static Part

FPGA

AES Application

KEncrypted Bitstream

Non Volatile

Memory (NVM)

Bitstream

KAES

Encrypted Bitstream

16 / 24



Previous Solutions

Example: Virtex-6

User Logic

SRA

M M

emor

y C

ells

Static Part

FPGA

Application

AES

k2K1

Match?

bitstream

MAC

Encrypted

Y/N

HMAC

Developer

Bitstream

HMACAES

Encrypted Bitstream

MA

C

k2K1

Encrypted Bitstream

MA

C

Memory (NVM)Non Volatile

17 / 24



Our goal

User Logic

SRA

M M

emor

y C

ells

Static Part

Match?

Low Cost AE

Y/NFPGA

Encrypted Bitstream

MAC

ComputedMAC

Key

Application

Encrypted Bitstream

MA

C

Non Volatile

Memory (NVM)

Bitstream

KeyAE

MA

C

Dev

elop

er

Encrypted Bitstream

18 / 24



Proposed AEGIS-128

0 1 2 3 4 5 6 7 8 9 10 11 12 1413 150 1 2 3 4 5 6 7 8 9 10 11 12 1413 15

Mix C

olumns

SSSSS SSSSSSSSSSS SSSSS SSSSSSSSSSS

0 1 2 3 4 5 6 7 8 9 10 11 12 1413 150 1 2 3 4 5 6 7 8 9 10 11 12 1413 15

S

S

S

Sclck

To key adding stage

8−bit datapath

32−bit datapath

SubBytes

To key adding stage

(a)

(b)

Input (128−bits) Input (128−bits)

Mix Columns Mix Columns Mix Columns Mix ColumnsMix Columns Mix Columns Mix Columns Mix Columns

ShiftRows ShiftRows

19 / 24



Proposed AEGIS-128

x 4

x 3

x 2

x1

x0 +

+

+

+

+

S i,1

S i,3

S i,4

Si,0

Si,2

Si,0

S i,1

Si,2

S i,3

S i,4

S i+1,0

i+1,4S

S i+1,3

S i+1,2

S i+1,1

+

+

+msglen128

,3S

128

1/4 AES Round

S init,0

S

S

S

S

init,1

init,2

init,3

init,4

2im

2im +1

Tag

128

128

128

128

128

128

128

128

128

128

M1

M2

M3

M4

M5

M6

M7

M8

M9

M10

tmp

m iCiphertext (C)

Plaintext (P)

Plaintext (P)

20 / 24



Hardware comparison

21 / 24



Motivation




22 / 24



Conclusion

I Giving an overview of security issues used in thereconfiguration of FPGAs.

I Analyzing how well encryption and authentication are veryimportant for trusted designs on FPGAs.

I Proposing an efficient hardware solution using AEGIS, whichis added in the static part of the FPGA (silicon part) in orderto decrypt and authenticate encrypted bitstream.

23 / 24



24 / 24

Documents

AEGIS-Based Efficient Solution for Secure Reconfiguration ... · Karim M. Abdellatif, Roselyne Chotin-Avot, Habib Mehrez [email protected] 1/24. AEGIS-Based E cient Solution