Cryptology ePrint Archive: Report 2020/833

Secure Update of FPGA-based Secure Elements using Partial Reconfiguration

Florian Unterstein and Tolga Sel and Thomas Zeschg and Nisha Jacob and Michael Tempelmeier and Michael Pehl and Fabrizio De Santis

Abstract: Secure Elements (SEs) are hardware trust anchors which provide cryptographic services including secure storage of secret keys and certificates. In long-living devices certain cryptographic functions might get insecure over time, e.g. new implementation attacks or bugs are discovered, and might require to be updated. On FPGAs, partial reconfiguration (PR) offers the opportunity to overcome this issue by replacing buggy or outdated hardware on the fly. This work provides an architecture for an FPGA-based secure element that can be securely updated. The proposed mechanism uses a side-channel protected authenticated encryption with associated data (AEAD) engine for decryption and authentication of partial bitstreams, while the device unique key is generated from a Physical Unclonable Function (PUF). A proof-of-concept of the design is implemented on a Xilinx Zynq-7020 FPGA.

Category / Keywords: applications / physical unclonable function, PUF, partial reconfiguration, FPGA, authenticated encryption, AEAD, secure element

Original Publication (in the same form): W07 TRUDEVICE 2020: Workshop on Trustworthy Manufacturing and Utilization of Secure Devices

Date: received 7 Jul 2020

Contact author: m pehl at tum de

Available format(s): PDF | BibTeX Citation

Note: The paper is an extended abstract, describing an approach implemented in the project ALESSIO which was funded by the German Federal Ministry for Education and Research. The paper was presented in the workshop W07 TRUDEVICE 2020, which was collocated with DATE 2020.

Version: 20200707:084203 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]