Paper 2020/833

Secure Update of FPGA-based Secure Elements using Partial Reconfiguration

Florian Unterstein, Tolga Sel, Thomas Zeschg, Nisha Jacob, Michael Tempelmeier, Michael Pehl, and Fabrizio De Santis

Abstract

Secure Elements (SEs) are hardware trust anchors which provide cryptographic services including secure storage of secret keys and certificates. In long-living devices certain cryptographic functions might get insecure over time, e.g. new implementation attacks or bugs are discovered, and might require to be updated. On FPGAs, partial reconfiguration (PR) offers the opportunity to overcome this issue by replacing buggy or outdated hardware on the fly. This work provides an architecture for an FPGA-based secure element that can be securely updated. The proposed mechanism uses a side-channel protected authenticated encryption with associated data (AEAD) engine for decryption and authentication of partial bitstreams, while the device unique key is generated from a Physical Unclonable Function (PUF). A proof-of-concept of the design is implemented on a Xilinx Zynq-7020 FPGA.

Note: The paper is an extended abstract, describing an approach implemented in the project ALESSIO which was funded by the German Federal Ministry for Education and Research. The paper was presented in the workshop W07 TRUDEVICE 2020, which was collocated with DATE 2020.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. W07 TRUDEVICE 2020: Workshop on Trustworthy Manufacturing and Utilization of Secure Devices
Keywords
physical unclonable functionPUFpartial reconfigurationFPGAauthenticated encryptionAEADsecure element
Contact author(s)
m pehl @ tum de
History
2020-07-07: received
Short URL
https://ia.cr/2020/833
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/833,
      author = {Florian Unterstein and Tolga Sel and Thomas Zeschg and Nisha Jacob and Michael Tempelmeier and Michael Pehl and Fabrizio De Santis},
      title = {Secure Update of FPGA-based Secure Elements using Partial Reconfiguration},
      howpublished = {Cryptology ePrint Archive, Paper 2020/833},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/833}},
      url = {https://eprint.iacr.org/2020/833}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.