Biblio

We propose versatile hardware framework for ECC. The framework supports arithmetic operations over P-256, Ed25519 and Curve25519 curves, enabling easy implementation of various ECC algorithms. Framework finds its application area e.g. in FIDO2 attestation or in nowadays rapidly expanding field of hardware wallets. As the design is intended to be ASIC-ready, we designed it to be area efficient. Hardware units are reused for calculations in several finite fields, and some of them are superior to previously designed circuits in terms of time-area product. The framework implements several attack countermeasures. It enables implementation of certain countermeasures even in later stages of design. The design was validated on SoC FPGA.

This research investigates efficient architectures for the implementation of the CRYSTALS-Dilithium post-quantum digital signature scheme on reconfigurable hardware, in terms of speed, memory usage, power consumption and resource utilisation. Post quantum digital signature schemes involve a significant computational effort, making efficient hardware accelerators an important contributor to future adoption of schemes. This is work in progress, comprising the establishment of a comprehensive test environment for operational profiling, and the investigation of the use of novel architectures to achieve optimal performance.

Chaos is an interesting phenomenon for nonlinear systems that emerges due to its complex and unpredictable behavior. With the escalated use of low-powered edge-compute devices, data security at the edge develops the need for security in communication. The characteristic that Chaos synchronizes over time for two different chaotic systems with their own unique initial conditions, is the base for chaos implementation in communication. This paper proposes an encryption architecture suitable for communication of on-chip sensors to provide a POC (proof of concept) with security encrypted on the same chip using different chaotic equations. In communication, encryption is achieved with the help of microcontrollers or software implementations that use more power and have complex hardware implementation. The small IoT devices are expected to be operated on low power and constrained with size. At the same time, these devices are highly vulnerable to security threats, which elevates the need to have low power/size hardware-based security. Since the discovery of chaotic equations, they have been used in various encryption applications. The goal of this research is to take the chaotic implementation to the CMOS level with the sensors on the same chip. The hardware co-simulation is demonstrated on an FPGA board for Chua encryption/decryption architecture. The hardware utilization for Lorenz, SprottD, and Chua on FPGA is achieved with Xilinx System Generation (XSG) toolbox which reveals that Lorenz’s utilization is 9% lesser than Chua’s.

True Random Number Generator (TRNG) is an important hardware security primitive for system security. TRNGs are capable of providing random bits for initialization vectors in encryption engines, for padding and nonces in authentication protocols and for seeds to pseudo random number generators (PRNG). A TRNG needs to meet the same statistical quality standards as a physical unclonable function (PUF) with regard to randomness and uniqueness, and therefore one can envision a unified architecture for both functions. In this paper, we investigate a FPGA implementation of a TRNG using the Shift-register Reconvergent-Fanout (SiRF) PUF. The SiRF PUF measures path delays as a source of entropy within a engineered logic gate netlist. The delays are measured at high precision using a time-to-digital converter, and then processed into a random bitstring using a series of linear-time mathematical operations. The SiRF PUF algorithm that is used for key generation is reused for the TRNG, with simplifications that improve the bit generation rate of the algorithm. This enables the TRNG to leverage both fixed PUF-based entropy and random noise sources, and makes the TRNG resilient to temperature-voltage attacks. TRNG bitstrings generated from a programmable logic implementation of the SiRF PUF-TRNG on a set of FPGAs are evaluated using statistical testing tools.

In recent years, the use of the Internet of Things (IoT) has increased rapidly in different areas. Due to many IoT applications, many limitations have emerged such as power consumption and limited resources. The security of connected devices is becoming more and more a primary need for the reliability of systems. Among other things, power consumption remains an essential constraint with a major impact on the quality of the encryption system. For these, several lightweight cryptography algorithms were proposed and developed. The PRESENT algorithm is one of the lightweight block cipher algorithms that has been proposed for a highly restrictive application. In this paper, we have proposed an efficient hardware serial architecture that uses 16 bits for data path encryption. It uses fewer FPGA resources and achieves higher throughput compared to other existing hardware applications.

This paper explores high throughput architectures for the substitution modules, which are an integral component of encryption algorithms. The security algorithms chosen belong to the category of lightweight crypto-primitives suitable for pervasive computing. The focus of this work is on the implementation of encryption algorithms on hardware platforms to improve speed and facilitate optimization in the area and power consumption of the design. In this work, the architecture for the encryption algorithms' substitution box (S-box) is modified using switching circuits (i.e., MUX-based) along with a logic generator and included in the overall cipher design. The modified architectures exhibit high throughput and consume less energy in comparison to the state-of-the-art designs. The percentage increase in throughput or maximum frequency differs according to the chosen algorithms discussed elaborately in this paper. The evaluation of various metrics specific to the design are executed at RFID-specific frequency so that they can be deployed in an IoT environment. The designs are mainly simulated and compared on Nexys4 DDR FPGA platform, along with a few other FPGAs, to meet similar design and implementation environments for a fair comparison. The application of the proposed S-box modification is explored for the healthcare scenario with promising results.

Confidentiality and integrity security are the key challenges in future 5G networks. To encounter these challenges, various signature and key agreement protocols are being implemented in 5G systems to secure high-speed mobile-to-mobile communication. Many security ciphers such as SNOW 3G, Advanced Encryption Standard (AES), and ZUC are used for 5G security. Among these protocols, the AES algorithm has been shown to achieve higher hardware efficiency and throughput in the literature. In this paper, we implement the AES algorithm on Field Programmable Gate Array (FPGA) and real-time performance factors of the AES algorithm were exploited to best fit the needs and requirements of 5G. In addition, several modifications such as partial pipelining and deep pipelining (partial pipelining with sub-module pipelining) are implemented on Virtex 6 FPGA ML60S board to improve the throughput of the proposed design.

Security is of importance for communication networks, and many network nodes, like sensors and IoT devices, are resource-constrained. Physical Unclonable Functions (PUFs) leverage physical variations of the integrated circuits to produce responses unique to individual circuits and have the potential for delivering security for low-cost networks. But before a PUF can be adopted for security applications, all security vulnerabilities must be discovered. Recently, a new PUF known as Interpose PUF (IPUF) was proposed, which was tested to be secure against reliability-based modeling attacks and machine learning attacks when the attacked IPUF is of small size. A recent study showed IPUFs succumbed to a divide-and-conquer attack, and the attack method requires the position of the interpose bit known to the attacker, a condition that can be easily obfuscated by using a random interpose position. Thus, large IPUFs may still remain secure against all known modeling attacks if the interpose position is unknown to attackers. In this paper, we present a new modeling attack method of IPUFs using multilayer neural networks, and the attack method requires no knowledge of the interpose position. Our attack was tested on simulated IPUFs and silicon IPUFs implemented on FPGAs, and the results showed that many IPUFs which were resilient against existing attacks cannot withstand our new attack method, revealing a new vulnerability of IPUFs by re-defining the boundary between secure and insecure regions in the IPUF parameter space.

Ternary content addressable memories (TCAMs) widely utilized in network systems to enforce the labeling of packets. For example, they are used for packet forwarding, security, and software-defined networks (SDNs). TCAMs are typically deployed as standalone instruments or as an embedded intellectual property component on application-specific integrated circuits. However, field-programmable gate arrays (FPGAs) do not have TCAM bases. However, FPGAs’ versatility allows them to appeal for SDN deployment, and most FPGA vendors have SDN production kits. Those need to help TCAM features and then simulate TCAMs using the FPGA logic blocks. Several methods to reproduction TCAMs on FPGAs have been introduced in recent years. Some of them use a huge multiple storage blocks within modern FPGAs to incorporate TCAMs. A trouble while remembrances are that soft errors that corrupt stored bits can affect them. Memories may be covered by a parity test to identify errors or by an error correction code, although this involves extra bits in a word frame. This brief considers memory security used to simulate TCAMs. It is shown in particular that by leveraging the assumption its part of potential memory information is true, most single-bit errors can be resolved when memoirs are emulated with a parity bit.

The utilization of Third-party modules is very common nowadays. Hence, combating Hardware Trojans affecting the applications' functionality and data security becomes inevitably essential. This paper focuses on the detection/masking of Hardware Trojans' undesirable effects concerned with spying and information leakage due to the growing care about applications' data confidentiality. It is assumed here that the Trojan-infected system consists mainly of a Microprocessor module (MP) followed by an encryption module and then a Medium Access Control (MAC) module. Also, the system can be application-specific integrated circuit (ASIC) based or Field Programmable Gate Arrays (FPGA) based. A general solution, including encryption, CRC encoder/decoder, and zero padding modules, is presented to handle such Trojans. Special cases are then discussed carefully to prove that Trojans will be detected/masked with a corresponding overhead that depends on the Trojan's location, and the system's need for encryption. An implementation of the CRC encoder along with the zero padding module is carried out on an Altera Cyclone IV E FPGA to illustrate the extra resource utilization required by such a system, given that it is already using encryption.

In this work, an IF(intermediate frequency) module of a hyperspectral microwave radiometer based on a polyphase filter bank (PFB) and Discrete Fourier Transformation (DFT)is introduced. The IF module is designed with an 800MSPS sampling-rate ADC and a Xilinx Virtex-7 FPGA. The module can achieve 512 channels and a bandwidth of 400M and process all the sampled data in real-time. The test results of this module are given and analyzed, such as linearity, accuracy, etc. It can be used in various applications of microwave remote sensing. The system has strong expandability.

Image edge is considered to be the most important attribute to provide valuable image perception information. At present, video image data is developing towards high resolution and high frame number. The image data processing capacity is huge, so the processing speed is very strict to meet the real-time performance of image data transmission. In this context, we present a method to accelerate the real-time video image edge detection. FPGA is used as the development platform. The real-time edge detection algorithm of image data with 1280x720 resolution and 30 frame/s, combined with median filter, Sobel edge detection algorithm and corrosion expansion algorithm, makes the running time of image processing module shorter. The color image of the video image collected by camera is processed. The HDMI interface shows that the scheme has achieved ideal results in the FPGA hardware platform simulation model, greatly improves the efficiency of the algorithm, and provides a guarantee for the speed and stability of the real-time image processing system.

Cryptography is the science or process used for the encryption and decryption of data that helps the users to store important information or share it across networks where it can be read only by the intended user. In this paper, Elliptic Curve Cryptography (ECC) has been proposed because of its small key size, less memory space and high speed. Elliptic curve scalar multiplication is an important part of elliptic curve systems. Here, the scalar multiplication is performed with the help of hybrid Karatsuba multiplier as the area utilization of Karatsuba multiplier is less. An alternative of digital signature algorithm, that is, Elliptic Curve Digital Signature Algorithm (ECDSA) along with the primary operations of elliptic curves have also been discussed in this paper.

K-nearest neighbor algorithm that searches the K closest samples in a high dimensional feature space is one of the most fundamental tasks in machine learning and image retrieval applications. Computational storage device that combines computing unit and storage module on a single board becomes popular to address the data bandwidth bottleneck of the conventional computing system. In this paper, we propose a nearest neighbor search acceleration platform based on computational storage device, which can process a large-scale image dataset efficiently in terms of speed, energy, and cost. We believe that the proposed acceleration platform is promising to be deployed in cloud datacenters for data-intensive applications.

With the rise of Internet of Things (IoT) devices, home network management and security are becoming complex. There is an urgent requirement to make smart home network management more efficient. This work proposes an SDN-based architecture to secure smart home networks through K-Nearest Neighbor (KNN) based device classifications and malicious traffic detection. The efficiency is enhanced by offloading the computation-intensive KNN model to a Field Programmable Gate Arrays (FPGA). Furthermore, we propose a custom KNN solution that exhibits the best performance on an FPGA compared with four alternative KNN instances (i.e., 78% faster than a parallel Bubble Sort-based implementation and 99% faster than three other sorting algorithms). Moreover, with 36,225 training samples, the proposed KNN solution classifies a test query with 95% accuracy in approximately 4 ms on an FPGA compared to 57 seconds on a CPU platform. This highlights the promise of FPGA-based platforms for edge computing applications in the smart home.

Multicore processors are currently the focus of new and future critical-system architectures. However, they introduce new problems in regards to safety and security requirements. Real-time control flow monitoring techniques were proposed as solutions to detect the most common types of program errors and security attacks. We propose a new way to use the latest debug and trace architectures to achieve full and isolated real-time control flow monitoring. We present an online trace decoder FPGA component as a solution in the search for scalable and portable monitoring architectures. Our FPGA accelerator achieves real-time CPU monitoring with only 8% of used resources in a Zynq-7000 FPGA.

Assuring Cybersecurity for the Internet of things (IoT) remains a significant challenge. Most IoT devices have minimal computational power and should be secured with lightweight security techniques (optimized computation and energy tradeoff). Furthermore, IoT devices are mainly designed to have long lifetimes (e.g., 10–15 years), forcing the designers to open the system for possible future updates. Here, we developed a lightweight and reconfigurable security architecture for IoT devices. Our research goal is to create a simple authentication protocol based on physical unclonable function (PUF) for FPGA-based IoT devices. The main challenge toward realization of this protocol is to make it make it resilient against machine learning attacks and it shall not use cryptography primitives.

Alongside the rapid expansion of Internet of Things (IoT), and network evolution (5G, 6G technologies), comes the need for security of higher level and less hardware demanding modules. New cryptographic systems are developed, in order to satisfy the special needs of security, that have emerged in modern applications. In this paper, a novel lightweight data streaming system, is proposed, which operates in alternative modes. Each one of them, performs efficiently as one of three in total, stream ciphering modules. The operation of the proposed system, is based on reconfigurable logic. It aims at a lower hardware utilization and good performance, at the same time. In addition, in order to have a fair and detailed comparison, a second one design is also integrated and introduced. This one proposes a conventional architecture, consisting of the same three stream ciphering modes, implemented on the same device, as separate operation modules. The FPGA synthesis results prove that the proposed reconfigurable design achieves to minimize the area resources, from 18% to 30%, compared to the conventional one, while maintaining high performance values, for the supported modes.

Block ciphers are one of the most fundamental building blocks for information and network security. In recent years, the need for lightweight ciphers has dramatically been increased due to their wide use in low-cost cryptosystems, wireless networks and resource-constrained embedded devices including RFIDs, sensor nodes, smart cards etc. In this paper, an efficient lightweight architecture for RECTANGLE block cipher has been proposed. The architecture is suitable for extremely hardware-constrained environments and multiple platforms due to its support of bit-slice technique. The proposed architecture has been synthesized and implemented on Xilinx Virtex-5 xc5vlx110t-1ff1136 field programmable gate array (FPGA) device. Implementation results have been presented and compared with the existing architectures and have shown commensurable performance. Also, an application-specific integrated circuit (ASIC) implementation of the architecture is done on SCL 180 nm CMOS technology where it consumes 2362 gate equivalent (GE).

Modern embedded systems include on-chip FPGA along with processors to meet the high computation demand by providing flexibility to users to add custom hardware accelerators. Any confidential or sensitive information may be processed by those custom accelerators or hardware Intellectual Properties (IPs). Existing accelerator usage models in embedded systems do not prevent illegal access to the IPs, which can be a severe security breach. In this paper, we present a hardware-software co-design approach for secured FPGA accelerated embedded system design. Our proposed security framework inherits Mandatory Access Control (MAC) based authentication policies running at software down to hardware accelerators in FPGA. It ensures secured processing of confidential data in the hardware to prevent software originated attacks at hardware IPs and information leaks. We have implemented a prototype of our proposed framework, which shows that it can be easily integrated while designing an embedded system with custom accelerator IPs. The experimental results show that the proposed framework establishes secured hardware execution with a negligible amount of area and performance overhead.

FPGAs are becoming a common sight in cloud environments and new usage paradigms, such as FPGA-as-a-Service, have emerged. This development poses a challenge to traditional FPGA security models, as these are assuming trust between the user and the hardware owner. Currently, the user cannot keep bitstream nor data protected from the hardware owner in an FPGA-as-a-service setting. This paper proposes a security model where the chip manufacturer takes the role of root-of-trust to remedy these security problems. We suggest that the chip manufacturer creates a Public Key Infrastructure (PKI), used for user bitstream protection and data encryption, on each device. The chip manufacturer, rather than the hardware owner, also controls certain security-related peripherals. This allows the user to take control over a predefined part of the programmable logic and set up a protected enclave area. Hence, all user data can be provided in encrypted form and only be revealed inside the enclave area. In addition, our model enables secure and concurrent multi-tenant usage of remote FPGAs. To also consider the needs of the hardware owner, our solution includes bitstream certification and affirming that uploaded bitstreams have been vetted against maliciousness.

One of the main goals of studying pattern matching techniques is their significant role in real-world applications, such as the intrusion detection systems branch. The purpose of the network attack detection systems NIDS is to protect the infocommunication network from unauthorized access. This article provides an analysis of the exact match and fuzzy matching methods, and discusses a new implementation of the classic Aho-Korasik pattern matching algorithm at the hardware level. The proposed approach to the implementation of the Aho-Korasik algorithm can make it possible to ensure the efficient use of resources, such as memory and energy.

With the deployment of artificial intelligent (AI) algorithms in a large variety of applications, there creates an increasing need for high-performance computing capabilities. As a result, different hardware platforms have been utilized for acceleration purposes. Among these hardware-based accelerators, the field-programmable gate arrays (FPGAs) have gained a lot of attention due to their re-programmable characteristics, which provide customized control logic and computing operators. For example, FPGAs have recently been adopted for on-demand cloud services by the leading cloud providers like Amazon and Microsoft, providing acceleration for various compute-intensive tasks. While the co-residency of multiple tenants on a cloud FPGA chip increases the efficiency of resource utilization, it also creates unique attack surfaces that are under-explored. In this paper, we exploit the vulnerability associated with the shared power distribution network on cloud FPGAs. We present a stealthy power attack that can be remotely launched by a malicious tenant, shutting down the entire chip and resulting in denial-of-service for other co-located benign tenants. Specifically, we propose stealthy-shutdown: a well-timed power attack that can be implemented in two steps: (1) an attacker monitors the realtime FPGA power-consumption detected by ring-oscillator-based voltage sensors, and (2) when capturing high power-consuming moments, i.e., the power consumption by other tenants is above a certain threshold, she/he injects a well-timed power load to shut down the FPGA system. Note that in the proposed attack strategy, the power load injected by the attacker only accounts for a small portion of the overall power consumption; therefore, such attack strategy remains stealthy to the cloud FPGA operator. We successfully implement and validate the proposed attack on three FPGA evaluation kits with running real-world applications. The proposed attack results in a stealthy-shutdown, demonstrating severe security concerns of co-tenancy on cloud FPGAs. We also offer two countermeasures that can mitigate such power attacks.

This paper proposes a hardware Self-Organizing Map (SOM) for high dimensional vectors. The proposed SOM is based on nested architecture with pipeline processing. Due to homogeneous modular structure, the nested architecture provides high expandability. The original nested SOM was designed to handle low-dimensional vectors with fully parallel computation, and it yielded very high performance. In this paper, the architecture is extended to handle much higher dimensional vectors by using sequential computation, which requires multiple clocks to process a single vector. To increase the performance, the proposed architecture employs pipeline computation, in which search of winner neuron and weight vector update are carried out simultaneously. Operable clock frequency for the system was 60 MHz, and its throughput reached 15012 million connection updates per second (MCUPS).

The use of biometrics in security applications may be vulnerable to several challenges of hacking. Thus, the emergence of cancellable biometrics becomes a suitable solution to this problem. This paper presents a one-way cancellable biometric transform that depends on 3D chaotic maps for face and fingerprint encryption. It aims to avoid cloning of original biometrics and allow the templates used by each user in different applications to be variable. The permutations achieved with the chaotic maps guarantee high security of the biometric templates, especially with the 3D implementation of the encryption algorithm. In addition, the paper presents a hardware implementation for this framework. The proposed algorithm also achieves good performance in the presence of low and moderate levels of noise. An experimental version of the proposed cancellable biometric system has been applied on FPGA model. The obtained results achieve a powerful performance of the proposed cancellable biometric system.