Authors:
Nadir Khan
1
;
Sven Nitzsche
1
and
Jürgen Becker
2
Affiliations:
1
FZI Research Center for Information Technology, Karlsruhe and Germany
;
2
Institute for Information Processing Technologies (ITIV) Karlsruhe Institute of Technology (KIT) Karlsruhe and Germany
Keyword(s):
Field Programming Gate Array (FPGA), Intellectual Property (IP), Secure Embedded Systems, IP Protection, Dynamic Partial Reconfiguration, Cryptography, Trusted Execution Environments (TEE).
Abstract:
In this work, an intellectual property (IP) licensing framework is proposed that is secure against IP theft (cloning and redistribution). This security is provided by utilizing built-in features of modern field programmable gate arrays (FPGAs), e.g. secure boot, state-of-the-art cryptography and trusted execution environments (TEE). The scheme is also the least restrictive in comparison to other publications in this area. Using this scheme, multiple IP core vendors (CVs) can configure their IPs remotely by connecting directly to an FPGA. Devices are booted securely using an authenticated and encrypted boot loader that initiates an authenticated and encrypted hypervisor, which in turn provides a TEE by partitioning the system resources into secure and non-secure sections. At this stage, a secure operating system (OS) is loaded that handles all the security critical functions such as communication with CVs, storage and analysis of bitstreams, enforcement of license constraints and conf
iguration of IPs. Then, a second, non-secure OS is loaded, which provides an isolated execution environment with unrestricted access to non-secure resources. Hence, they are not limited to predefined APIs. Both OSes can interact via the hypervisor. The implementation of this framework is a work-in-progress and results presented within this paper are subject to change.
(More)