Viewing entries tagged
FPGA

Anti-Tamper Conference 2022 – Two Papers

We’re presenting two papers at the 2022 Anti-Tamper Conference in Laurel, Maryland.

-----

Anti-Tamper Implementation – An Irrefutable Logger in Microchip Polarfire Devices

Kevin Paar, Jonathan Graf, Scott Harper, Tim Dunham

Abstract: This paper discusses the implementation of a rich, irrefutable tamper logging solution for the Microchip Polarfire family of flash-based Field Programmable Gate Array (FPGA) ICs. Leveraging the unique capabilities of the Polarfire FPGA, the solution immediately journals incoming log entries into secure internal storage and later archives the log entries to an external non-volatile storage media. The solution utilizes rolling-key encryption, authentication, and chained hashing of the externally stored log entries to support verification and validation of log integrity. Implementing this system in Polarfire FPGAs requires a vastly different solution than similar logs implemented in Xilinx Kintex and Zynq UltraScale+ devices.

-----

Modernizing FPGA Design Assurance Software

Jonathan Graf, Scott Harper, Ali Asgar Sohanghpurwala, and Edward Carlisle IV

Abstract: We present five principles for modern FPGA design assurance tools: verification, auditing, quantification, automation, and interoperability. We claim these principles are mandatory for such tooling and explore three software tools in this context – DELV, Trace, and PV‐Bit. Our conclusion is that it is possible to create tools that follow the principles and that this approach quantifiably impacts FPGA design assurance.

GOMAC 2022: Four more papers!

The team has done it again! Last year we presented three papers at GOMAC, and this year, we’ll be presenting four! The whole team has put so much effort into this research, and we can’t wait to show off our achievements. GOMAC will be hosted in Miami, so the team hopes to thaw out a bit from winter in addition to giving great presentations on our latest work. Take a look below to learn more about what we’ll discuss.  Come out and see us in our first in-person conference in 2 years!

-----

Modernizing FPGA Design Assurance Software

Jonathan Graf, Scott Harper, Ali Asgar Sohanghpurwala, Edward Carlisle IV

Abstract: This paper presents five key principles for modern FPGA design assurance tools: verification, auditing, quantification, automation, and interoperability. We claim these principals are mandatory for such tooling and explore three hardware design assurance software tools in this context – DELV, Trace, and PV-Bit. Our conclusion is that it is possible to create tools that follow the principles and that adherence to these principles quantifiably impacts design assurance.

-----

Advancing Strategy Selection for Hardware Trojan Detection with Subrational Behavior Models

Whitney Batchelor, Meg Winslow, Cody Crofford, Michael Blacconiere, Scott Harper, Jonathan Graf

Abstract: Game theory has been shown to have practical applications in the optimization of hardware Trojan detection and prevention strategy selection in circuit design. In previous work, metrics measuring the performance and cost of a countermeasure when considering the action of an adversary given their goals are quantified to predict optimal defense strategy selections. Those models assume an encounter between two rational players and build upon a security economic approach in the context of empirically derived countermeasure efficacy metrics. That is, both offensive and defensive players act in a rational manner, choosing the action resulting in their greatest financial gain (or lowest loss) when considering the likely action of their opponent. The assumption of rational players allows for a baseline analysis when optimizing detection strategy selection but does not consider human behaviors that may drive a sub-optimal decision. These behaviors may result from having risk adverse/seeking players, carrying bias towards certain methods, understanding the results from prior attacks and defensive mechanisms, and/or additional motivations. In this paper, we extend the rational game theoretic model previously evaluated in the quantitative assurance space with the concept of subrationality; that is, when the players have the option of making an informed but less optimal choice due to some definable bias. This work introduces three subrational models that simulate risk adverse and risk seeking players, knowledge of prior play, and random error with application to the previously developed models pertaining to the optimal selection of hardware Trojan detection strategies.

-----

Trace: Towards a Traceable Microelectronics Implementation Flow

Ali Asgar Sohanghpurwala, Carlton Fraley, Jonathan Graf, Scott Harper

Abstract: Microelectronics design processes often include implementation flows that perform incremental steps to convert human-readable source code or schematics into a binary executable or hardware circuit that can be deployed on the desired Microprocessor, FPGA, PCB, or ASIC technology. Available tools help users partially verify the output of these implementation flows, but a gap exists in assuring and preserving the integrity of those output products along with the source code and implementation settings that were used to produce them. Ideally, a security auditor should be able to prove or disprove the trustworthiness of specific design implementations deployed in the face of an advanced adversary. What is proposed here is progression towards a fully traceable and reproducible implementation flow that uses proven cryptographic principles to enable a tamper-resistant audit trail for Microelectronic design implementation along with companion tools for auditing and precisely reproducing the implementation process.

-----

Automated Analysis of a Thermally Triggered FPGA Hardware Trojan

Edward Carlisle IV, Scott Harper, James Koiner, Kevin Paar, Michael Capone, and Jonathan Graf

Abstract: This paper presents a remote hardware-in-the-loop Hardware Trojan Horse (HTH) analysis approach that automates the process of examining HTH effects and characterizing detection/mitigation effectiveness. We frame the discussion around a novel HTH that is triggered by variations in temperature and is implemented in the fabric of a Field Programmable Gate Array device. We demonstrate the characterization and activation of the HTH using a fully automated web-based lab bench platform.

Our First Patent!

Our First Patent!

We have received a patent on PV-Bit, our unique method of assessing the trustworthiness of FPGA bitstream contents, ensuring they are free from hardware Trojans or unwanted modifications.

Originally, we published a description of this method at GOMAC back in 2017. Since then, we realized we could take the verification method we presented there and patent it. Jonathan Graf, Scott Harper, and Ali Asgar Sohanghpurwala all contributed to the writing of the patent. Great work to all our people who put in the knowledge, effort, and time that made this patent possible!

 ——-

Private Verification for FPGA Bitstreams

US Patent No US 10,902,132 B2

Jonathan Graf, Ali Asgar Sohanghpurwala, Scott Harper

Abstract: An apparatus, method and system are disclosed which may be used for assessing the trustworthiness of a particular proprietary microelectronics device design representation in a manner that will maintain its confidentiality and, among other things, thwart attempts at unauthorized access, misappropriation and reverse engineering of the confidential proprietary aspects contained in the design representation and/or its bit stream design implementation format. The disclosed method includes performing a process for assessing/verifying a particular microelectronics device design representation and then providing some indication of the trustworthiness of that representation. An example utility/tool which implements the disclosed method is described that is particularly useful for trust assessment and verification of FPGA designs. The described utility/tool may be instantiated on a semiconductor device or implemented as a software utility executable on a mobile computing device or other information processing system, apparatus or network.

 ——-

You can take a look at our patent at this link.

 

A diagram from our PV-Bit patent.

 

GOMAC 2017: "Private Verification for FPGAs" and "OpTrust"

Graf Research will present two papers at GOMAC 2017.  The first is on the private verification of FPGA bitstreams: a method for verifying that bitstream contents are trustworthy without reverse engineering them.  The second is on OpTrust, the software tool that encapsulates our game theoretic decision engine for microelectronics trust.

-----

Private Verification for FPGA Bitstreams
Jonathan Graf and Ali Asgar Sohanghpurwala

Abstract: We introduce private verification, a novel paradigm for trustworthy microelectronics design verification. Private verification methods and software simultaneously meet two requirements: (1) comprehensively verifying the design and (2) maintaining the privacy of certain aspects of the design, such as its implementation details or design format. We present an implementation of such a tool, entitled PV-Bit, which is capable of verifying the contents of FPGA bitstreams without exposing the details of the vendor-proprietary bitstream format or posing other security risks.

-----

OpTrust: Software for Determining Optimal Test Coverage and Strategies for Trust
Jonathan Graf

Abstract: Building on our prior work in the theory and practice of applying game theory to determine optimal test strategies for hardware Trojan detection, we present the OpTrust software tool. OpTrust is an automated game solving tool that offers microelectronics developers guidance about the optimal test strategies to ensure the trustworthiness of their designs. It divides roles among a red team, a threat environment team, and the developer. In this way, complexity and sensitive information are hidden from developers, allowing them easy access to test guidance.

Research Award: Custom FPGA EDA Tools

Graf Research has been awarded funding to develop custom electronic design automation (EDA) software for Field Programmable Gate Arrays.  

Graf Research Awarded SBIR: "Irrefutable Tamper Logging"

Graf Research has been awarded a Phase 1 SBIR entitled "Irrefutable Tamper Logging."  On this project, we will create the GR-TLogger, a tamper logger that makes use of the key management capabilities of next-generation secure FPGAs to store tamper logs that are information rich, semi-permanent, and irrefutable.  

150 SBIR Logo.png

Invited Lecture at Industrial Security Working Group Panel on FPGA Configuration Security

Invited Lecture at Industrial Security Working Group Panel on FPGA Configuration Security

It’s a first for Graf Research! Jonathan Graf has been invited to give a talk at the Industrial Security Working Group Panel on FPGA Configuration Security. The topic is “Threats to FPGA Configuration Security: The (Alarming!) Sophistication of Academic Exploits.” This will be the first time that Graf Research Corporation is represented at a conference, and certainly not the last!