adi2003.pdf
TRANSCRIPT
![Page 1: Adi2003.pdf](https://reader031.vdocuments.us/reader031/viewer/2022021317/577cd6351a28ab9e789bd7c1/html5/thumbnails/1.jpg)
8/14/2019 Adi2003.pdf
http://slidepdf.com/reader/full/adi2003pdf 1/4
A Protection Mechanism for Intellectual Property Rights (IPR) inFPGA Design Environment
Wael Adi, Bassel Soudan,Nizar [email protected] , [email protected] , [email protected]
Etisalat College of Engineering, University of Sharjah, Ajman University of Science and TechnologyUAE
ABSTRACT
One of the major difficulties in offering new VLSIdesigns is protecting the designer’s Intellectual PropertyRights IRP. It often requires limited field deployment andtesting before a novel implementation may be accepted
for general use. The difficulty arises in the need to deploythe design for testing while disabling the tester fromdeciphering the design details. A similar requirementapplies when the designer is interested in limiting thenumber of deployments as part of a business agreement.This work leverages the similarities between the issues ofIPR protection in the hardware and software arenas and
presents a novel solution to protect the use of designs inFPGA hardware environment. The mechanisms used are
based on hardware-supported design encryption andsecured authentication protocols.
Keywords: secured IPR, FPGA device uniqueness,
provable identification, global authentication, VLSIidentity.
1. INTRODUCTION
The major problem in disclosing VLSI designs forevaluation is the difficulty to protect the IntellectualProperty Rights IRP of the design originator. New designideas can only be accepted after they have been tested ina realistic environment. This leads hardwaremanufacturers to depend on their customers (who mayeventually become their competitors) for evaluating these
designs. A problem arises in protecting the designer’sIntellectual Property Rights – IPR – in the process. Howcan a designer deliver a new system to anevaluator/competitor for testing and ensure that theywon’t be able to extract the design information from thesystem and violate the designer’s IPR?
There are other situations that might be quite differentfrom the above but pose similar difficulties and dangers.One of these would be the designer’s interest in limitingthe number of system deployments as part of a businessagreement. This is an issue especially for small designhouses who have to depend on out-of-plant chipmanufacturers/programmers for the production of thefinal system. How can the designer limit the number of
systems that can be manufactured from their design? Thisscenario is very similar to software copy-protectionrequirements. Here, the issue may not be protecting theactual design data. Rather the issue here is controlling thenumber of copies that can be made of a particular design.Therefore, limiting IPR violations in the manufacturing
process as well as limiting IPR violations by possible production of illegal copies after the design has beenintroduced into the market.
Of particular interest in this area are FPGA-baseddesigns. Field Programmable Gate Areas (FPGAs) havegained a lot of importance in the recent past as they
present a useful vehicle for introducing new designconcepts to the evaluators (and the market) quickly andeconomically. FPGAs have become the tool of choice fora large number of fab-less design houses. Especiallythose who deal with designs that don’t require cuttingedge speed or complicated implementations requiring
customized layout. FPGAs have an advantage in the IPR protection area, as they appear to have some particularstructures, which would allow implementing thenecessary IPR security.
There is a very important difference between IPR protection for FPGA-based designs and softwarecopyright protection methods; the FPGA device
programmer has access to the internal structure of theFPGA device. The device programmer is an intermediate
partner, and the real producer, between the end-user andthe device manufacturer. This fact allows different IPR
protection scenarios.
Our proposed solution allows the designer to sell alimited number of copies, say m, of his design to run onlyin m different FPGA devices. This assumes that theFPGA device manufacturer would offer a provableunique identity for every delivered FPGA device.
The proposed system offers mutual, provable andtraceable IPR transfer with limited number of uses. All
parties are securely traceable in the entire commercialand technical transaction. The system is breakable only ifthe manufacturer cheats; this can be easily traced byusing a globally authenticated mechanism to prove the
device uniqueness. The mechanisms and algorithmsrequired for implementing the scenario are presented in
![Page 2: Adi2003.pdf](https://reader031.vdocuments.us/reader031/viewer/2022021317/577cd6351a28ab9e789bd7c1/html5/thumbnails/2.jpg)
8/14/2019 Adi2003.pdf
http://slidepdf.com/reader/full/adi2003pdf 2/4
this paper. The mechanisms employed are based ontrustable secret-key low-complexity functions similar tothose described in [1], [2] and [3].
The rest of this paper is organized as follows: Section 2describes the details of the IPR protection scenario,
Section 3 describes the IPR protection mechanisms forarchitectures, Section 4 details the security threats and possible attacks and Section 5 presents a summary andconclusion.
2. “IPR” PROTECTION SCENARIO
The scenario for implementing our proposed solution tothe IPR protection issue can be summarized in thefollowing required steps:
1. The FPGA manufacturer produces devices withsecured unique identity and takes the responsibility ofdelivering only such devices. A violation of thisresponsibility is easily traceable as the deviceuniqueness must be global.
2. The IPR carrier offers his VLSI design – such as acore function performing a particular task in a certainFPGA technology. The binary stream representingthis design is to be securely downloaded into the pre-defined devices to run this function.
3. The end-customer orders from the IPR carrier acertain number of copies of the offered design – saym copies. In the order the end-customer assigns theunique FPGA device identities DI’s in which thedesign should run. For more security, the deviceowner (end-customer) can prove that he owns thedevices by delivering a challenge response proofusing his own random challenges together witheventually random challenges from the IPR carrier.
4. After receiving the order, the IPR carrier forwards thedevice identities to the manufacturer (eventually withthe proof responses if it was requested during theordering process by the IPR carrier) asking forauthentication keys for these particular devices. The
manufacturer delivers the requested IPR protectionkeys PK’s and certifies that the devices are owned bythe customer by checking his responses (if available).In addition to that the manufacturer can verify theidentity of the IPR carrier and certify that he receivedthe IPR protection keys.
5. Using the IPR protection keys PK, the IPR carrierthen generates for every device its own ciphered
binary design stream C-BDS together with a set ofrandom challenges and delivers m ciphered binarydesign streams to the end-customer.
6. The end-customer downloads the m ciphered binarydesign streams to the particular m FPGA devicesdesignated in the original purchase order. Every
design stream runs only on the device uniquelyidentified in the order. The stream gives noinformation about the design structure itself.
The proposed system offers mutual, provable andtraceable security transaction, which can be performed
using open Internet media without loss of security. All parties are securely traceable in the entire commercialand technical transaction. The mechanisms employed are
based on trustable secret-key low complexity functionssuch as those used in mobile systems [1], [2] and [3]. A
public key mechanism is in preparation.
3. IPR PROTECTION MECHANISM FOR FPGAARCHITECTURES
The proposed system implementation includes hardwareand software components. The hardware component is
the device identity module DIM that should reside in theFPGA in a secured area. This module will guarantee theessential physical uniqueness of each device. Thelocation of the module is to be selected such that noattack would be possible on the module in any operationmode. Figure 1 represents a simplified functional blockdiagram for the proposed device identification module.
T a m
p e r p
r o o f
a r e a
F -1
Write Once InputSDI
DesignArea
DIMDIM Device Identity Module
Secret Device Identity
Cipherd BinaryDesign StreamC-BDS BDS
BinaryDesign StreamRCH
RandomChallenge Res
STK
Secret Type Key
F -1
DSN
DSN`RAND
Ks1
s2
Figure 1 . Architecture of a Possible Device Identity Module
The module includes mainly a non-volatile write once
memory register, which accommodates the secret deviceidentity SDI. The manufacturer selects a unique opendevice identity DI, which can be branded on the deviceitself and/or stored in a readable area in the device. Thesecret device identity SDI is mapped from DI by somekeyed hash function in a secret way selected by themanufacturer such that no repetition is possible. A strongcipher with a size of 128 bit – such as AES – can be usedas a hash function. A mapping cipher function F -1 –again such as AES – in deciphering mode should beimplemented as a hardware block in the module with SDIas a secret key input and the ciphered binary design
stream C-BDS as a cipher text input. The output is theclear text representing the clear binary design stream BDS that represents the design layout in the FPGA. The
![Page 3: Adi2003.pdf](https://reader031.vdocuments.us/reader031/viewer/2022021317/577cd6351a28ab9e789bd7c1/html5/thumbnails/3.jpg)
8/14/2019 Adi2003.pdf
http://slidepdf.com/reader/full/adi2003pdf 3/4
whole structure should be floor planned such that no wayis possible to reach BDS and SDI in any direct or indirectmethod.
To check the response of the device to a challengedrandom value RCH the output is switched to an output“Res”. The cipher text input is XORed automatically withthe secret value SDI by closing the switches s1 and s2 inthat case.
F
STK
IPR-Carrier
Secret Master Key
MK
Secret Type Key
F -1DSN
Manufacturer
DSN`
DI
IK
IK
SDI
Figure 2. IPR Carrier-Manufacturer Transactions
Figure 2 shows the required transactions and operations between the IPR-carrier and device manufacturer. TheIPR-carrier generates his own unique design serialnumber DSN for each design copy he wants to sell. Forevery device to be licensed, the IPR-carrier then sends its
DI number and the particular DSN. As shown in Figure2, the device manufacturer generates the intermediate keyIK where:
SDI'DSNSDI)DSN,STK (FIK 1⊕=⊕= −
(1)
IK is generated individually for every device and sent back to the IPR-Carrier. The IPR-Carrier then generatesthe following license token LT for every device from thecustomer as shown in Figure 3.
LT = C-BDS | RAND (2)
Where C-BDS is the ciphered binary design stream BDSenciphered by using the key K where
K= IK + RAND (3)
RAND is a random number generated by the IPR-Carrieruniquely for each license.
The customer uses the received license token LT to feedthe corresponding device with the device identity DI.
The binary vectors C-BDS, DSN and RAND aresufficient to generate the clear binary design stream BDSinternally in the corresponding device. Notice that acorrect BDS would result only if the device has the rightunique identity. The customer would not be able to see
the design stream nor replicate it. The wholecommunication transactions need not be communicated
secretly as no one can make use of the communicatedinformation.
IPR-Carrier
F -1IK
Customer
C-BDS
BDS
RAND
Rand
K
RAND
License Token LT= DI| C-BDS | RAND | DSN
DSN DSN
DI DI
Figure 3. IPR-Carrier with Customer Transaction for OneDesign Copy
4. SECURITY THREATS AND POSSIBLEATTACKS
The system is breakable only if the manufacturer cheats.However, this can be easily proven, as the deviceuniqueness should be a globally authenticatedmechanism. The system includes a hardwareidentification module, which should reside in everyFPGA device to achieve physical uniqueness. The devicemanufacturer is the only one who can attack the
presented mechanisms. In that case the manufacturerneeds to cooperate with the customer. He can eithergenerate devices with the same device identity DI or takethe individual random number of the device to generatethe clear binary design stream BDS. The fist case can betraced, as duplicated-identity can be detected bychallenging existing devices and checking foruniqueness. The second case can also be traced as themanufacturer would not be able to find BDS if thecustomer did not violate the license agreement andrelease the secret random number to the manufacturer. Insuch a case the cooperation can be also traced. These twoattacks can be prohibited if the IPR-carrier would
personalize the devices himself and insert secretly thesecret type key STK. This requires however that thedevices should be shipped to the IPR-carrier for that
purpose. In that case the manufacturer can no longerattack the system other than by building hardware
backdoors in the manufactured FPGA architecture.
5. SUMMARY AND CONCLUSION
The proposed system offers new mutual, provable andtraceable security transactions to protect IPR in FPGAdesign environment. The secured design distribution can
be established by using simple Internet media withoutsecurity loss. All parties are securely traceable in thewhole commercial and technical transaction. The systemis breakable only if the device manufacturer cheats whichcan be easily proven as the device uniquenessincorporates global authentication. The technical and
![Page 4: Adi2003.pdf](https://reader031.vdocuments.us/reader031/viewer/2022021317/577cd6351a28ab9e789bd7c1/html5/thumbnails/4.jpg)
8/14/2019 Adi2003.pdf
http://slidepdf.com/reader/full/adi2003pdf 4/4
procedural requirements as well as all securitymechanisms are described for the proposed system.
6. REFERENCES
[1] Adi, W., "Secured Mobile Device Identification withMulti-Verifier", Proceedings of the InternationalConference on Telecommunications (ICT2001), pp. 289 –292, 2001
[2] Technical Specification 3G Security, Security Architecture3G TS 33.102 V. 3.2.0 from 10.1999
[3] Specification of the MILENAGE Algorithm Set. 3GPP TS35.206 V5.0.0 ETSI, http://www.3gpp.org, 2002.