Secure Runtime Reconfiguration Framework for FPGA-Based Embedded Systems in Mission-Critical Applications

Abstract

Field-Programmable Gate Arrays (FPGAs) have become a popular platform to implement high performance and flexible mission-critical embedded systems with capabilities of configuration at run-time. Nevertheless, although dynamic partial reconfiguration (DPR) is the way to achieve flexibility and resource utilization, this introduces unacceptable security risks, especially in domains where the integrity of system, along with confidentiality and availability are some of the components that cannot be compromised. The theme of the paper is the design of a Secure Runtime Reconfiguration Framework (SRRF) targeted to meet the needs of FPGA-based embedded systems in a mission-critical setting like aerospace, defense, and medical instrumentation. The suggested structure is a combination of a cryptographically safe bitstream management component, a runtime verification and monitoring system, as well as a hardware-assisted tamper risk recognition system that enables secure loading, authentication and legislation of the reconfigurable modules. Confidentiality and integrity Our architecture leverages authenticated encryption (AES-GCM) to provide confidentiality and integrity of bitstreams and an authenticated and cryptographically secured boot chain and reconfiguration controllers (e.g., ICAP/PCAP interfaces). Here, the threat model is carefully examined through the use of the STRIDE and the threat vectors include bitstream spoofing, fault injection, and side-channel exploit. We deploy and test the framework on a Xilinx Zynq-7000 platform in different scenarios of working and attack operation. Cryptographic overhead is minimal (~3.1% latency overhead) and area is spared (< 8 percent LUTs allocated to security interventions) as indicated by experimental results, and it is robust to runtime attacks. The SRRF not only increases the trustworthiness of the system, but also does not come at the expense of performance, therefore, appearing as an attractive solution to high-assurance, reconfigurable embedded implementations. This work contributes towards the state-of-the-art on how to support secure FPGA reconfiguration by presenting a scalable, lightweight and standards-compliant solution in the safety- and security-sensitive fields.