INTRODUCTIONRelated Work and BackgroundRelated WorkBackgroundEDK Tools and Xilinx ML310 BoardImplemented Self-Reconfigurable sytemsExperiment MethodologyResultsTiming MeasurementsResource Utilization SummaryConclusionConclusion> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1Secure Partial Reconfiguration of FPGAs A. Sheikh Zeineddini Abstract—This paper investigates a method to improve the security of SRAM FPGAs through exploiting the embedded processor cores and dynamic partial reconfiguration. Currently, Xilinx devices cannot be partially reconfigured with an encrypted bitstream. To perform a secure partial reconfiguration, the implemented platforms in this paper utilize an application running on the hard/soft embedded processor core to authenticate and decrypt an encrypted partial bitstream. This scheme enables embedded systems to increase their design security without requiring external circuitry. The presented platforms have been designed with a minimal footprint for both embedded PowerPC hard core and Xilinx MicroBlaze soft core processor targeting Xilinx Virtex-II Pro devices. Comparison of the timing results and resource utilization of each design are also provided. Keywords— Dynamic Reconfiguration, Embedded Processor, Design Security, FPGA I. INTRODUCTION S the performance gap between the FPGAs and ASICs decreases [1], platform FPGAs with various configurable elements and embedded blocks provide new solutions for high density and high-performance embedded system designs. These platforms not only enable the system architects to design and develop complex custom systems using processor and interoperable IP cores but also provide technologies such as dynamic reconfiguration of part of an FPGA while other areas of the device remain operational. There are many advantages in partial dynamic reconfiguration especially for applications that require adaptive and flexible hardware such as mobile communication applications. Deploying run-time reconfiguration in systems results in reduced chip area and power consumption. Considering the wide range of features, platform FPGAs address many new application areas and therefore increase of their popularity makes the need for design security mechanisms even more important. The design security must protect the design against cloning and reverse engineering that correspond to different attacks. A survey in [2] analyzes possible attacks against FPGAs. In the case of SRAM FPGAs this directly concerns with protecting the bitstream especially during configuration and reconfiguration. Bitstream encryption as a solution increases the level of security and makes the configuration bitstream secure against attackers. Manuscript received May 13, 2005. This research was done as a thesis submitted in partial fulfillment of the requirements for the degree of Master of Science at George Mason University. A. Sheikh Zeineddini is with the Electrical Engineering Department, George Mason University, Fairfax, VA 22020 USA, (e-mail: [email protected]). Xilinx [3] security system uses CAD tools for bitstream encryption and an internal circuit for decryption. The major disadvantage of this scheme is that the partial reconfiguration capability of FPGA is disabled and therefore a device configured with an encrypted bitstream cannot be partially reconfigured. By using new features of platform FPGAs for creating a self-reconfigurable platform [4], bitstream security can be achieved specifically for designs that benefit from partial reconfiguration. Self-reconfiguration extends the dynamic reconfiguration capability in which particular circuits on the logic array such as embedded processor cores can be used to control the configuration of other areas of the FPGA. In this paper a self-reconfigurable platform for Xilinx Virtex-II Pro devices is realized that is capable of performing secure partial reconfiguration of the FPGA after the initial configuration and provides the flexibility of using arbitrary algorithms for encryption/decryption of partial bitstreams. The rest of the paper is organized as follows. Section II presents the related work and background. In section III an overview of EDK tools and evaluation board is presented. Section III explains the hardware architecture of the implemented self-reconfigurable systems for both hard/soft processor cores. Section IV presents the methodology of the experiment Section V presents the obtained results. In section VI discussion of the results and conclusion is provided. II. RELATED WORK AND BACKGROUND A. Related Work Xilinx security scheme is simple and efficient. All Virtex II family devices (Virtex-II, Virtex-II Pro, and Virtex-II Pro X FPGAs) use Triple DES encryption scheme [5] even though in Virtex-4 Xilinx replaced Triple DES with AES to increase the security and throughput. The scheme exploits software support of Xilinx ISE CAD tools for both encryption of the bitstream and key generation. For decryption, it uses an on-chip decryptor along with the internal decryption keys stored in a dedicated memory. Either externally connected battery or an auxiliary power supply (VCCAUX) is the source of power for volatile storage of the keys. The keys are erased if there is a tampering with the device. Figure 1 shows the Xilinx security system. The problem with this scheme is the extra area and cost needed for the external battery and the disablement of partial reconfiguration for encrypted bitstreams. A> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 2Another method proposed in [6] removes the need for an external battery by finding a way to store a secret key on the FPGA such as use of laser to engrave the key. This will make it necessary for the FPGA to contain both encryption and decryption circuits and hence there is no need for the software support of encryption. This solution uses more FPGA silicon area and also lacks flexibility since the encryption and decryption circuits are fixed with no possibility of upgrade or use of another algorithm. In [7] a new solution is only proposed with no actual possibility of the implementation at the moment in which a dedicated configuration controller manages the encryption and decryption configuration schemes. By relying on partial reconfiguration some form a self-reconfigurable platform is needed in which the selected core for encryption and decryption are placed in FPGA by