A New Dynamic Countermeasure to Strengthen Design Obfuscation in FPGAs

A New Dynamic Countermeasure to Strengthen Design Obfuscation in FPGAs

연구 분야: Analysis

학회: ACM Transactions on Design Automation of Electronic Systems, Volume 30, Issue 3

FPGAs are being challenged by various security threats, including reverse engineering attacks, hardware tampering, and side-channel analysis attacks. Although the existing static obfuscation methods can protect FPGA systems from IP piracy and hardware tampering, limited work is available to improve the attack resilience of obfuscation modules. As hardware Trojans are one of the most significant hardware tampering attacks on FPGAs, this work aims for the specific hardware Trojan that attempts to nullify design obfuscation. To address this need, we leverage the advanced function of FPGA CAD tools to propose a Dynamic Partial Reconfiguration enabled Design Obfuscation (DPReDO) method. Our method partially modifies the FPGA bitstream at runtime to remove the sabotaged obfuscation variant, thus offering enhanced attack resilience against hardware Trojans. Experimental results based on ISCAS and ITC-99 benchmark circuits show that the DPReDO method reduces the Trojan hit rate by up to 80% over existing static obfuscation with less than 3% hardware overhead. To test the practical feasibility of the proposed countermeasure, we further apply DPReDO to an FPGA-accelerated computation engine for a financial application. Compared to static obfuscation, the proposed DPReDO only incurs 2.6% and 1.2% more FPGA LUTs and slices, respectively.