A novel BRAM content accessing and processing method based on FPGA configuration bitstream

This paper presents a new approach to manage data content of memories implemented in FPGAs through the configuration bitstream. The proposed approach is able to read and write the data content from Block RAMs (BRAMs) in FPGA based designs by reading and processing the information stored in the bitstream. Thanks to this method it is possible to extract, load, copy or compare the information of BRAMs without neither resource overhead nor performance penalty in the design. It can also be applied to existing designs without the need of re-synthesizing. Due to its advantages it becomes an interesting tool to carry out several applications, such as error detection and recovery or fault injection. It also opens the doors to the design of cutting-edge applications. The approach has been implemented in a Xilinx ZYNQ System-on-Chip (SoC) device, which combines an FPGA and an ARM9 microprocessor. The access to the configuration bitstream has been performed using the ZYNQ’s Processor Configuration Access Port (PCAP). Nevertheless, the flow presented in this article can be adapted to devices from other Xilinx families or vendors. The proposed approach has been fully tested and compared with specifically designed memory controllers. The results obtained in the experimental tests confirm that the proposed approach works properly without increasing the resource overhead but at a penalty in terms of processing time.     

一种基于SRAM的FPGA的加密方法

FPGA在现代电子系统设计中,由于其卓越性能、灵活方便而被广泛使用,但基于SRAM的FPGA需要从外部进行配置,配置数据很容易被截获,故存遮安全隐患。总结了当前FPGA的加密方法;提出了一种基于外部单片机的FPGA加密方法,该方法中使用外部单片机配合FPGA产生了真随机数,并利用随机数进行加密,保护FPGA内部设计的知识产权;最后给出了该加密方法的一个实例。实验结果表明,该方法实现简单、使用灵活,适用于成本敏感场合。     

A coarse-grain reconfigurable architecture for multimedia applications supporting subword and floating-point calculations

Signal processors exploiting ASIC acceleration suffer from sky-rocketing manufacturing costs and long design cycles. FPGA-based systems provide a programmable alternative for exploiting computation parallelism, but the flexibility they provide is not as high as in processor-oriented architectures: HDL or C-to-HDL flows still require specific expertise and a hardware knowledge background. On the other hand, the large size of the configuration bitstream and the inherent complexity of FPGA devices make their dynamic reconfiguration not a very viable approach. Coarse-grained reconfigurable architectures (CGRAs) are an appealing solution but they pose implementation problems and tend to be application specific. This paper presents a scalable CGRA which eases the implementation of algorithms on field programmable gate array (FPGA) platforms. This design option is based on two levels of programmability: it takes advantage of performance and reliability provided by state-of-the-art FPGA technology, and at the same time it provides the user with flexibility, performance and ease of reconfiguration typical of standard CGRAs. The basic cell template provides advanced features such as sub-word SIMD integer and floating-point computation capabilities, as well as saturating arithmetic. Multiple reconfiguration contexts and partial run-time reconfiguration capabilities are provided, tackling this way the problem of high reconfiguration overhead typical of FPGAs. Selected instances of the proposed architecture have been implemented on an Altera Stratix II EP2S180 FPGA. On this system, we mapped some common DSP, image processing, 3D graphics and audio compression algorithms in order to validate our approach and to demonstrate its effectiveness by benchmarking the benefits achieved.     

Managing Security in FPGA-Based Embedded Systems

FPGAs combine the programmability of processors with the performance of custom hardware. As they become more common in critical embedded systems, new techniques are necessary to manage security in FPGA designs. This article discusses FPGA security problems and current research on reconfigurable devices and security, and presents security primitives and a component architecture for building highly secure systems on FPGAs.     

Defense schemes for variants of distributed denial-of-service (DDoS) attacks in cloud computing: A survey

Cloud computing is a fast-growing and promising technology segment that aims to reduce maintenance and management costs by shifting high-quality computing infrastructure to the Internet. It is emerging as a dominant technology because it provides an on-demand, self-service, scalable, and pay-per-use business model. Despite its numerous benefits, it suffers from several security challenges. As a consequence of on-demand service, availability of computing resources is the crucial attribute of cloud computing among security necessities. In this work, a survey is presented on various issues related to the availability of resources in a cloud environment. Ensuring availability and security of computing/storage resources are still challenging tasks. The adversary class readily exploits the vulnerabilities in the cloud infrastructure for attack implementation. The article presents a study of various categories of distributed denial-of-service (DDoS) attacks in cloud computing and their defense mechanisms. It is believed that this is the first work which surveys all varieties of DDoS attacks in the cloud environment.     

Comments on “A privacy preserving three-factor authentication protocol for e-health clouds”

The security provisioning of increasing healthcare data is of critical importance. The e-health clouds can be seen as a move towards an efficient management of such a big volume of healthcare data. Many schemes have been presented to bring more security and privacy along with efficiency, in the handling of data for booming e-health industry. Recently, in this connection, Jiang et al. (J Supercomput 1–24 doi: 10.1007/s11227-015-1610-x, 2016) presented a three-factor authentication protocol for e-health clouds. In this letter, we identify a serious flaw in the mutual authentication phase of the scheme, since an adversary may launch a denial-of-service attack (DoS) against the service providing server. Finally, we suggest a modification in the scheme to overcome the DoS attack.     

The denial-of-service dance

By understanding the types of attacks available to an adversary, we can develop more effective defenses against them. A taxonomy of denial-of-service attacks based on a dance-hall metaphor is a step toward gaining such an understanding. This article presents a metaphor for DoS-the dance hall-that helps us toward a comprehensive view of DoS attacks. In this article, "DoS" refers to the set of remote DoS attacks that depend on a network's presence. The article and the taxonomy it presents are the results of a short-term study aiming to explore avenues for defense.     

Hardware implementation analysis of SHA-256 and SHA-512 algorithms on FPGAs

Hash functions are common and important cryptographic primitives, which are very critical for data integrity assurance and data origin authentication security services. Field programmable gate arrays (FPGAs) being reconfigurable, flexible and physically secure are a natural choice for implementation of hash functions in a broad range of applications with different area-performance requirements. In this paper, we explore alternative architectures for the implementation of hash algorithms of the secure hash standards SHA-256 and SHA-512 on FPGAs and study their area-performance trade-offs. As several 64-bit adders are needed in SHA-512 hash value computation, new architectures proposed in this paper implement modulo-64 addition as modulo-32, modulo-16 and modulo-8 additions with a view to reduce the chip area. Hash function SHA-512 is implemented in different FPGA families of ALTERA to compare their performance metrics such as area, memory, latency, clocking frequency and throughput to guide a designer to select the most suitable FPGA for an application. In addition, a common architecture is designed for implementing SHA-256 and SHA-512 algorithms.     

Efficient dynamic priority based soft error mitigation techniques for configuration memory of FPGA hardware

Radiation-induced single bit upsets (SBUs) and multi-bit upsets (MBUs) are more prominent in Field Programmable Gate Arrays (FPGAs) due to the presence of a large number of latches in the configuration memory (CM) of FPGAs. At the same time, SBUs and MBUs in the CM can permanently or temporarily affect the hardware circuit implemented on FPGA. Hence, error mitigation and recovery techniques are necessary to protect the FPGA hardware from permanent faults arising due to such SBUs and MBUs. Different existing techniques used to mitigate the effect of soft errors in FPGA have high overhead and their implementations are also quite complex. In this paper, we have proposed efficient single bit as well as multi-bit error correcting methods to correct errors in the CM of FPGAs using simple parity equations and Erasure code. These codes are easy to implement, and the needed decoding circuits are also simple. Use of Dynamic Partial Reconfiguration (DPR) along with a simple hardware scheduling algorithm based download manager helps to perform the error correction in the CM without suspending the operations of the other hardware blocks. We propose a first of its kind methodology for novel transient fault correction using efficient error correcting codes with hardware scheduling for FPGAs. To validate the design we have tested the proposed methodology with Kintex FPGA. We have also measured different parameters like fault recovery time, power consumption, resource overhead and error correction efficiency to estimate the performance of our proposed methods.     

Secure event logging in sensor networks

Health care applications based on sensors are gaining popularity. In wireless body area networks (WBANs), sensing data are gathered from a set of nodes deployed on the patient’s body and sent to a central server. In such environments, security and privacy must be top priorities. Moreover, since decision-making is performed on the basis of the collected data, it can be important to maintain the chronological order of events in a secure way. In view of this, this paper proposes a system for secure logging of events in sensor networks by gathering in a secure and reliable way all information at one central point. The system guarantees the chronological order of logged events sent by the different sensors. It also allows one to detect the modification, deletion, and addition of logged data. As a proof of concept, we have designed a prototype of the gateway sensor on an FPGA platform that is responsible for the secure logging and the secure transmission of this information. Our prototype is based on the low-cost Spartan-6 FPGA which is equipped with several hard IP-cores such as Ethernet and CompactFlash, which makes it suitable for event storage. As it turns out, the FPGA board (SP-605) is able to store 20,830 logged events, computes digests in 2.51 μs and only uses 56% of the LUTs of the FPGA. Thus, the reconfigurable nature of FPGAs makes them suitable for use in extending the capabilities of commercial gateways, in order to provide secure logging in a WSN.     

Bitstream decoding and SEU-induced failure analysis in SRAM-based FPGAs

Reconfigurable SRAM-based FPGAs are highly susceptible to radiation induced single-event upsets (SEUs) in space applications.The bit flip in FPGAs configuration memory may alter user circuit permanently without proper bitstream reparation,which is a completely different phenomenon from upsets in traditional memory devices.It is important to find the relationship between a programmable resource and corresponding control bit in order to understand the impact of this effect.In this paper,a method is proposed to decode the bitstream of FPGAs from Xilinx Corporation,and then an analysis program is developed to parse the netlist of a specific design to get the configuration state of occupied programmable logic and routings.After that,an SEU propagation rule is established according to the resource type to identify critical logic nodes and paths,which could destroy the circuit topological structure.The decoded relationship is stored in a database.The database is queried to get the sensitive bits of a specific design.The result can be used to represent the vulnerability of the system and predict the on orbit system failure rate.The analysis tool was validated through fault injection and accelerator irradiation experiment.     

Reconfiguring one-time programmable FPGAs

Field-programmable gate arrays can suffer from a variety of faults, ranging from wire anomalies and defects to inoperative programmable connections. The solution to these faults depends on whether or not we are dealing with a reprogrammable FPGA or a one time programmable (OTP) FPGA. To correct faults, developers can reconfigure FPGAs such as those made by Xilinx and Altera by reprogramming. These devices can be programmed many times, for different designs and applications. Correcting faults in OTP FPGAs, such as those made by Actel is more difficult. For one thing, OTP FPGAs are based on antifuses. With an antifuse, the FPGAs configuration information has an initial (default) value that can be changed, but once changed cannot be restored. Therefore, the procedures to bypass faulty cells or faulty routing in an OTP FPGA must meet more stringent requirements than for reprogrammable FPGAs. The “Reconfiguration Approaches” sidebar describes two methods other researchers have tried. This article describes our approach to reconfiguring OTP FPGAs. We explain how we determine if reconfiguration is feasible, the algorithms we used, and the results of our experiments on a generic OTP FPGA model and a generic detail router     

FPGA architecture and implementation of sparse matrix-vector multiplication for the finite element method

The Finite Element Method (FEM) is a computationally intensive scientific and engineering analysis tool that has diverse applications ranging from structural engineering to electromagnetic simulation. The trends in floating-point performance are moving in favor of Field-Programmable Gate Arrays (FPGAs), hence increasing interest has grown in the scientific community to exploit this technology. We present an architecture and implementation of an FPGA-based sparse matrix-vector multiplier (SMVM) for use in the iterative solution of large, sparse systems of equations arising from FEM applications. FEM matrices display specific sparsity patterns that can be exploited to improve the efficiency of hardware designs. Our architecture exploits FEM matrix sparsity structure to achieve a balance between performance and hardware resource requirements by relying on external SDRAM for data storage while utilizing the FPGAs computational resources in a stream-through systolic approach. The architecture is based on a pipelined linear array of processing elements (PEs) coupled with a hardware-oriented matrix striping algorithm and a partitioning scheme which enables it to process arbitrarily big matrices without changing the number of PEs in the architecture. Therefore, this architecture is only limited by the amount of external RAM available to the FPGA. The implemented SMVM-pipeline prototype contains 8 PEs and is clocked at 110 MHz obtaining a peak performance of 1.76 GFLOPS. For 8 GB/s of memory bandwidth typical of recent FPGA systems, this architecture can achieve 1.5 GFLOPS sustained performance. Using multiple instances of the pipeline, linear scaling of the peak and sustained performance can be achieved. Our stream-through architecture provides the added advantage of enabling an iterative implementation of the SMVM computation required by iterative solution techniques such as the conjugate gradient method, avoiding initialization time due to data loading and setup inside the FPGA internal memory.     

Implementation of a secure TLS coprocessor on an FPGA

In this paper we present a secure implementation architecture of a coprocessor for the TLSv1.2 protocol, on an FPGA. Techniques were used that increase the resistance of the design to side channel attacks, and also protect the private key data from software based attacks. The processor was implemented with a secure true random number generator which incorporates failure detection and thorough post-processing of the random bitstream. The design also includes hardware for signature generation and verification; based on elliptic curve algorithms. The algorithms used for performing the elliptic curve arithmetic were chosen to provide resistance against SPA and DPA attacks. Implementations of the AES and SHA256 algorithms are also included in order to provide full hardware acceleration for a specific suite of the TLSv1.2 protocol. The design is analysed for area and speed on a Virtex 5 FPGA.     

Performance evaluation and optimal design for FPGA-based digit-serial DSP functions

As field programmable gate array (FPGA) technology has steadily improved, FPGAs are now viable alternatives to other technology implementations for high-speed classes of digital signal processing (DSP) applications. Digit-serial DSP architectures have been effective implementation method for FPGAs. In this work, a method of implementing digit-serial DSP architectures on FPGAs is presented, and their performance is evaluated with the objective of finding and developing the most efficient digit-serial DSP architectures on FPGAs. This paper discusses area costs and operational delays of the various digit-serial DSP functions and presents the area/delay models on Xilinx XC4000-series FPGAs. These area/delay models can make predictions of performance and hardware resource utilization before a lengthy layout and synthesis process is undertaken. The results show that the area/delay models proposed here are valid and the digit-serial DSP designs are promising candidates for efficient FPGA implementations.     

通信数据同步中基于FPGA的一种有限任意长FIFO的生成办法

FIFO在数据缓冲和信号同步、交换等领域都具有重要的作用.由于FPGA大规模集成可编程逻辑单元,利用FPGA中BlockRAM多样的寻址特性,在FIFO的使用中FPGA具有大然的优势.本文给出了一种基于FPGA实现任意长度FIFO的办法,利用双口RAM分别编址的特性并行读取以模拟FIFO.该方法已应用在实际的通信系统中...     

The Garp architecture and C compiler

Various projects and products have been built using off-the-shelf field-programmable gate arrays (FPGAs) as computation accelerators for specific tasks. Such systems typically connect one or more FPGAs to the host computer via an I/O bus. Some have shown remarkable speedups, albeit limited to specific application domains. Many factors limit the general usefulness of such systems. Long reconfiguration times prevent the acceleration of applications that spread their time over many different tasks. Low-bandwidth paths for data transfer limit the usefulness of such systems to tasks that have a high computation-to-memory-bandwidth ratio. In addition, standard FPGA tools require hardware design expertise which is beyond the knowledge of most programmers. To help investigate the viability of connected FPGA systems, the authors designed their own architecture called Garp and experimented with running applications on it. They are also investigating whether Garp's design enables automatic, fast, effective compilation across a broad range of applications. They present their results in this article     

基于信任模型使用随机分散路由的安全数据收集协议

在无线传感器网络(WSNs)安全问题中,节点复制、节点损坏和拒绝服务是其存在的三种主要攻击方式.节点复制攻击方式直接危害传感器节点、破坏力强、对网络安全造成严重影响.现有的多路径路由算法产生的路由路径是确定的,攻击者一旦得到路由算法,便可计算出正确的路由路径,危及经此路径传送的所有信息.基于节点行为信任模型和节点复制攻...     

Remote dynamic partial reconfiguration: A threat to Internet-of-Things and embedded security applications

The advent of the Internet of Things has motivated the use of Field Programmable Gate Array (FPGA) devices with Dynamic Partial Reconfiguration (DPR) capabilities for dynamic non-invasive modifications to circuits implemented on the FPGA. In particular, the ability to perform DPR over the network is essential in the context of a growing number of Internet of Things (IoT)-based and embedded security applications. However, the use of remote DPR brings with it a number of security threats that could lead to potentially catastrophic consequences in practical scenarios. In this paper, we demonstrate four examples where the remote DPR capability of the FPGA may be exploited by an adversary to launch Hardware Trojan Horse (HTH) attacks on commonly used security applications. We substantiate the threat by demonstrating remotely-launched attacks on Xilinx FPGA-based hardware implementations of a cryptographic algorithm, a true random number generator, and two processor based security applications - namely, a software implementation of a cryptographic algorithm and a cash dispensing scheme. The attacks are launched by on-the-fly transfer of malicious FPGA configuration bitstreams over an Ethernet connection to perform DPR and leak sensitive information. Finally, we comment on plausible countermeasures to prevent such attacks.