Tunable FPGA Bitstream Obfuscation with Boolean Satisfiability Attack Countermeasure

Abstract

Field Programmable Gate Arrays (FPGAs) are seeing a surge in usage in many emerging application domains, where the in-field reconfigurability is an attractive characteristic for diverse applications with dynamic design requirements, such as cloud computing, automotive, IoT, and aerospace. The security of the FPGA configuration file, or bitstream , is critical, especially for devices with long in-field lifetimes, where attackers may attempt to extract valuable Intellectual Property (IP) from within. In this article, we propose a tunable obfuscation approach that protects IP from typical bitstream attacks while enabling designers to trade off security with acceptable overhead. We also consider two potential attacks on this protection mechanism: Boolean SAT Attacks on the obfuscation and removal attacks on the protection circuitry. The obfuscation and SAT countermeasure are integrated in a custom CAD framework within a commercial FPGA toolflow and together provide mathematically strong protection against common bitstream attacks. Further, we quantify the difficulty of a removal attack on the protection circuitry through pattern matching and direct bitstream manipulation. The average area, power, and delay overhead for obfuscation with 95% mismatch probability are 18%, 16%, and 8%, respectively, for small combinational circuits, and 1%, 2%, and 5% for larger arithmetic modules.