SBIR-STTR Award

FPGA devices provide a secure environment for execution of critical technology only if the configuration bitmap is kept from attackers. Side Channel Attacks (SCAs) may extract keys during AES-protected bitmap loading -- a serious problem for many anti-tamper system solutions. Accord proposes an SCA immune soft-processor as the crucial missing piece for providing tamper resistance during FPGA bitmap loading. Accord's CRIPTC processor inherently has a very high level of resistance to SCAs. In the proposed effort, Accord will analyze and benchmark test the CRIPTC Architecture’s SCA resistance. Using these results Accord will design specialized modifications to the architecture to increase its baseline resistance. In Phase I, Accord will implement selected changes and show initial benefits compared to the basic design. Comparison is also made with the FPGA manufacturer’s standard soft-core processor. A target scenario, protection for loading an FPGA with CPI content, will be the example case study. The Phase II design will produce a revised soft-core (SCAR-CRIPTC) to execute AES without detectable physical leaks, which Accord will demonstrate, benchmark and evaluate the SCA protection level.

Keywords:
Anti-Tamper Protection, Reverse Engineering, Exploit, Cryptography, Fpga, Side Channel Attack, Countermeasures, Soft-Core Processor

CRIPTC executes encrypted code and data without decryption. At the end of Phase I it was operational and leakage measurements were unable to detect data-dependent leakage from the AES S-Box component. More importantly, CRIPTC changes its encryption each compute cycle, eliminating the static bus model required for differential power or electromagnetic analysis. The architecture is flexible and can be optimized for the algorithm or resource and physical requirements. Using trade studies that consider generic program performance, tamper-resistance and stealth/physical footprint constraints, Accord will create a version of CRIPTC that specifically executes AES for loading FPGA bit-streams, protecting them from side-channel attacks. Lockheed Martin will subject the resulting tamper-resistant FPGA bit stream loading system for test and evaluation. By porting to a program tactical FPGA the technology can reach TRL 7 at project completion. Accord will evolve the design to provide anti-tamper solutions to MDA programs that, with only minor modifications, can specifically meet new FPGA and ASIC designs and for insertion into legacy FPGA boards for program anti-tamper upgrades.

Keywords:
Differential Power Analysis, Tamper-Resistance, Fpga Bit-Stream, Aes, Algorithm Signal Leakage, Computer Architecture, Trusted Computer, Reduced Instruction Set Computer, Exec