Secure hardware-entangled field programmable gate arrays

The configuration bitstream is a persistent source of vulnerability in FPGA designs, and thus FPGA vendors have implemented bitstream encryption. A number of attacks on these countermeasures have been demonstrated including direct probing of the configuration storage cells, side-channel attacks on the decryption blocks, and attacks on the scan chain. Thus, we present an FPGA design that never stores the configuration data in the clear, even at the lowest level of the hardware. We deeply hardware entangle the reconfigurable logic and interconnect by one time pad encrypting the bitstream using a PUF response. By leveraging recent work in high performance, high density, high reliability, and low power PUF design, we tightly integrate a PUF bit with every configuration bit. This has significant security benefits including high resistance to probing attacks and unique per-die configuration bitstreams, while only requiring minor modification of the FPGA design. Based on overheads from a PUF implementation in an industrial 65 nm bulk CMOS process, we simulate such an FPGA design and achieve modest overheads in power, area, and performance across multiple security-focused benchmark applications, as well as various MCNC benchmark circuits from a variety of real applications.