A Secure Framework with Remote Configuration of Intellectual Property

Nadir Khan, Sven Nitzsche, Jürgen Becker
2019 International Conference on Information Systems Security and Privacy (ICISSP)
In this work, an intellectual property (IP) licensing framework is proposed that is secure against IP theft (cloning and redistribution). This security is provided by utilizing built-in features of modern field programmable gate arrays (FPGAs), e.g. secure boot, state-of-the-art cryptography and trusted execution environments (TEE). The scheme is also the least restrictive in comparison to other publications in this area. Using this scheme, multiple IP core vendors (CVs) can configure their IPs remotely by connecting directly to an FPGA. Devices are booted securely using an authenticated and encrypted boot loader that initiates an authenticated and encrypted hypervisor, which in turn provides a TEE by partitioning the system resources into secure and non-secure sections. At this stage, a secure operating system (OS) is loaded that handles all the security critical functions such as communication with CVs, storage and analysis of bitstreams, enforcement of license constraints and configuration of IPs. Then, a second, non-secure OS is loaded, which provides an isolated execution environment with unrestricted access to non-secure resources. Hence, they are not limited to predefined APIs. Both OSes can interact via the hypervisor. The implementation of this framework is a work-in-progress and results presented within this paper are subject to change.
Download .bib
Download .bib
Eingetragen von
Nadir Khan