Leveraging the Partial Reconfiguration Capability of FPGAs for Processor-Based Fail-Operational Systems

Tobias Dörr, Timo Sandmann, Florian Schade, Falco K. Bapp, Jürgen Becker

Processor-based digital systems are increasingly being used in safety-critical environments. To meet the associated safety require- ments, these systems are usually characterized by a certain degree of redundancy. This paper proposes a concept to introduce a redundant processor on demand by using the partial reconfiguration capability of modern FPGAs. We describe a possible implementation of this concept and evaluate it experimentally. The evaluation focuses on the fault han- dling latency and the resource utilization of the design. It shows that an implementation with 32 KiB of local processor memory handles faults within 0.82 ms and, when no fault is present, consumes less than 46 % of the resources that a comparable static design occupies.

(ReCo)Fuse Your PRC or Lose Security: Finally Reliable Reconfiguration-based Countermeasures on FPGAs

Kenneth Schmitz, Buse Ustaoglu, Daniel Große, Rolf Drechsler

Partial reconfiguration is a powerful technique to adapt the functionality of Field Programmable Gate Arrays (FPGAs) at run time. When performing partial reconfiguration a dedicated Intellectual Property (IP) component of the FPGA vendor, i.e. the Partial Reconfiguration Controller (PRC), among a wide range of IP components has to be used. While ensuring the functional safety of FPGA designs is well understood, ensuring hardware security is still very challenging. This applies in par- ticular to reconfiguration-based countermeasures which are intensively used to form a moving target for the attacker. However, from the system security perspective a critical component is the above mentioned PRC as noticed by many papers implementing reconfiguration-based counter- measures against SCA/DPA attacks. In this work, we leverage a new proposed safety mechanism which creates a container around an IP, to encapsulate and thereby to protect and observe the PRC of an FPGA. The proposed encapsulation scheme results in an architecture consisting of so-called ReCoFuses (RCFs), each capturing a specific protective goal which have to be fulfilled at any time during PRC operation. The termi- nology follows the classical electric installation including a fuse box. In our scheme we employ formal verification to guarantee the correctness in detecting a security violation. Only after successful verification, the RCFs are integrated into the ReCoFuse Container. Experimental results demonstrate the advantage of our approach by preventing attacks on the PRC of a system secured by reconfiguration.