Derek Heeger scite author profile

Secure booting within a field-programmable gate array (FPGA) environment is traditionally implemented using hardwired embedded cryptographic primitives and non-volatile memory (NVM)-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique is proposed in this paper that self-authenticates an unencrypted FPGA configuration bitstream loaded into the FPGA during the start-up. The internal configuration access port (ICAP) interface is accessed to read out configuration information of the unencrypted bitstream, which is then used as input to a secure hash function SHA-3 to generate a digest. In contrast to conventional authentication, where the digest is computed and compared with a second pre-computed value, we use the digest as a challenge to a hardware-embedded delay physical unclonable function (PUF) called HELP. The delays of the paths sensitized by the challenges are used to generate a decryption key using the HELP algorithm. The decryption key is used in the second stage of the boot process to decrypt the operating system (OS) and applications. It follows that any type of malicious tampering with the unencrypted bitstream changes the challenges and the corresponding decryption key, resulting in key regeneration failure. A ring oscillator is used as a clock to make the process autonomous (and unstoppable), and a novel on-chip time-to-digital-converter is used to measure path delays, making the proposed boot process completely self-contained, i.e., implemented entirely within the re-configurable fabric and without utilizing any vendor-specific FPGA features. Cryptography 2018, 2, 15 2 of 17Modern FPGAs provide on-chip battery-backed random-access memory (RAM) or E-Fuses for the storage of a decryption key, which is used by vendor-embedded encryption hardware functions, e.g., the Advanced Encryption Standard (AES), within the FPGA in order to decrypt the bitstream as it is read from the external NVM during the boot process [1]. Recent attack mechanisms have been shown to read out embedded keys, and therefore on-chip key storage threatens the security of the boot process [2].In this paper, we propose a physical unclonable function (PUF)-based key generation strategy that addresses the vulnerability of on-chip key storage. Moreover, the proposed secure boot technique is self-contained, in that none of the FPGA-embedded security primitives or FPGA clocking resources are utilized. We refer to the system as Bullet-Proof Boot for FPGAs (BulletProoF). BulletProoF uses a PUF implemented in the programmable logic (PL) side of an FPGA to generate the decryption key at boot time, and then uses the key for decrypting an off-chip NVM-stored second stage boot image. The second stage boot image contains PL components as well as software components, such as an operating system and applications. BulletProoF decrypts and programs the PL components directly into those portions of the PL side that are not occupied by BulletProoF using dynamic partial...

show abstract

Secure LoRa Firmware Update with Adaptive Data Rate Techniques

Heeger

Garigan²,

Tsiropoulou

et al. 2021

Sensors

View full text Add to dashboard Cite

Internet of Things (IoT) devices rely upon remote firmware updates to fix bugs, update embedded algorithms, and make security enhancements. Remote firmware updates are a significant burden to wireless IoT devices that operate using low-power wide-area network (LPWAN) technologies due to slow data rates. One LPWAN technology, Long Range (LoRa), has the ability to increase the data rate at the expense of range and noise immunity. The optimization of communications for maximum speed is known as adaptive data rate (ADR) techniques, which can be applied to accelerate the firmware update process for any LoRa-enabled IoT device. In this paper, we investigate ADR techniques in an application that provides remote monitoring of cattle using small, battery-powered devices that transmit data on cattle location and health using LoRa. In addition to issues related to firmware update speed, there are significant concerns regarding reliability and security when updating firmware on mobile, energy-constrained devices. A malicious actor could attempt to steal the firmware to gain access to embedded algorithms or enable faulty behavior by injecting their own code into the device. A firmware update could be subverted due to cattle moving out of the LPWAN range or the device battery not being sufficiently charged to complete the update process. To address these concerns, we propose a secure and reliable firmware update process using ADR techniques that is applicable to any mobile or energy-constrained LoRa device. The proposed system is simulated and then implemented to evaluate its performance and security properties.

show abstract

A series-stacked power delivery architecture with hot-swapping for high-efficiency data centers

Candan

Heeger

Shenoy

et al. 2015

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Derek Heeger

Adaptive Data Rate Techniques for Energy Constrained Ad Hoc LoRa Networks

An Autonomous, Self-Authenticating, and Self-Contained Secure Boot Process for Field-Programmable Gate Arrays

Secure LoRa Firmware Update with Adaptive Data Rate Techniques

A series-stacked power delivery architecture with hot-swapping for high-efficiency data centers

Contact Info

Product

Resources

About