SACHa: Self-Attestation of Configurable Hardware

Jo Vliegen^1,a, Md Masoom Rabbani^2,c, Mauro Conti^2,d and Nele Mentens^1,b
1ES&S and imec-COSIC/ESAT, KU Leuven, Belgium
^ajo.vliegen@kuleuven.be
^bnele.mentens@kuleuven.be
²SPRITZ, University of Padua, Italy
^cRabbani@math.unipd.it
^dConti@math.unipd.it

ABSTRACT

Device attestation is a procedure to verify whether an embedded device is running the intended application code. This way, protection against both physical attacks and remote attacks on the embedded software is aimed for. With the wide adoption of Field-Programmable Gate Arrays or FPGAs, hardware also became configurable, and hence susceptible to attacks (just like software). In addition, an upcoming trend for hardware-based attestation is the use of configurable FPGA hardware. Therefore, in order to attest a whole system that makes use of FPGAs, the status of both the software and the hardware needs to be verified, without the availability of a tamper-resistant hardware module.

In this paper, we propose a solution in which a prover core on the FPGA performs an attestation of the entire FPGA, including a self-attestation. This way, the FPGA can be used as a tamper-resistant hardware module to perform hardware-based attestation of a processor, resulting in a protection of the entire hardware/software system against malicious code updates.

---

Full Text (PDF)

© 2019 EDAA. All rights reserved.