A single-chip solution for the secure remote configuration of FPGAs using bitstream compression

This paper presents a system that allows the secure remote configuration of an FPGA, which is assumed to be the only device in the secure zone. This means that no security critical information passes over the borders of the FPGA chip, reducing the opportunities for an attacker to break the system. In particular, bitstream compression in combination with partial reconfiguration is used to avoid the use of an external memory for the storage of the bitstream. Additionally there is no need for an external processor for the transfer of the bitstream. Nevertheless, our solution contains a mechanism that verifies the integrity of the complete bitstream before starting the configuration. This prevents attempts to load unqualified bitstreams and reduces the downtime. The integrity check, the decryption, the authentication of the origin and the freshness check of the bitstream are performed inside the FPGA while its current configuration is still active. The contribution of this work is that it presents the first complete working system for the secure remote configuration of FPGAs, consisting of a single FPGA chip and an initiating server, given that the integrity of the complete bitstream is verified before configuration. This paper gives details on the overall system and the FPGA architecture, which have been implemented and tested.