FPGA Bitstream-level Equivalence Checking: Securing the FPGA "Digital Fab

Abstract

The objective of this research is to explore techniques to ensure that FPGAs (a major class of digital circuits) remain secure and free from otherwise undetectable hardware trojan injections that could take place during the circuit compilation and synthesis process. The reconfigurable nature of FPGAs introduce additional challenges in ensuring that custom hardware designs aggressive safe and secure. Since FPGAs can be configured to implement arbitrary digital circuits, one must trust not only the fabrication of the FPGA chip itself, but also trust the circuit that the FPGA is configured to implement. This often requires analysis of the source hardware design to ensure it is safe and free from malicious elements. Furthermore, before a hardware design can be configured onto an FPGA, it must go through commercial CAD tools to perform synthesis, placement and routing, in order to ultimately generate a bitstream which can be used to configure the FPGA with the designed circuit. Therefore, for FPGA devices it is not not enough to just trust the fab, and the source circuit, one must also trust the CAD tools (i.e., the "digital fab"). These commercial tools are typically highly complex, closed source and produce proprietary programming files. It is currently very challenging for a designer to ensure their design was not tampered with during the compilation process, and generally, the designer is forced to trust the produced configuration bitstream. Our research group s preliminary work (https://dl.acm.org/doi/abs/10.1145/3491233) has shown that it is possible to leverage state-of-the-art commercial equivalence checking tools to perform bitstream-level equivalence checking; however, scalability issues limit these techniques to very small circuits. At the FPGA bitstream, all circuit hierarchy, signal names and larger structure is lost, and the design is a name-free, flattened, low-level netlist of primitive circuit elements. This makes it difficult for modern equivalence checking tools to establish a mapping to the original design. The proposed work will involve developing novel circuit analysis techniques and CAD tool algorithms to scale FPGA bitstream-level equivalence checking to larger designs. The work will focus on developing algorithms that can be used to recover structure and modules from the original design in the flattened bitstream. We believe this will enable us to decompose larger designs into smaller pieces that can more feasibility be determined equivalent using modern equivalence checking tools. We anticipate that some modifications will need to be made to the FPGA CAD flow to enable us to reconstruct the original design hierarchy. This may include disabling optimizations, isolating IP/modules of interest, inserting markers into the design, and/or using simulation to differentiate between internal design signals. Our research work will explore these approaches, and conduct experiments on a wide range of designs to determine effectiveness of different algorithms at reducing false positives and false negatives, as well as studying how the CAD changes impact the quality of results (QoR) of the produced hardware design. As the number of documented hardware vulnerabilities has grown rapidly in recent years [NIST National Vulnerability Database], there has been significantly increased research effort to develop secure and trusted hardware solutions. Ensuring FPGA designs are compiled in a safe and trusted manner is a critical component of this work, yet it remains largely unaddressed. We believe the techniques and algorithms explored in this proposed work will provide fundamental research needed for future development of tools and services that can be used to vet the equivalence of produced FPGA designs, and ensure the FPGA "digital fab" process is safe and trusted.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 05, 2022

Source ID

N000142212683

Entities

Tags