Secure partial dynamic reconfiguration with unsecured external memory

This paper proposes a solution to improve the security of the partial dynamic reconfiguration of FPGA, without significantly affecting the reconfiguration performance. The existing solutions for secure partial dynamic reconfiguration on SRAM based FPGAs impact the reconfiguration process and the available resources due to their complex multi-layered partial bitstream validation process. This adversely affects the performance of applications using reconfigurable hardware. The proposed solution uses high performance encryption engines to change the encryption key of the remotely received bitstream by a randomly generated key, unique to each configuration, when storing the bitstream in the external unsecured memory. An additional CBC-MAC authentication mechanism is also considered that combined with the frame-wise error detection mechanism of the configuration port, allows for an improved countermeasure against replay attack and wrongful bitstream usage. The proposed solution introduces a resource overhead of 1.1% in regard to the base reconfigurable system and provides the lowest impact on the reconfiguration process when compared to the related state of the art, achieving a reconfiguration throughput of 2.5 Gbps.