{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:01:39Z","timestamp":1760241699504,"version":"build-2065373602"},"reference-count":16,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2018,7,18]],"date-time":"2018-07-18T00:00:00Z","timestamp":1531872000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Secure booting within a field-programmable gate array (FPGA) environment is traditionally implemented using hardwired embedded cryptographic primitives and non-volatile memory (NVM)-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique is proposed in this paper that self-authenticates an unencrypted FPGA configuration bitstream loaded into the FPGA during the start-up. The internal configuration access port (ICAP) interface is accessed to read out configuration information of the unencrypted bitstream, which is then used as input to a secure hash function SHA-3 to generate a digest. In contrast to conventional authentication, where the digest is computed and compared with a second pre-computed value, we use the digest as a challenge to a hardware-embedded delay physical unclonable function (PUF) called HELP. The delays of the paths sensitized by the challenges are used to generate a decryption key using the HELP algorithm. The decryption key is used in the second stage of the boot process to decrypt the operating system (OS) and applications. It follows that any type of malicious tampering with the unencrypted bitstream changes the challenges and the corresponding decryption key, resulting in key regeneration failure. A ring oscillator is used as a clock to make the process autonomous (and unstoppable), and a novel on-chip time-to-digital-converter is used to measure path delays, making the proposed boot process completely self-contained, i.e., implemented entirely within the re-configurable fabric and without utilizing any vendor-specific FPGA features.<\/jats:p>","DOI":"10.3390\/cryptography2030015","type":"journal-article","created":{"date-parts":[[2018,7,19]],"date-time":"2018-07-19T03:50:43Z","timestamp":1531972243000},"page":"15","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["An Autonomous, Self-Authenticating, and Self-Contained Secure Boot Process for Field-Programmable Gate Arrays"],"prefix":"10.3390","volume":"2","author":[{"given":"Don","family":"Owen Jr.","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of New Mexico, Albuquerque, NM 87131, USA"}]},{"given":"Derek","family":"Heeger","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of New Mexico, Albuquerque, NM 87131, USA"}]},{"given":"Calvin","family":"Chan","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of New Mexico, Albuquerque, NM 87131, USA"}]},{"given":"Wenjie","family":"Che","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of New Mexico, Albuquerque, NM 87131, USA"}]},{"given":"Fareena","family":"Saqib","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of North Carolina, Charlotte, NC 28223, USA"}]},{"given":"Matt","family":"Areno","sequence":"additional","affiliation":[{"name":"Trusted and Secure Systems, LLC, Round Rock, TX 78665, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1876-117X","authenticated-orcid":false,"given":"Jim","family":"Plusquellic","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of New Mexico, Albuquerque, NM 87131, USA"}]}],"member":"1968","published-online":{"date-parts":[[2018,7,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1248","DOI":"10.1109\/JPROC.2014.2331672","article-title":"FPGA Security: Motivations, Features, and Applications","volume":"102","author":"Trimberger","year":"2014","journal-title":"Proc. IEEE"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Skorobogatov, S. (2010). Flash Memory \u2018Bumping\u2019 Attacks. Cryptographic Hardware and Embedded Systems, CHES 2010: Proceedings of the 12th International Workshop, Santa Barbara, CA, USA, 17\u201320 August 2010, Springer.","DOI":"10.1007\/978-3-642-15031-9_11"},{"key":"ref_3","unstructured":"(2018, June 15). 7 Series FPGAs Configuration; User Guide. Available online: https:\/\/www.xilinx.com\/support\/documentation\/user_guides\/ug470_7Series_Config.pdf."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1236","DOI":"10.1109\/TCAD.2015.2399455","article-title":"FPGA Trojans through Detecting and Weakening of Cryptographic Primitives","volume":"34","author":"Swierczynski","year":"2015","journal-title":"IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"348","DOI":"10.1109\/TC.2016.2646367","article-title":"Bitstream Fault Injections (BiFI)\u2014Automated Fault Attacks against SRAM-based FPGAs","volume":"67","author":"Swierczynski","year":"2018","journal-title":"IEEE Trans. Comput."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1007\/s13389-016-0132-7","article-title":"Interdiction in practice\u2014Hardware Trojan against a high-security USB flash drive","volume":"7","author":"Swierczynski","year":"2017","journal-title":"J. Cryptogr. Eng."},{"key":"ref_7","unstructured":"Konopinski, D., and Kenyon, A. (2009, January 3\u20134). Data recovery from damaged electronic memory devices. Proceedings of the London Communications Symposium 2009, University College London, London, UK."},{"key":"ref_8","unstructured":"(2018, June 15). Why Anti-Fuse is the Only Secure Choice for Encryption Key Storage. Available online: http:\/\/chipdesignmag.com\/display.php?articleId=5045."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1109\/MDT.2013.2247459","article-title":"HELP: A Hardware-Embedded Delay-Based PUF","volume":"30","author":"Aarestad","year":"2013","journal-title":"IEEE Des. Test"},{"key":"ref_10","unstructured":"Tiri, K., and Verbauwhede, I. (2004, January 23). Charge Recycling Sense Amplifier Based Logic: Securing Low Power Security ICs Against DPA. Proceedings of the 30th European Conference on Solid-State Circuits 2004, Leuven, Belgium."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Che, W., Martin, M., Pocklassery, G., Kajuluri, V.K., Saqib, F., and Plusquellic, J. (2017). A Privacy-Preserving, Mutual PUF-Based Authentication Protocol. Cryptography, 1.","DOI":"10.3390\/cryptography1010003"},{"key":"ref_12","unstructured":"(2018, June 15). Keccak. Available online: https:\/\/keccak.team\/keccak.html."},{"key":"ref_13","unstructured":"(2018, June 15). 7 Series FPGAs Clocking Resources; User Guide. Available online: https:\/\/www.xilinx.com\/support\/documentation\/user_guides\/ug472_7Series_Clocking.pdf."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Gassend, B., Clarke, D., van Dijk, M., and Devadas, S. (2002, January 18\u201322). Silicon Physical Random Functions. Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA.","DOI":"10.1145\/586110.586132"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Chakraborty, R., Lamech, C., Acharyya, D., and Plusquellic, J. (2013, January 7). A transmission gate physical unclonable function and on-chip voltage-to-digital conversion technique. Proceedings of the 50th Annual Design Automation Conference, Austin, TX, USA.","DOI":"10.1145\/2463209.2488806"},{"key":"ref_16","unstructured":"(2018, June 15). Which Zynq SOM is Right for You?. Available online: http:\/\/zedboard.org\/."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/3\/15\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:12:51Z","timestamp":1760195571000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/3\/15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,7,18]]},"references-count":16,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2018,9]]}},"alternative-id":["cryptography2030015"],"URL":"https:\/\/doi.org\/10.3390\/cryptography2030015","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2018,7,18]]}}}