A Protocol for Secure Remote Updates of FPGA Configurations
Source: Springer Healthcare
The authors present a security protocol for the remote update of volatile FPGA configurations stored in non-volatile memory. Their approach can be implemented on existing FPGAs, as it sits entirely in user logic. Their protocol provides for remote attestation of the running configuration and the status of the upload process. It authenticates the uploading party both before initiating the upload and before completing it, to both limit a denial-of-service attack and protect the integrity of the bit-stream. Encryption protects bit-stream confidentiality in transit; they either decrypt it before non-volatile storage, or pass on ciphertext if the configuration logic can decrypt it.