A novel trust-based design method for FPGA circuits that uses error-correcting code (ECC) structures for detecting design tampers (changes, deletion of existing logic, and addition of extradesign logic-like Trojans) is proposed in this article. We determine ECC-based CLB (configuration logic block) parity groups and embed the check CLBs for each parity group in the FPGA circuit. During a trust-checking phase, a Test-Pattern Generator (TPG) and an Output Response Analyzer (ORA), configured in the FPGA, are used to check that each parity group of CLB outputs produce the expected parities. We use two levels of randomization to thwart attempts by an adversary to discover the parity groups and inject tampers that mask each other, or to tamper with the TPG and ORA so that design tampers remain undetected: (a) randomization of the mapping of the ECC parity groups to the CLB array; (b) randomization within each parity group of odd and even parities for different input combinations (classically, all ECC parity groups have even parities across all inputs). These randomizations along with the error-detecting property of the underlying ECC lead to design tampers being uncovered with very high probabilities, as we show both analytically and empirically. We also classify different CLB function structures and impose a parity group selection in which only similarly structured functions are randomly selected to be in the same parity group in order to minimize check function complexity. Using the 2D code as our underlying ECC and its 2-level randomization, our experiments with inserting 1-10 circuit CLB tampers and 1-5 extraneous logic CLBs in two medium-size circuits and a RISC processor circuit implemented on a Xilinx Spartan-3 FPGA show promising results of 100% tamper detection and 0% false alarms, obtained at a hardware overhead of only 7-10%.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Adell, P. and Allen, G. 2008. Assessing and mitigating radiation effects in Xilinx FPGAs. JPL Publication 08-9, Jet Propulsim Laboratory, California Institute of Technology.
	2	Cristiana Bolchini , Davide Quarta , Marco D. Santambrogio, SEU mitigation for sram-based fpgas through dynamic partial reconfiguration, Proceedings of the 17th ACM Great Lakes symposium on VLSI, March 11-13, 2007, Stresa-Lago Maggiore, Italy  [doi>10.1145/1228784.1228803]
	3	Carmichael, C., Caffrey, M., and Salazar, A. 2000. Correcting single event upsets through virtex partial configuration. Xilinx Application Note XAPP 216. http://www.xilinx.com/support/documentation/application_notes/xapp216.pdf.
	4	Clayton, J. 2002. http://www.opencores.org/projects.cgi/web/risc16f84/overview.
	5	DARPA. DARPA: TRUST in Integrated Circuits (TRUST) webpage: http://www.darpa.mil/mto/programs/trust/index.html.
	6	Dipert, B. 2000. Cunning circuits confound crooks. http://www.e-insite.net/ednmag/contents/images/21df2.pdf.
	7	Shantanu Dutt , Nihar R. Mahapatra, Node-covering, Error-correcting Codes and Multiprocessors with Very High Average Fault Tolerance, IEEE Transactions on Computers, v.46 n.9, p.997-1015, September 1997  [doi>10.1109/12.620481]
	8	Joan G. Dyer , Mark Lindemann , Ronald Perez , Reiner Sailer , Leendert van Doorn , Sean W. Smith , Steve Weingart, Building the IBM 4758 Secure Coprocessor, Computer, v.34 n.10, p.57-66, October 2001  [doi>10.1109/2.955100]
	9	G. A. Gibson , L. Hellerstein , R. M. Karp , D. A. Patterson, Failure correction techniques for large disk arrays, Proceedings of the third international conference on Architectural support for programming languages and operating systems, p.123-132, April 03-06, 1989, Boston, Massachusetts, United States
	10	Heiner, J., Collins, N., and Wirthlin, M. 2008. Fault tolerant ICAP controller for high-reliable internal scrubbing. In Proceedings of the Aerospace Conference. 1--10.
	11	Herveille, R. 2001. http://www.opencores.org/projects.cgi/web/i2c/overview.
	12	Paul C. Kocher , Joshua Jaffe , Benjamin Jun, Differential Power Analysis, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, p.388-397, August 15-19, 1999
	13	Oliver Kömmerling , Markus G. Kuhn, Design principles for tamper-resistant smartcard processors, Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, p.2-2, May 10-11, 1999, Chicago, Illinois
	14	Nirmal R. Saxena , Piero Franco , Edward J. McCluskey, Simple Bounds on Serial Signature Analysis Aliasing for Random Testing, IEEE Transactions on Computers, v.41 n.5, p.638-645, May 1992  [doi>10.1109/12.142690]
	15	Steiner, N. J. 2002. A standalone wire database for routing and tracing in Xilinx Virtex, Virtex-E, and Virtex-II FPGAs. Master Thesis of Electrical Engineering, Virginia Polytechnic Institute and State University.
	16	Steve Trimberger, Trusted design in FPGAs, Proceedings of the 44th annual conference on Design automation, June 04-08, 2007, San Diego, California  [doi>10.1145/1278480.1278483]
	17	Steve H. Weingart, Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences, Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems, p.302-317, August 17-18, 2000
	18	Wollinger, T. and Paar, C. 2003. How secure are FPGAs in cryptographic applications? In Proceedings of the International Conference on Field Programmable Logic and Applications (FPL).
	19	Wollinger, T., Guajardo, J., and Paar, C. 2003. Cryptography on FPGAs: State of the art implementations and attacks. ACM Trans. Embed. Comput. Syst. (Special Issue on Embedded Systems and Security).
	20	Bo Yang , Kaijie Wu , Ramesh Karri, Secure scan: a design-for-test architecture for crypto chips, Proceedings of the 42nd annual conference on Design automation, June 13-17, 2005, Anaheim, California, USA  [doi>10.1145/1065579.1065617]