Secure and Licensable Heterogeneous Systems-on-Chips
Motivation
As cyber-physical and embedded systems are demanding more and more computing power and real-time operating capabilities, while energy consumption needs to be kept to a minimum, the trend in ICT products, industrial machines, and intelligent devices is moving in the direction of adding increasing numbers of heterogeneous Systems-on-Chips (SoCs). The SoCs commonly used in this area are often configured as multi-core processors and dedicated accelerator hardware (DSPs, GPUs etc.) as well as reconfigurable computing architectures (FPGAs – Field Programmable Gate Arrays). This enables application-specific hardware extensions (HW IP) to be closely integrated with the processors and available for their intended application.
Objectives and Approach
To protect hardware solutions of this nature, SoCs, such as Xilinx’s Zynq® UltraScale+ architecture, come equipped with cryptographic primitives (such as block ciphers, hash functions, secure key storage, or random number generators). These features are consolidated in so-called Configuration Security Units (CSU) and enable the fundamental protection of HW IP, e.g. by encrypting bitstreams symmetrically (using the same keys for encryption and decryption), to shield it from simple hacks or tampering. Once the bitstreams are encrypted, there is no means to ascertain the integrity of the HW IP or the nature and frequency of its use without effective verification and licensing capabilities. It is this gap that the project intends to address and for which it will produce a solution for secure and licensable heterogeneous SoCs.
The lack of suitable protective capabilities prevents the developers of HW IP in the form of reconfigurable computing architectures from reliable limiting or stopping access to their HW IP in the sense of license controls over the type and nature of that access. With HW IP only protected by encrypting the bitstreams, as is the current approach, these bitstreams can be split up and executed on different modules after decryption, which prevents their controlled distribution. Without suitable licensing capabilities, the use or distribution of HW IP can also not be restricted to specific or set numbers of SoCs. One practical implication of this is that it becomes impossible to scale the licensing fees reliably for a parallel use of the HW IP on one or multiple SoCs.
Innovations and Prospects
The innovation and USP produced by the SiLiSys project relate to the standardized and secure licensing and the protection of HW IP for Systems-on-Chips. It intends to enable both licensing and IP protection of the type and nature already known and established in common software protection. For licensing purposes, it would be irrelevant for the developers of SoCs whether the protected objects on the SoC are expressed as reconfigurable logics in the form of HW IP or executed as software on dedicated processor cores.