Techniques for protecting the integrity and/or confidentiality of data (e.g., software) may utilize message authentication codes (MACs) and encryption. However, by eliminating the necessity of storing and protecting keys, increased security of these techniques can be realized by making them less vulnerable to key extraction attacks.
There are several commercially available protections for field programmable gate arrays (FPGAs), wherein the protections can utilize encryption of a bitstream(s), e.g., via advanced encryption standard (AES). One solution utilizes an AES key that is one-time programmable and stored in non-volatile memory in the FPGA. Another solution stores the AES key in volatile memory on a device with a battery backup, in combination with a unique identifier (signature) that is hardcoded into the FPGA during manufacturing. During an initial enrollment process, a user-defined function value of the identifier is computed and stored on the system. At a later time, when the FPGA is again configured the computation is repeated and compared to the enrolled value.
However, these techniques are fundamentally insecure as they rely on secrets that are stored in nonvolatile (or battery backed volatile) memory on the device. This creates opportunities for key extraction and can also introduce a key storage problem. In the case of the unique identifier, the enrolled value must also be protected so that it cannot be extracted and used to spoof the verification step in a replay attack.
After a foundation of trust is established for the hardware, it is desirable that this trust be extended to a data to be employed by the hardware. Data cannot itself be secured by other data since, in this scenario, security data and malicious data exist within the same execution context. By consequence, no advantage is available to either side because any action taken by one side may also be taken or altered by the other side.