Based on the in-depth analysis of the security encapsulation structure based on FPGA, aiming at the security requirements of identity authentication in its practical application, this paper focuses on the research and design of an identity authentication model suitable for FPGA security encapsulation structure. By using RSA public key cryptography algorithm and SHA-1 algorithm, the model realizes the mutual authentication between users and FPGA. The model has good portability and security, can effectively resist a variety of attacks, and provides strong user authority authentication for FPGA based secure packaging applications.
With the popularization of embedded technology, FPGA has been widely used in various embedded systems. In a variety of embedded system applications, FPGA is often used to achieve the core functions of the whole system. Therefore, how to ensure the security of FPGA internal function structure becomes the key issue to protect the core intellectual property rights of the whole embedded system. Aiming at the security problem of FPGA internal construction code, various FPGA manufacturers have launched a variety of products with special security functions. However, advanced data analysis technology and tools make it easy for attackers to detect or steal the output signals of chip pins (such as address bus and data bus), and deduce the implementation mechanism of FPGA internal function modules according to the detection results.
The security package technology based on FPGA is a kind of security protection technology to solve the attack on the output signal of the chip pin. By adding a layer of security package to the function module in the FPGA chip, the non detectability of the function module is guaranteed. As the entry of the whole security protection mechanism, the identity authentication mechanism is related to the effectiveness of the whole security encapsulation structure, and it must ensure the effectiveness and security of the authentication information in the static storage and authentication process. Through the analysis of FPGA security package, this paper focuses on the research and design of an identity authentication mechanism based on FPGA security package. This authentication mechanism can ensure the validity of authentication process and the security of authentication information. It has good portability and can be integrated into various security encapsulation structures.
FPGA security packaging technology
The security packaging structure is mainly composed of three functional units, which are FPGA functional module unit, identity authentication unit and encryption unit. Among them, the function module unit is the part to realize the FPGA function in the system, and it is the core unit to realize the FPGA chip application; the identity authentication unit is mainly responsible for authenticating the user’s legal identity and enabling the security encapsulation; the encryption unit is responsible for encrypting / decrypting the input / output data of the function unit to ensure the security of the FPGA input / output data. User interface is convenient for users to insert smart card and other devices for identity authentication. The structure of the security package is shown in Figure 2.
Before the security package is enabled, the function modules in FPGA chip are waiting. When the user needs to enable the FPGA internal security package, the smart card and FPGA chip are used for identity authentication. If the authentication fails, the chip rejects the user’s access. If the authentication is successful, the identity authentication unit will send the user ID to the encryption unit. After receiving the user ID, the encryption unit will start the function module unit. When the function module unit writes / reads to the outside, the encryption unit obtains the address information of the data from the function module unit, takes the user ID as the root vector to generate the encryption / decryption key, and uses the generated key to encrypt / decrypt the input / output data of the function module unit.
2. Identity authentication based on FPGA security package
2.1 bidirectional authentication scheme based on FPGA security package
Identity authentication is realized by binding an evidence with entity identity. In the application of FPGA security package, the entities are smart card and FPGA. In order to ensure the security of secure packaged applications, in the authentication process, on the one hand, the smart card must provide evidence to prove its legal identity to the FPGA; on the other hand, the FPGA chip must also provide evidence to prove its legitimacy to the smart card. Therefore, the authentication mechanism based on FPGA security encapsulation must be bidirectional. In order to reduce the complexity of the authentication mechanism and save the internal resources of FPGA, RSA algorithm is selected and SHA-1 algorithm is used as the cryptography foundation of the bidirectional authentication scheme.
The security of RSA cipher is based on the difficulty of factorization of large combined number. When the large combined number takes 1024 bits or 2048 bits, the cost of decoding RSA cipher will be very huge. SHA-1 algorithm is a one-way hash function. By inputting a group of messages less than 264 bits, a group of 160 bit message digest can be obtained, and the algorithm satisfies the following two properties: (1) it is not feasible to calculate the original message by message digest, that is, the algorithm has irreversibility; (2) the message digest generated by different two segments of messages is different, that is, the algorithm has irreversibility Impact resistance.
The key configuration of the two-way authentication scheme is shown in Table 1. Suppose EF and EU are the RSA private key of smart card and FPGA respectively, DF and Du are the RSA public key of smart card and FPGA respectively, NF and nu are the RSA large sum used by smart card and FPGA respectively. FPGA has its own private key EU, the public key DF of smart card and the combined number NF and nu used by both sides. Similarly, smart card also has its own private key EF, the public key Du of FPGA and the combined number NF and nu used by both sides. The two-way authentication process can be divided into the following steps:
(1) The user inserts the smart card with user ID information into the user interface.
(2) The FPGA chip detects the insertion of the smart card and starts the identity authentication unit.
(3) The smart card generates a random number mu, encrypts it with EF and NF, and then sends the encrypted result to the authentication unit in FPGA chip.
(4) The authentication unit uses DF and NF to decrypt the Cu, and obtains the decryption result Mu ‘.
(5) The identity authentication unit encrypts Mu ‘with EU and nu, and sends the encryption result CF’ back to the smart card.
(6) The smart card uses Du and nu to decrypt CF ‘, and compares the decryption result with mu. If it is correct, confirm the legitimacy of the FPGA chip for the user, and continue the next operation; if it is not correct, the smart card will be disconnected from the FPGA chip.
(7) The identity authentication unit generates a random number MF, encrypts it with EU and nu, and transmits the encryption result CF to the smart card.
(8) The smart card uses Du and nu to decrypt CF and get the decryption result MF.
(9) The smart card uses EF and NF to encrypt (ID + Mu + MF) to get the encrypted result CID, which is sent to the authentication unit.
(10) The authentication unit uses DF and NF to decrypt the CID, and subtracts Mu and MF from the decryption result to get the ID.
(11) The identity authentication unit uses SHA-1 algorithm to hash the ID to get the hash.
(12) The identity authentication unit will match the value in the register of idhash table. If the match is successful, the validity of the smart card for the FPGA chip will be proved. Idhash will participate in the encryption and decryption operation of the encryption unit as a part of the root vector. If the match is not successful, the FPGA chip will disconnect from the smart card.
2.2 identity authentication unit model design
In the FPGA security encapsulation structure, one end of the authentication unit is connected with the encryption unit, and the other end is connected with the user interface. In order to meet the requirements of RSA operation and user ID storage security in the process of two-way authentication, ds1957b is selected to implement the smart card. Ds1957b uses the encapsulation method to prevent physical detection, with built-in Java processor, 1024 bit cipher accelerator, random number generator and 134kb nonvolatile RAM. It is very convenient to implement RSA operation, and can seal the key and user ID information stored in the card.
In order to realize the bidirectional authentication process, the authentication unit model in FPGA security package is composed of a xemodn calculator, a random number generator, an RSA engine, an RSA key register, a SHA-1 calculator and an idhash table register. Among them, xemodn calculator is responsible for modular exponentiation of RSA password, random number generator is responsible for generating random numbers, RSA engine is responsible for RSA operation on FPGA side, RSA key register stores key of RSA password, SHA-1 calculator is responsible for one-way hash operation of user ID information, idhash table register stores hash value of legal user ID. The identity authentication unit model is shown in Figure 3.
3. Safety analysis
The security of the authentication unit model is mainly based on three aspects: (1) the security of the static storage of the key and user ID; (2) the security of the encryption algorithm used; (3) the ability of the authentication scheme to resist various attacks. The second point is beyond the scope of this paper. Assuming that the algorithm used is always safe, the first and third points will be analyzed in detail.
(1) For the static storage of key and user ID, on the one hand, because the smart card adopts the encapsulation form to prevent physical detection and stores the data in the smart card in a sealed way, it is difficult for attackers to steal the key and user ID information stored on the smart card through physical detection or software detection [7-8]. On the other hand, FPGA is composed of large-scale logic gate array, so it is very difficult to extract the key and other sensitive data from it. In addition, most FPGAs have the protection function of bitstream and its internal structure. Therefore, the static security of the key and user ID used in the authentication process can be ensured.
(2) In the authentication process, the most likely attack means are impersonation entity attack, replay attack and ciphertext only attack. In view of these attacks, authentication schemes have corresponding prevention strategies.
3.1 impersonation attack
Suppose that the attacker steals the user’s smart card, in order to obtain the ID information on the smart card, a device is used to connect with the smart card by pretending to be a legitimate FPGA. However, in the authentication process, the fake device can not successfully prove the legitimacy of its identity to the smart card, so that the smart card will not send the relevant information containing the user ID to the device, so the security encapsulation structure can resist the “fake entity attack”.
3.2 replay attack
Suppose that the attacker intercepts the authentication information CF ‘and CF sent by the authentication unit, and launches a retransmission attack on the smart card.
(1) In step (3) of the authentication process, the smart card generates a new random number mu2, encrypts it with EF and NF, and then sends the encrypted result Cu2 to the identity authentication unit in the FPGA chip.
(2) The attacker sends CF ‘back to the smart card.
(3) The smart card uses Du and nu to decrypt CF ‘and get mu. Because mu ≠ mu2, the authentication fails.
Suppose that the attacker intercepts the authentication information Cu and CID sent by the smart card and launches a retransmission attack on FPGA
(1) In step (7) of the authentication process, the identity authentication unit generates a new random number MF2, encrypts it with EU and nu, and transmits the encryption result CF2 to the smart card;
(2) The attacker sends the CID back to FPGA;
(3) The ID authentication unit decrypts the CID using DF and NF, and subtracts Mu and MF2 from the decryption result to get Id2;
(4) The identity authentication unit uses SHA-1 algorithm to hash Id2 to get hash ‘;
(5) Because the hash ‘can’t match the value in the idhash table register, the authentication fails.
Therefore, the security encapsulation structure can resist “replay attack”.
3.3 ciphertext only attack
Suppose that the attacker intercepts all the authentication information transmitted by both sides through channel eavesdropping. Because the authentication information is generated based on random number, the authentication information transmitted each time is different, which greatly increases the difficulty of analyzing ciphertext. In step (9) of the authentication process, because CID is obtained by encrypting (ID + Mu + MF), Mu and MF are random numbers, so the result of each authentication is different, so that the attacker can not also obtain the user ID information by analyzing CID.
In this paper, aiming at the security problem of the internal function unit of FPGA chip, the security encapsulation structure based on FPGA is deeply analyzed, and the identity authentication mechanism based on this structure is mainly studied, and an identity authentication model based on FPGA security encapsulation structure is designed and implemented. The model adopts a two-way authentication mechanism based on public key system, which can effectively ensure the static and dynamic security of authentication information, so as to ensure the effectiveness of the security packaging structure and the security of the internal functional units of the chip.
Editor in charge: GT