Abstract

Mainstream FPGAs and programmable SoCs employ different countermeasures during configuration and runtime to mitigate physical attacks. However, it has been demonstrated that sophisticated active attack techniques, such as laser voltage probing, can still bypass the bitstream protections during the configuration phase. On the other hand, although the security monitoring IP cores provided by FPGA vendors can ensure the physical security during the runtime of applications, they are unable to detect such attacks during configuration. In this work, we propose a novel approach to using PUFs as physical sensors to monitor the integrity of FPGAs against active attacks. Small modifications in existing PUF architectures enable us to design a PUF-based security scheme, which can be deployed for integrity monitoring and authentication/key generation at the same time. We evaluate the effectiveness of our framework against a range of powerful attacks, such as optical probing and fault attacks. We further discuss how this scheme can be deployed during bitstream configuration in FPGAs with partial reconfiguration capability.