FRARE: FPGA Based Reconfigurable Attack Resilient Engine with Verified Proof-of-Execution

Abstract

Modern society is getting accustomed to the Internet of Things (IoT) and Cyber-Physical Systems (CPS) for a variety of applications that involves securitycritical user data and information transfers. In the lower end of the spectrum, these devices are resource-constrained with no attack protection. They become a soft target for malicious code modification attacks that steals and misuses device data in malicious activities. The resilient system requires continuous detection, prevention, and/or recovery and correct code execution (including in degraded mode). By end large, existing security primitives (e.g., secureboot, Remote Attestation RA, Control Flow Attestation (CFA) and Data Flow Attestation (DFA)) focuses on detection and prevention, leaving the proof of code execution and recovery unanswered.

To this end, the proposed work presents lightweight FRARE: FPGA based Reconfigurable Attack Resilient Engine with Verified Proof-of-Execution. It leverages a custom control register (Ctrl_register) based runtime memory modification attacks classification and detection technique. It uses the Proof of Concept (POC) implementation of re-configurable use-case-specific attacks prevention and onboard recovery techniques. The proto- type implementation on Artix 7 Field Programmable Gate Array (FPGA) and state-of-the-art comparison demonstrates very low (2.5%) resource overhead and efficacy of the proposed solution.