You are here

Digital Erasure of Sensitive FPGA Systems


OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Trusted AI and Autonomy; Advanced Computing and Software OBJECTIVE: Modern and future battlefields will see increasing use of automated platforms; however, single-use, leave-behind, or unattended U.S. military systems require sufficient protection against hardware and software components from being reverse engineered. Currently, there is not yet a cost-effective, adequate solution for this requirement. Practices such as traditional physical anti-tamper methods or warfighters having direct physical access to attempt platform destruction are not feasible for the new ecosystem of low-cost, high-count platforms. Conversely, digital erasure with its low barrier-to-entry, in terms of cost and implementation, is the suitable alternative. DESCRIPTION: Through reverse engineering techniques, adversaries can extract information stored in non-volatile memory from abandoned, misused, single-use, leave-behind, or unattended U.S. military systems. Furthermore, utilizing volatile memory storage (i.e., Random Access Memory, RAM) for a system’s Critical Program Information (CPI), proprietary information, or intellectual property (IP) is not an adequate design technique to ensure the information is unrecoverable as new, sophisticated techniques are able to “freeze” binary signatures etched onto the storage medium hardware. These capabilities enable adversaries and other nation-state actors to potentially modify, exploit, exfiltrate, or leverage U.S. military systems, including their design and information, risking Original Equipment Manufacturer (OEM) business advantages and the U.S. military’s technological superiority. However, systems designed with reconfigurable logic hardware (e.g., Field Programmable Gate Arrays, FPGAs) instead of Application Specific Integrated Circuits (ASICs) to execute system functions provides a hardware fabric that can be completely erased in order to protect sensitive designs and information from being reverse engineered. PHASE I: This is a Direct to Phase II topic (DP2). Small businesses, at the time of proposal, must have a solution capable of and, at the time of award, be able to demonstrate a proof-of-concept digital erasure solution capable of modifying the FPGA fabric to ensure the original data within memory is no longer recoverable. DIRECT TO PHASE II: As a Direct to Phase II, proposal submissions should include discussion on the following: • Demonstrate digital erasure functionality on commercial platforms/systems/controllers that, once activated by a trigger mechanism, will successfully erase the FPGA fabric in order to prevent data recovery through reverse engineering of the memory hardware. • Coordination with partners will reveal applications and preferred trigger mechanisms, thus the trigger functions themselves must be protected to mitigate the potential for adversaries to attack platforms through digitally erasing systems. • The developed tool will automatically implement digital erasure functionality onto FPGAs despite differences in vendors, components, interfaces, etc. to achieve platform-agnostic support. • To provide resiliency against reverse engineering, digital erasure function should erase FPGA fabric by writing randomized data to memory instead of writing only 0s or only 1s. • Optimization steps to reduce total erasure/overwrite times and resource utilization will be identified and implemented during development. • Streamline user experience and requirements both for warfighters to trigger digital erasure and for FPGA developers to implement digital erasure functionality. • Conduct commercialization strategy to integrate solution with existing toolchains and developer applications utilized by industry for FPGA development. • Solution testing and evaluation will be conducted through FPGA developer tools to digitally verify that the memory has been successfully erased, and later through performing simulated data remanence attacks, where the hardware is manipulated to retain memory states which are then analyzed, to provide realistic verification whether the original data can be recovered through sophisticated reverse engineering techniques after a memory erase. PHASE III DUAL USE APPLICATIONS: Data security is a top priority for organizations across all industries, which has companies rushing to adopt and implement the latest capabilities in data destruction and sanitation. The moderately high CAGR of 14.3% indicates sustained growth. Complete the maturation of the company’s technology developed in Phase II and produce prototypes to support further development and commercialization. KEYWORDS: Reconfigurable, Logic, Zeroize, Circuit, FPGA, System On A Chip, SoC, ASIC, Tamper, Data Assurance, Electronics, Microelectronics, Zeroization, Sanitization, Hardware, Memory REFERENCES: 1. NIST Special Publication 800-88: Guidelines for Media Sanitization, Revision 1,on%20the%20categorization%20of%20confidentiality%20of%20their%20information 2. Lohrke, H., Tajik, S., Krachenfels, T., Boit, C., & Seifert, J. P. (2018). Key extraction using thermal laser stimulation: A case study on xilinx ultrascale fpgas. IACR Transactions on Cryptographic Hardware and Embedded Systems, 573-595. 3. Courbon, F., Skorobogatov, S., & Woods, C. (2016, November). Direct charge measurement in floating gate transistors of flash EEPROM using scanning electron microscopy. In ISTFA 2016 (pp. 327-335). ASM International. 4. Gupta, K., & Nisbet, A. (2016). Memory forensic data recovery utilising RAM cooling methods. 5. Gutmann, P. (2001). Data remanence in semiconductor devices. In 10th USENIX Security Symposium (USENIX Security 01). 6. Skorobogatov, S. (2002). Low temperature data remanence in static RAM (No. UCAM-CL-TR-536). University of Cambridge, Computer Laboratory.
US Flag An Official Website of the United States Government