FLATS: Filling Logic and Testing Spatially for FPGA Authentication and Tamper Detection

Security-critical field programmable gate array (FPGA) designs traditionally rely on bitstream encryption and hashing to prevent bitstream modifications and provide design authentication. Recent attacks to extract bitstream encryption keys, and research in automated bitstream manipulation tools, have created a class of vulnerabilities involving post-synthesis low-level FPGA editing. Current authentication and tamper (e.g., malicious modification) detection approaches dependent upon hash-based comparison mechanisms and register transfer level safeguards are vulnerable to these post-synthesis exploits. In this paper, we propose FLATS, which provides filling logic and testing spatially to combat such vulnerability. FLATS fills unused lookup tables (LUTs) within the FPGA design and inserts infrared-emitting spatial watermarks into the partially used LUTs at the post-synthesis stage for physical authentication and tamper detection using backside infrared imaging. FLATS takes an existing synthesized design and re-purposes a portion of its LUT initialization to function as a watermark allowing for the detection of changes to the post-synthesis placement and initialization. Experimental results validate the FLATS architecture on a 28nm Xilinx FPGA with less than 12% look-up table utilization overhead and negligible compromises in power and speed.