Abstract

FPGAs have seen extensive usage in applications such as cloud-computing, hardware acceleration, mobile devices, and military alike. While the reconfigurability of these devices allow them to be as adaptable as they are fast, it raises concerns of adversaries modifying not mere software, but hardware itself. Moreover, designers face an IP trust issue where they cannot be sure that a third-party IP was not modified in transaction, programming, or even post-programming. Cloud computing centers are hesitant to rent fabric on multi-tenant FPGAs due to the plethora of vulnerabilities and uncertainties that come with allowing users to reconfigure hardware. This thesis aims to address the problem of ensuring a bitstream acts exactly according to specification. That is, to detect any modifications or anomalies that may have occurred maliciously or accidentally at any point once the user’s FPGA has been programmed. We propose the use of the power side-channel, measured using the routing delay sensor (RDS), to model characteristics of the system in a known benign state. In turn, this data can be compared with power trace measurements taken on the system in question to declare the integrity of the circuit. Evaluated on a Basys3 FPGA running an AES-128 core, the method achieved a true negative rate of 100%; for the removal of MixColumns and the last round skip attack, we show an F1 score of 0.99 and 1, respectively. For the insertion of additional IP representing a hardware trojan alongside the original AES core, we show an F1 score of 0.246 and 0.611, respectively. This increases to 1 when the outputs of the hardware trojan are sent to the host PC rather than the original AES data.

Publication Date

4-2026

Document Type

Thesis

Student Type

Graduate

Degree Name

Computer Engineering (MS)

Department, Program, or Center

Computer Engineering

College

Kate Gleason College of Engineering

Advisor

Michael Zuzak

Advisor/Committee Member

Amlan Ganguly

Advisor/Committee Member

Tejasvi Das

Comments

This thesis has been embargoed. The full-text will be available on or around 5/3/2027.

Campus

RIT – Main Campus

Download

Share

COinS