PUFBind: PUF-Enabled Lightweight Program Binary Authentication for FPGA-based Embedded Systems

Field Programmable Gate Array (FPGA)-based embedded systems have become mainstream in the last decade, often in security-sensitive applications. However, even with an authenticated hardware platform, compromised software can severely jeopardize the overall system security, making hardware protection insufficient if the software itself is malicious. In this paper, we propose a novel low-overhead hardware-software co-design solution that utilizes Physical Unclonable Functions (PUFs) to ensure the authenticity of program binaries for microprocessors/microcontrollers mapped on the FPGA. Our technique binds a program binary to a specific target FPGA through a PUF signature, performs runtime authentication for the program binary, and allows execution of the binary only after successful authentication. The proposed scheme is platform-agnostic and capable of operating in a "bare metal'' mode (no system software requirement) for maximum flexibility. Our scheme also does not require any modification of the original hardware design or program binary. We demonstrate a successful prototype implementation using the open-source PicoBlaze microcontroller on AMD/Xilinx FPGA, comparing its hardware resource footprint and performance with other existing solutions of a similar nature.