ARPN JOURNAL OF SYSTEMS AND SOFTWARE VOL. 1 NO. 9 DECEMBER 2011 Implementation of a Server Architecture for Secure Reconfiguration of Embedded Systems Yannick Verbelen * , An Braeken * , Serge Kubera * , Abdellah Touhafi * , Jo Vliegen † and Nele Mentens † * Erasmushogeschool Brussel, Brussels, Belgium Email: {yannick.verbelen, an.braeken, serge.kubera, abdellah.touhafi}@ehb.be † Katholieke Hogeschool Limburg, Hasselt, Belgium Email: {jo.vliegen, nele.mentens}@khlim.be Abstract—Field reconfigurable logic finds an increased integration in both industrial and consumer applications. A need for secure reconfiguration techniques on these devices arises as live firmware updates are essential for a guaranteed continuity of the application’s performance. Ideally, a wide variety of different reconfigurable devices in a range of applications should be configurable with suitable firmware from a central location, since outdated or wrong configuration data could potentially cause irreversible damage to the device. At the same time eavesdropping must be made unfeasibly difficult to keep the intellectual properties of the application provider secured. This work proposes a software architecture for a server platform allowing secure bidirectional communication over TCP/IP with reconfigurable logic in the field. Moreover a performance comparison between C# and Java is discussed for the different cryptographic algorithms applied in the application. Index Terms—Server Architecture, Embedded System, FPGA, CRU ✦ 1 I NTRODUCTION The increased presence of reconfigurable logic de- vices such as Complex Programmable Logic Devices (CPLDs) and Field Programmable Gate Arrays (FP- GAs) in secure applications originates the need for a mechanism to securely reconfigure these devices with a revised bit stream. In the project STRES (Secure Tech- niques for Remote reconfiguration of Embedded Systems), a complete solution is developed for secure remote reconfiguration of an FPGA-based embedded system by means of a central reconfiguration unit (CRU). This solution consists of three different parts, as can be identified in Figure 1. The first part is the un- derlying communication protocol that ensures mutual authentication of client and server and data integrity and confidentiality. The second component represents the software implementation of the CRU. Finally, the last component consists of a synthesizable VHDL core that can be integrated into any existing application’s VHDL design. This core is developed with a focus on compactness and simplicity for integration. Especially this last property implies that during the design of the application, less attention must be given to reconfigu- ration since this capability can at release time be added to the application’s design. Server CRU Client FPGA STRES Handshake Protocol STRES Core User Application User Application SecurityAndSafety Database Postoffice { STRES Core Fig. 1. Structural model of FPGA and CRU in the STRES project. Since the VHDL code is fundamentally hardware independent (given the condition that enough recon- figurable space is available in the device) [3], only one hardware feature is required on the client side, being a communication port to the CRU. Although technically any interface connectable to the reconfigurable device can be used, the wide availability of the Internet in- spired the limitation of the STRES core communication 270