A Hybrid Security Framework with Energy-Aware Encryption for Protecting Embedded Systems Against Code Theft †

Kıyak, Cemil; BİLGE, HASAN; YILMAZ, FADİ

doi:10.3390/electronics14224395

A Hybrid Security Framework with Energy-Aware Encryption for Protecting Embedded Systems Against Code Theft †

Kıyak C. B., BİLGE H. Ş., YILMAZ F.

Electronics (Switzerland), cilt.14, sa.22, 2025 (SCI-Expanded, Scopus)

Yayın Türü: Makale / Tam Makale
Cilt numarası: 14 Sayı: 22
Basım Tarihi: 2025
Doi Numarası: 10.3390/electronics14224395
Dergi Adı: Electronics (Switzerland)
Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC
Anahtar Kelimeler: Ascon, Ascon-XOF, authenticated encryption, bitstream encryption, code theft protection, Dynamic Function eXchange (DFX), FPGA, key derivation, lightweight cryptography, side-channel resistance
Gazi Üniversitesi Adresli: Evet

Özet

This study introduces an energy-aware hybrid security framework that safeguards embedded systems against code theft, closing a critical gap. The approach integrates bitstream encryption, dynamic key generation, and Dynamic Function eXchange (DFX)-based memory obfuscation, yielding a layered hardware–software countermeasure to Read-Only Memory (ROM) scraping, side-channel attacks, and Man-in-the-Middle (MITM) intrusions by eavesdropping on communications on pins, cables, or Printed Circuit Board (PCB) routes. Prototyped on a Xilinx Zynq-7020 System-on-Chip (SoC) and applicable to MicroBlaze-based designs, it derives a fresh Authenticated Encryption with Associated Data (AEAD) key for each record via an Ascon-eXtendable-Output Function (XOF)–based Key Derivation Function (KDF) bound to a device identifier and a rotating slice from a secret pool, while relocating both the pool and selected Block RAM (BRAM)-resident code pages via Dynamic Function eXchange (DFX). This moving-target strategy frustrates ROM scraping, probing, and communication-line eavesdropping, while cryptographic confidentiality and integrity are provided by a lightweight AEAD (Ascon). Hardware evaluation reports cycles/byte, end-to-end latency, and per-packet energy under identical conditions across lightweight AEAD baselines; the framework’s key-derivation and DFX layers are orthogonal to the chosen AEAD. The threat model, field layouts (Nonce/AAD), receiver-side acceptance checks, and quantitative bounds are specified to enable reproducibility. By avoiding online key exchange and keeping long-lived secrets off Programmable Logic (PL)-based external memories while continuously relocating their physical locus, the framework provides a deployable, energy-aware defense in depth against code-theft vectors in FPGA-based systems. Overall, the work provides an original and deployable solution for strengthening the security of commercial products against code theft in embedded environments.