feature article
Subscribe Now

Fending Off Evil

Protecting Your FPGA Against DPA

It’s 3AM, and you wake unexpectedly.  They’re out there… the Evildoers.  You can almost feel them.  They’re out there right now holding a copy of your latest board – with the FPGA sitting right in the middle.  It’s the same one you put in your design.  Reverse-engineering the board is easy – or heck, they may just have a way to sneak a few off the assembly line where they’re being made.  You know the place – you were nervous when purchasing made the deal.  The prices were a little too low and the opacity was a bit too high.  That’s why you have it set up so your FPGA bitstream doesn’t get loaded until the product gets back to your facility.

Nonetheless, they’re out there.  They’re looking at your board right now, and they’re trying to figure out how they can steal your design – or your customers’ data.  You took precautions, of course.  Maybe your bitstream is encrypted with the FPGA-vendor’s security features.  Your customers’ data is definitely encrypted.  You can go back to sleep now, right?  They won’t be able to get your encryption keys.  

As you try to fall back asleep again, you remember what they’re probably doing.  You’ve heard about Differential Power Analysis (DPA) attacks at some conference one time.  Maybe you didn’t stay for the whole talk.  They were analyzing the power supply, finding the exact point where the encryption keys are loaded, running some DSP on them, and gradually decoding the encryption keys with clever filtering.  That wouldn’t work with a complicated design in a device like an FPGA would it?

Oh yes.  It would.

Cryptography Research has been thinking about DPA attacks for a long time now.  In fact, they apparently invented the attacks themselves, back in 1997. (They prefer to use the euphemism “discovered” DPA.) Now, before you start your rant about how people shouldn’t be inventing dangerous things just so they can sell you a defense against them, remember that “security by obscurity” doesn’t work.  If they didn’t “discover” DPA, somebody else would. (In fact, there are rumored to be others that knew about DPA even before Cryptography Research went about patenting their defenses.)  What’s more – they weren’t doing it to help people jack your FPGA design – honest.  They had bigger fish to fry.  You know the smart cards that are used in financial transactions all over the world?  Yeah.  If you were a bad guy – would you rather crack those or somebody’s FPGA-based automotive infotainment system?

DPA is about as clever and devious a scheme as you can imagine.  It doesn’t require disassembly of the circuit.  It doesn’t require fancy equipment – a digital scope and a decent PC will get you up and running.  All it requires is a working copy of the system.  Using a divide-and-conquer approach, you find the time where the encryption keys are being loaded, run a few experiments, and the bits start dropping out like one of those TV-show scenes where the hacker is getting the secret password character-by-character and all of us in the audience with any technical background are rolling our eyes in disdain.

DPA is actually the “middle-child” of power-analysis attacks.  There is also simple power analysis (SPA) and high-order differential power analysis (HO-DPA).  For most real-world designs, SPA is too primitive to get results easily, and HO-DPA is too complicated to manage efficiently.  DPA, on the other hand, is just right.  

Power analysis attacks are also more sinister because we generally cannot detect them and because physical barriers are ineffective in stopping them.  The only effective countermeasures are those that logically interfere with the analysis process.

Countermeasures include things you might expect – such as injecting additional noise into the operation, randomizing sequences of events, altering timing, and changing the algorithm – all of which are designed to increase the signal-to-noise ratio and make the attack more difficult. The problem is – you can’t create effective countermeasures against DPA unless you are an expert at doing DPA.  (No, just sticking a big capacitor on your power pins to smooth out the noise won’t work.  The bad guys thought of that already.)

Cryptography research has a variety of countermeasures available in various forms – most of which boil down to licensing you some specialized IP or consulting with you on your particular project.  If you were counting on the fact that you have an FPGA in your design making it safer – you were mostly right.  FPGAs can be used to mitigate many of the known techniques for stealing your and your customers’ IP.  Side-channel attacks such as DPA, however, are intriguing and dangerous beasts.  If your design needs to be safe from these threats, your only two options are really 1) become an expert in security yourself (not a viable option for most of us that have other things to do with our career – like design stuff) or 2) enlist the services of security experts such as Cryptography Research.  

As with any engineering decision, the effort you put into security is a trade-off – balancing the consequences of a successful attack against the cost of preventing one.  In most cases, it also pays to understand the motivation level of a likely attacker.  If your likely attackers are two guys in a basement with an oscilloscope trying to see if they can crack your design for fun, you might invest a different amount than if the likely attacker is a government with immense resources available to break your circuit for national security reasons.  The starting point for this decision, however, is awareness of the threat in the first place, and thusly – our work here is done.

You can go back to sleep now. 

Leave a Reply

featured blogs
Nov 25, 2020
It constantly amazes me how there are always multiple ways of doing things. The problem is that sometimes it'€™s hard to decide which option is best....
Nov 25, 2020
[From the last episode: We looked at what it takes to generate data that can be used to train machine-learning .] We take a break from learning how IoT technology works for one of our occasional posts on how IoT technology is used. In this case, we look at trucking fleet mana...
Nov 25, 2020
It might seem simple, but database units and accuracy directly relate to the artwork generated, and it is possible to misunderstand the artwork format as it relates to the board setup. Thirty years... [[ Click on the title to access the full blog on the Cadence Community sit...
Nov 23, 2020
Readers of the Samtec blog know we are always talking about next-gen speed. Current channels rates are running at 56 Gbps PAM4. However, system designers are starting to look at 112 Gbps PAM4 data rates. Intuition would say that bleeding edge data rates like 112 Gbps PAM4 onl...

featured video

Introduction to the fundamental technologies of power density

Sponsored by Texas Instruments

The need for power density is clear, but what are the critical components that enable higher power density? In this overview video, we will provide a deeper understanding of the fundamental principles of high-power-density designs, and demonstrate how partnering with TI, and our advanced technological capabilities can help improve your efforts to achieve those high-power-density figures.

featured paper

Streamlining functional safety certification in automotive and industrial

Sponsored by Texas Instruments

Functional safety design takes rigor, documentation and time to get it right. Whether you’re designing for the factory floor or cars on the highway, this white paper explains how TI is making it easier for you to find and use its integrated circuits (ICs) in your functional safety designs.

Click here to download the whitepaper

featured chalk talk

TI Robotics System Learning Kit

Sponsored by Mouser Electronics and Texas Instruments

Robotics projects can get complicated quickly, and finding a set of components, controllers, networking, and software that plays nicely together is a real headache. In this episode of Chalk Talk, Amelia Dalton chats with Mark Easley of Texas Instruments aVBOUT THE TI-RSLK Robotics Kit, which will get you up and running on your next robotics project in no time.

Click here for more information about the Texas Instruments TIRSLK-EVM Robotics System Lab Kit