When we are worried about our security at home, we usually call a locksmith – a security expert that can analyze our defenses, weigh them against threats (both known and imagined), and help us implement security measures that will meet our goals. This is a difficult job for people to do on their own. Paranoia creeps in, as does complacency. We have a difficult time doing a realistic assessment of our own vulnerabilities and of the capabilities and determination of our adversaries. It helps to bring in a professional.
For example, we may want to wear a foil hat to protect us against prying brain scans deployed from silent black helicopters. This cranial faraday cage is our security blanket. A professional, however, may have additional insight. He may understand that “they” aren’t willing to pay thousands of dollars per hour in helicopter deployment – just to snatch the secret recipe for blueberry crumbcake out of our heads as we’re preparing our morning breakfast. He may also understand the limitations and practical considerations of current mind-reading rays. He might advise us that our security anxiety would be better focused by not having the password for all of our online accounts set as “password.”
This same problem, perhaps in a more down-to-earth sense, arises in our electronic designs. We know there are bad guys out there. We regularly read about various schemes and attacks that could potentially affect our projects. We hear about cloning, overbuilding, counterfeiting, and similar horrors, but it’s almost impossible to figure out on our own what our real risks are, what capabilities the bad guys actually have, and what practical steps we need to take to protect ourselves. Here, too, a professional can be a huge help.
If we’re designing with FPGAs, these problems become layered. We need to take the appropriate steps to protect our own designs, but we also need to know that our FPGA supplier has implemented proper measures to protect us from behind-the-scenes attacks. Putting a top-flight crypto engine into our FPGA design doesn’t help if the FPGA itself is vulnerable to reverse-engineering or key extraction. Every layer of our implementation has to be secure before we are. It doesn’t help to lock the front door if the side door is standing wide open.
In our industry, some of the best-known “professionals” in the security space are at Cryptography Research, Inc. (CRI) These folks make a living studying attacks on electronic systems, inventing defense mechanisms, and trying to find new vulnerabilities in existing defenses. These guys have forgotten more about security than most of us will ever learn. OK, that’s not a good meme here. Talking with CRI President and Chief Technologist Paul Kocher, it quickly becomes clear that these guys have never forgotten anything about security. Security is in their DNA (encrypted with 128-bit AES, of course).
CRI is probably best known for their discovery of a super-creepy vulnerability known as Differential Power Analysis (DPA). With DPA, a single attacker armed with a scope, a PC, some duct tape, and some bailing wire can (relatively) quickly and easily extract the crypto keys from most systems. Oh, and they don’t even need the duct tape and bailing wire – we just put those in for effect. Basically, an attacker can just monitor the power consumed by your device, do some DSP and statistical analysis of the signal, and your crypto keys come dancing right out the other side – no special invasive procedures or exotic equipment required. Hey, wait – your crypto keys spell out “password.” We TOLD you that was a bad idea.
In the FPGA industry, the company probably most closely associated with secure design is Microsemi – or, more specifically, the portion of Microsemi formerly known as Actel. These guys have made a business for decades selling FPGAs to some fairly security-conscious folks like the US Military, the CIA, the NSA… Wait, we didn’t say those last two. We have no evidence of that. We made it up, honest. (Re-donning foil hat now).
When Microsemi went to develop their new SmartFusion2 devices (which are, as far as we can tell, the most secure FPGAs on the market at the moment) even THEY enlisted the help of CRI. CRI reportedly consulted on the overall security measures in SmartFusion2, and they licensed IP for countermeasures to Microsemi – and by a pull-thru license, to Microsemi’s customers. This is a testament to the competence of CRI, and to the fact that CRI holds active patents on a lot of the best countermeasures.
SmartFusion2 includes a secure key storage capabiity using a “physically unclonable function” (PUF) key enrollment. A PUF basically takes advantage of random manufacturing variations in each individual device to provide a unique challenge-response mechanism. Even an exact physical duplicate of the device would yield different challenge-response results, so every device is uniquely identifiable. You can’t drop a different SmartFusion2 device into a circuit and get past the security scheme. The SmartFusion2 device itself also employs CRI countermeasures for DPA protection. FPGAs have been known to be vulnerable to attacks to the encryption in their bitstream configuration process, where it has been possible to extract the encryption keys using techniques like DPA, and thus capture (and reverse-engineer) the design being loaded into the FPGA itself. These CRI countermeasures are meant to stop these types of attacks.
CRI also licensed crypto accelerators to Microsemi for re-license to SmartFusion2 users. That means you can use a built-in CR AES-256, SHA-256, or 384-bit elliptical curve cryptographic ECC engine and a non-deterministic random bit generator built right into SmartFusion2. In addition to giving you a proven, secure piece of critical IP, having these blocks implemented as hard IP on the device should dramatically reduce the power required by these sometimes compute-intensive operations.
As an aside, because SmartFusion2 is a flash-based FPGA, it has certain other security benefits that do not come from CRI. For one thing, it can be configured as a non-volatile FPGA, and the ability to re-configure can be permanently disabled. That means there is no configuration bitstream to intercept or corrupt, so the device will basically behave as an ASIC. Info stored in flash cells is considered impossible or very very difficult to retrieve by inspection (unike fuses and anti-fuses). Overall, the combination of Microsemi/Actel and CRI technology probably make SmartFusion2 the most secure FPGA on the planet. With the increase in density and performance that SmartFusion2 brings to the table, we’re likely to see these guys competing in places they never appeared before.
In today’s age of increasingly integrated, mobile, and wireless system designs – security will be an issue for just about every system designer. Gone are the days when only military and cloak-and-dagger folks had to worry about protecting their designs, their IP, and their data. Most system designers are woefully under-prepared and under-informed on the threats, mitigation techniques, and best practices when it comes to design and data security. With that reality, it’s nice to know that there are experts like CRI available to help us out.