feature article
Subscribe Now

The Industry Locksmith

CRI Behind the Scenes

When we are worried about our security at home, we usually call a locksmith – a security expert that can analyze our defenses, weigh them against threats (both known and imagined), and help us implement security measures that will meet our goals. This is a difficult job for people to do on their own. Paranoia creeps in, as does complacency. We have a difficult time doing a realistic assessment of our own vulnerabilities and of the capabilities and determination of our adversaries. It helps to bring in a professional.

For example, we may want to wear a foil hat to protect us against prying brain scans deployed from silent black helicopters. This cranial faraday cage is our security blanket. A professional, however, may have additional insight. He may understand that “they” aren’t willing to pay thousands of dollars per hour in helicopter deployment – just to snatch the secret recipe for blueberry crumbcake out of our heads as we’re preparing our morning breakfast. He may also understand the limitations and practical considerations of current mind-reading rays. He might advise us that our security anxiety would be better focused by not having the password for all of our online accounts set as “password.”

This same problem, perhaps in a more down-to-earth sense, arises in our electronic designs. We know there are bad guys out there. We regularly read about various schemes and attacks that could potentially affect our projects. We hear about cloning, overbuilding, counterfeiting, and similar horrors, but it’s almost impossible to figure out on our own what our real risks are, what capabilities the bad guys actually have, and what practical steps we need to take to protect ourselves. Here, too, a professional can be a huge help.

If we’re designing with FPGAs, these problems become layered. We need to take the appropriate steps to protect our own designs, but we also need to know that our FPGA supplier has implemented proper measures to protect us from behind-the-scenes attacks. Putting a top-flight crypto engine into our FPGA design doesn’t help if the FPGA itself is vulnerable to reverse-engineering or key extraction. Every layer of our implementation has to be secure before we are. It doesn’t help to lock the front door if the side door is standing wide open.

In our industry, some of the best-known “professionals” in the security space are at Cryptography Research, Inc. (CRI) These folks make a living studying attacks on electronic systems, inventing defense mechanisms, and trying to find new vulnerabilities in existing defenses. These guys have forgotten more about security than most of us will ever learn. OK, that’s not a good meme here. Talking with CRI President and Chief Technologist Paul Kocher, it quickly becomes clear that these guys have never forgotten anything about security. Security is in their DNA (encrypted with 128-bit AES, of course).

CRI is probably best known for their discovery of a super-creepy vulnerability known as Differential Power Analysis (DPA). With DPA, a single attacker armed with a scope, a PC, some duct tape, and some bailing wire can (relatively) quickly and easily extract the crypto keys from most systems. Oh, and they don’t even need the duct tape and bailing wire – we just put those in for effect. Basically, an attacker can just monitor the power consumed by your device, do some DSP and statistical analysis of the signal, and your crypto keys come dancing right out the other side – no special invasive procedures or exotic equipment required. Hey, wait – your crypto keys spell out “password.” We TOLD you that was a bad idea.

In the FPGA industry, the company probably most closely associated with secure design is Microsemi – or, more specifically, the portion of Microsemi formerly known as Actel. These guys have made a business for decades selling FPGAs to some fairly security-conscious folks like the US Military, the CIA, the NSA… Wait, we didn’t say those last two. We have no evidence of that. We made it up, honest. (Re-donning foil hat now).

When Microsemi went to develop their new SmartFusion2 devices (which are, as far as we can tell, the most secure FPGAs on the market at the moment) even THEY enlisted the help of CRI. CRI reportedly consulted on the overall security measures in SmartFusion2, and they licensed IP for countermeasures to Microsemi – and by a pull-thru license, to Microsemi’s customers. This is a testament to the competence of CRI, and to the fact that CRI holds active patents on a lot of the best countermeasures.

SmartFusion2 includes a secure key storage capabiity using a “physically unclonable function” (PUF) key enrollment. A PUF basically takes advantage of random manufacturing variations in each individual device to provide a unique challenge-response mechanism. Even an exact physical duplicate of the device would yield different challenge-response results, so every device is uniquely identifiable. You can’t drop a different SmartFusion2 device into a circuit and get past the security scheme. The SmartFusion2 device itself also employs CRI countermeasures for DPA protection. FPGAs have been known to be vulnerable to attacks to the encryption in their bitstream configuration process, where it has been possible to extract the encryption keys using techniques like DPA, and thus capture (and reverse-engineer) the design being loaded into the FPGA itself. These CRI countermeasures are meant to stop these types of attacks.

CRI also licensed crypto accelerators to Microsemi for re-license to SmartFusion2 users. That means you can use a built-in CR AES-256, SHA-256, or 384-bit elliptical curve cryptographic ECC engine and a non-deterministic random bit generator built right into SmartFusion2. In addition to giving you a proven, secure piece of critical IP, having these blocks implemented as hard IP on the device should dramatically reduce the power required by these sometimes compute-intensive operations.

As an aside, because SmartFusion2 is a flash-based FPGA, it has certain other security benefits that do not come from CRI. For one thing, it can be configured as a non-volatile FPGA, and the ability to re-configure can be permanently disabled. That means there is no configuration bitstream to intercept or corrupt, so the device will basically behave as an ASIC. Info stored in flash cells is considered impossible or very very difficult to retrieve by inspection (unike fuses and anti-fuses). Overall, the combination of Microsemi/Actel and CRI technology probably make SmartFusion2 the most secure FPGA on the planet. With the increase in density and performance that SmartFusion2 brings to the table, we’re likely to see these guys competing in places they never appeared before.

In today’s age of increasingly integrated, mobile, and wireless system designs – security will be an issue for just about every system designer. Gone are the days when only military and cloak-and-dagger folks had to worry about protecting their designs, their IP, and their data. Most system designers are woefully under-prepared and under-informed on the threats, mitigation techniques, and best practices when it comes to design and data security. With that reality, it’s nice to know that there are experts like CRI available to help us out.

2 thoughts on “The Industry Locksmith”

  1. “…we may want to wear a foil hat to protect us against prying brain scans deployed from silent black helicopters.”

    What’s this with “We”?

Leave a Reply

featured blogs
Jun 6, 2023
Learn about our PVT Monitor IP, a key component of our SLM chip monitoring solutions, which successfully taped out on TSMC's N5 and N3E processes. The post Synopsys Tapes Out SLM PVT Monitor IP on TSMC N5 and N3E Processes appeared first on New Horizons for Chip Design....
Jun 6, 2023
At this year's DesignCon, Meta held a session on '˜PowerTree-Based PDN Analysis, Correlation, and Signoff for MR/AR Systems.' Presented by Kundan Chand and Grace Yu from Meta, they talked about power integrity (PI) analysis using Sigrity Aurora and Power Integrity tools such...
Jun 2, 2023
I just heard something that really gave me pause for thought -- the fact that everyone experiences two forms of death (given a choice, I'd rather not experience even one)....

featured video

Shift-left with Power Emulation Using Real Workloads

Sponsored by Synopsys

Increasing software content and larger chips are demanding pre-silicon power for real-life workloads. Synopsys profile, analyze, and signoff emulation power steps to identify and analyze interesting stimulus from seconds of silicon runtime are discussed.

Learn more about Synopsys’ Energy-Efficient SoCs Solutions

featured paper

EC Solver Tech Brief

Sponsored by Cadence Design Systems

The Cadence® Celsius™ EC Solver supports electronics system designers in managing the most challenging thermal/electronic cooling problems quickly and accurately. By utilizing a powerful computational engine and meshing technology, designers can model and analyze the fluid flow and heat transfer of even the most complex electronic system and ensure the electronic cooling system is reliable.

Click to read more

featured chalk talk

In-Cabin Monitoring Systems (ICMS) Using Automotive Short Range Radar
Sponsored by Infineon
Worldwide regulation and legislation is driving a demand for automotive in-cabin monitoring systems. In this episode of Chalk Talk, Michael Thomas and Amelia Dalton investigate how short range radar can be utilized for a variety of in-cabin monitoring systems. They also examine the implementation of these different systems and how Infineon’s low-cost and low power radar solutions could make our vehicles safer than ever before.
Nov 1, 2022
26,936 views