Mid-range FPGAs make no excuses for design and data security
October 19, 2017
A new-class of mid-range FPGAs incorporate an alphabet soup of features for design and data security. No more excuses.
Security in embedded designs has been a hot topic for a number of years, but security means different things to different people and organizations. Coming from experience, what one individual considers secure design requirements can vary dramatically from others.
Despite all the awareness and discussion about embedded systems needing higher levels of security, few systems today have a mandated security specification. Unfortunately, security is an afterthought for the majority of design specifications. Many engineers and architects assume that software will secure the system and so they simply need to concern themselves with protecting the IP that goes into their processor or system. However, nothing could be further from the truth.
Design engineers and architects need to implement security features not only in software, but in hardware too. Hardware security can:
- Protect products from being cloned or overbuilt
- Protect IP that enables companies to keep differentiating
- Protect data communications to prevent fraud and keep company brands from being tarnished
If you do not understand how to implement these features, you are not alone. Fortunately, there are options in the form of mid-range-density FPGAs that address modern security requirements.
The following addresses the key functions required to make a design significantly more secure.
Breaking down security requirements
The first step is to break down the security requirements of a design into two broad categories: design security and data security.
- Design security means taking steps to prevent IP from being extracted from silicon, which translates into a requirement for differential power analysis (DPA) countermeasures.
- Data security involves securing cloud and/or machine to machine (M2M) communications, leveraging secure storage for physically unclonable function-based (PUF-based) key generation and a DPA-resistant encryption engine.
Let’s look at each category in more detail and provide application examples of how mid-range FPGA architectures can address their requirements.
Most engineers know that it is important to protect the bitstream of an FPGA from being extracted. The usual method is to encrypt the bitstream with a key. Although keys are an obstacle for hacks, they are not adequate for today’s requirements. Why? Because of a technology called DPA.
When a device performs operations such as reading a key or decrypting a file based on a key, it gives off magnetic signals. These signals can be detected by an inexpensive electromagnetic probe. In a recent test conducted meters away from a design, DPA techniques were shown to be able to determine when a key was being read or accessed. From there, a probe and PC or logic analyzer only need a matter of minutes to find a pattern in the signals and determine what the key is. Once you have the key, you can decrypt the bitstream of the FPGA.
Let me repeat that: You can decrypt an encrypted bitstream simply using DPA with an inexpensive probe and a PC.
Fortunately there is a way to eliminate the DPA phenomena. Designers need to look for FPGAs with DPA countermeasures built into the device.
To date, only a limited number of FPGAs have had this capability built in, and many of these devices were high-end and costly. Now, cost-optimized, mid-range-density FPGAs such as Microsemi's PolarFire family incorporate DPA countermeasures for use in a wide variety of applications. PolarFire FPGAs incorporate design features that address DPA leakage, and prevent DPA attacks from compromising the bitstream.
A growing number of devices are connected to other devices or the cloud, which puts the data security of a system at risk. Hardware architects need to take responsibility for solving this issue, as software solutions alone are not adequate.
To ensure data communications are secure, the information being sent must be encrypted and decrypted on the receiving side using a specific algorithm and keys. There are many common algorithms (including AES-256, SHA, and ECC), and they must be based on a key to be utilized.
For connection to the cloud, a dual-key strategy known as public key infrastructure (PKI) is required. PKI is based on both public keys and private keys. Every node on the network has a certified public key that has been approved (or signed) by a trusted third party. Every node on the network also has its own private key known only to that node.
When sending secure communications, you use the certified public key of the node you are sending data to, as well as your own private key to encrypt the data. Only the node with the correct public key and corresponding private key will be able to decrypt the data. This is a basic description of how data to the cloud is secured.
But there are two important issues that hardware engineers can solve.
The first is DPA: Does the cryptographic engine (either FPGA logic or a cryptographic processor) have DPA countermeasures built in? If not, the private key can be determined, putting your data communications at risk.
The second is: How is the private key protected? There are numerous hardware components that can protect a key, but the most secure system is one in which a PUF is designed into the FPGA device. This leverages the unique attributes of each individual silicon die as a sort of biometric identifier of the device.
By using a PUF and non-volatile memory (NVM), a key can be stored with the highest level of encryption. When designs have data communications that must be secured, look to FPGAs that incorporate DPA countermeasures for the fabric and faculties for secure key generation and storage.
PolarFire FPGAs are designed to protect private keys and perform completely secure data communications (Figure 1). All the key building blocks are incorporated on the chip, including a DPA-safe cryptographic processor, PUF, key storage, and RNG. Designers simply need to program the processor to generate a key using the RNG and a specific encryption protocol (such as AES 256), then the on-board PUF provides secure key storage and the crypto processor implements the secure communication! Very little FPGA fabric resource is used to enable the secure communications.
Figure 1. Shown here is a functional block diagram of a mid-range-density PolarFire FPGA consisting of a data security processor, physically unclonable function (PUF), random number generator (RNG), and secure non-volatile memory (NVM).
Design and data security: No excuses
As securing devices becomes more challenging, designers need technology building blocks that make their system inherently secure. Mid-range-density FPGAs are now available that address the emerging security challenges facing embedded engineers, including design security through DPA countermeasures and data security with cryptographic processors. These security solutions also deliver lower power in smaller form factors.
No longer is it acceptable for designers to ignore security requirements.