Electronic Design Electronic Design Europe Microwaves & RF Power Electronics Technology Source ESB Mobile Dev & Design Engineering TV
View this week's entry ad Subscribe Contact Register Sign In
Twitter Logo Facebook logo RSS Feed Logo Newsletter Logo
  • Channels
Part Inventory
Go
 
powered by:

 
  • Quick Poll
What Social Networking site do you use the most?



VOTE VIEW RESULTS
Previous Polls
Top Articles Most Emailed Most Commented
 

  1. What's The Difference Between IPv4 and IPv6
  2. What’s the Difference Between 3G and 4G Cellular Systems?
  3. Behind the Scenes at CES 2012
  4. Understanding Modern Digital Modulation Techniques
  5. Does Wi-Fi Put Danger In Your Pocket?
  6. What’s All This Spicey Stuff, Anyhow? (Part I)
  7. Tools Enable More Analog Innovation In 2012
  8. Automotive ICs Keep Catastrophes At Bay
  9. High-Power LED Modules Demand Specialized Electrical Test Tools and Techniques
  10. Formal Techniques for Protocol Verification: A Case Study On Verifying the ARM ACE Protocol

Premium Content

New Signal Chain Technical Papers from Texas Instruments:

 

 

 

Protect Your FPGA Against Piracy

A cost-effective authentication scheme provides protection of IP in SRAM-based FPGA designs.


Bernhard Linke

July 10, 2008

Print
Reprints Comment Subscribe

Over the past two decades, the field-programmable gate array (FPGA) has transitioned from a prototyping tool to a flexible production solution in both consumer and industrial applications. With FPGA logic complexity increasing from a few thousand gates to millions of gates, the devices are able to hold more of the key functions (intellectual property) of a system.

Today, designers can select FPGAs that employ various technologies to hold the configuration data—one-time programmable antifuses, reprogrammable flash-based storage cells, and reprogrammable SRAM-based configurable logic cells. Both antifuse- and flash-based solutions provide relatively secure solutions, since the configuration data is stored on the FPGA chip and there are mechanisms that prevent the stored data from being read out. And, unless very sophisticated schemes such as depacking, microprobing, voltage contrast electron-beam microscopy, and focusedion- beam (FIB) probing are used to pry into the silicon and to disable security mechanisms,1 it’s very unlikely that the data will be compromised. (For a short backgrounder on FPGAs, see “Technology Options And Issues For FPGAs,” p. 52.)

Static-RAM-based (SRAM) FPGAs, however, have fewer safeguards to protect that IP (the configuration data) against illegal copying and theft. The reason is that once the data is loaded, it’s held in SRAM memory cells. Such cells can easily be probed to determine their contents. In addition, without some type of security mechanism to protect the configuration data before it’s loaded into the chip, that data is open to snooping. That’s because the bit stream is usually stored in a separate memory chip read by the FPGA upon power-up to load its configuration pattern. There are, though, some simple ways to secure that data to prevent someone from copying the configuration pattern (stealing the IP).

THE WEAK POINT OF SRAM-BASED FPGAS
Due to the two-chip solution—FPGA and configuration memory—the configuration data bit stream is exposed to eavesdropping during the power-up phase. Since the FPGA can’t tell whether the bit stream is “genuine” or an illegally obtained copy, the intellectual property contained in the configuration data is totally unprotected. This wellknown issue has been partially addressed by means of security keys and bit-stream encryption. However, it’s only used for high-end FPGAs, which aren’t suited for consumer application due to their high cost.

WITHOUT PROTECTION
Particularly vulnerable to design piracy are applications that use SRAM-based FPGAs without bit-stream encryption. The configuration bit stream can be captured, reprogrammed into configuration PROMs, or simply replayed to make clones of the original design. Cloned products then compete with the original product, stealing the research and development investment as well as reducing the market share and profitability of the original manufacturer.

Even without encryption, antifuse- or flash-based FPGAs are more secure than SRAM-based FPGAs because the configuration data isn’t exposed to eavesdropping. But an assembly house, if set up to program the FPGAs, can program more units than authorized and sell them on its own without incurring any development costs. Such unauthorized devices are indistinguishable from the authorized devices and can significantly impact a company’s profitability.

One way to make the SRAM-based FPGAs a little more secure is to leverage multichip packaging and mount the nonvolatile memory inside a package along with the FPGA. Yet if someone opens the package, the data interface between the memory and the FPGA is exposed and the configuration pattern can be compromised.

The structure of the configuration bit stream (i.e., the sequence of data elements and how they’re coded and identified) is largely undocumented. The obscurity, complexity, and size of the bit stream make the reverse-engineering process difficult and time-consuming, though theoretically possible.1 If successful, even partial reverse engineering of the configuration stream makes it possible to hack a set-top box to steal services or tamper with power-train settings in a vehicle, causing liability problems for the original manufacturer.

THE CHALLENGE…
To prevent system costs from exploding, designers must keep using SRAM-based FPGAs without encryption. However, they have to find a way to protect the intellectual property from piracy. Furthermore, the added cost for the security measures must be as low as possible and the impact on the production flow must be minimal.

It’s crucial that the security-related hardware fit into the available space on the circuit board, but not increase the overall power consumption. Also, the impact of security on the FPGA’s resources (number of pins and logic elements) must be as low as possible.

… AND THE RESPONSE: AUTHENTICATION
The objective of the authentication process is to establish proof of identity between two or more entities. Key-based authentication takes a secret key and the to-be-authenticated data (“message”) as input to compute a message authentication code (MAC). The MAC is then attached to the message. The recipient of the message performs the same computation and compares its version of the MAC to the one received with the message. If both MACs match, the message is authentic.

A weakness with this basic model, though, is that an intercepted message can later be replayed by a non-authentic sender and be mistaken as authentic. The chance of a simple “replay attack” to succeed is resolved if the MAC computation incorporates a random challenge chosen by the MAC recipient. Figure 1 illustrates the general concept. The longer the challenge, the more difficult it is to record all possible responses for a potential replay.

To prove the authenticity of the MAC originator, the MAC recipient generates a random number and sends it as a challenge to the originator. The MAC originator must then compute a new MAC based on the secret key, the message, and the challenge and send the computed result back to the recipient. If the originator proves capable of generating a valid MAC for any challenge, it’s very certain that it knows the secret and therefore can be considered authentic. The technical term for this process is challenge-and-response authentication (Fig. 1).

Numerous algorithms are used to compute MACs, such as Gost-Hash, HAS-160, HAVAL, MDC-2, MD2, MD4, MD5, RIPEMD, SHA family, Tiger, and WHIRLPOOL. A thoroughly scrutinized and internationally certified one-way hash algorithm is SHA-1, which was developed by the National Institute of Standards and Technology (NIST). SHA-1 has evolved into the international standard ISO/IEC 10118-3:2004.

Continue on Page 2

Average (0 Ratings):

Subscribe
Subscribe to Electronic Design and start receiving more articles like this one
Filed Under:

Check for price and availability on Source ESB:

Go
powered by  
Comments
Add A Comment
Electronic Design
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here
Acceptable Use Policy

Sponsored Links