As FPGA capacities become larger, the value of the design IP has become greater. Additionally, the threat landscape has become decidedly more hostile with new vulnerabilities (such as differential power analysis being discovered) and a greater number of more aggressive, knowledgeable, and well-funded adversaries. Cost pressures are driving manufacturing into less trusted locations. These factors are affecting the security of the devices and their supply chain, the user’s design IP and the FPGA configuration process, and any sensitive information the end system may be called upon to process.
The following illustration shows some of the potential threats in your supply chain:
The techniques and features required to provide the level of security required in today’s high-stakes, high-threat environment include a hardware roots of trust, strong cryptography coupled with topnotch key management at every stage, and devices with built-in passive and active countermeasures to protect against tampering. PolarFire FPGAs provide comprehensive best-in-class security at all stages of their life cycle.
The foundation for all information security is trusted hardware. If you can’t trust the hardware to do what it is supposed to do (that is, nothing malicious), then the security war is lost at the first battle. Microsemi has taken extraordinary steps to secure the supply chain so users of the PolarFire FPGAs can be assured that they are working with trustworthy devices. Microsemi provisions the PolarFire FPGA family devices with cryptographic keys and certificates that can be used to verify each FPGA is authentic. The provisioning process is done securely, using FIPS140-2 level 3 certified hardware security modules (HSMs) placed at its wafer probe and package test facilities, preventing the possibility of rogue insiders subverting the process. All secret keys are encrypted and authenticated during transit and encrypted while stored, only being generated and used within the secure hardware boundary of an HSM or the FPGA. All security protocols (including key verification) are designed to prevent monitoring, man-in-the-middle, and replay attacks from succeeding. For example, Microsemi’s PolarFire FPGAs, unlike the competitors’, have a built-in cryptographic-grade true random number generator (TRNG) that is used to ensure each protocol session is “fresh” and not a replay of a previous session.
Besides public data, such as a unique-per-device serial number, only Microsemi FPGAs are provisioned with secret symmetric and asymmetric keys and an X.509-compliant public key certificate. These can be used to securely identify the device and to load confidential user keys and the initial user security policy. The X.509 certificate is issued and digitally signed by Microsemi, only for verified devices that pass the test, which prevents counterfeit devices or devices that failed and were supposedly scrapped (also known as floor sweepings) from entering the supply chain undetected. The following illustration shows the secure provisioning of each PolarFire FPGA with a unique serial number, keys, and its X.509 public key certificate.
Design security is the protection of the user’s IP, which is used to configure the PolarFire FPGA. This not only includes keeping the IP confidential during transit but also ensuring that it is authentic, coming unmodified from an authorized source, and that it is used only in the ways the user intended (for example, to program only a fixed number of devices and no more). It is certain that manufacturing and field locations provide greater exposure to malicious activity than the user’s design center did. PolarFire FPGAs utilize the keys and certificate provisioned by Microsemi, plus other techniques—such as patented countermeasures to differential power analysis (DPA)—to provide best-in-class FPGA design security in both the manufacturing and field environments.
Side Channel Analysis (SCA)
SCA is a class of techniques used to extract secrets, such as cryptographic keys, from an electronic system by monitoring information leaked through unintentional side channels. Many SCA techniques were discovered by Paul Kocher and his associates at Cryptography Research, Inc. (CRI, now a division of Rambus) in the late 1990s. The following illustration shows the registered trademark of CRI in the United States and other countries, used under license. Licensed DPA Security Logo:
Today, over seven billion integrated circuits are produced per year under license to Rambus/CRI’s DPA patent portfolio. Based on an independent assessment, CRI granted Microsemi use of the “DPA padlock” security logo in conjunction with the design security protocols of SmartFusion™2 and IGLOO2 FPGA families. No other FPGAs on the market have been similarly certified. It is anticipated that the PolarFire FPGA family will easily pass this certification also, using Microsemi’s second generation DPA-resistant design security technology.
Physically Unclonable Function (PUF)
Microsemi introduced the Quiddikey®-Flex SRAM-PUF technology (licensed from Intrinsic ID, BV) in the SmartFusion2 and IGLOO2 FPGA families. PolarFire FPGAs use the latest incarnation of Quiddikey technology that combines both an SRAM-PUF and a Bus-Keeper-PUF, along with state-ofthe-art security enhancements unequaled by any other FPGA.
The following illustration shows the PolarFire FPGA’s dual SRAM-PUF and bus-keeper-PUF being used to generate a hardware intrinsic key and a true random number.
A physically unclonable function exploits intrinsic device-to-device differences generated randomlyduring manufacturing to create a unique secret ID, or “fingerprint,” to derive a repeatable AES-256 key-encryption-key used for wrapping and storing other keys. Along with other countermeasures, the SRAM and the bus-keepers are powered-down when not in use, keeping the PUF secret ID and any keys protected by it secure.
Data Security Features
Many of the same features that provide a solid hardware-based root-of-trust for design security also make PolarFire FPGAs ideal for data security applications.
PolarFire FPGAs include a TeraFire® EXP-F5200B crypto-processor dedicated to the FPGA user. The TeraFire core implements many of the most commonly used cryptographic algorithms such as AES,
SHA 2, ECC, RSA, DH, and includes a cryptographic-grade TRNG. The performance of the user’s TeraFire crypto-processor should be suitable for many applications, reducing the costs (area, power, and licensing-related) compared with adding an accelerator to the FPGA fabric.
For details on which specific algorithms and modes were certified, see the NIST CAVP website using the certification numbers. Where a second certificate number is shown, it is for the TeraFire EXPF5200ASR used by the system controller for FPGA design security, which is also certified ECC CDH: 790.
All algorithms using a secret key are available heavily protected against side-channel analyses, such as SPA, TA, DPA, and DEMA. The availability of so many common algorithms with the high level of performance and DPA resistance offered by the TeraFire crypto-processor is not only unique amongst FPGAs, but is hard to find elsewhere in any type of publicly available device.
As always, I welcome your comments and feedback. Please connect with me on LinkedIn today.
Leave a Reply
You must be logged in to post a comment.