FPGA Security

(sample agenda)


Revision Level "E", 02/22/05
(Best viewed with Netscape )

http://www.adapticom1.net/FPGA/FPGA-Security.html



Adapticom Inc.
P.O. Box 91461, Raleigh, NC 27675-1461, 919/870-0608


FPGA Security Activities
Item Risk assessment: Vulnerability of FPGA's to yield information to unauthorized parties after field installation and techniques available to minimize such a risk.
1
Industry wide review of FPGA "manufacturer supplied" techniques for securing the content of FPGA devices.
2
Use of unconventional, non-electronic, techniques to intrude on FPGA security and determine internal content of device.
3
Use / "misuse" of commercially available, manufacturer supported tools and probes to circumvent existing FPGA security features and reveal content.
4
Use of third party or custom electronic tools (logic analyzers, oscilloscopes, custom circuitry) to circumvent FPGA security features in order to reveal device content.
5
Analysis of availability of tools and techniques to reassemble the design and determine function from revealed content.
6
Recommended Design Practices: Design and Programming techniques and merits thereof that can be incorporated to maximize security of FPGA content after deployment to the field.




    FPGA Security Risk Assessment: Vulnerability of FPGA to yield information to unauthorized parties after field installation and techniques available to maximize security. The engineering activities will contain the following activities, milestones, and deliverables:

    Establish FPGA security vulnerabilities: revealing functionality or programming information after field installation. (Establish effectiveness of mfg. supplied security bit and/or other security features to protect content.)

    1. Industry wide review of FPGA manufacturer supplied techniques for securing the content of FPGA devices.
      1. Review of FPGA security related progress and accomplishments in the category of "Reprogrammable" FPGA's; review will include phone calls to manufacturers and knowledgeable parties, personal visits to manufacturers and knowledgeable parties, literature reviews, and internet research (this process to be known herein as Investigative Research).
      2. Review of FPGA security related progress and accomplishments in the category of "One Time Programmable" FPGA's; review will include phone calls to manufacturers and knowledgeable parties, personal visits to manufacturers and knowledgeable parties, literature reviews, and internet research (this process to be known herein as Investigative Research).
      3. Comparison of "pros" and "cons" of both categories.
      • Deliverables (to be known herein as "DELIVERABLES: STANDARD FOR INVESTIGATIVE RESEARCH"):
        • Written report
        • Slide show summary
        • Online access to engineering notebooks/logs

    2. Use of unconventional, non electronic, techniques to violate security and determine internal content of device.
      Work to consist of two categories of activities:
      1. Investigative Security Research
      2. Lab Activity: Empirical measurements, tests on, and prototyping of devices from sixteen FPGA manufacturers (Actel Altera Atmel Chip Express Clear Logic Cypress DynaChip Gatefield HammerCores Lattice Lucent Technologies Motorola Orbit QuickLogic Vantis Xilinx)
          Both categories of activities to be carried out on the following topics:
        1. Use of X-ray techniques to determine
        2. Use of ultrasonic techniques to determine content of secure FPGA's.
        3. Use of magnetic techniques to determine content of secure FPGA's.
        4. Focus on entering the device and reconnecting the security anti-fuse to enable the revealing of content of secure FPGA's.
        5. Use of device decapsulation to determine content of secure FPGA's:
          1. Microprobing of circuitry.
          2. Focused ION beams.
          3. Localized laser removal of metalization.
          4. Localized deposition of conducting traces.
      • Deliverables: Standard for Investigative Research:
      • Deliverables:
        • Video report of significant finds.
        • Written report.
        • Slide show summary.
        • Online access to engineering notebooks/logs.
        • Archived samples of modified or otherwise significant FPGA's.
        (to be known herein as "DELIVERABLES: STANDARD FOR LAB ACTIVITIES")

    3. Use / "misuse" of commercially available, mfg. supported tools and probes to circumvent existing security features and reveal content of secure FPGA's.
      Work to consist of two categories of activities:
      1. Investigative Security Research
      2. Lab Activity
      • Both categories of activities to be carried out on the following topics:
        1. Use of probes intended for internal chip debug to compromise FPGA security features.
        2. Use of programming and erasing tools to compromise FPGA security features.
          • Vulnerability of "Erase procedure": Starting the erase and then immediately powering down the device to erase the security bit and not the program contents to compromise FPGA security features.
      • Deliverables: Standard for Investigative Research
      • Deliverables: Standard for Lab activities

    4. Use of third party or custom electronic tools (logic analyzers, oscilloscopes, custom circuitry) to circumvent security features and reveal device content.
      Work to consist of two categories of activities:
      1. Investigative Research
      2. Lab Activity
      • Both categories of activities to be carried out on the following topics:
        1. Vulnerability of normal programming buses and pins to efforts to compromise FPGA security features.
        2. Vulnerability of JTAG interface to efforts to compromise FPGA security features.
        3. Vulnerability of other pins on device to efforts to compromise FPGA security features.
        4. Susceptibility of RAM to retain its contents when power is removed, including the effect of altering "power up" state to efforts to compromise FPGA security features.
        5. Vulnerability of device to changing voltages to discover hidden test modes in an effort to compromise FPGA security features.
      • Deliverables: Standard for Investigative Research
      • Deliverables: Standard for Lab activities

    5. Analysis of availability of tools and techniques to reassemble design and function from secure content.
      Work to consist of two categories of activities:
      1. Investigative Research
      2. Lab Activity
      • Both categories of activities to be carried out on the following topics:
        1. Analyzing the bit patterns and or code yielded, to form an intelligible schematic or listing in a Hardware Description Language.
      • Deliverables: Standard for Investigative Research
      • Deliverables: Standard for Lab activities

    6. Recommended Design Techniques: Design and Programming features and merits thereof that can be incorporated to maximize security of FPGA content after deployment to the field.
      Work to consist of two categories of activities:
      1. Investigative Research
      2. Lab Activity
      • Both categories of activities to be carried out on the following topics:
      1. Encryption techniques for secure FPGA devices required to load from external memory.
      2. Plausibility of developing custom versions of FPGA's with special programming algorithms.
      3. Addition of "masquerade" circuitry in unused gates to help occlude functionality to further enhance FPGA security features.
      4. Use of epoxy potting of the pcb with sensing wire wrapped around PCB as a security technique to initiate reprogramming chips on unauthorized access.
      5. Use of light sensitive devices inside the enclosure as a security technique to initiate reprogramming chips on unauthorized access.
      6. Use of flash-based FPGA's with built in encryption technology.
    • Deliverables: Standard for Investigative Research
    • Deliverables: Standard for Lab activities


Comments to:

http://www.adapticom1.net/mailto



Home | ComfortAire Preferred | New Product Development | Design For Security | Best Deer Feeder | FuelCellElectronics.com | Best Blow Dryer | Engineering Services | FPGA Security | New Product Development | links | C. McCord Reference Page | Air Bed Systems | Best Airbed

Adapticom, Inc. © Copyright 2003, All Rights Reserved Worldwide.