Séminaire sécurité des systèmes électroniques embarqués

Accueil     Présentation     Archives

Richard Newell


Recent advances in FPGA security

Field Programmable Gate Arrays (FPGAs) and System on Chip (SoC) FPGAs have become a critical component in many systems, filling the gap between commercially available Application Specific Standard Products (ASSPs), which are too inflexible, and custom Application Specific Integrated Circuits (ASICs), which are too expensive for all but the highest volume consumer goods or the very most critical security applications where cost is hardly a factor. Many defense and industrial applications fall into the production volume range where FPGAs are the most economically attractive option, but still require moderate to high levels of security to protect the design IP (called "design security") and the data processed at run-time ( called "data security"). In order to achieve these goals, the FPGA supply chain must also be secure to ensure the FPGAs built into systems are not counterfeit and are doing (only) what they are supposed to be doing (often referred to as "trust").
Until 2013, the FPGAs on the market offered, at most, some very minimal security by encrypting the FPGA configuration file (a.k.a. "bitstream"). The user design automation tools provided by the FPGA vendor could optionally encrypt the FPGA bitstream, and during configuration in production or upon each power-up cycle, the devices would decrypt it as it was loaded. However, very little consideration was given to how the encryption keys were secured and loaded, authentication of the bitstream, practical approaches to preventing overbuilding, attacks like differential power analysis (DPA) that could extract keys from fielded devices, how to securely update fielded devices, and many other threats and security objectives besides just bitstream confidentiality, which itself was only secured against the weakest of adversaries.
Microsemi is leading the FPGA industry in improving the security of FPGAs and SoC FPGAs with features like public key certificates to improve trust, secure key loading and management using hardware security modules (HSMs) and state-of-the-art countermeasures for DPA to improve design security, and a high quality true random bit generator for end-user data security applications. This talk will discuss some of these recent advances in FPGA security as well as gazing into a crystal ball in an attempt to predict some future trends.