Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Slides:

Advertisements

Similar presentations

Scrubbing Approaches for Kintex-7 FPGAs

Advertisements

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

ICAP CONTROLLER FOR HIGH-RELIABLE INTERNAL SCRUBBING Quinn Martin Steven Fingulin.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Physical Unclonable Functions and Applications

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

1 MIS 2000 Class 22 System Security Update: Winter 2015.

EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.

Graduate Computer Architecture I Lecture 15: Intro to Reconfigurable Devices.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,

ENGIN112 L38: Programmable Logic December 5, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 38 Programmable Logic.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

CS 151 Digital Systems Design Lecture 38 Programmable Logic.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.

© 2011 Xilinx, Inc. All Rights Reserved This material exempt per Department of Commerce license exception TSU Xilinx Tool Flow.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

Threats and Challenges in FPGA Security Ted Huffmire Naval Postgraduate School December 10, 2008.

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Database Security and Data Protection Suseel Pachalla, CISSP.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

Lecture #3 Page 1 ECE 4110–5110 Digital System Design Lecture #3 Agenda 1.FPGA's 2.Lab Setup Announcements 1.HW#2 assigned Due.

EE3A1 Computer Hardware and Digital Design

CHAPTER 5 Configuration, Reconfiguration and Security.

ACCESS IC LAB Graduate Institute of Electronics Engineering, NTU FPGA Design with Xilinx ISE Presenter: Shu-yen Lin Advisor: Prof. An-Yeu Wu 2005/6/6.

Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems Ted Huffmire, Brett Brotherton, Gang Wang, Timothy Sherwood, Ryan.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Reconfigurable Embedded Processor Peripherals Xilinx Aerospace and Defense Applications Brendan Bridgford Brandon Blodget.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000.

This material exempt per Department of Commerce license exception TSU Xilinx On-Chip Debug.

Security Vulnerabilities in A Virtual Environment

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Computer Security By Duncan Hall.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Survey of Reconfigurable Logic Technologies

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

UNIT 7 SEMINAR Unit 7 Chapter 9, plus Lab 13 Course Name – IT482 Network Design Instructor – David Roberts – Office Hours: Tuesday.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

Security Issues in Information Technology

Port Knocking Benjamin DiYanni.

Evaluating Partial Reconfiguration for Embedded FPGA Applications

ABYSS : An Architecture for Software Protection

Security and Encryption

Embedded systems, Lab 1: notes

Protect Your Hardware from Hacking and Theft

Physical Unclonable Functions and Applications

Aimee Coughlin, Greg Cusack, Jack Wampler, Eric Keller, Eric Wustrow

Security in SDR & cognitive radio

Mohammad Alauthman Computer Security Mohammad Alauthman

Presentation transcript:

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs

2 Vulnerabilities During base array design and manufacture Same as custom device design and manufacture Same as custom device design and manufacture Do you trust your suppliers? Do you trust your suppliers? But FPGA application functionality is not exposed But FPGA application functionality is not exposed During application design Same as custom device design Same as custom device design Do you trust your tools and libraries? Do you trust your tools and libraries? During deployment Same as software Same as software Bitstream piracy Bitstream piracy Loading malicious bitstream Loading malicious bitstream Do you trust your customers? Do you trust your customers?

3 The IC Manufacturing Flow Concerns: Theft of the design Theft of the design Overbuilds Overbuilds Tampering with the design Tampering with the design Challenges: securing the design Through all phases Through all phases For all parties For all parties For months of elapsed time For months of elapsed time Design Mask making Wafer fabrication Sort (test) Packaging Final test

4 FPGA Flow Sensitive algorithm is in the programming. It is not exposed through the manufacturing process. It can be loaded into the device at a trusted facility. The “secret sauce” never leaves your basement in the clear. The IC manufacturing problem evaporates, but we must still secure the design in the field. Add Secret Bitstream Generic FPGAs Secure Facility Non-Secure Manfacturing Facility Non-Secure Environment

5 The Hostile Field Environment The attacker has physical access to the FPGA in the end system The attacker can observe the bitstream The attacker can observe the bitstream The attacker can tamper with the bitstream as it is being loaded The attacker can tamper with the bitstream as it is being loaded The attacker can observe the operation of the configured device The attacker can observe the operation of the configured device The attacker is a commercial entity Resources limited by potential gain Resources limited by potential gain

6 Xilinx Bitstream Security Goals What we intended to do: Prevent unauthorized copy Prevent unauthorized copy Prevent reverse engineering Prevent reverse engineering “Prevent ” means “Make it expensive” “Prevent ” means “Make it expensive” What we didn’t intend to do: Enable a cores business Enable a cores business Restrict access to the FPGA Restrict access to the FPGA Prevent malicious damage Prevent malicious damage What were our worries? Security holes Security holes Testing Testing

7 Bitstream Security Methods Plan A: program once, ship without external configuration storage Battery backup Battery backup Plan B: Bitstream Encryption (since Virtex-II) Virtex-II and Virtex-II Pro: 3DES Virtex-II and Virtex-II Pro: 3DES Virtex-4, Virtex-5: AES256 Virtex-4, Virtex-5: AES256 Keys erased if tampered Keys erased if tampered Battery backup Battery backup HW enforced restrictions HW enforced restrictions

8 The Silicon View: Hardware-Enforced Restrictions No readback if encryption used. No partial configuration if encryption used. Decrypted configuration must be alone inside the FPGA Decrypted configuration must be alone inside the FPGA No warm re-configuration if encryption used.  Configuration cleared before and after encrypted bitstreams. An attempt to access keys clears the keys and configuration data. Data integrity check of decrypted data assures no modification of encrypted bitstreams. The decryptor is not available for encrypting or decrypting user’s data after configuration

9 Check Designs in the Field Manage self- reconfiguration Introspection Read back configuration internally Read back configuration internally Check configuration against ECC bits Check configuration against ECC bits Fix configuration errors Fix configuration errors ICAP – Internal Configuration Access Port ICAP

10 Trust Verification for FPGA Design Tools Compare extracted netlist with expected netlist Network comparison Network comparison Formal verification Formal verification Detects tool “defects” Detects bad libraries Design Synthesis, Place and Route Extract netlist Compare Merge IP Libraries

11 Trust of the Base Array is Easier The secret part of the design is not in others’ hands for months during manufacture. An attacker does not know which devices to attack. Most (nearly all) FPGAs will not be used in sensitive applications. Most (nearly all) FPGAs will not be used in sensitive applications. Large numbers can be (destructively) tested. Large numbers can be (destructively) tested. Statistical assurance has better statistics. Statistical assurance has better statistics. Thorough checking, if needed, can be focused on the security logic.

12 Concluding Remarks Key observation: FPGA programming does not go through the IC manufacturing process. FPGAs change design trust in the field from a physical security issue to an information security issue. Known solutions to the information security problem have been applied to FPGA bitstreams.