Presentation is loading. Please wait.

Presentation is loading. Please wait.

CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things.

Published byJovani Mashburn Modified over 10 years ago

Similar presentations

Presentation on theme: "CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things."— Presentation transcript:

1 CoolRunner-II CPLDs in Security

2 Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things with CoolRunner-II – Product theft – Intellectual property theft – A detailed example, securing an FPGA

3 Quick Start Training Security Basics Controlled Access – Voyager computer may be about it for true security Protocols – Less WHAT you do, more HOW you do it Most standards government developed/driven – NIST; NSA – International common criteria is new trend Military influenced Banking influenced Security attitude is critical

4 Quick Start Training Tamper Tamper evident – You fiddle with something, you leave tracks – Spyrus internet modules Temper resistant – Takes significant investment in time and money – Still, not impossible Tamper responsive - take action – Zero memory – Self destruct Tamper proof - mythical? Voyager computer? hmmm..

5 Quick Start Training A Basic Protocol Step 1: Sender places secret message into locked box Step 2: Attaches senders lock to one lock site on box Step 3: Sender transmits locked box to the receiver Step 4: Receiver attaches own lock & returns to sender Step 5: Sender sees receivers lock & removes senders lock Step 6: Sender re-sends box with only receivers lock Step 7: Receiver removes own lock and reads message Question: Where is the hole?

6 Quick Start Training Classic Protocol Attack Man in the Middle MiG version – Air Force jet flies over ground station transponder – Identify Friend or Foe (IFF) challenge occurs – Enemy aircraft records challenge and response – Knows correct response when challenged Used with 802.11b (laptop listener) Thief looking over shoulder at ATM for PIN Etc.

7 Quick Start Training Cryptography Ideas Long history going back to the ancients – Babylonians, Hebrews, Greeks, Romans, Chinese Lots of interest since WWI Concepts: confusion/diffusion (Shannon) Stream Ciphers Block Ciphers Big idea: protocols

8 Quick Start Training One Time Pad Plain TextKeyEncrypted Text Notes: # plain text bits equal # key bits Key must be random Key used only one time Perfect encryption if all steps followed

9 Quick Start Training Keep This in Mind

10 Quick Start Training CoolRunner-II Security What we have for security – Nonvolatility – Security protect bits Multiple bits – Reconfigurability Cracking CoolRunner-II – What will it take?

11 Quick Start Training Metal, Metal, Everywhere

12 Quick Start Training Cant Find Read Protect Bits

13 Quick Start Training CoolRunner-II Conceptual Idea Bits hidden here, somewhere...

14 Quick Start Training Cracking CoolRunner-II Security To readback you must: – Erase protect bits Cant get there with laser Must use charge pump Know where they are Issue correct subcommands Issue correct command sequence – Reverse the JEDEC file to get design Deeply buried protection resists tampering – Laser/electrical tampering locks down

15 Quick Start Training Additional CoolRunner-II Security Double Data Rate Operation – Data transactions less obvious DataGATE – Tamper response – Block I/O pin signals Power & Tempest attacks – Advanced state machines – CryptoBLAZE

16 Quick Start Training Securing an FPGA EPROM holds config file CPLD extracts bits CPLD delivers to FPGA Attacker can – Copy EPROM – Collect bitstream from FPGA Data input Classic Man in Middle attack FPGA* CoolRunner-II CPLD EPROM Data Control Address & Control Data * Non Virtex II, which has triple DES

17 Quick Start Training Trick #1 Encrypt EPROM Encrypt EPROM – Only be used with CoolRunner-II CPLD CPLD must decipher Attackers must catch data – Takes more time and is harder – Build hardware bit catcher If off by one bit, it wont work! FPGA* CoolRunner-II CPLD EPROM Data Control Address & Control Data

18 Quick Start Training CPLD Encryption D Q LFSR Clear Bits Encrypted Bits Basic idea: Stream Cipher; lots of them exist, this is a simple one Quality: Highly random within the repetition cycle Easy to build in CPLDs Lots of theory on building and using Also lots of theory on cracking them! You need to select the LFSR, then write code to encrypt the EPROM

19 Quick Start Training CPLD Encryption Continued Solution: Make things harder Fancier Stream Ciphers exist, we can make them, too!

20 Quick Start Training Trick #2 Hold Back Function Retain part of FPGA design in CPLD – Wont work without CPLD – Reverse eng. CPLD Typically control function – FPGA does data crunching and much control – CPLD does some, critical control FPGA* CoolRunner-II CPLD EPROM Data Control Address & Control Data

21 Quick Start Training Trick #3 Resist Blank EPROM Attack CPLD checks for blank EPROM Wont deliver FPGA stream unless – Multiple locations match internal compares Can take several actions – Do nothing – Deliver bogus bitstream – Erase the CPLD!* FPGA* CoolRunner-II CPLD EPROM Data Control Address & Control Data *details in cell phone theft design

22 Quick Start Training Summary CoolRunner-II Security is not perfect, but it is VERY GOOD! You can make designs substantially more expensive to reverse engineer These have been some ideas on how to use this capability, think up more of your own! See session on Cell Phone Theft & CryptoBLAZE See Security White Paper

Download ppt "CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things."

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
The Building Blocks: Send and Receive Operations

The Building Blocks: Send and Receive Operations
Conventional Encryption: Algorithms

Conventional Encryption: Algorithms
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.

Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.
251959084756578934940271832400483985714 292821262040320277771378360436620207075 955562640185258807844069182906412495150 821892985591491761845028084891200728449.

Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.

Chapter 10  ATM 1 Automatic Teller Machines. Chapter 10  ATM 2 Automatic Teller Machines  “…one of the most influential technological innovations of.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Caesar Cipher a b c d e f g h I j k l m n o p q r s t u v w x y z b c d e f g h I j k l m n o p q r s t u v w x y z a shift of 1 c d e f g h I j k l m.

Caesar Cipher a b c d e f g h I j k l m n o p q r s t u v w x y z b c d e f g h I j k l m n o p q r s t u v w x y z a shift of 1 c d e f g h I j k l m.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Similar presentations

Ads by Google