To establish an adequate defense against those who would steal your information,
one must first understand the application's environment and the details
of what needs to be protected. Many of today's electronic system designs
hosting complex software functions have been compromised by microcircuit
attacks aimed at the board level hardware components. With FPGAs increasingly
occupying the central control functions for many new designs, successful
attacks can bypass all software controls and directly reveal the fundamental
design details behind a system.
Inadequate security is usually caused by a failure to implement security
policies and make use of readily available tools. It is vital that companies
complete risk assessments and develop plans to protect their products.
One simple way to improve your overall design security from threats like
cloning, over-building, and reverse engineering, is to select a nonvolatile
secure FPGA to protect your valuable Intellectual Property.
Actel offers a broad-based portfolio of single-chip antifuse and reprogrammable,
low-power FPGAs to meet all of your system level design requirements with
the highest security available today. Actel's unique flash-based architecture,
used in the IGLOO FPGA series, ProASIC3 FPGA series, and Fusion mixed-signal FPGAs, provides a degree of flexibility
and security unrivaled by SRAM FPGAs in the market today. » Learn
More
Actel's trusted antifuse architecture provides a metal to metal interconnect
with potentially millions of individual connections, ensuring your designs
are safe from even the most intelligent invasive attacks. » Learn
More
Security in Actel Flash FPGAs
Until the advent of the IGLOO, ProASIC3, Fusion, ProASICPLUS and ProASIC families
of flash-based FPGAs there was no secure reprogrammable logic technology
available for embedded systems designers. While antifuse is the most secure
of all programmable logic solutions because of the difficulty associated
with trying to copy or reverse engineer the contents of a design, flash-based
FPGAs with FlashLock have the advantage of reprogammability and security.
Actel FlashLock
The Actel FlashLock advantage prevents unauthorized users from being able to read back the contents of an Actel flash FPGA. In addition to the inherent strengths of the architecture, special security keys are hidden throughout the fabric of the device, preventing internal probing and overwriting. They are located such that they cannot be accessed or bypassed without destroying the rest of the device, making both invasive and more subtle noninvasive attacks ineffective against Actel flash FPGAs.
A
ProASIC3 and ProASICPLUS flash cell cross section is
shown above. Determining the state of a single switch is difficult, as
microprobing the switch will destroy the charge on the floating gate. To
determine the state of millions of switches is prohibitive. In addition, the uniform (homogenous) nature of flash FPGAs makes it
difficult to identify probe points during invasive attacks.
Secure Against Over-building and Cloning
In flash-based FPGAs (IGLOO, ProASIC3 and Fusion), there are several security options against over-building and cloning
Option 1 is the use of FlashLock technology to lock the device
with a 128-bit key, which allows the device to be unlocked and reprogrammed
by providing the same key. In addition, permanent lock is possible, which
disables programming access to the part.
Option 2 is the possibility of using an additional
128-bit AES decryption key for protection against overbuilding. The flash FPGAs can be programmed in-house with an AES key only, then shipped to
a contract manufacturer for final programming. The contract manufacturer
programs the device with an AES-encrypted bitstream, hence only devices
with the same AES decryption key will get programmed.
Option 3 is an example of secure ISP, which can be achieved
by the flash FPGAs. The part can be reprogrammed remotely using an
AES encrypted programming file for easy and secure field upgrades. Intercepting
the encrypted configuration bitstream is useless. You must have the appropriate
AES decryption key in order for an encrypted configuration bitstream to
work.
Once the flash-based FPGAs have been made secure, they can be shipped
to third-party manufacturers with the confidence that it is virtually impossible
to extract your design (IP), thus preventing them from overbuilding during
manufacturing. It is equally difficult for a system cloner to extract the
design from a secured flash FPGA once the final system has shipped.
Secure Against Reverse Engineering
A number of factors complicate attempts to compromise an Actel flash FPGA. In order to determine the state
of any given flash element, the microscopic size and sheer number of the
switches (20 million on the A3PE3000) make it essentially impossible to
locate each cell and identify its programming state. Invasive probing to
evaluate each flash switch would result in the destruction (flash cell
charge) of the very programmed states needed to reverse engineer the design.
Even if the bitstream could be extracted, reverse engineering the bitstream
to a meaningful schematic is an extremely tedious process.
Secure Against Denial of Service (DoS)
While flash FPGAs can be in-system
programmed (ISP), if desired, they can also prevent DOS attacks by only
allowing ISP to key holders or by disabling the ISP capability completely
(lock permanently). Flash FPGAs can also be programmed with AES encrypted
bitstream, allowing only authorized and validated bitstreams to be programmed
to the device.
Security in Actel Antifuse
FPGAs
Industry experts regard antifuse as the most secure of all programmable
logic solutions because of the difficulty associated with trying to copy
or reverse engineer the contents of a design. Because of this, antifuse
FPGAs have long been used by the military and other OEMs, who demand the
highest security available. Actel's presence and rich tradition in these
markets is a powerful testimonial to the merit of Actel's products for
customers who value security.
-
- A Programmed Antifuse Cross Section
- An Unprogrammed Antifuse Cross Section
Determining the state of a single switch is difficult, to determine the
state of millions is prohibitive.
Secure Against Reverse Engineering
A number of factors complicate attempts to compromise an Actel antifuse
FPGA. The microscopic size and sheer number of antifuse make it essentially
impossible to locate each fuse and identify its programming state. For
example, a single AX2000 FPGA from Actel contains approximately 53,000,000
antifuses with only 2-5% programmed in an average design. Invasive probing
to evaluate each fuse would most likely result in the destruction of the
programmed states needed to trace the design.
The Industry's Leading Nonvolatile Single-Chip FPGA Solution
Once programmed, the device is inherently nonvolatile, which allows the
device to retain its configuration indefinitely without requiring an external
configuration device. This means that there is no bitstream susceptible
to interception, eliminating the potential for in-system errors or data
erasures that might occur during download.
Actel FuseLock
The Actel FuseLock advantage ensures that unauthorized users will not
be able to read back the contents of an Actel antifuse FPGA. In addition
to the inherent strengths of the architecture special security fuses that
prevent internal probing and overwriting are hidden throughout the fabric
of the device. They are located such that they cannot be accessed or bypassed
without destroying the rest of the device, making both invasive and more-subtle
noninvasive attacks ineffective against Actel antifuse FPGAs.
