As more systems involve sensitive cryptographic keys and data, protection from cryptographic attacks becomes critically important for FPGA users concerned about security. FPGAs, especially those including embedded nonvolatile memory (eNVM) or embedded hard or soft microcontrollers, provide an ideal platform on which to implement secure cryptographic algorithms and protocols, but designers want assurance that these implementations will withstand various forms of cryptanalysis.

Cryptanalysis is when an attacker tries to discover secrets protected by cryptographic methods.

Mathematical cryptanalysis tries to uncover the weaknesses in ciphers and other cryptographic primitives so that the protected secret data, or the secret keys, which amounts to almost the same thing, can be learned. Mathematical cryptanalysis is largely independent of the actual hardware or software implementation of a cryptographic algorithm, and only depends upon patterns in the cipher text.

Other branches of cryptanalysis may look for weaknesses other than in the mathematics of the cryptography. For instance, protocol analysis may look for badly designed protocols that can be subverted by reusing data recorded from an earlier exchange (a replay attack), or where an attacker can intercept and modify messages, impersonating each of the participants in a protocol to the others (a man-in-the-middle attack).

Side-channel analysis is a type of attack on a cryptographic system that utilizes the information unintentionally leaked from the real-world implementations of the cryptographic hardware via side-channels.

Secret information leaks out of the security boundary via unintended side channels

These unintended side channels can include the instantaneous power consumption of the hardware, radiated electromagnetic fields or timing information leading to what are aptly named power analysis, electromagnetic analysis, and timing analysis, respectively. Sometimes secrets such as plaintext can be discovered directly, but often the goal of the attacker is to determine the secret keys used to protect the data. In one of the simplest cases, Simple Power Analysis (SPA), the bits of an important key might be seen directly in the power consumption of an integrated circuit using that key to perform an encryption or decryption operation.

Key bits seen directly in the power consumption of a chip using it
in a multiplication operation

Differential Power Analysis (DPA) uses statistical methods upon multiple power measurements, such as when different blocks of ciphertext are decrypted using the same key. Each decryption operation leaks a small amount of information via the power consumption of the device. It may be impossible to reconstruct a key from a single observation, but with power consumption measurements from many blocks of ciphertext all being decrypted with the same key, an attacker can learn the key.

Timing analysis uses data-dependent timing differences to leak information about the data.

Side-channel attacks can be effective on many different types of hardware implementations—the custom logic in ASICs, the configurable logic in FPGAs or the hardware of a standard CPU chip executing cryptographic software or firmware—because most hardware leaks some information.

Side-channel attacks are a threat whenever cryptographic calculations are performed by systems in which the attacker might have access to make the side-channel measurements. So, while one doesn't have to worry too much about power analysis on a server locked in a secure computer room, one should worry about it in fielded devices such as a smart electric meter that encrypts its communications with a central server, or a set-top box that is supposed to decode digital media content only for paying customers. For fielded systems, the user may be financially motivated to attack it, as in the case of the electric meter or set-top box. Alternatively, one or more systems could fall into the hands of an attacker through theft or happenstance, such as armaments captured during a war, whereupon they could be analyzed thoroughly in the attacker's own laboratory.

It should be noted that side-channel analysis can only be performed during the time the hardware device is actually performing cryptographic calculations. Unlike SRAM-based FPGAs, Microsemi's nonvolatile antifuse and flash-based FPGAs need to be programmed just once and don't require reprogramming every time power is reapplied. Microsemi's FPGAs with FlashLock® can be programmed in a trusted environment, the decryption keys can be removed (if encryption was used) and then they can be locked with a pass-key, or permanently, against any further updates. This is the highest level of protection for design intellectual property available from any brand of FPGAs today.

For most fielded devices performing cryptographic calculations side-channel attacks such as DPA should be defended against, or the secrets the cryptography is trying to protect will be at risk. Some examples of fielded devices that incorporate cryptographic algorithms and protocols include many machine-to-machine (M2M) devices such as smart grid sensors (e.g., smart electric meters) and actuators (e.g., smart street lights, smart water heaters), point-of-sale terminals, set-top boxes, personal medical devices and digital media players. In this "Internet of Things" world, more and more fielded devices are connected and most require secure communications. Already, there are five times more Internet-connected devices than personal computers, and in many cases resistance to side-channel analysis should be a consideration in their design.

The techniques for mitigation of side-channel attacks include:

• DPA-proof protocols
  • Use DPA-resistant cryptographic primitives with bounded side-channel leakage characteristics, and…
  • Update keys before leakage accumulation is significant
• Fixed-time algorithms (i.e., no data-dependent delays)
  • Reduce or eliminate data-related timing signatures
• Masking and blinding algorithms using random nonces
  • Decorrelate side-channel measurements
• Differential matching techniques
  • Reduce net data-dependent leakage from logic-level transitions
• Pre-charging registers and busses
  • Eliminate leakage signatures from predictable data transitions
• Add amplitude or temporal noise
  • Reduce attacker's signal-to-noise ratio

Note that many of the techniques are effective against more than one type of side-channel analysis. For example, updating keys before the leakage becomes significant affects both power and EM side-channels.

FPGAs provide the perfect platform for implementing DPA-resistant algorithms. The high level of parallelism helps reduce the side-channel leakage to below what is possible in software-only implementations. The flexibility of FPGAs allow mitigation techniques that are not available in standard microcontrollers. eNVM can be used for storing keys and certificates. Embedded hard or soft microcontrollers can be used for implementing the higher-level protocols on the same chip as the more primitive cryptographic algorithms implemented in hardware, with execution from on-chip eNVM providing the highest levels of code security.

Many of the fundamental techniques used to defend against DPA and other side-channel attacks are patented by Cryptography Research, Inc. (CRI). Paul Kocher and his associates at CRI discovered timing analysis, SPA and DPA during the 1990s and invented various techniques to thwart these attacks which they then patented. One of CRI's businesses today is licensing this portfolio of very fundamental patents. Nearly all the secure microcontrollers used in smart cards, set-top boxes, SIM cards for GSM phones and Trusted Platform Modules (TPM) for personal computers are built under license to CRI, amounting to about 4.5 billion chips per year in total.

Microsemi has obtained a license from CRI for the DPA patent portfolio, consisting of more than fifty patents. This license has two main components:

1. It allows Microsemi to use any of CRI's patented techniques to protect the FPGA initial configuration and re-configuration process from side-channel attacks.
2. It allows Microsemi to extend a sub-license to customers who purchase selected Microsemi FPGA devices. The user can then use any of CRI's patented DPA-mitigation techniques to protect their end-application from side-channel attacks. The protection techniques can be incorporated in the user's logic implemented in the FPGA fabric or in the user's firmware executing on a hard or soft microcontroller, in the licensed Microsemi FPGA.

Microsemi plans to provide mitigation of side-channel attacks targeted against the configuration process in future Microsemi commercial, industrial and military non-space FPGA families.

Microsemi is now offering several existing FPGA families, including the industry leading IGLOO Series, ProASIC3 Series, SmartFusion and Fusion families, with a DPA countermeasure license. No further CRI license will be required to incorporate CRI-patented DPA mitigation techniques in these FPGAs, eliminating the significant time, resources and inconvenience involved in each customer obtaining a CRI DPA patent portfolio license.

To order devices that include a license to implement IP based on the Cryptograph Research, Inc. (CRI) patent portfolio, add a "Y" in the product ordering code between the Package Lead Count and the Temperature Range indicators. For example, this is a ProASIC3 nano device part number with a DPA license:

A3PN060-2VQG100YI

Contact your local Microsemi Sales representative for any questions pertaining to Microsemi's license to the CRI patent portfolio.

Microsemi, the leader in FPGA security, is the first major FPGA company to address side-channel analysis and the first to license the CRI DPA patent portfolio.