Secure systems and ultimately the underlying silicon technologies are becoming increasingly vital in preventing corruption, intrusion, and ultimately the theft of your valuable IP. Without taking the necessary precautions, corporations experience major security breaches, resulting in design theft and other malicious damage. Quantifying these risks and the potential associated loss can be a difficult task but should be included in the decision process for every new project within your organization. A careful security review of your current system would probably reveal some gaping holes. Today Actel has the solution to secure your design. Actel offers a comprehensive portfolio of high security programmable logic solutions to make securing your designs easier and more cost-effective. The Actel solution is a range of nonvolatile, single-chip FPGAs that offer virtually unbreakable design security to meet your most demanding design requirements.

The importance of FPGAs in most systems has been elevated to the point that they contain the most substantial portion of the added value in a system. Most other system components are commercial off-the-shelf devices. The rapidly growing importance of FPGAs and microprocessors in systems today, plus increasing time-to-market pressures, has lead to security being 'overlooked' in most systems. The need for security in logic devices is apparent when the nature of common attacks is examined. There are four common attacks that represent the most significant threats to embedded systems, and all have the potential to cost embedded system design companies significant amounts of money:

• Over-building
• Cloning
• Reverse Engineering
• Denial of Service

Two principle types of attack:

• Noninvasive
• Invasive

Every year, global businesses lose billions of dollars from the importation and sale of counterfeit goods and the infringement of copyrights, trademarks, and patents. These infringements include counterfeit computer software and games, electronics, media, and a host of other products and technology. Ironically, the same tools that have enabled rapid economic development have also enabled a new generation of criminals to target a wide variety of industries and products. The ease with which modern day perpetrators engage in the theft of valuable intellectual property has created vulnerability within all types of modern businesses.

As a result, the global economy is increasingly dependent on the ability to keep intellectual property secure. The production and distribution of creative technical and intellectual property is essential to fuel growth in the information age.

Component Security Levels

To establish an adequate defense against those who would steal your information, one must first understand the application's environment and the details of what needs to be protected. Many of today's electronic system designs hosting complex software functions have been compromised by microcircuit attacks aimed at the board level hardware components. With FPGAs increasingly occupying the central control functions for many new designs, successful attacks can bypass all software controls and directly reveal the fundamental design details behind a system.

Inadequate security is usually caused by a failure to implement security policies and make use of readily available tools. It is vital that companies complete risk assessments and develop plans to protect their products. One simple way to improve your overall design security from threats like cloning, over-building, and reverse engineering, is to select a nonvolatile secure FPGA to protect your valuable Intellectual Property.

Actel's trusted antifuse architecture provides a metal to metal interconnect with potentially millions of individual connections, ensuring your designs are safe from even the most intelligent invasive attacks. Learn More.

Actel offers a broad-based portfolio of single-chip antifuse and reprogrammable flash products to meet all of your system level design requirements with the highest security available today. Actel's unique flash-based architecture, used in the new ProASIC3 product family, provides a degree of flexibility and security unrivaled by SRAM FPGAs in the market today. Learn More.

FuseLock: Security in Actel Antifuse FPGAs

Industry experts regard antifuse as the most secure of all programmable logic solutions because of the difficulty associated with trying to copy or reverse engineer the contents of a design. Because of this, antifuse FPGAs have long been used by the military and other OEMs, who demand the highest security available. Actel's presence and rich tradition in these markets is a powerful testimonial to the merit of Actel's products for customers who value security.

Determining the state of a single switch is difficult, to determine the state of millions is prohibitive.

Secure Against Reverse Engineering

A number of factors complicate attempts to compromise an Actel antifuse FPGA. The microscopic size and sheer number of antifuse make it essentially impossible to locate each fuse and identify its programming state. For example, a single AX2000 FPGA from Actel contains approximately 53,000,000 antifuses with only 2-5% programmed in an average design. Invasive probing to evaluate each fuse would most likely result in the destruction of the programmed states needed to trace the design.

The Industry's Leading Nonvolatile Single-Chip FPGA Solution

Once programmed, the device is inherently nonvolatile, which allows the device to retain its configuration indefinitely without requiring an external configuration device. This means that there is no bitstream susceptible to interception, eliminating the potential for in-system errors or data erasures that might occur during download.

Actel FuseLock

The Actel FuseLock advantage ensures that unauthorized users will not be able to read back the contents of an Actel antifuse FPGA. In addition to the inherent strengths of the architecture special security fuses that prevent internal probing and overwriting are hidden throughout the fabric of the device. They are located such that they cannot be accessed or bypassed without destroying the rest of the device, making both invasive and more-subtle noninvasive attacks ineffective against Actel antifuse FPGAs.

Look for this symbol to ensure your valuable IP is secure.

FlashLock: Security in Actel Flash FPGAs

Until the advent of the Fusion, IGLOO, ProASIC3, ProASIC^PLUS and ProASIC families of flash-based FPGAs there was no secure reprogrammable logic technology available for embedded systems designers. While antifuse is the most secure of all programmable logic solutions because of the difficulty associated with trying to copy or reverse engineer the contents of a design, flash-based ProASIC3 and ProASIC^PLUS FPGAs with FlashLock have the advantage of reprogammability and security. The large distributed nature of the security key along with the physical road blocks of homogeneous structure (unlike ASICs) and a floating gate flash programming element that cannot be microprobed make ProASIC3 and ProASIC^PLUS FPGAs inherently secure. All Actel flash FPGAs are virtually impossible to copy or reverse engineer.

A ProASIC3 and ProASIC^PLUS flash cell cross section is shown above. Determining the state of a single switch is difficult, as microprobing the switch will destroy the charge on the floating gate. To determine the state of millions of switches is prohibitive.

In addition, the uniform (homogenous) nature of flash FPGAs makes it difficult to identify probe points during invasive attacks.

Secure Against Over-building and Cloning

Unlike SRAM-based FPGAs, ProASIC3 and ProASIC^PLUS devices can be preprogrammed and made secure in a controlled facility prior to being sent to a contract manufacturer. Simple software and programming controls allow the bitstream (configuration) contents of the ProASIC3 or ProASIC^PLUS device to be securely locked during programming. In ProASIC^PLUS, two security modes are available: the first allows the parts to be locked with a key of between 79 and 263 bits. These parts can be unlocked and reprogrammed by the key holder as required. In the second mode, the parts can be permanently locked for an extra level of security, effectively disabling any further programming access to the parts even by the key holder.

In ProASIC3, there are several security options in addition to the two security modes described for ProASIC^PLUS.

Option 1 describes the use of FlashLock to lock the device with a 128-bit key, which allows the device to be unlocked and reprogrammed by providing the same key. In addition, permanent lock is possible, which disables programming access to the part.

Option 2 describes the possibility of using an additional 128-bit AES decryption key for protection against overbuilding. The ProASIC3 device can be programmed in-house with an AES key only, then shipped to a contract manufacturer for final programming. The contract manufacturer programs the device with an AES-encrypted bitstream, hence only devices with the same AES decryption key will get programmed.

Option 3 is an example of secure ISP, which can be achieved by the ProASIC3 device. The part can be reprogrammed remotely using an AES encrypted programming file for easy and secure field upgrades. Intercepting the encrypted configuration bitstream is useless. You must have the appropriate AES decryption key in order for an encrypted configuration bitstream to work.

Once the flash-based FPGAs have been made secure, they can be shipped to third-party manufacturers with the confidence that it is virtually impossible to extract your design (IP), thus preventing them from overbuilding during manufacturing. It is equally difficult for a system cloner to extract the design from a secured ProASIC3 and ProASIC^PLUS flash device once the final system has shipped. The same cannot be said for SRAM-based FPGAs.

Secure Against Reverse Engineering

A number of factors complicate attempts to compromise an Actel ProASIC3 and ProASIC^PLUS FPGA. In order to determine the state of any given flash element, the microscopic size and sheer number of the switches (20 million on the A3PE3000) make it essentially impossible to locate each cell and identify its programming state. Invasive probing to evaluate each flash switch would result in the destruction (flash cell charge) of the very programmed states needed to reverse engineer the design. Even if the bitstream could be extracted, reverse engineering the bitstream to a meaningful schematic is an extremely tedious process.

The same cannot be said for reverse engineering ASICs.

Secure Against Denial of Service (DoS)

While ProASIC3 and ProASIC^PLUS devices can be in-system programmed (ISP), if desired, they can also prevent DOS attacks by only allowing ISP to key holders or by disabling the ISP capability completely (lock permanently). ProASIC3 can also be programmed with AES encrypted bitstream, allowing only authorized and validated bitstreams to be programmed to the device.

SRAM-based FPGAs have no inherent security mechanism to prevent DoS type attacks. Any valid bitstream sent to the device is accepted even if it does not define a usable logic function. This type of attack could potentially disable a critical system running on an SRAM FPGA.

The Industry's Leading Nonvolatile, Flash, Single-Chip FPGA Solution

Once programmed, the device is inherently nonvolatile, which enables the device to retain its configuration without requiring an external configuration device. This means that there is no bitstream susceptible to interception.

Actel FlashLock

The Actel FlashLock advantage prevents unauthorized users from being able to read back the contents of an Actel ProASIC3 or ProASIC^PLUS FPGA. In addition to the inherent strengths of the architecture, special security keys are hidden throughout the fabric of the device, preventing internal probing and overwriting. They are located such that they cannot be accessed or bypassed without destroying the rest of the device, making both invasive and more subtle noninvasive attacks ineffective against Actel ProASIC3 and ProASIC^PLUS flash FPGAs.

Look for this symbol to ensure that your valuable IP doesn't end up in the wrong hands.

Data security is an integral part of Actel's leading solutions for secure semiconductor devices. Actel has industry-standard data encryption intellectual property cores and partnerships that meet the stringent needs of the security marketplace. The Actel security IP portfolio includes DES, 3DES and AES cores. DES and 3DES use the data encryption algorithm as specified in FIPS 46-3. AES uses the Rijndael algorithm as outlined in NIST FIPS PUB 197. All are designed and targeted to work with Actel flash and antifuse FPGAs. Actel is partnering with experts in the area of data security who provide, in addition to silicon IP, the design services to integrate these cores into Actel devices. For more information regarding Actel's security IP offering, please contact IP-support@actel.com or review the descriptions and datasheets at Actel's Intellectual Property web site.

Security IP portfolio

• AES
• DES
• 3DES