CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things.

CoolRunner™-II CPLDs in Security

Quick Start Training

Agenda

• Some Security Basics– Security– Cryptography

• CoolRunner-II Security Features• “Securing Things” with CoolRunner-II

– Product theft– Intellectual property theft– A detailed example, securing an FPGA


Security Basics• Controlled Access

– Voyager computer may be about it for true security

• Protocols– Less WHAT you do, more HOW you do it

• Most standards government developed/driven– NIST; NSA– International “common criteria” is new trend

• Military influenced• Banking influenced• Security attitude is critical


Tamper

• Tamper evident– You fiddle with something, you leave tracks– Spyrus internet modules

• Temper resistant– Takes significant investment in time and money– Still, not impossible

• Tamper responsive - take action – Zero memory– Self destruct

• Tamper proof - mythical? Voyager computer? hmmm . .


A Basic Protocol

• Step 1: Sender places secret message into locked box• Step 2: Attaches sender’s lock to one lock site on box• Step 3: Sender transmits locked box to the receiver• Step 4: Receiver attaches own lock & returns to sender• Step 5: Sender sees receiver’s lock & removes sender’s lock• Step 6: Sender re-sends box with only receiver’s lock• Step 7: Receiver removes own lock and reads message

Question: Where is the hole?


Classic Protocol Attack“Man in the Middle”

• MiG version– Air Force jet flies over ground station transponder– Identify Friend or Foe (IFF) challenge occurs– Enemy aircraft records challenge and response– Knows correct response when challenged

• Used with 802.11b (laptop “listener”)• Thief looking over shoulder at ATM for PIN• Etc.


Cryptography Ideas

• Long history going back to the ancients– Babylonians, Hebrews, Greeks, Romans, Chinese

• Lots of interest since WWI• Concepts: confusion/diffusion (Shannon)• Stream Ciphers• Block Ciphers• Big idea: protocols


One Time PadPlain Text Key Encrypted Text

1 0 0 00 0 1 11 0

1 0 0 00 0 1 11 0

1000 0011 101 0 1 1 0 1 11 0 1

1 0 1 1 0 1 11 0 1

1 0 1 1 0 1 11 0 1

1 0 1 1 0 1 11 0 1

1 0 0 00 0 1 11 0

1000 0011 101011011 101

1011011 101

1000 0011 10

1000 0011 10

1 0 1 1 0 1 11 0 1

? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?

? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?

? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?

? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?

? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?

? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?

Notes: # plain text bits equal # key bits Key must be random Key used only one time Perfect encryption if all steps followed


Keep This in Mind


CoolRunner-II Security

• What we have for security– Nonvolatility– Security protect bits

• Multiple bits– Reconfigurability

• Cracking CoolRunner-II– What will it take?


Metal, Metal, Everywhere


Can’t Find Read Protect Bits


CoolRunner-II Conceptual Idea

Bits hidden here,somewhere . . .


Cracking CoolRunner-II Security

• To readback you must:– Erase protect bits

• Can’t get there with laser• Must use charge pump• Know where they are• Issue correct subcommands• Issue correct command sequence

– Reverse the JEDEC file to get design

• Deeply buried protection resists tampering– Laser/electrical tampering locks down


Additional CoolRunner-II Security

• Double Data Rate Operation– Data transactions less obvious

• DataGATE– Tamper response– Block I/O pin signals

• Power & Tempest attacks– Advanced state machines– CryptoBLAZE


Securing an FPGA

• EPROM holds config file• CPLD extracts bits• CPLD delivers to FPGA• Attacker can

– Copy EPROM– Collect bitstream from FPGA Data input

• Classic “Man in Middle” attack

FPGA*CoolRunner-II CPLD

EPROM

Data

ControlAddress& Control Data

* Non Virtex II, which has triple DES


Trick #1 Encrypt EPROM

• Encrypt EPROM – Only be used with

CoolRunner-II CPLD

• CPLD must decipher • Attackers must catch data

– Takes more time and is harder

– Build hardware bit catcher

• If off by one bit, it won’t work!

FPGA*CoolRunner-IICPLD

EPROM

Data



CPLD Encryption

DQ

LFSR

Clear Bits

Encrypted Bits

Basic idea: Stream Cipher; lots of them exist, this is a simple one

Quality: Highly random within the repetition cycle Easy to build in CPLDs Lots of theory on building and using Also lots of theory on cracking them!

You need to select the LFSR, then write code to encrypt the EPROM


CPLD Encryption Continued

XOR

XOR

XOR

R1

R2

R3

XORInput Stream Key

013 2457 689013 2457 689012

013 2457 689013 2457 68

013 2457 689013 2457 68901

ShiftControl

xy z

c1c2c3

Solution: Make things harder Fancier Stream Ciphers exist, we can make them, too!


Trick #2 Hold Back Function

• Retain part of FPGA design in CPLD– Won’t work without CPLD– Reverse eng. CPLD

• Typically control function– FPGA does data

crunching and much control

– CPLD does some, critical control


EPROM

Data



Trick #3 Resist Blank EPROM Attack

• CPLD checks for blank EPROM

• Won’t deliver FPGA stream unless– Multiple locations match

internal compares

• Can take several actions– Do nothing– Deliver bogus bitstream– Erase the CPLD!*


EPROM

Data


*details in “cell phone theft” design


Summary

• CoolRunner-II Security is not perfect, but it is VERY GOOD!

• You can make designs substantially more expensive to “reverse” engineer

• These have been some ideas on how to use this capability, think up more of your own!

• See session on Cell Phone Theft & CryptoBLAZE• See Security White Paper

CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things.

Documents

security slide

quick start training

eprom slide

fpga slide

quick start training

cpld cpld

quick start training

control cpld