The relevance of tamper-proof designs

June 29, 2009

Altera Corp.’s addition of physical-layer tamper-proof features in the Cyclone III LS jogged my memory regarding the tough uphill battle security experts faced in the last decade, convincing companies that protocol-layer encryption and digital signatures were important for commercial-grade IT designs. It took scares involving the wholesale theft of credit-card numbers and the hacking of corporate Wi-Fi networks before many companies started to treat encryption seriously. Will it take the same valiant effort to make JTAG port analysis and tamper-resistant circuit designs a mainstream feature?

What Altera is offering is not new to the FPGA market. Xilinx, for example, offers tamper-resistance for IP cores in its military-qual Virtex-5Q family. But Altera’s efforts to bring such features to the mainstream of both military and commercial designs is to be commended. In May 2008, when IEEE Spectrum published an article on the Defense Advanced Research Projects Agency’s Trust in Integrated Circuits (TRUST) program, there was plenty of eye-rolling among those in commercial designs. Maybe an electronic warfare system was a legitimate platform for physical-layer protection, but was DARPA paranoid? Was the agency suggesting that any IT platform could be a target for hostile hacking at the circuit-board level?

Well, yes. The establishment of the Air Force’s 24^th Air Force/Cyber Command, and President Obama’s subsequent assignment of a civilian cyber initiative under NSA auspices, should convince skeptics that the federal government considers cyber offense and defense primary focus areas for the next decade. And one needn’t assume a hostile government is focusing a board-level design. If corporate espionage spends the resources to crack 256-bit keys, it’s perfectly feasible to expect future (or maybe even current) efforts to probe the internal layout of an FPGA design.

I’m not so sure most FPGA customers will buy into this until horror stories emerge similar to those experienced in the Layer 2 and 3 crypto community. But I’m glad to see FPGA vendors prod customers into thinking about tamper-proof IC design.

Posted by Loring Wirbel on June 29, 2009 | Comments (7)

April 16, 2010

In response to: The relevance of tamper-proof designs
Buy Cialis commented:

inoperative boiled general blenheim surry production ukraines nucleonics shiprae blanket strength

October 16, 2009

In response to: The relevance of tamper-proof designs
Loring commented:

Please feel free with attribution, we are glad you find it useful!

October 15, 2009

In response to: The relevance of tamper-proof designs
Polprav commented:

Hello from Russia! Can I quote a post in your blog with the link to you?

September 26, 2009

In response to: The relevance of tamper-proof designs
Adamo commented:

"Stop buying cheap junk from unfriendly countries. " or try to tell the wolf don't eat meat.. good luck. Don't forget where we are, here normal thinking is non existent, the greed controls everything

July 21, 2009

In response to: The relevance of tamper-proof designs
BobsUrUncle commented:

This is not restricted to FPGAs. ASICs could be injected with rogue code just as easily. With Fabs in China, can you trust that your next ASIC won't come back with Chairman Mao's fifth column inserted? Or your TVs and PCs? PC Bios is another potential entry point for rogue code. Stop buying cheap junk from unfriendly countries.

July 20, 2009

In response to: The relevance of tamper-proof designs
tanstaafl commented:

I haven't looked at Altera's offerings yet, but if they are to work, they'll have to include physical-tampering protection as well. If U can pop the lid on an FPGA in a vacuum chamber, U can see what the cell states are to a pretty good degree with some types of SEMs. I worked for a defense contractor as a test engineer back in the early 1990s, and one of our vendors demonstrated such a system as a debug tool. I believe the chip used in the demonstration I saw was fairly simple, and the system just displayed the state of transistors using a light or dark highlight (due to electron acceleration differences due to voltage differences, IIRC), but they were talking about adding the ability to use layout files to tie physical position to expected states. Given the funding of many Bad Guys (which now includes drug dealers with more money than many countries have), I would want to make sure that the system practically melts down (or better yet, loads a bogus state) if the physical environment of the chip changes.

June 30, 2009

In response to: The relevance of tamper-proof designs
desert rat commented:

I got a call from DARPA earlier this year. They wanted to know if there were tools that could detect rogue code in FPGAs...that might disable weapons systems or critical MIL comm systems (that used FPGA's and cores) at the wrong time. There's a company named DAFCA that does something like that. So I passed it along. The last thing we need is for our MIL systems to be the first horror story. Look at what the Russians did to the Georgian govt computers and their telecom computers before they invaded. That is why we have the new Cyber Command...and NSA involvement. There are security holes in our cheap commodity trashy telecom and power grid systems today that are big enough to drive a large truck through. The MIL guys are much more astute about these kinds of security threats. There are no signs of intelligent life about this topic in telecom or on the power grid.

About EDN | Site Map | Contact Us | Subscription | RSS

POST A COMMENT
Display Name

Before submitting this form, please type the characters displayed above. Note the letters are case sensitive: