**Security Matters.** 



### Recent Advances in FPGA Design Security Reduce Insider Threats

Presented by G. Richard Newell Senior Principal Product Architect

At Cryptarchi 2013 June 24, 2013, Fréjus, France

# Microsemi SoC Flash Products

Increasing system features on differentiated flash technology

In Production **New Product** In Production Sm&RTFUSION<sup>®</sup>2 Most secure, highest reliability, lowest power customizable SoC **SM**ART**F**USION<sup>™</sup> Integrated DSP Up to 500K gate FPGA processing Peripheral-rich MCU with 100MHz ARM Cortex-M3 Features higher performance CPU 10/100Ethernet,  $\geq$ SPI/UART/I2C Expanded connectivity via many high speed Integrated analog w/ ADC, serial interfaces DAC. V/I/T monitors > 3.6x fabric density 2x fabric performance ProASIC<sup>®</sup>B IGLO Up to 3M Gate FPGA Up to 3M Gate FPGA Power as low as 2uW **High Performance** Small packages  $\triangleright$ High IO count



#### SmartFusion<sup>®</sup>2 - Flash SoC FPGA w/ ARM Cortex-M3 Most Secure, Highest Reliability, Lowest Power

- 166MHz ARM® Cortex<sup>™</sup>-M3 w/ on board eSRAM & eNVM
  - Includes ETM and instruction cache
  - Extensive peripherals CAN, TSE, USB
- Most secure FPGA
  - DPA hardened, AES256, SHA256, random number generator
- Most reliable FPGA
  - Zero FIT flash FPGA configuration



Differentiated, High Value Features

- SEU protected memories: eSRAMs, DDR bridges (MSS, MDDR, FDDR), instruction cache, ethernet, CAN and USB buffers, PCIe, MMUART and SPI FIFOs
- Hard 800 mbps DDR2/3 controllers with SECDED (aka ECC or EDAC) protection
- Built-in NVM data integrity check
- Lowest power FPGA
  - < 0.5mW in flash-freeze mode</p>
  - 9mW static power during operation
- 2x fabric performance
- 16x 5Gbps SERDES, PCIe, XAUI / XGXS+ native SERDES
- Integrated DSP processing blocks
- 120K LUT, 5Mbit SRAM, 4Mbit eNVM

Mainstream Required Features



### SmartFusion2 SOC FPGA Block Diagram



### Steps in the FPGA World-Wide Supply Chain



Field Updates



# Threats in the FPGA Supply Chain





### Security is a Full-Time Job for Microsemi



### **Design Security**

|                                                             |        |         |        | -       |
|-------------------------------------------------------------|--------|---------|--------|---------|
|                                                             | M2S005 | M2GL005 | M2S090 | M2GL090 |
| Design Security Features                                    | M2S010 | M2GL010 | M2S100 | M2GL100 |
| Design Security Features                                    | M2S025 | M2GL025 | M2S150 | M2GL150 |
|                                                             | M2S050 | M2GL050 |        |         |
| Software Memory Protection Unit (MPU)                       | x      |         | Х      |         |
| DPA countermeasures for all design security keys            | x      | х       | x      | x       |
| FlashLock™ Passcode Security (256 bit)                      | x      | х       | х      | x       |
| Flexible security settings using flash lock-bits            | x      | х       | х      | x       |
| Encrypted/Authenticated Design Key Loading                  | X      | х       | х      | x       |
| Symmetric Key Design Security (256 bit)                     | X      | х       | X      | x       |
| Design Key Verification Protocol                            | x      | х       | х      | x       |
| Encrypted/Authenticated Configuration Loading               | x      | х       | х      | x       |
| Certificate-of-Conformance (C-of-C)                         | x      | х       | х      | x       |
| Back-Tracking Prevention (a.k.a. versioning)                | X      | х       | X      | x       |
| Device Certificate(s) (Identification, Anti-Counterfeiting) | x      | х       | х      | x       |
| Support for Configuration Variations                        | x      | х       | x      | х       |
| Fabric NVM and eNVM Integrity Tests                         | х      | x       | х      | х       |
| Information Services (S/N, Cert., USERCODE, etc.)           | x      | x       | x      | х       |
| Anti-tamper countermeasures                                 | x      | х       | х      | х       |
| Tamper Detection                                            | x      | х       | Х      | х       |
| Tamper Response (incl. Zeroization)                         | x      | х       | Х      | х       |
| ECC Public Key Design Security (384 bit)                    |        |         | Х      | x       |
| Hardware Intrinsic Design Key (SRAM-PUF)                    |        |         | х      | х       |



### Data Security "S" Devices

|                                                  | M2S005S | M2GL005S | M2S090S | M2GL090S |
|--------------------------------------------------|---------|----------|---------|----------|
| Additional "S" device Features                   | M2S010S | M2GL010S | M2S100S | M2GL100S |
| Additional S device reatures                     | M2S025S | M2GL025S | M2S150S | M2GL150S |
|                                                  | M2S050S | M2GL050S |         |          |
| CRI Pass-through DPA Patent License              | x       | x        | х       | x        |
| Hardware Firewalls protecting access to memories | x       | x        | х       | x        |
| Non-Deterministic Random Bit Generator Service   | x       | x        | Х       | x        |
| AES-128/256 Service (ECB, OFB, CTR, CBC modes)   | x       | x        | х       | X        |
| SHA-256 Service                                  | x       | x        | Х       | x        |
| HMAC-SHA-256 Service                             | x       | x        | Х       | x        |
| Key Tree Service                                 | x       | x        | Х       | x        |
| PUF Emulation (Pseudo-PUF)                       | x       | x        |         |          |
| PUF Emulation (SRAM-PUF)                         |         |          | х       | x        |
| ECC Point-Multiplication Service                 |         |          | х       | x        |
| ECC Point-Addition Service                       |         |          | Х       | x        |
| User SRAM-PUF Enrollment Service                 |         |          | Х       | x        |
| User SRAM-PUF Activation Code Export Service     |         |          | Х       | x        |
| SRAM-PUF Intrinsic Key Gen. & Enrollment Service |         |          | х       | X        |
| SRAM-PUF Key Import & Enrollment Service         |         |          | х       | x        |
| SRAM-PUF Key Regeneration Service                |         |          | х       | x        |



### Supply Chain Assurance

- An X.509 conforming certificate digitally signed by Microsemi is stored in each device's eNVM
- Certifies integrity and authenticity of signed data:
  - Serial number and date code
  - Part Number (with options showing speed grade, screening level, etc.)
  - In larger devices also includes device's ECC Public Keys
- Key verification protocol binds certificate to secret key(s)
- Cryptographically assures customer that each device is...
  - As marked (speed grade, etc.) not fraudulently "upgraded"
  - Not counterfeit (or overbuilt by our fab.)





### **Device Certificate Chain of Trust**



### Low-cost secure production programming



- HSM manages user bitstream keys
- Generates job tickets
- Workstation runs Libero® IDE
  - Synthesis, place-and-route
  - Bitstream generation and encryption

- HSM generates authorization codes
- Decrypts factory key database, or
- Performs Diffie-Hellman key establishment
- Decrypts job ticket
- Keeps track of device count on jobs



#### SmartFusion<sup>®</sup>2 User Key Injection Cloning/Overbuilding Prevention



# Key Management Comparison

|                                              | #1<br>SRAM<br>FPGA | #2<br>3G Flash<br>FPGA | #3<br>Symmetric<br>Key Method | #4<br>Public-Key<br>Method |
|----------------------------------------------|--------------------|------------------------|-------------------------------|----------------------------|
| Requires Trusted<br>Programming Facility     | yes                | yes                    | no                            | no                         |
| Requires Trusted<br>Assembly Facility        | yes                | no                     | no                            | no                         |
| Requires Factory Key<br>Database             | no                 | no                     | yes                           | no                         |
| Requires on-line protocol                    | no                 | no                     | no*                           | no*                        |
| Bitstream key stored statically in device    | yes                | yes                    | no                            | no                         |
| Keys Always Protected (by HSM or encryption) | no                 | no                     | yes                           | yes                        |

\* Does require reading S/N and/or X.509 certificate, but this can be done offline



### Digital Certificate-of-Conformance (C-of-C)



### Microsemi SoC Software Code Signing

- Microsemi software tools are now digitally signed
- The VeriSign root key should be inherently recognized and trusted on almost all computers

| 😌 User Account | t Control                                                                                                   |                         |
|----------------|-------------------------------------------------------------------------------------------------------------|-------------------------|
|                | u want to allow the following pro<br>es to this computer?                                                   | gram to make            |
| ځ              | Program name: FlashPro v11.0<br>Verified publisher: <b>Microsemi</b><br>File origin: Hard drive on this com | puter                   |
| Show detai     | ils Y                                                                                                       | es No                   |
|                | <u>Change when the</u>                                                                                      | se notifications appear |

|        |                       | Value                         |
|--------|-----------------------|-------------------------------|
| Sig    | nature algorithm      | sha 1RSA                      |
| 🗐 Sigi | nature hash algorithm | sha1                          |
| Iss    | Jer                   | VeriSign Class 3 Code Signing |
| 🔄 Vali | d from                | Wednesday, March 27, 2013     |
| 🗐 Vali | d to                  | Sunday, March 01, 2015 4:59:  |
| 🖮 Sub  | ject                  | Microsemi, Digital ID Class 3 |
| 🗐 Pub  | lic key               | RSA (2048 Bits)               |
| Ras    | ic Constraints        | Subject Type=End Entity_Pat   |





### Threats in the FPGA Supply Chain





### The Secured Supply Chain



#### Thank You for your Attention!

**Questions**?

G. Richard Newell Senior Principal Product Architect Microsemi Corporation, SoC Group richard.newell@microsemi.com +1 (408) 643-6146

