Want it Secure? Target Both Design and Data Security
In today’s increasingly connected world security applies to servers as well as mobile and remote embedded devices. The latter are often exposed to physical tampering while data travelling over networks is exposed to compromise and hacking. Security depends on securing the complete connected universe. by Richard Newell, Microsemi
As defense, commercial, and civil network infrastructures become increasingly dependent on arrays of Internet-connected computers, they are becoming increasingly susceptible to attack from hostile nations, non-governmental terrorist groups, and cyber criminals. This silent digital war’s constantly escalating cycle of intrusion/interception threats and countermeasures poses multiple challenges to designers because adding robust security features to a design can substantially impact the complexity, power consumption, and cost of a system. These challenges include supporting the computational complexity required to run advanced cryptographic algorithms; providing secure insertion and storage of encryption keys, and authenticating and encrypting data exchanged over public network connections
At first glance field programmable gate arrays (FPGAs) would seem to be a favorable way to deploy robust security features in a system. FPGAs can address the computational complexity associated with advanced cryptographic algorithms with relatively small incremental power and cost impacts while supporting the ability to upgrade features when new threats are discovered.
Additionally designs requiring robust security can come under attack from non-invasive probing techniques designed to intercept data from secured networks by exploiting the detectable tell tale
“signatures” that virtually all conventional security architectures produce. These signatures can be detected through Electro-Magnetic Analysis (EMA) or Differential Power Analysis (DPA), which senses changes in power consumption. Both of these methods enable the encryption keys to be extracted and the data to be decrypted.
Finally, while the military and intelligence communities still use hardened networks to protect some of their most sensitive data, like civilians, they also rely on the Internet and commercial telecommunications networks to carry most of their messages and data. This presents an extremely attractive opportunity for opposing nation states and cyber terrorists to disrupt both military and intelligence data traffic as well as civilian business and personal data traffic. As a result, one of the biggest challenges facing today’s designers is achieving secure communications over public wire-line and wireless networks. Wireless communication presents an especially challenging environment to military equipment suppliers since the gear can fall into the hands of an adversary and lead to reverse engineering, cloning, and the discovery of new countermeasure against similar fielded systems.
Public networks, as well as being used for transactional data, are the primary conduit for machine-to-machine (M2M) communications between the sensors, controllers, and other socalled smart objects that populate “The Internet of Things.” By allowing devices such as smart utility meters, traffic light controllers, and sensors in utility and industrial systems to share realtime data and adapt to changing real-world conditions, M2M technologies are improving the efficiency and flexibility of the world’s physical and financial infrastructure.
As one would expect however, the same connectivity that enables these dramatic improvements can also create potential vulnerabilities. For example, unauthorized access to a remote meter or a traffic control system’s M2M communications could allow an unfriendly individual to intercept any data they collect and allow them to configure and control the equipment to do their bidding.
In a few years, even automobiles may become targets as the growing presence of wireless links normally used to exchange diagnostic data or vehicle-to-vehicle (V2V) and vehicle-toinfrastructure (V2I) communications serve as unintended gateways to the vehicles’ control systems.
Similar assaults on the streams of digital currency that underlie most of the world’s economies are already under way. The M2M connections used by magnetic and contact-less credit card readers, ATMs, and other types of networked financial transaction terminals have become targets for criminals with varying levels of technical capability.
Preventing Attacks
Protection from these attacks is provided through two mechanisms – design security and data security. Design security protects information about the system’s construction and operation from prying eyes. The chief techniques for attacks on a system’s design security are
Cloning, where someone copies the design without even having to understand how it works
Overbuilding, where a contract manufacturer fills your order and builds extra for sale on the grey market
Reverse engineering, where someone figures out how the design works, then uses or improves on what he learned.
Counterfeiting, which is the illegal use of a brand name on a work-alike or cloned product
Tampering, which is changing the design for malicious intent
The most malicious of these attacks are tampering with a design to change its operation. To combat this several techniques can be used to stop an attack on a physical level. This includes active zeroization of a device if an attack is detected. Zeroization is the ability to clear the contents of a device, making it inoperable if tampering is detected. Figure 1 shows how design security protects the design from these risks.
Design security is essential for products that are based on FPGAs. The data used to configure the
FPGA must be carefully protected to prevent it from being used in ways that the IP owner did not intend. For most FPGAs, the design files are held in internal SRAM and are transferred from an external memory every time the device is powered up or reset. This inherently exposes the bitstream to anyone with access to the physical system.
Some SRAM FPGAs have a form of design security, enabled by encrypting the bit stream that is held in external memory and unscrambling it as it is loaded in to the FPGA. This requires every
FPGA to be programmed with a security key before it is used. Through the widespread use of third-party contract manufacturers (CMs), which may or may not be trusted by the design house, the devices may have to be programmed in a trusted facility prior to delivery to the CM, adding time, cost and complexity to the supply chain.
Data security protects the data stored, managed within, and transported by the system from being read or modified by unauthorized parties. Ensuring the design’s data security requires that the application code it’s programmed with produces an encrypted data stream that has the required levels of authenticity, confidentiality, integrity, authentication, and non-repudiation. The device must also ensure that the critical data it manages (i.e. encryption keys, access codes, etc.) stays secure. As a result of his interdependent relationship, unless a system can deliver sufficient levels of both design and data security, it is virtually impossible to provide good security (Figure 2).
The methods used to compromise a system can be broken down into two broad classes, defined by whether they originate far from or near to its so-called “security boundary.”
Attacks that exploit a system’s device security vulnerabilities must originate from inside or near the security boundary and require some sort of physical contact or close proximity to the target equipment. It is possible to protect a system’s routers, servers, and other sensitive equipment against device-level intrusions by putting them in a secure location, such as a limited-access room, and securing the communication interfaces that leave the area. But fielded equipment such as military radios, credit card readers, and smart utility meters have no control over what or who comes in contact with them. If a device operates in these environments, it must be tamperresistant, and able to protect itself against malicious physical attacks.
Network attacks originate outside the system’s physical security boundary are typically defined as network security issues. They attempt to use a system’s network connection to insert Trojan horses, worms, or other malware and don’t require direct contact or proximity to the equipment.
Most network-based assaults are relatively easy and inexpensive to launch, making them the tool of choice for hackers working with non-governmental political groups (i.e. terrorists,) “private entrepreneurs” (i.e. organized crime) and even state-sponsored organizations. Because any device connected to the Internet is subject to a near-constant barrage of attempted network attacks, both government and commercial interests spend considerable resources on tools to protect against these relatively well-defined threats.
Recently incidents involving a broad class of non invasive probing known as side-channel analysis techniques have increased. This surge in side-channel attacks using electromagnetic analysis (EMA) and Differential Power Analysis (DPA) is largely due to dramatic reductions in the cost and effort required to deploy them. These once-esoteric methods are becoming increasingly-popular with entities of all types.
Originally constructed from expensive electronics and powerful computers, DPA and other EMA systems were only affordable by a handful of elite national and private security agencies. This changed quickly as the algorithms became more widely known and multi-GHz, multi-core commodity computer chips made it possible to construct an effective hacking rig for under two thousand dollars. For example, a rig capable of recovering an unprotected smart card’s encrypted data stream in under a minute can be constructed using a low-cost USB oscilloscope which feeds readings from the reader’s power supply trace to a garden-variety laptop computer.
DPA applies statistics and signal processing to the analysis of faint signals from low leakage sources. Originally discovered and developed by a small private group of security consultants at Cryptography Research, Inc. (since acquired by Rambus), it is especially effective in applications which repeatedly use the same key.
The demand for secure systems is in every market and application segment that exists today.
Whether it is for the protection of military, commercial or financial systems, vast amounts of sensitive information is passed through non-secure links every day. Therefore the cryptographic functions that are performed on the data must be efficient and effective. FPGAs can help satisfy this need.
Design security is a major issue in SRAM FPGAs, which lose their configuration when they are reset or powered down. The configuration must be restored when power is reapplied, which can expose the configuration bitstream to anyone trying to make an attack on them. However recent advances in FPGAs based on non-volatile flash memory have made the use of FPGAs in secure systems not just possible – but also preferable. All of the configuration for the device only needs to be programmed once, and never needs to be exposed again.
Microsemi SmartFusion2 devices change the landscape on using FPGAs in secure applications.
They are flash memory based, and incorporate design and data security features such as easy to use always-on encryption, built in NVM data integrity checking, a true random number generator, tamper detection and zeroization, and DPA-resistant technology from Cryptography Research.
SmartFusion2 SoC (System-on-Chip) FPGAs radically transform the usefulness of FPGAs in security applications.
Microsemi, Aliso Viejo, CA. (949) 380-6100. [www.microsemi.com]