Date post: | 29-Mar-2015 |
Category: |
Documents |
Upload: | jovani-mashburn |
View: | 226 times |
Download: | 2 times |
CoolRunner™-II CPLDs in Security
Quick Start Training
Agenda
• Some Security Basics– Security– Cryptography
• CoolRunner-II Security Features• “Securing Things” with CoolRunner-II
– Product theft– Intellectual property theft– A detailed example, securing an FPGA
Quick Start Training
Security Basics• Controlled Access
– Voyager computer may be about it for true security
• Protocols– Less WHAT you do, more HOW you do it
• Most standards government developed/driven– NIST; NSA– International “common criteria” is new trend
• Military influenced• Banking influenced• Security attitude is critical
Quick Start Training
Tamper
• Tamper evident– You fiddle with something, you leave tracks– Spyrus internet modules
• Temper resistant– Takes significant investment in time and money– Still, not impossible
• Tamper responsive - take action – Zero memory– Self destruct
• Tamper proof - mythical? Voyager computer? hmmm . .
Quick Start Training
A Basic Protocol
• Step 1: Sender places secret message into locked box• Step 2: Attaches sender’s lock to one lock site on box• Step 3: Sender transmits locked box to the receiver• Step 4: Receiver attaches own lock & returns to sender• Step 5: Sender sees receiver’s lock & removes sender’s lock• Step 6: Sender re-sends box with only receiver’s lock• Step 7: Receiver removes own lock and reads message
Question: Where is the hole?
Quick Start Training
Classic Protocol Attack“Man in the Middle”
• MiG version– Air Force jet flies over ground station transponder– Identify Friend or Foe (IFF) challenge occurs– Enemy aircraft records challenge and response– Knows correct response when challenged
• Used with 802.11b (laptop “listener”)• Thief looking over shoulder at ATM for PIN• Etc.
Quick Start Training
Cryptography Ideas
• Long history going back to the ancients– Babylonians, Hebrews, Greeks, Romans, Chinese
• Lots of interest since WWI• Concepts: confusion/diffusion (Shannon)• Stream Ciphers• Block Ciphers• Big idea: protocols
Quick Start Training
One Time PadPlain Text Key Encrypted Text
1 0 0 00 0 1 11 0
1 0 0 00 0 1 11 0
1000 0011 101 0 1 1 0 1 11 0 1
1 0 1 1 0 1 11 0 1
1 0 1 1 0 1 11 0 1
1 0 1 1 0 1 11 0 1
1 0 0 00 0 1 11 0
1000 0011 101011011 101
1011011 101
1000 0011 10
1000 0011 10
1 0 1 1 0 1 11 0 1
? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?? ? ? ? ? ? ? ? ? ?
Notes: # plain text bits equal # key bits Key must be random Key used only one time Perfect encryption if all steps followed
Quick Start Training
Keep This in Mind
Quick Start Training
CoolRunner-II Security
• What we have for security– Nonvolatility– Security protect bits
• Multiple bits– Reconfigurability
• Cracking CoolRunner-II– What will it take?
Quick Start Training
Metal, Metal, Everywhere
Quick Start Training
Can’t Find Read Protect Bits
Quick Start Training
CoolRunner-II Conceptual Idea
Bits hidden here,somewhere . . .
Quick Start Training
Cracking CoolRunner-II Security
• To readback you must:– Erase protect bits
• Can’t get there with laser• Must use charge pump• Know where they are• Issue correct subcommands• Issue correct command sequence
– Reverse the JEDEC file to get design
• Deeply buried protection resists tampering– Laser/electrical tampering locks down
Quick Start Training
Additional CoolRunner-II Security
• Double Data Rate Operation– Data transactions less obvious
• DataGATE– Tamper response– Block I/O pin signals
• Power & Tempest attacks– Advanced state machines– CryptoBLAZE
Quick Start Training
Securing an FPGA
• EPROM holds config file• CPLD extracts bits• CPLD delivers to FPGA• Attacker can
– Copy EPROM– Collect bitstream from FPGA Data input
• Classic “Man in Middle” attack
FPGA*CoolRunner-II CPLD
EPROM
Data
ControlAddress& Control Data
* Non Virtex II, which has triple DES
Quick Start Training
Trick #1 Encrypt EPROM
• Encrypt EPROM – Only be used with
CoolRunner-II CPLD
• CPLD must decipher • Attackers must catch data
– Takes more time and is harder
– Build hardware bit catcher
• If off by one bit, it won’t work!
FPGA*CoolRunner-IICPLD
EPROM
Data
ControlAddress& Control Data
Quick Start Training
CPLD Encryption
DQ
LFSR
Clear Bits
Encrypted Bits
Basic idea: Stream Cipher; lots of them exist, this is a simple one
Quality: Highly random within the repetition cycle Easy to build in CPLDs Lots of theory on building and using Also lots of theory on cracking them!
You need to select the LFSR, then write code to encrypt the EPROM
Quick Start Training
CPLD Encryption Continued
XOR
XOR
XOR
R1
R2
R3
XORInput Stream Key
013 2457 689013 2457 689012
013 2457 689013 2457 68
013 2457 689013 2457 68901
ShiftControl
xy z
c1c2c3
Solution: Make things harder Fancier Stream Ciphers exist, we can make them, too!
Quick Start Training
Trick #2 Hold Back Function
• Retain part of FPGA design in CPLD– Won’t work without CPLD– Reverse eng. CPLD
• Typically control function– FPGA does data
crunching and much control
– CPLD does some, critical control
FPGA*CoolRunner-II CPLD
EPROM
Data
ControlAddress& Control Data
Quick Start Training
Trick #3 Resist Blank EPROM Attack
• CPLD checks for blank EPROM
• Won’t deliver FPGA stream unless– Multiple locations match
internal compares
• Can take several actions– Do nothing– Deliver bogus bitstream– Erase the CPLD!*
FPGA*CoolRunner-II CPLD
EPROM
Data
ControlAddress& Control Data
*details in “cell phone theft” design
Quick Start Training
Summary
• CoolRunner-II Security is not perfect, but it is VERY GOOD!
• You can make designs substantially more expensive to “reverse” engineer
• These have been some ideas on how to use this capability, think up more of your own!
• See session on Cell Phone Theft & CryptoBLAZE• See Security White Paper