How to protect my Virtex5 design without battery?
in [FPGA]
|
Prev: fsm coding question
Next: Seeking some advice
From: vcar on 29 Dec 2009 02:49 For certainreasons, I could not use battery on my board, so the Virtex5 bitstream encryptioncould not be used. In this situation, what could I do to protect my design on areasonable level? My design hasVirtex5 and XCF16P, and the two devices are linked on JTAG chain, and I programXCF16P with my design through JTAG chain. I have set the security options inboth BitGen and iMPACT utilities, so I can prevent any JTAG readback/partialreconfiguration though JTAG chain. However I have the following questions: 1. Although inhardware, XCF16P will be disabled after configuration is done. But with minorfly wire modifications in hardware, the attacker could access XCF16P afterconfiguration. And I found that using the combination of USER_ACCESS_VIRTEX5 +STARTUP_VIRTEX5 could make FPGA read back data from XCF16P, it is possible? 2. Since Idisabled the possibility of reading back via JTAG, need I initiateBSCAN_VIRTEX5 + ICAP_VIRTEX5 and clear the entire FPGA once JTAG chain activityis found? Thanks a lot!
From: Frank Buss on 29 Dec 2009 03:29 vcar wrote: > For certainreasons, I could not use battery on my board, so the > Virtex5 bitstream encryptioncould not be used. In this situation, what > could I do to protect my design on areasonable level? I don't know the answers to your questions, but I guess an attacker could at least just desolder the XCF16P and reading it like the FPGA does when booting, so even the read protection bit of the flash is useless. If you want to secure your device, I would use something like the DS2401. This provides a unique id. You could save this in the flash and compare it from the FPGA with the chip. The chip is available in packages which looks like a capacitor or diode: http://search.digikey.com/scripts/DkSearch/dksus.dll?Detail&name=DS2401X1CT-ND I've written some VHDL code for reading the one-wire id: http://www.frank-buss.de/vhdl/spartan3e.html (see the DS2432 ROM id reader in the zip file) -- Frank Buss, fb(a)frank-buss.de http://www.frank-buss.de, http://www.it4-systems.de
From: glen herrmannsfeldt on 29 Dec 2009 05:12 Frank Buss <fb(a)frank-buss.de> wrote: > vcar wrote: >> For certainreasons, I could not use battery on my board, so the >> Virtex5 bitstream encryptioncould not be used. In this situation, what >> could I do to protect my design on areasonable level? Protecting against exact clones is difficult. In many cases, decoding the bits back to logic is hard enough not to worry about that. > I don't know the answers to your questions, but I guess an attacker could > at least just desolder the XCF16P and reading it like the FPGA does when > booting, so even the read protection bit of the flash is useless. If you > want to secure your device, I would use something like the DS2401. This > provides a unique id. You could save this in the flash and compare it from > the FPGA with the chip. The chip is available in packages which looks like > a capacitor or diode: As long as they don't read this newsgroup and know what to look for... -- glen
From: Frank Buss on 29 Dec 2009 06:47 glen herrmannsfeldt wrote: > As long as they don't read this newsgroup and know what to look for... You are right. And if an attacker has the money to clone a Virtex design, this just delays the cloning process a bit. But the AES encryption integrated in Virtex devices is better. It's a pity that the key can't be stored in non-volatile memory inside the chip. Another idea against cloning would be to implement a challenge response protocol with an external small microcontroller, e.g. a hash function, where the microcontroller adds some bytes before hashing. If the microcontroller has some protection, then the attacker would need at least an electron microscope (assuming that it is not easy to extract the logic from the programming byte stream for the Virtex). -- Frank Buss, fb(a)frank-buss.de http://www.frank-buss.de, http://www.it4-systems.de
From: vcar on 29 Dec 2009 21:42
On 12ÔÂ29ÈÕ, ÏÂÎç6ʱ12·Ö, glen herrmannsfeldt <g...(a)ugcs.caltech.edu> wrote: > Frank Buss <f...(a)frank-buss.de> wrote: > > vcar wrote: > >> For certainreasons, I could not use battery on my board, so the > >> Virtex5 bitstream encryptioncould not be used. In this situation, what > >> could I do to protect my design on areasonable level? > > Protecting against exact clones is difficult. In many cases, decoding > the bits back to logic is hard enough not to worry about that. > > > I don't know the answers to your questions, but I guess an attacker could > > at least just desolder the XCF16P and reading it like the FPGA does when > > booting, so even the read protection bit of the flash is useless. If you > > want to secure your device, I would use something like the DS2401. This > > provides a unique id. You could save this in the flash and compare it from > > the FPGA with the chip. The chip is available in packages which looks like > > a capacitor or diode: > > As long as they don't read this newsgroup and know what to look for... > > -- glen Hi, glen. My point is to protect my board from cloning, so the attacker do not need to decoding bit stream back to logic. Once they obtain the bit stream, they can produce my board themselves. I could not protect the PCB from cloning, so I have to do something on my bit stream. Otherwise it is very easy to copy my board. |