Five Essential Hardware Security Controls for all ...media.synaptic-labs.com/pub/2017-Designs/20170112... · Five Essential Hardware Security Controls for all Commercial SoC FPGA

Synaptic Laboratories Limited

Five Essential Hardware Security Controls for all Commercial SoC FPGA ProjectsThis base-line of security is viable and easy to use today

Benjamin Gittins

M: +356 9944 9390E: [email protected]

2

synaptic-labs.com*

Agenda

• Key Benefits of Intel® SoC FPGA

• Threat Actors, Attack Vectors and Five Essential Base-line Hardware Security Controls

• Protection with Base-line Hardware Security Controls Viable Today

• Summary and Next steps

• Appendices

3

synaptic-labs.com*

Key Benefits of Intel® SoC FPGAin today’s rapidly changing security landscape

• Today: A 1 euro online transaction is expected to have a base-line of security

• In this presentation we explore the minimum ESSENTIAL base-line of hardware security controls for use in all SoC FPGA’s – in all markets - This presentation is designed as a resource that you can download later

» Text in light grey is intended for reading at a later time

- There are links to more information in the slideshow appendices- You can see me or my colleagues today at the Intel stand- There are brochures for you to take away

4

synaptic-labs.com*


• Today:The incidence and cost of cyber attacks is escalating rapidly - Some reports estimate costs may exceed

USD $ trillions per year (3)

• All sectors of the community, from individuals to Governments and global markets, are increasingly security conscious- Some reports estimate security expenditure may reach

USD $1 Trillion over next 5 years (3)

5

synaptic-labs.com*


• Today: You can easily employ the five base-line hardware security controlsprovided by Intel and/or its partners in new and retro-fit SoC FPGA designs to Secure your products by default against a wide range of low-cost, high-impact attack vectorsAt a negligible cost of ownership

6

synaptic-labs.com*

Key Benefits of Intel® SoC FPGAs over conventional microcontroller units

• A key advantage is that they:Permit the precise mapping of your product’s functionality seamlessly across hardware and software to best meet your product’s:- Cost- Performance - Safety- Security needs

7

synaptic-labs.com*


• Advantageously, the tight coupling between thehard processor system and the FPGA fabric:- Significantly reduces the

attack surface area of your productIntel®FPGAFabric

Intel®HPS ✓

8

synaptic-labs.com*


• Advantageously, the tight coupling between thehard processor system and the FPGA fabric:- Significantly reduces the

attack surface area of your product- Eliminates the need for cryptographically secure

encryption and authentication of the memory transfer requests issued between the ARM* cores and the logic in the FPGA fabric of Intel SoC FPGA§ This results in a higher-performance, lower design cost,

lower implementation cost, lower-power productwhen compared to coupling an External MCU with an FPGA

Intel®FPGAFabric

Intel®HPS ✓

9

synaptic-labs.com*


• You are in greater control of your product’s architecture, behavior, and security:- SoC FPGAs permit you to

take advantage of hardware acceleration of your software

10

synaptic-labs.com*


• You are in greater control of your product’s architecture, behavior, and security:- SoC FPGAs permit you to

take advantage of hardware acceleration of your software, (e.g. by using Intel® FPGA SDK for OpenCL* and/or DSP Builder for Intel FPGAs)without increasing your attack surface areadue to the use of an external microcontroller unit (MCU)

- Take advantage of the FPGA fabric to implement and control real-time peripherals with robust time and address space partitioning to ensure clock-cycle deterministic operation of those safety critical functionswith higher levels of correct operation then when compared tosoftware running on a MCU.

11

synaptic-labs.com*


• Intel® SoC FPGA offer you many benefits:- Employ NEW security controls that

may become available in response to the constantly EVOLVING, ADAPTIVE security threat landscape

- Employ the latest hardware functionality and performance enhancementsto improve the value-proposition of your product in the market

12

synaptic-labs.com*


• For example:- Upgrading Intel® SoC FPGA-based Internet of Things (IoT) devices

in the field to support evolving standards,such as secure communications protocols,to stay safe and relevant in the market

- See the appendix of this slide show for another example

13

synaptic-labs.com*

Agenda





• Appendices

14

synaptic-labs.com*

Three Broad Types of Threat Actors Managed

risk

YOUR DEPLOYED PRODUCT

Reprogram FPGA or flash memory over JTAG*, ...

Insiders

15

synaptic-labs.com*


risk risk



Reprogram FPGA or flash memory

over a network, ...

Insiders Outsiders

16

synaptic-labs.com*


risk risk


risk

Reprogram FPGA or flash memory

over a network, ...

Combining technical expertise with physical accessibility


Insiders Outsiders

Insiders and Outsiders colluding

17

synaptic-labs.com*


"Cyber threats today are a reality that will prove devastating unless you take preventative steps now to protect your embedded devices ... [by implementing] security into the device itself ... [because a] secure perimeter is not enough."

risk risk


risk

*

18

synaptic-labs.com*

Three Broad Types of Threat Actors Managedrisk risk


risk

• Insider and collusion attacks are a universal type of problem that should NOT be ignored

• The global audit firm KPMG*(1) asserts: - 90% of all fraud is by insiders or ex-insiders- 74% of fraud over $1 million is by insiders

acting alone or in collusion with outsiders

- Weak internal security controls are a contributor in 61% of cases

19

synaptic-labs.com*

Attacks Managed

• The five essential base-line hardware security controls manage key attacks, including:- Malware injection- Unauthorised monitoring / data theft- Reverse engineering of IP

20

synaptic-labs.com*

Attacks Managed

• The five essential base-line hardware security controls manage key attacks, including:- Malware injection- Unauthorised monitoring / data theft- Reverse engineering of IPOver multiple communication paths:- JTAG* pins (USB JTAG*)- Various types of flash memory- Ethernet* (Remote FPGA programming)

Flash Memory

Intel®FPGAFabric

ARM*

coreARM*

coreSystemManager

FPGAManager

JTAG*

USB Ethernet*

JTAG* pins

21

synaptic-labs.com*

Five Essential Hardware Security Controls at Negligible Cost

1. Intel® “Tamper Protection Mode” in SoC FPGA - Freely available, easy to use - You simply load key material

into the FPGA device FPGAMonitor FPGA

HW

Intel® SoC FPGA

22

synaptic-labs.com*


1. Intel® “Tamper Protection Mode” in SoC FPGA - Freely available, easy to use - You simply load key material

into the FPGA device- Employs:

§ one-time-programmable fuses to store the key material in the FPGA (easy retrofitting)

or § An external battery source for maintaining

the value of keys stored in the volatile key storage module of the FPGA

FPGAMonitor FPGA

HW

Intel® SoC FPGA

23

synaptic-labs.com*


1. Intel® “Tamper Protection Mode” in SoC FPGA

FPGAMonitor FPGA

HW

Intel® SoC FPGA

24

synaptic-labs.com*



FPGAMonitor FPGA

HW

Intel® SoC FPGA

FPGAconfiguration

file

25

synaptic-labs.com*



FPGAMonitor FPGA

HW

Intel® SoC FPGA

FPGAconfiguration

file

Encrypt and/or

authenticateconfiguration

file

®

26

synaptic-labs.com*


FPGAMonitor FPGA

HW

FPGAconfiguration

file

Encrypt and/or


file

Intel® SoC FPGA

®

Storeand

forward(e.g. at power-on)

Memory or Configuration

Device


27


synaptic-labs.com*


FPGAMonitor FPGA

HW

Intel® SoC FPGA

Ensure the FPGA monitoris configured to rejectunencrypted and/or

unauthenticated configuration files

during deployment

FPGAconfiguration

file

Encrypt and/or


file

®

Storeand

forward(e.g. at power-on)

Memory or Configuration

Device

28

synaptic-labs.com*


FPGAMonitor FPGA

Fabric

- The encryption of the FPGA configuration file protects its contents against reverse engineering when at rest and when in transit to the FPGA device

Intel® SoC FPGA1. Intel® “Tamper Protection Mode” in SoC FPGA

29


synaptic-labs.com*


FPGAMonitor FPGA

Fabric

- By configuring the FPGA’s monitor circuit to REJECT unencrypted and/or unauthenticated configuration bitstreamsthe SoC FPGA resists malware injection into the FPGA configuration bitstream after deployment

✘Malware

Intel® SoC FPGA

30

synaptic-labs.com*



FPGAMonitor FPGA

Fabric

- Protection against the over-manufacture of your device can also be achieved by separating the roles and responsibilities with regard to each of:

- The loading of key material into the FPGA- The physical manufacture of the device- The programming of encrypted FPGA configuration files

Intel® SoC FPGA

31

synaptic-labs.com*


2. Intel® Secure Boot controls for your specific SoC FPGA device- Freely available, easy to use- Provides a hardware root of trust

for ARM* software- Employs:

§ a Boot ROM in the hard processor system (HPS)

§ user key material stored securely in the FPGA manager

§ the AES* decryption hard macro in the FPGA manager

§ other security controls that may be implemented in the FPGA fabric

ARM*

coreARM*

coreSystemManager

FPGA Manager

Keys

AES HW

Boot ROM

Additional secure boot controls may be

implemented in the FPGA fabric

Intel®FPGA Fabric

Intel® SoC FPGA

32

synaptic-labs.com*


HPS – ARM* Core(s)

FPGAFabric

✘FPGAMonitor

Intel® SoC FPGA

Malware

2. Intel® Secure Boot controls for your specific SoC FPGA device

- Intel’s secure boot controls for the hard processor system (HPS) secures the first stages of the ARM* software boot process

- The developer is then responsible for extending the secure boot flow down to the executive system. The developer may employ the use of security IP provided by Intel® and/or its partners

33

synaptic-labs.com*


3. Inline Memory Encryption- Third party IP implemented in the FPGA fabric

Intel® SoC FPGA

ARM*or

Nios® II /e or /for

Peripheral

Memory Controller Encrypted

region of memory

AES INLINE

MEMORY ENCRYPTOR

34

synaptic-labs.com*


3. Inline Memory Encryption- Third party IP implemented in the FPGA fabric

§ Automatically encrypts and decrypts data written to and read from external memory using the NIST* AES cipher without modifying the software

Intel® SoC FPGA

ARM*or

Nios® II /e or /for

Peripheral

Memory Controller Encrypted

region of memory

AESINLINE

MEMORY ENCRYPTOR

35

synaptic-labs.com*

Use Case 1:• Off-chip flash memory is typically the most exposed and

most easily attacked type of external memory connected to an SoC FPGA device

HPS FPGA Fabric

Intel® SoC FPGA

Flashcontroller

EPCQEPCS

Encrypted FPGA

configuration

Highly vulnerable

off-chip flash

contents

Code & Data

ARM*Core

36

synaptic-labs.com*

Use Case 1:• Employ Inline Memory Encryption to automatically protect the firmware

and data stored on vulnerable FLASH memory without modifying SW

HPS FPGA Fabric

Intel® SoC FPGA

Flashcontroller

EPCQEPCS

Encrypted FPGA

configuration

EncryptedARM*

FirmwareARM*Core

S/Labs*INLINE

ENCRYPTORSMEM-T001

From 209 ALMand 1 ROM Encrypted

Data

All code and data on highly

vulnerable off-chip flash is

now protected

37

synaptic-labs.com*

Use Case 1:• Employ Inline Memory Encryption to automatically protect the firmware

and data stored on vulnerable FLASH memory without modifying SW• Use to extend the Intel® Secure Boot Flow for the ARM* cores

by transparently decrypting executive software stored in EPCQ flash

HPS FPGA Fabric

Intel® SoC FPGA

Flashcontroller

EPCQEPCS

Encrypted FPGA

configuration

EncryptedARM*

FirmwareARM*Core

S/Labs*INLINE

ENCRYPTORSMEM-T001

From 209 ALMand 1 ROM Encrypted

Data

38

synaptic-labs.com*

Use Case 2: Nios® II Co-Processor • Also automatically and continuously protects firmware and data, and

provides a Secure Boot Flow for the Nios® II core

HPS FPGA Fabric

Intel® SoC FPGA

Altera®flash

controller

EPCQEPCS

Encrypted FPGA

configuration

EncryptedARM*

FirmwareARM*Core

Encrypted Data

S/Labs*INLINE

ENCRYPTORSMEM-T001

From 209 ALMand 1 ROM

Nios® II core/e or /f

Encrypted Nios® IIFirmware

Nios® II

39

synaptic-labs.com*


3. Inline Memory Encryption

HPS FPGA Fabric

Intel® SoC FPGA

Flashcontroller

Encrypted FPGA

configuration

EncryptedFirmwareCore

S/Labs*INLINE

ENCRYPTOR

EncryptedData

- Encryption of the firmware and other data stored on the flash memory protects that information against reverse engineering and theft when at rest and in flight

40

synaptic-labs.com*


3. Inline Memory Encryption to resist malware injection

- Any executable code (i.e. malware) injected and stored in cleartext on the flash memory will be mangled when read through the inline memory encryptor

- Mangling prevents its successful execution

HPS FPGA Fabric

Intel® SoC FPGA

Flashcontroller

Encrypted FPGA

configuration

CoreS/Labs*INLINE

ENCRYPTOR

✘ Malware

41

synaptic-labs.com*


4. Intel® security controls on the maintenance and debug ports- Freely available, easy to use

JTAG*

✘

42

synaptic-labs.com*


4. Intel® security controls on the maintenance and debug ports- Freely available, easy to use - In Cyclone® V through Stratix® 10 devices:

§ Turning on the Intel® “Tamper Protection Mode” automaticallyturns on JTAG* secure mode. This restricts the number of JTAG* instructions available from the external JTAG* port

JTAG*

✘

43

synaptic-labs.com*


4. Intel® security controls on the maintenance and debug ports- Freely available, easy to use - In Cyclone® V through Stratix® 10 devices:

§ Turning on the Intel® “Tamper Protection Mode” automaticallyturns on JTAG* secure mode. This restricts the number of JTAG* instructions available from the external JTAG* port

§ In high security applications it is easy to disable JTAG* and Debug ports to stop all types of access

§ These controls can be enabled and disabledfrom within the FPGA fabric at run-time

JTAG*

✘

44

synaptic-labs.com*


4. Intel® security controls on the maintenance and debug ports- Freely available, easy to use - In Stratix® 10 devices:

§ It is easy to turn on mandatory cryptographic authentication of all debug and maintenance inputs

§ Win both security and functionavailability simultaneously

JTAG* ✓✘

45

synaptic-labs.com*


4. Intel® security controls on the maintenance and debug ports

- The JTAG* communication port is used in many ways to make the development of your software and hardware IP easier

- LOCK DOWN the JTAG* port to make it harder for malware developers and other attackers

✘JTAG*

✘Hack

46

synaptic-labs.com*


5. ARM* TrustZone*- A type of hardware-based

address space partitioning control- Freely available- Embedded in the

hard processor system

software software

TrustedNon trusted

data

hardware

data

hardware

- Also consider using HW based Memory Management Unit as a security control- For Stratix® 10 SoC, also see: ARM Virtualization Extensions (ARM-VE)

47

synaptic-labs.com*


5. ARM* TrustZone*- Freely available- Embedded in the

hard processor system- TrustZone* employs hardware

controls to create secure and non-secure worldsthat are isolated from each other

software software

TrustedNon trusted

data

hardware

data

hardware

48

synaptic-labs.com*


5. ARM* TrustZone*- Freely available- Embedded in the

hard processor system- TrustZone* employs hardware

controls to create secure and non-secure worldsthat are isolated from each other

- Software and peripherals reside in either the secure world or the non-secure world

software software

TrustedNon trusted

data

hardware

data

hardware

49

synaptic-labs.com*


5. ARM* TrustZone*- TrustZone* controls are easiest

to employ by using mainstreamexecutive systems

software software

TrustedNon trusted

data

hardware

data

hardware

50

synaptic-labs.com*


5. ARM* TrustZone*- TrustZone* controls are easiest to employ by using

mainstream executive systems such as:

§ Wind River® VxWorks®§ SYSGO* PikeOS* § Mentor Graphics* Embedded Hypervisor* § Green Hills Software* INTEGRITY* Secure Virtualisation § Various Linux* distributions § Many others...

* * *

This information is being provided by Synaptic Labs as an accommodation and for guidance purposes only. Synaptic Labs’ makes no representations, warranties or guaranties, implied or express, as to the information contained herein, including as to the accuracy or completeness. Nor may you rely upon the information contained herein for any purpose. In accordance with US law, all exporters and re-exporter's of Altera products remain responsible for determining the classifications, license exceptions and licensing requirements,and compliance with applicable U.S. export regulations.

(Not listed in any particular order)

(TrustZone*-based secure boot, ARM VE)

(Secure world, ARM VE, ITAR free)

(Secure world, ITAR free)

(Non-secure world only)

(Secure world, ARM VE, ITAR free)

51

synaptic-labs.com*


5. ARM* TrustZone*- Reduces the severity

of buffer overflow attacks in the non-secure world

§ TrustZone* hardware prevents (compromised) software running in the non-secure world from accessing memory or peripherals in the secure world

Hacksoftware software

TrustedNon trusted

data

hardware

data

hardware

✘

52

synaptic-labs.com*

Agenda





• Appendices

53

synaptic-labs.com*

Protect Against the Known Lower Cost Attack Vectorswith Five Essential Hardware Security Controls from Intel and Their Partners

54

synaptic-labs.com*

Protect Against the Known Lower Cost Attack Vectors

• With zero to low negative impact on:- Developer costs:

§ Suitable for use by “mere mortals”Tutorials and guides are provided

§ Expert support from Intel’s FAE team for Intel’s security controls

§ Does NOT require information security experts to turn on or implement these controls

§ EASY for projects to enable or employ in new and retrofitted designs

55

synaptic-labs.com*


• With zero to low negative impact on:- Developer costs- Licensing costs:

§ Four of the five HW security controls are embedded in Intel® SoC FPGA for FREEYou can enable them without any extra licences needed

§ The other HW security control is a Qsys component with low license costs

56

synaptic-labs.com*


• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost:

§ Four of the five controls are embedded in the Intel® SoC FPGA silicon and do NOT consume any FPGA circuit area

57

synaptic-labs.com*


• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost:

§ The fifth HW control is an inline memory encryptor for flash. Synaptic Labs* offer a very low circuit area solution (from ~210 ALM)

~210 ALM is only ~2% of the smallest Cyclone® V SoC device

Additional IP is available from S/Labs* to reduce resource usage elsewhere in a Qsys project (such as in the interconnect) to reduce or eliminate the overhead of this security module to facilitate retrofitting inline memory encryption for flash into resource constrained designs. See the appendix of this slide show for more details.

58

synaptic-labs.com*


• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost- Software performance is NOT impacted:

§ All 5 HW security controls have (or can be configured to have) practically NO impact on software performance

59

synaptic-labs.com*


• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost- Software performance- Hardware performance is NOT impacted:

§ All five hardware security controls have practically NO impact on the performance of other hard or soft macros IP in your project

60

synaptic-labs.com*


• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost- Software performance- Hardware performance- Maintenance in the field is NOT impacted:

§ All five controls are set or implemented once and continue to operate without day-to-day monitoring resulting in no extra burden for customers

61

synaptic-labs.com*

Protect Against the Known Lower Cost Attack VectorsThese Five Hardware Security Controls in Intel® SoC FPGAs:

• Have no ‘military grade’ issues - Intel’s commercial grade SoC FPGA’s

employ embedded security controls and are marketed in most countries

- We are advised by Intel PSG that enabling the security controls embedded in an Intel® SoC FPGA device does NOT activate U.S. ITAR export controls

This information is being provided by Synaptic Labs as an accommodation and for guidance purposes only. Synaptic Labs’ makes no representations, warranties or guaranties, implied or express, as to the information contained herein, including as to the accuracy or completeness. Nor may you rely upon the information contained herein for any purpose. In accordance with US law, all exporters and re-exporter's of Altera products remain responsible for determining the classifications, license exceptions and licensing requirements,and compliance with applicable U.S. export regulations.

62

synaptic-labs.com*

Employing Security in FPGA is Easy and Viable Today

• Failure to enable hardware security functionality that is freely availablein the device, to protect against low cost, high-impact attack vectors, is ‘unreasonable’

• Failure to enable those security controls exposes companies to various avoidable risks and costs in the event of a breach — including:- loss of customer loyalty, - government fines if client data is stolen, - increased insurance premiums, - and so on...

63

synaptic-labs.com*

Easy to Communicate the Five Controls and Their Security Value Proposition

• To your stakeholders:- To your own management and sales people- To your customers

• Easy for your customers to explain to their stakeholders - To their own customers, shareholders, auditors and regulatory authorities

• To show that the available, low cost security capabilities are enabled • To protect against the known attack vectors

Of course: A safety and security risk analysis should be performed by your company to determine if additional security controls may be required

64

synaptic-labs.com*

Agenda




• Summary and Next Steps

• Appendices

65

synaptic-labs.com*

Summary and Next Steps

• Today, everyone expects a base-line of security to be present in commercial products and systems

66

synaptic-labs.com*


• You can easily employ the five base-line hardware security controlsprovided by Intel® and/or its partners

67

synaptic-labs.com*


• You can easily employ the five base-line hardware security controlsprovided by Intel® and/or its partners- In new and retro-fit SoC FPGA designs

- To secure your products by default against a wide range of low-cost, high-impact attack vectors

- At a negligible cost of ownership

- To increase the value proposition of your product

68

synaptic-labs.com*


• Remember, this presentation is designed as a resource that you can download later - There are links to more information in the appendices

- For example, to technical information on how to implement these security controls

- You can see me or my colleagues at the Intel stand today

- There are some brochures for you to take away

- Your Intel® Field Application Engineer (FAE) can also assist

69

synaptic-labs.com*

Additional Sources of Information

Meet us at the Intel PSG demo table in the exhibit hall.

More web based info (Context):(1) KPMG. Cyber security a failure of imagination by CEOs. White paper. Publication number: 132969-G. Dec 2015 (2) J. Gelinne, et al. “The hidden costs of an IP breach: Cyber theft and the loss of intellectual property”,

Deloitte Review issue 19, July 2016. (3) Steve Morgan, “Hackerpocalypse: A Cybercrime Revelation”, Herjavec Group, Q3 2016

More web based info (Technical):(4) Huffmire, T., et al, “Handbook of FPGA Design Security”, Springer Netherlands, 2010(5) Badrignans, B., et al, “Security Trends for FPGAs. From Secured to Secure Reconfigurable Systems”, Springer Netherlands, 2011(6) Altera AN-556, “Using the Design Security Features in Altera FPGAs”, June 2016(7) Altera AN-680, “Product Security Features for Altera Devices”, Jan 2015(8) Ryan Kenny, “SoC FPGA Hardware Security Requirements and Roadmap” ISDF16 SF, Aug 2016(9) Rodney Frazer, “SoC FPGA Secure Boot”, SW session, ISDF16 SF, Aug 2016(10) Rodney Frazer, “SoC FPGA Secure Boot”, HW session, ISDF16 SF, Aug 2016

....

70

synaptic-labs.com*

Additional Sources of Information

More web based info (Technical):(11) Altera CV_5v4, “Cyclone V Hard Processor System Technical Reference Manual”, May 2016(12) Altera AN-709, “HPS SoC Boot Guide - Cyclone V SoC Development Kit”, Jan 2016(13) Altera UG-1171, “Arria 10 SoC Boot User Guide”, Oct 2015(14) Altera AN-759, “Arria 10 SoC Secure Boot User Guide”, March 2016 (15) Synaptic Labs Inline Memory Encryptor IP for Qsys - www.synaptic-labs.com(16) http://www.arm.com/products/security-on-arm/trustzone(17) Felix Baum, “Securing Modern-Day Devices within Embedded Virtualization and ARM TrustZone Technology”, 2015, TECH 12360-w(18) Robert Bates, “Building Functional Safety and Security into Modern IIoT Enterprises and Ecosystems”, 2016, TECH 14410-w(19) Felix Baum, Alan Grau, “Developing Industrial Control Systems which meet Security and Regulatory Requirements”, Webinar (20) http://www.windriver.com/products/vxworks/(21) Michel Chabroux, “Building Secure, Connected, RTOS-based IoT Devices”, ISDF16 SF, Aug 2016(22) http://www.sysgo.com/products/pikeos-hypervisor/(23) http://www.mentor.com/embedded-software/hypervisor/(24) http://www.ghs.com/products/rtos/integrity_virtualization.html(25) Iisko Lappalainen, “Technologies for Securing Intel® SoC FPGAs using an Embedded Linux* System”, ISDF16 SF, Aug 2016(26) https://www.altera.com/products/soc/portfolio/cyclone-v-soc/ecosystem.html(27) Tehranipoor, M., et al, “Introduction to Hardware Security and Trust”, Springer New York, 2012

71

Benjamin GITTINSMobile: +356 9944 9390

www.synaptic-labs.comFindAppendiceson the nextfew slides

[email protected]

72

synaptic-labs.com*

Agenda





• Appendices

73

synaptic-labs.com*

Adding inline-encryption in resource constrained FPGA projectsS/Labs inline memory encryptor for EPCQ flash (SMEM-T001) offers a range of throughput / circuit area configurations enabling efficient instantiations for a wide range of different projects. S/Labs also offers a wide range of IP for Qsys that can be used to reduce the resource usage of a typical Qsys project. E.g. by reducing the circuit area required to implement the interconnect. Reductions in circuit area won using S/Labs’ IP can be larger then the amount of circuit area required to instantiate SMEM-T001 in some projects. Reductions in circuit area facilitate retrofitting inline memory encryption for flash in severely resource constrained designs. Additionally, S/Labs growing range of IP for the Qsys ecosystem can result in high-clock speed designs and/or lower pipeline stages to further improve system performance. Visit synaptic-labs.com to explore our latest portfolio of solutions...

HPS

FPGA

Altera®flash

controller

Encrypted FPGA

configuration

EncryptedARM*

Firmware

Encrypted Data

Encrypted Nios® II Firmware

EPCS/EPCQflash memory

Intel® SoC FPGA

S/Labs* non-burst to

burst converterprovides burstaccess to flash

while eliminatingunnecessary burstlogic elsewhere in the interconnect

Nios® II/f

non-burst

ARM*Core

S/Labs*INLINE

ENCRYPTORSMEM-T001

From 209 ALMand 1 ROM

S/Labs* on-chipSRAM IP efficiently

allocates non-base 2regions of memory

with lower circuit area

S/Labs* Avalon-MM

interconnect technologies

replace parts of the Avalon Merlin

Interconnect toreduce circuit area

74

Nios® II/e

InlineMemory

Encryptor

for EPCQ flash with secure boot

ARM*Nios® II/eNios® II/f

Level 1 Caches

Up to 69x faster SW performanceFor SDRAM and on/off-chip flash

System Caches

for sharedcaching ofSDRAM


Efficienton-chip SRAM

Allocator

Save up to ~50% SRAM

Avalon Interconnect*

Enhancements

Save <36% circuit area, higher clock speeds, etc



MAX® 10on-chip Flash Accelerator

Up to 6.3x faster SW performance

New and Advanced Soft IP (Qsys) for theARM* and Nios® II Ecosystems on Intel® FPGA

• Security – a very small, high performance, low cost COTS inline flash encryptor for EPCQ flash• Software performance – with a range of advanced caches and interconnects • Memory usage – with finer grain on-chip SRAM allocation to save SRAM• Circuit area usage – better results in less circuit area• Clock speeds – fine grain pipelining controls facilitate easier place-and-route and timing sign-off

Improve the Value Proposition of Your New and/or Existing Products

Nios® II/f

SIGNIFICANTLY IMPROVES:–Adding security is

not a burden

synaptic-labs.com *

For more information and FREE trials

*

75

synaptic-labs.com*

Security IP Intel® Tamper Protection

Securitymeans Encryption

Sources Flash / SD card, JTAG*, Remote system upgrade

Devices All Intel® SoC FPGA, All modern Intel® FPGA

HardwareCost

FreeEmbedded in silicon

Developer Cost

Low effortLow cost

Retrofit Effort Easy

Intel® Tamper Protection ModeProtects the IP in the FPGA bitstream against reverse engineering

Encryption of the FPGA configuration file protects its contents against reverse engineering when at rest and when in transit to the FPGA device

FPGAMonitor FPGA

Fabric

76

synaptic-labs.com*

Intel® Tamper Protection ModeProtects against malware being injected through the FPGA bitstream

FPGAFabric

To achieve this, the FPGA’s monitor circuit must be configured to reject unencrypted and/or unauthenticated configuration bitstreams.

✘FPGAMonitor

Security IP Intel® Tamper Protection

Securitymeans Authentication



HardwareCost


Developer Cost

Low effortLow cost


Malware

77

synaptic-labs.com*

Intel® Secure Boot Flow ProcessProtects against malware injection during the ARM* boot process

HPS – ARM* Core(s)

FPGAFabric

Intel’s secure boot controls for the HPS secures the first stages of the ARM* software boot process.The user is then responsible for extending the secure boot flow down to the executive system. The user may employ the use of security IP provided by Intel and/or its partners

Security IP Intel® Secure Boot Controls for the HPS

Securitymeans

Encryption and/orAuthentication


Devices All Intel® SoC FPGA

HardwareCost


Developer Cost

Low effortLow cost

Retrofit Effort Relatively easy

FPGAMonitor

Malware ✘

78

synaptic-labs.com*

Security IP S/Labs* Inline Memory Encryptor


Sources EPCQ / EPCS flash


HardwareCost

Low: <~210 ALM + 1 ROM+ low cost license

Developer Cost

Low effortLow cost


S/Labs* Inline Memory EncryptorProtects the software and data stored on flash from reverse engineering

Encryption of the firmware and other data stored on the flash memory protects thatinformation against reverse engineering and theft

HPS FPGA Fabric

Intel® SoC FPGA

Flashcontroller

Encrypted FPGA

configuration

EncryptedFirmwareCore

S/Labs*INLINE

ENCRYPTOR

EncryptedData

79

synaptic-labs.com*

S/Labs* Inline Memory EncryptorResists attackers modifying the software on flash to inject malware

The encryption controls of the inline memory encryptor transform executable code containing malware stored in the flash in way that prevents it from being successfully executed on the processor core

Security IP S/Labs* Inline Memory Encryptor


Sources EPCQ / EPCS flash


HardwareCost

Low: <~210 ALM + 1 ROM+ low cost license

Developer Cost

Low effortLow cost


HPS FPGA Fabric

Intel® SoC FPGA

Flashcontroller

Encrypted FPGA

configuration

CoreS/Labs*INLINE

ENCRYPTOR

✘ Malware

80

synaptic-labs.com*

Intel® security controls for the JTAG* port Prevent attackers exploiting developer access ports as back doors...

The JTAG* communication port is used in many ways to make the development of your software and hardware IP easier

Lock down the JTAG* port to make malware developers life harder

Security IP Intel® security controls on the maintenance and debug ports

Securitymeans Access control

Sources JTAG

Devices All Intel® SoC FPGA,All modern Intel® FPGA

HardwareCost


Developer Cost

Low effortLow cost


✘JTAG*

✘Hack

81

software software

TrustedNon trusted

data

hardware

data

hardware

synaptic-labs.com*

ARM* TrustZone*Reduces the severity of buffer overflow attacks in the non-secure world

TrustZone* hardware prevents (compromised) software running in the non-secure world from accessing memory or peripherals in the secure world

Security IP ARM* TrustZone*

Securitymeans Hardware virtualisation

Sources All bus-masters in the “non-secure” world

Devices All Intel® SoC FPGA

HardwareCost


Developer Cost

Low effort when using existing RTOS / OS

Retrofit Effort Varies

✘Hack

Documents

Five Essential Hardware Security Controls for all ...media.synaptic-labs.com/pub/2017-Designs/20170112... · Five Essential Hardware Security Controls for all Commercial SoC FPGA