| Author |
Message |
Guest
|
 Posted:
Mon Dec 12, 2005 9:15 am Post subject:
Hello PPl, is there a way of locking a design (NGC) to a par |
|
|
We have a very good and expensive design that we want to give freely,
as an NGC file, with our generic FPGA products. How can we make the
design work only on our board.
Our current technology is S3 and the user needs to be able to compile
their project with our NGC file, but on OUR fpga product.
I thought of keeping a key in an external serial memory, but this is
futile if the netlist cost $100K.
Again, the points are:
Very expensive and useful NGC file
Want to avoid reverse engineer and copy to other FPGA stations
What should the best solution be.
Well if we had some die ID, we could hardwired it to the netlist, so
that it checks that everytime it runs.
Any suggestion from you ppl?
Merry xmas and a happy new year 2006 to all of you!
JA |
|
| Back to top |
|
 |
Thomas Stanka
Guest
|
| Posted:
Mon Dec 12, 2005 9:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Why Ngc?
And is it necessary to stay on S3? Maybe you should think about Flash
based Fpgas (Actel, Lattice,..).
bye Thomas |
|
| Back to top |
|
|
Austin Lesea
Guest
|
| Posted:
Mon Dec 12, 2005 5:15 pm Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
http://www.xilinx.com/bvdocs/appnotes/xapp780.pdf
Austin
Thomas Stanka wrote:
| Quote: | Why Ngc?
And is it necessary to stay on S3? Maybe you should think about Flash
based Fpgas (Actel, Lattice,..).
bye Thomas
|
|
|
| Back to top |
|
|
Guest
|
| Posted:
Tue Dec 13, 2005 9:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Thanks,
xapp780 is good food for the mind, and I think we would have to design
our own (Vanilla microcontroller) that would mimic a DS2432 secure
controller-key.
One thing though, would xilinx enhance the security feature of their S3
line? And finally, in case of a virtex2, can a design gain access to
the registers that hold the encryption keys.
In response to Thomas, all our products are X based, so we dont have
many choices. And as we dont want to provide our customers access to
the high level code, the only way to give them a usable core is to have
the design in a compiled obfuscated netlist file.
JA
Austin Lesea wrote:
| Quote: | http://www.xilinx.com/bvdocs/appnotes/xapp780.pdf
Austin
Thomas Stanka wrote:
Why Ngc?
And is it necessary to stay on S3? Maybe you should think about Flash
based Fpgas (Actel, Lattice,..).
bye Thomas
|
|
|
| Back to top |
|
|
I. Ulises Hernandez
Guest
|
| Posted:
Tue Dec 13, 2005 10:54 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Hi,
This Dallas part does look pretty good, it makes it hard enough to hack;
Do you have an idea of small quantity prices...? It's lasered with a unique
number, hopefully they have samples with 'not a unique' number for customers
that only need to give it a whirl...
Thx in advance,
--
Ignacio Ulises Hernandez
" I'm not normally a praying man, but if you're up there, please save me,
Superman!" - Homer Simpson ;O)
<jaxato@gmail.com> wrote in message
news:1134451285.285119.232390@g43g2000cwa.googlegroups.com...
| Quote: | Thanks,
xapp780 is good food for the mind, and I think we would have to design
our own (Vanilla microcontroller) that would mimic a DS2432 secure
controller-key.
One thing though, would xilinx enhance the security feature of their S3
line? And finally, in case of a virtex2, can a design gain access to
the registers that hold the encryption keys.
In response to Thomas, all our products are X based, so we dont have
many choices. And as we dont want to provide our customers access to
the high level code, the only way to give them a usable core is to have
the design in a compiled obfuscated netlist file.
JA
Austin Lesea wrote:
http://www.xilinx.com/bvdocs/appnotes/xapp780.pdf
Austin
Thomas Stanka wrote:
Why Ngc?
And is it necessary to stay on S3? Maybe you should think about Flash
based Fpgas (Actel, Lattice,..).
bye Thomas
|
|
|
| Back to top |
|
|
Antti Lukats
Guest
|
| Posted:
Tue Dec 13, 2005 4:55 pm Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
"I. Ulises Hernandez" <delete@e-vhdl.com> schrieb im Newsbeitrag
news:dnm98l$lsm$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
| Quote: | Hi,
This Dallas part does look pretty good, it makes it hard enough to hack;
Do you have an idea of small quantity prices...? It's lasered with a
unique number, hopefully they have samples with 'not a unique' number for
customers that only need to give it a whirl...
Thx in advance,
|
all 1-wire products *must* have unique number, it is IMPOSSIBLE to something
else
Antti |
|
| Back to top |
|
|
Antti Lukats
Guest
|
| Posted:
Tue Dec 13, 2005 5:16 pm Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
"Ray Andraka" <ray@andraka.com> schrieb im Newsbeitrag
news:WaAnf.17576$Mi5.17212@dukeread07...
| Quote: | Antti Lukats wrote:
all 1-wire products *must* have unique number, it is IMPOSSIBLE to
something else
Antti
Well, not impossible. The codes are customized to the customer. IIRC, it
is a 48 bit code, and part of that number is a unique number assigned to
the customer, and part is a range of numbers assigned to that customer.
You can (or at least you used to be able to) get duplicate numbers within
your range. The codes, as I understand it, are added after the silicon is
manufactured.
The problem with using these in attempt to secure a bitstream is that the
code is not secure...anyone with a data sheet and an oscilloscope or logic
analyzer can extract the serial number easily. Once you have the serial
number, it is nearly trivial to create a circuit that will mimic the
dallas part using what ever serial number you want to use. These parts
are intended for electronic serial numbers, not for secure encryption
keys.
|
Hi Ray,
you are one of the very few I am little bit 'scared' to argue with, but
from maxim:
"Unique, factory-lasered and tested 64-bit registration number assures
absolute traceability because no two parts are alike"
this applies for the 1-wire 64 ROM code what is PRODUCT code + 48 bit serial
+ CRC
normally most "Key" things use only this code as the key, what is TOTAL
bullshit and nonsense as it way easier to copy a dallas memory button then
nornal door-key, having a reader in your lap and placing your hand for a
second would do the job. As soon as you have the 64 bits then its easy to
rebuild the 'emulator' - I have not done that, but I know what it takes.
surprisingly many companies are selling products that use this 64 bit rom
code as security key. one example is Atmel FPLSIC dongle, but there are many
many more.
the suggestion in this thread was to use secure SHA-1 memory for the
protection, not the rom id code. DS2432 includes several nonvalotile areas
that are protected and provide somewhat higher degree of safety. Whatever is
written into those areas can sure be anything.
I have not checked the xilinx bitstream security application for design
flows, it could be that the SHA-1 is not used or not used properly yielding
the actualy protection to near void.
some hard macros from that XAPP I think are not correct at least failed with
ISE 7.1 so I assume that design has not been tested a very big extent. The
random number generator at least will not work out of box (at least not on
all supported fpga families). And ah well the actual protection level
depends on many more aspects if this approuch is used to protect edif or ngc
files the protection level would be lower than protection .bit files
Antti |
|
| Back to top |
|
|
Ray Andraka
Guest
|
| Posted:
Tue Dec 13, 2005 5:16 pm Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Antti Lukats wrote:
| Quote: | all 1-wire products *must* have unique number, it is IMPOSSIBLE to something
else
Antti
Well, not impossible. The codes are customized to the customer. IIRC, |
it is a 48 bit code, and part of that number is a unique number assigned
to the customer, and part is a range of numbers assigned to that
customer. You can (or at least you used to be able to) get duplicate
numbers within your range. The codes, as I understand it, are added
after the silicon is manufactured.
The problem with using these in attempt to secure a bitstream is that
the code is not secure...anyone with a data sheet and an oscilloscope or
logic analyzer can extract the serial number easily. Once you have the
serial number, it is nearly trivial to create a circuit that will mimic
the dallas part using what ever serial number you want to use. These
parts are intended for electronic serial numbers, not for secure
encryption keys. |
|
| Back to top |
|
|
Ray Andraka
Guest
|
| Posted:
Wed Dec 14, 2005 1:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Antti Lukats wrote:
Antti, no reason to be scared of arguing with me. I'm not always right,
you know!
My experience with these 1 wire electronic serial numbers was with
Dallas semiconductor parts almost 15 years ago. In that case, the
company I was working for was able to get duplicates made by Dallas.
Like you mentioned, these offer close to zero security. Any yo-yo with
an ounce of electronics knowledge can obtain the code from it, and it
doesn't take much more than that to make a circuit that will mimic the
serial number. We did for testing in the lab using a PIC microcontroller.
So even with Maxim, it isn't technically impossible to get a duplicate,
it is just made procedurally inconvenient by a company policy,but that's it. |
|
| Back to top |
|
|
JustJohn
Guest
|
| Posted:
Thu Dec 15, 2005 12:11 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
| Quote: | Ray wrote:
Like you mentioned, these offer close to zero security. Any yo-yo with
an ounce of electronics knowledge can obtain the code from it, and it
doesn't take much more than that to make a circuit that will mimic the
serial number.
|
It's not the serial number that offers security, it's the 64-bit key
hidden behind SHA-1. I'm certainly not an expert, but googling turns up
that only recently has SHA-1 been broken:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
and it seems to have been around for quite a while. I don't think that
"any yo-yo" could break a system that has resisted attack for (it looks
like at least) 10 years. |
|
| Back to top |
|
|
Antti Lukats
Guest
|
| Posted:
Thu Dec 15, 2005 1:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
"Ray Andraka" <ray@andraka.com> schrieb im Newsbeitrag
news:cP%nf.30509$Mi5.16830@dukeread07...
| Quote: | Antti Lukats wrote:
XAPP780 uses 2 unrelated on-chip ring oscillators to provide true random
tokens for the security challenge.
those ringoscillators use directed routing constraints and fail to
synthesize :)
Antti
You can instantiate the primitives to obtain a ring oscillator without
having to resort to directed routing. That way, the design can still be
completely specified with your favorite HDL. Been there done that.
The problem with ring oscillators implemented in the FPGA to obtain a
random seed is that the ring oscillators on the same die will tend to
synchronize through coupling of the parasitics, making the relative phases
much less random than an analysis of just the primitives would indicate.
I'm pretty sure Austin has noted this effect here before; I think Xilinx
also saw the effect in the development of their chip testing.
Coincidently, my sister is doing her Master's thesis on the randomness of
random variables generated by a pair of ring oscillators on a Xilinx FPGA.
She hasn't finished the research yet, so I can't tell you what her
findings are. I suppose if you just used one sample long enough after
configuration to allow the relative phases to get away from the starting
point, but soon enough that the ring oscillators haven't synchronized to
one another, you could get a decent random variable. What I don't know is
the limits of that window where the results still have decent random
properties. Perhaps it is good enough to generate a challenge.
|
tuff guy :)
yes I know the ways of doing ring oscillators too, done them in plenty of
different ways - I just said that xapp780 uses directed routing what
is not any more routable, there is no need in that. Another xilinx own
design uses an approuch with 4 sr registers, that works with no
constraints applied at all.
the xap780 "random", well I havent looked it in so detail, but I think
its not done the maximum possible true random, this may need the
ring oscillator to be made way differently and have the frequencies
and co-operation to be adjusted properly to achive the most
true random out of it.
I think that relativly good results can be actually achived.
but no matter how it is done this approuch has way less
protection when used with ngs or edif flow, in bitstream
only version the protection level could be pretty high
if all the system (the security challenge module, and
its integration to the rest) is really designed properly.
attachin some secure device to FPGA doesnt mean
instantly that it makes the design secure, there could
still be means of bypassing even without getting
the keys ever pulled.
Antti |
|
| Back to top |
|
|
Antti Lukats
Guest
|
| Posted:
Thu Dec 15, 2005 1:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
"Ray Andraka" <ray@andraka.com> schrieb im Newsbeitrag
news:8U_nf.30503$Mi5.23903@dukeread07...
| Quote: | JustJohn wrote:
Ray wrote:
Like you mentioned, these offer close to zero security. Any yo-yo with
an ounce of electronics knowledge can obtain the code from it, and it
doesn't take much more than that to make a circuit that will mimic the
serial number.
It's not the serial number that offers security, it's the 64-bit key
hidden behind SHA-1. I'm certainly not an expert, but googling turns up
that only recently has SHA-1 been broken:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
and it seems to have been around for quite a while. I don't think that
"any yo-yo" could break a system that has resisted attack for (it looks
like at least) 10 years.
Maybe I'm missing something here, but with a 1 wire device providing the
key that lets the FPGA function, all you need to do is monitor the bits
that are read out of the device, and then duplicate that bit pattern to
enable the FPGA. Unless the query is different every time the FPGA starts
up (which would either require different bitstreams or different external
stimulus to the FPGA), you just play back the bitstream you recorded off a
known good product. The FPGA itself is deterministic, and other than the
battery backed encryption in V2, there is no key kept in the FPGA that
isn't part of the device configuration.
|
XAPP780 uses 2 unrelated on-chip ring oscillators to provide true random
tokens for the security challenge.
those ringoscillators use directed routing constraints and fail to
synthesize :)
Antti |
|
| Back to top |
|
|
Guest
|
| Posted:
Thu Dec 15, 2005 1:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Actually I believe that the stream is different everytime the design
needs to authenticate. The protection ip contains some pseudo random
number gen and with this, has the ability to generate unique stream. It
would be too obvious to record and playback the same stream.
Ray Andraka wrote:
| Quote: | JustJohn wrote:
Ray wrote:
Like you mentioned, these offer close to zero security. Any yo-yo with
an ounce of electronics knowledge can obtain the code from it, and it
doesn't take much more than that to make a circuit that will mimic the
serial number.
It's not the serial number that offers security, it's the 64-bit key
hidden behind SHA-1. I'm certainly not an expert, but googling turns up
that only recently has SHA-1 been broken:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
and it seems to have been around for quite a while. I don't think that
"any yo-yo" could break a system that has resisted attack for (it looks
like at least) 10 years.
Maybe I'm missing something here, but with a 1 wire device providing
the key that lets the FPGA function, all you need to do is monitor the
bits that are read out of the device, and then duplicate that bit
pattern to enable the FPGA. Unless the query is different every time
the FPGA starts up (which would either require different bitstreams or
different external stimulus to the FPGA), you just play back the
bitstream you recorded off a known good product. The FPGA itself is
deterministic, and other than the battery backed encryption in V2, there
is no key kept in the FPGA that isn't part of the device configuration. |
|
|
| Back to top |
|
|
Ray Andraka
Guest
|
| Posted:
Thu Dec 15, 2005 1:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
JustJohn wrote:
| Quote: | Ray wrote:
Like you mentioned, these offer close to zero security. Any yo-yo with
an ounce of electronics knowledge can obtain the code from it, and it
doesn't take much more than that to make a circuit that will mimic the
serial number.
It's not the serial number that offers security, it's the 64-bit key
hidden behind SHA-1. I'm certainly not an expert, but googling turns up
that only recently has SHA-1 been broken:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
and it seems to have been around for quite a while. I don't think that
"any yo-yo" could break a system that has resisted attack for (it looks
like at least) 10 years.
Maybe I'm missing something here, but with a 1 wire device providing |
the key that lets the FPGA function, all you need to do is monitor the
bits that are read out of the device, and then duplicate that bit
pattern to enable the FPGA. Unless the query is different every time
the FPGA starts up (which would either require different bitstreams or
different external stimulus to the FPGA), you just play back the
bitstream you recorded off a known good product. The FPGA itself is
deterministic, and other than the battery backed encryption in V2, there
is no key kept in the FPGA that isn't part of the device configuration. |
|
| Back to top |
|
|
Ray Andraka
Guest
|
| Posted:
Thu Dec 15, 2005 1:16 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Antti Lukats wrote:
| Quote: |
XAPP780 uses 2 unrelated on-chip ring oscillators to provide true random
tokens for the security challenge.
those ringoscillators use directed routing constraints and fail to
synthesize :)
Antti
|
You can instantiate the primitives to obtain a ring oscillator without
having to resort to directed routing. That way, the design can still be
completely specified with your favorite HDL. Been there done that.
The problem with ring oscillators implemented in the FPGA to obtain a
random seed is that the ring oscillators on the same die will tend to
synchronize through coupling of the parasitics, making the relative
phases much less random than an analysis of just the primitives would
indicate. I'm pretty sure Austin has noted this effect here before; I
think Xilinx also saw the effect in the development of their chip
testing. Coincidently, my sister is doing her Master's thesis on the
randomness of random variables generated by a pair of ring oscillators
on a Xilinx FPGA. She hasn't finished the research yet, so I can't tell
you what her findings are. I suppose if you just used one sample long
enough after configuration to allow the relative phases to get away from
the starting point, but soon enough that the ring oscillators haven't
synchronized to one another, you could get a decent random variable.
What I don't know is the limits of that window where the results still
have decent random properties. Perhaps it is good enough to generate a
challenge. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in