| Author |
Message |
Ray Andraka
Guest
|
 Posted:
Thu Dec 15, 2005 1:16 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
jaxato@gmail.com wrote:
| Quote: | Actually I believe that the stream is different everytime the design
needs to authenticate. The protection ip contains some pseudo random
number gen and with this, has the ability to generate unique stream. It
would be too obvious to record and playback the same stream.
|
Right, but where is that PR generator getting its seed? If it starts
with the same seed every time, it will produce the same sequence every
time, and therefore the same challenge. There is nothing in the FPGA
that comes up in a random state, so in order to have a non-deterministic
challenge, you need to supply a random seed from outside the FPGA.
Antti did mention using a pair ring oscillators to generate the random
challenge, which will generate something that is not as deterministic as
a digital pseudo random generator. The randomness of a RV generated
by a pair of ring oscillators depends on the frequencies and phase of
those oscillators being independent. When they exist on the same chip,
the parasitics of the ring oscillator circuits will couple and tend to
get them to sync up, so at least in the long term, the randomness may
not pass a randomness test. Still, it is probably sufficient for
seeding a PR generator. |
|
| Back to top |
|
 |
Symon
Guest
|
| Posted:
Thu Dec 15, 2005 8:12 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Guys,
Interesting thread.
I wonder if an attacker could hack at the ring oscillators, say using FPGA
editor, so the same bitstream gets sent to the SHA-1 device every time? I
guess the ROs would be easy to track down thanks to the timing tool
complaining about combinational feedback. I've not looked at the XAPP, does
it (can it?) have any protection against this?
Cheers, Syms. |
|
| Back to top |
|
|
Hal Murray
Guest
|
| Posted:
Thu Dec 15, 2005 9:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
| Quote: | Maybe I'm missing something here, but with a 1 wire device providing
the key that lets the FPGA function, all you need to do is monitor the
bits that are read out of the device, and then duplicate that bit
pattern to enable the FPGA. Unless the query is different every time
the FPGA starts up (which would either require different bitstreams or
different external stimulus to the FPGA), you just play back the
bitstream you recorded off a known good product. The FPGA itself is
deterministic, and other than the battery backed encryption in V2, there
is no key kept in the FPGA that isn't part of the device configuration.
|
I could be all wet, but I think we are talking about two types of
one-wire chips. The old ones are just serial numbers. No good
for crypto. The new ones have a write only secret and an SHA1
engine so they can hash whatever you feed them using that secret.
DS2432:
http://www.maxim-ic.com/quick_view2.cfm/qv_pk/2914
You do have to put a random number generator into the FPGA.
My guess is that a pair of ring oscillators would be good enough
for this application. It would be cheaper to patch the bit
stream via something like FPGA Editor than to break the crypto
with some modest amount of entropy feeding it. There may
be simpler ways to get entropy - depends upon your application.
--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam. |
|
| Back to top |
|
|
Jim Granville
Guest
|
| Posted:
Thu Dec 15, 2005 9:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
jaxato@gmail.com wrote:
| Quote: | We have a very good and expensive design that we want to give freely,
as an NGC file, with our generic FPGA products. How can we make the
design work only on our board.
Our current technology is S3 and the user needs to be able to compile
their project with our NGC file, but on OUR fpga product.
I thought of keeping a key in an external serial memory, but this is
futile if the netlist cost $100K.
Again, the points are:
Very expensive and useful NGC file
Want to avoid reverse engineer and copy to other FPGA stations
What should the best solution be.
Well if we had some die ID, we could hardwired it to the netlist, so
that it checks that everytime it runs.
Any suggestion from you ppl?
|
Actel are probably your best choice, in present technology.
They are doing something similar for their ARM7 marketing efforts.
FPGA vendors COULD add a Factory-Unique Serial number, but don't
currently bother. (Surprising given the customer bases )
Intel does this, but that's for revenue protection.... :)
Have you looked at the Rolling code security systems for CAR Alarms ?
That's designed to avoid simple record-playback hacking, and 'protects'
something worth a few 10K from theft.
If you have your own boards, you could add a small uC, that decrypts
the bitstream - improves security of shipping, and if you use BGA
packages, physical probe of the loading stream can be hiked to
require package removal.
That same small uC could have a mapped virtual memory, where some
areas acted as RAM, some as ROM, and some as Rolling-Code echo -
and only you know which does what, and the rules used. If the
repeat cycles are long enough, it makes hacking by sniffing impractical.
The attack method then is probably to try and hack the uC..
And you only really have to elevate it above the cost of bribing one of
your employees :)
-jg |
|
| Back to top |
|
|
I. Ulises Hernandez
Guest
|
| Posted:
Thu Dec 15, 2005 11:32 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
IMHO, if those Ring Oscillators can generate a 'random' number then this
method is hard to hack using the yo-yo guy with the scope and an external uC
;o). As JustJohn mentioned it has taking 10 years to crack SHA1...
What about the Foe mechanism, isn't that easy to hack unless you put some
thought on it? I haven't used JBits but I've read that you can actually
modify the BIT file, do partial changes... (it must be paradise for hackers)
I am not sure if you get some kind of 'FPGA Editor' but if you do even the
guy with the yo-yo can spot a signal coming from the Foe logic with big
fan-out and is not a clock and can invert it...
Every design is different but you could inject errors when Foe is not
asserted instead of enabling/disabling things, or mask some bits in some key
counters...
--
Ignacio Ulises Hernandez
" I'm not normally a praying man, but if you're up there, please save me,
Superman!" - Homer Simpson ;O)
"Hal Murray" <hmurray@suespammers.org> wrote in message
news:1tOdnQTBKuxEsDzenZ2dnUVZ_vudnZ2d@megapath.net...
| Quote: | Maybe I'm missing something here, but with a 1 wire device providing
the key that lets the FPGA function, all you need to do is monitor the
bits that are read out of the device, and then duplicate that bit
pattern to enable the FPGA. Unless the query is different every time
the FPGA starts up (which would either require different bitstreams or
different external stimulus to the FPGA), you just play back the
bitstream you recorded off a known good product. The FPGA itself is
deterministic, and other than the battery backed encryption in V2, there
is no key kept in the FPGA that isn't part of the device configuration.
I could be all wet, but I think we are talking about two types of
one-wire chips. The old ones are just serial numbers. No good
for crypto. The new ones have a write only secret and an SHA1
engine so they can hash whatever you feed them using that secret.
DS2432:
http://www.maxim-ic.com/quick_view2.cfm/qv_pk/2914
You do have to put a random number generator into the FPGA.
My guess is that a pair of ring oscillators would be good enough
for this application. It would be cheaper to patch the bit
stream via something like FPGA Editor than to break the crypto
with some modest amount of entropy feeding it. There may
be simpler ways to get entropy - depends upon your application.
--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or
unsolicited
commercial e-mail to my suespammers.org address or any of my other
addresses.
These are my opinions, not necessarily my employer's. I hate spam.
|
|
|
| Back to top |
|
|
henk
Guest
|
| Posted:
Thu Dec 15, 2005 3:24 pm Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
As the appnote says: It is vulnerable to bitstream attack. The method
uses a Picoblaze to do the final go/nogo check (amongst others). Just
modify the bitstream with an other blockram contents (DATA2MEM), even
by trial and error, and you can overrule the whole mechanism. By
replacing the BlockRAM with distributed ROM could help here.
Regards,
Henk van Kampen
Mediatronix.com
Austin Lesea wrote:
| Quote: | http://www.xilinx.com/bvdocs/appnotes/xapp780.pdf
Austin
Thomas Stanka wrote:
Why Ngc?
And is it necessary to stay on S3? Maybe you should think about Flash
based Fpgas (Actel, Lattice,..).
bye Thomas
|
|
|
| Back to top |
|
|
Guest
|
| Posted:
Thu Dec 15, 2005 5:15 pm Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
I have the impression as you have mentioned, that the hardware
protection would be vulnerable to these kind of modifications at that
level, changing the BRAM code to something else. Wouldnt it be that
XAPP780 provides some kind of hardware check that is done in order to
verify for the sanity of the software. Like calculating the checksum.
This should be done in hardware though....
I really think that there isnt any ideal solution to that problem and
sooner or later, the design would be broken.
I was thinking to enclose it in a box, but now, someone told me that
some ppl can go up to EM radiation patterns detection. Guys, is this a
myth or reality?
JA
henk wrote:
| Quote: | As the appnote says: It is vulnerable to bitstream attack. The method
uses a Picoblaze to do the final go/nogo check (amongst others). Just
modify the bitstream with an other blockram contents (DATA2MEM), even
by trial and error, and you can overrule the whole mechanism. By
replacing the BlockRAM with distributed ROM could help here.
Regards,
Henk van Kampen
Mediatronix.com
Austin Lesea wrote:
http://www.xilinx.com/bvdocs/appnotes/xapp780.pdf
Austin
Thomas Stanka wrote:
Why Ngc?
And is it necessary to stay on S3? Maybe you should think about Flash
based Fpgas (Actel, Lattice,..).
bye Thomas
|
|
|
| Back to top |
|
|
Symon
Guest
|
| Posted:
Fri Dec 16, 2005 12:21 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
| Quote: |
And you only really have to elevate it above the cost of bribing one of
your employees :)
Jim, |
That's a key insight! I read Kevin Mitnick's books recently. Although the
security breaches he writes about involved an amount of technical
engineering knowledge, the social engineering undertaken was usually the key
to unlock the first door!
Cheers, Syms. |
|
| Back to top |
|
|
JustJohn
Guest
|
| Posted:
Fri Dec 16, 2005 1:16 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Hi Jax,
After 5 days of discussion on how to protect the IP, could you say
what it is you want to protect?
If it's valuable enough for someone to want to copy, it may also be
valuable enough for someone to want to buy... |
|
| Back to top |
|
|
Antti Lukats
Guest
|
| Posted:
Fri Dec 16, 2005 1:16 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
"JustJohn" <john.l.smith@titan.com> schrieb im Newsbeitrag
news:1134676056.051566.61770@f14g2000cwb.googlegroups.com...
| Quote: | Hi Jax,
After 5 days of discussion on how to protect the IP, could you say
what it is you want to protect?
If it's valuable enough for someone to want to copy, it may also be
valuable enough for someone to want to buy...
|
I wondering as well, there are hardly any IP that could make sense to be
valued at 100,000 USD for single FPGA netlist license. I cant imagine what
it could be that is valued at such high price.
If such an IP exist that really is so valueable, then I bet a clean room
engineering would be done almost instantly and there is no way to protect
against that. Of course in case that the clean room RE is possible without
some deep secret know how.
humm..
Antti |
|
| Back to top |
|
|
David Brown
Guest
|
| Posted:
Fri Dec 16, 2005 9:15 am Post subject:
Re: Hello PPl, is there a way of locking a design (NGC) to a |
|
|
Symon wrote:
| Quote: | And you only really have to elevate it above the cost of bribing one of
your employees :)
|
But you don't want to make it so hard that your competitors resort to
rubber-hose cryptanalysis.
| Quote: | Jim,
That's a key insight! I read Kevin Mitnick's books recently. Although the
security breaches he writes about involved an amount of technical
engineering knowledge, the social engineering undertaken was usually the key
to unlock the first door!
Cheers, Syms.
|
"The Art of Deception" should be required reading for anyone involved in
security. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in