Anti-tamper JTAG FPGA

Secure Hardware: What are the BIG challenges?

CJ Clark is the president and CEO of Intellitech Corp Corp.. He was the elected chairperson of the IEEE 1149. 1149.1 JTAG working group from 1996 to 2002 2002.. He has been active in other IEEE 1149. 1149.x working groups and has presented at International Test Conference, TECS (Testing Embedded CoresCores-Based Systems) W k h Workshop, th the Board B d T Testt Workshop, W k h Ott Ottawa T Testt Workshop W k h and d VLSI Test Symposium Symposium.. CJ serves on the University of New Hampshire College of Engineering and Physical Science (CEPS) Advisory Board. Board. He also serves on the UNH Department of Electrical Engineering Advisory Board. Board. He is co co--inventor on three US patent related to scan scan--based test, two Canadian, one Taiwanese patent with others pending world--wide world wide.. His first job in test was in 1978 with Wilcom.. Plantronics Plantronics//Wilcom cclarkATintellitechdotcom HOST 2009 1 JTAG Security

Anti-tamper JTAG FPGA

JTAG Hack – 169,000 results

HOST 2009 2 JTAG Security

Anti-tamper JTAG FPGA

Hacking Encouraged by Legit Biz

HOST 2009 3 JTAG Security

Anti-tamper JTAG FPGA

PCB Design Exposed

Andrew Huang – Hacking the Xbox HOST 2009 4 JTAG Security

Anti-tamper JTAG FPGA

FPGAs and tools make it easier Andrew Huang – Hacking the Xbox Small PCB with FPGA is designed to match traces on XBOX. Once in place, it is used to snoop HyperTransport Bus

HOST 2009 5 JTAG Security

Anti-tamper JTAG FPGA

JTAG friend or foe?

Sophisticated Company With No security Experience? Or Intentionally making It easier?

HOST 2009 6 JTAG Security

Anti-tamper JTAG FPGA

DFT Standards – also give access 1149.1 1 – Test T Access A Port P &B Boundary d S Scan S Standard d d •IEEE 1149 Layered y on top p of the 4 pin p IC access of 1149.1: •IEEE 1149.6 - Boundary Scan for AC coupled nets •IEEE 1149.4 – Boundary Scan for Mixed Signal •IEEE 1532 - FPGA configuration over 1149 1149.1 1 •IEEE P1687 - Internal Instrument access w/ 1149.1 •IEEE ????? - A-Toggle Study Group St d G Group •IEEE ????? - SERDES BIST Study IEEE P1149.7 – 2 Wire lowlow-cost 1149.1 IEEE 1500 - SoC & Core test standard IEEE P1581 - Static Interconnect for memories Is it practical to shut JTAG off? (such as IMX32) HOST 2009 7 JTAG Security

Anti-tamper JTAG FPGA

Cloning – doesn’t need JTAG

HOST 2009 8 JTAG Security

Anti-tamper JTAG FPGA

Future?

HOST 2009 9 JTAG Security

Anti-tamper JTAG FPGA

Trojan Bitstreams Need protection:

Non-authenticated Nonbitstream loaded through JTAG into flash

Military Telecomm Gaming Voting Consumer

FLASH J T A G

Plain Text

Trojan Comm Design Comm. Inserted with backdoor

Backdoor Plain Text Cipher Text

Key FPGA accepts Unencrypted FPGA Design despite P Presence off AES k key HOST 2009 10 JTAG Security

Anti-tamper JTAG FPGA

AES Security to the rescue? Xilinx Virtex 4/5 RAM based key – battery backed Use JTAG to program key 256 56 bit b keyy Accepts bitstreams unencrypted Keys exposed to CM Alt Altera St ti III Stratix RAM or ROM II – ROM based Need network blaster to program key 256 bit key Accepts bitstreams unencrypted Keys y exposed p to CM

Battery

Good for protection of IP No pre pre--programming IC Assumes attacker is not loading a trojan bitstream Not available in Spartans and Cyclones Battery/Key programmed PER FPGA HOST 2009 11 JTAG Security

Anti-tamper JTAG FPGA

Alternate Security Security initiated by FPGA

Common key Maxim

Key

Design Enable

SHA1

DS28E01

1-wire

SHA1 Key

USER DESIGN

FPGA

PROM

Program both FPGA and prepre-program Maxim Device with 64 bit SHA1 Key Some logistics for manufacturing required for OBP over 11-wire - keys exposed to CM Trojan in PROM - PROM/FLASH open to nonnon-authenticated bitstream

JTAG

JTAG

HOST 2009 12 JTAG Security

Anti-tamper JTAG FPGA

Trojan/Hack proof FPGA Config -Random data generated by FPGA -SystemBIST Reads via JTAG -Generates Hash -Hash Written via JTAG - Good matching Hash enables user logic

-2nd ‘OK’ Hash Read via JTAG

- SystemBIST S t BIST clears l FPGA on b bad dh hash h

JTAG

Common key

Altera

Xilinx

Hash IP With JTAG Access

Hash IP With JTAG Access

Key not exposed to CM HOST 2009 13 JTAG Security

Anti-tamper JTAG FPGA

Biggest Challenge? 1) Convincing Hardware Designers th t d that despite it size/expertise i / ti off company and engineer, Security i issues should h ld be b lleft ft tto security it experts! 2) PCB/System Level security

-

Enabling JTAG w/o compromise

- Reducing snoop of system

HOST 2009 14 JTAG Security

Anti-tamper JTAG FPGA

Anti--Tamper Basics Anti -Ground planes on Both sides of PCB - Use blind vias under BGA packages to hide trace, prevent probing except with BGA removal -Blacktop/Remark p parts ((0.50p (0.50-$1.00 ea from Intellitech)) -Conformal coat -Consider lockable JTAG gateway devices such as Intellitech Scan Ring Linker -A Anti Antiti-tamper t FPGA C Config fi via i SystemBIST S t BIST -JTAG – shut off or run continuously, integrated with System mission? HOST 2009 15 JTAG Security

Anti-tamper JTAG FPGA

Further Reading Using the Design Security Feature in Stratix II and Stratix II GX Devices, Altera Corporation, July 2008.

http://www.altera.com/literature/an/an341.pdf Trusted Design in FPGAs, Steve Trimberger, Xilinx, Design Automation Conference, 2007 http://videos.dac.com/44th/papers/1_2.pdf

Authentication of FPGA Bitstreams: Why and How, Saar Drimer, ARC 2007

http://www.springerlink.com/content/t71pqn4g7565w806/

A CodeCode-less BIST Processor for Embedded Test and in in--system configuration of Boards and Systems, CJ Clark, Intellitech Corp, Mike Ricchetti, ATI Research, ITC 2004, http://www.intellitech.com/pdf/itc04sb.pdf

Design Security in Stratix III FPGAs, Altera Corporation

http://www.altera.com/products/devices/stratix-fpgas/stratix http://www.altera.com/products/devices/stratixfpgas/stratix-iii/overview/architecture/st3--design iii/overview/architecture/st3 design--security.html

Secure Update Mechanism for Remote Update of FPGA--Based System, Benoît Badrignans1,2, Reouven Elbaz3 and FPGA

Lionel Torres. SEIS 2008, http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4569831/4577 669/04577703.pdf?temp=x HOST 2009 16 JTAG Security

Anti-tamper JTAG FPGA

Further Reading Physical Ph i l Unclonable U l bl Functions F ti ffor D Device i Authentication and Secret Key Generation

G. Edward Suh, Srinivas Devadas http://videos.dac.com/44th/papers/1_3.pdf http://videos dac com/44th/papers/1 3 pdf

Xilinx® FPGA IFF Copy Protection with 11-Wire SHA SHA--1 Secure Memories, Maxim, http://www.maxim--ic.com/appnotes.cfm/an_pk/3826 http://www.maxim

An FPGA Design Security Solution Using a Secure Memory Device, Altera, http://www.altera.com/literature/wp/wp--01033.pdf http://www.altera.com/literature/wp/wp

Altera Alt C Configuration fi ti H Handbook db k http://www.altera.com/literature/lit--config.jsp http://www.altera.com/literature/lit Xilinx VirtexVirtex-5 FPGA User Guide http://www xilinx com/support/documentation/user gui http://www.xilinx.com/support/documentation/user_gui des/ug190.pdf HOST 2009 17 JTAG Security