Secure Hardware: What are the BIG challenges?Secure ...Anti-tamper JTAG FPGA JTAG Security. JTAG...
Transcript of Secure Hardware: What are the BIG challenges?Secure ...Anti-tamper JTAG FPGA JTAG Security. JTAG...
Secure Hardware: What are the BIG challenges?Secure Hardware: What are the BIG challenges?Secure Hardware: What are the BIG challenges?Secure Hardware: What are the BIG challenges?
CJCJ ClarkClark isis thethe presidentpresident andand CEOCEO ofof IntellitechIntellitech CorpCorp..HeHe waswas thethe electedelected chairpersonchairperson ofof thethe IEEEIEEE 11491149..11 JTAGJTAG workingworkinggroupgroup fromfrom 19961996 toto 20022002.. HeHe hashas beenbeen activeactive inin otherother IEEEIEEE 11491149..xxworkingworking groupsgroups andand hashas presentedpresented atat InternationalInternational TestTestConference,Conference, TECSTECS (Testing(Testing EmbeddedEmbedded CoresCores--BasedBased Systems)Systems)W k hW k h thth B dB d T tT t W k hW k h OttOtt T tT t W k hW k h ddWorkshop,Workshop, thethe BoardBoard TestTest Workshop,Workshop, OttawaOttawa TestTest WorkshopWorkshop andandVLSIVLSI TestTest SymposiumSymposium..
CJCJ servesserves onon thethe UniversityUniversity ofof NewNew HampshireHampshire CollegeCollege ofofCJCJ servesserves onon thethe UniversityUniversity ofof NewNew HampshireHampshire CollegeCollege ofofEngineeringEngineering andand PhysicalPhysical ScienceScience (CEPS)(CEPS) AdvisoryAdvisory BoardBoard.. HeHe alsoalsoservesserves onon thethe UNHUNH DepartmentDepartment ofof ElectricalElectrical EngineeringEngineering AdvisoryAdvisoryBoardBoard.. HeHe isis coco--inventorinventor onon threethree USUS patentpatent relatedrelated toto scanscan--basedbasedBoardBoard.. HeHe isis coco inventorinventor onon threethree USUS patentpatent relatedrelated toto scanscan basedbasedtest,test, twotwo Canadian,Canadian, oneone TaiwaneseTaiwanese patentpatent withwith othersothers pendingpendingworldworld--widewide.. HisHis firstfirst jobjob inin testtest waswas inin 19781978 withwithPlantronicsPlantronics//WilcomWilcom..
HOST 2009 1
cclarkATintellitechdotcomcclarkATintellitechdotcom
Anti-tamper JTAG FPGA
JTAG Security
JTAG Hack – 169,000 resultsJTAG Hack – 169,000 results
HOST 2009 2
Anti-tamper JTAG FPGA
JTAG Security
Hacking Encouraged by Legit BizHacking Encouraged by Legit Biz
HOST 2009 3
Anti-tamper JTAG FPGA
JTAG Security
PCB Design ExposedPCB Design Exposed
HOST 2009 4
Andrew Huang Andrew Huang –– Hacking the XboxHacking the XboxAndrew Huang Andrew Huang –– Hacking the XboxHacking the Xbox
Anti-tamper JTAG FPGA
JTAG Security
FPGAs and tools make it easierFPGAs and tools make it easier
Andrew Huang Andrew Huang ––Hacking the XboxHacking the XboxAndrew Huang Andrew Huang ––Hacking the XboxHacking the Xbox
Small PCB Small PCB with with FPGA is FPGA is designed designed to match traces on to match traces on XBOX. Once in XBOX. Once in
Small PCB Small PCB with with FPGA is FPGA is designed designed to match traces on to match traces on XBOX. Once in XBOX. Once in XBOX. Once in XBOX. Once in place, it is used to place, it is used to snoop snoop HyperTransportHyperTransportBusBus
XBOX. Once in XBOX. Once in place, it is used to place, it is used to snoop snoop HyperTransportHyperTransportBusBusBusBusBusBus
HOST 2009 5
Anti-tamper JTAG FPGA
JTAG Security
JTAG friend or foe?JTAG friend or foe?
Sophisticated CompanyWith No securityNo securityExperience?OrIntentionally makingIt easier?
HOST 2009 6
Anti-tamper JTAG FPGA
JTAG Security
DFT Standards – also give accessDFT Standards – also give accessIEEE 1149 1IEEE 1149 1 T A P & B d S S d dT A P & B d S S d dIEEE 1149 1IEEE 1149 1 T A P & B d S S d dT A P & B d S S d d••IEEE 1149.1 IEEE 1149.1 –– Test Access Port & Boundary Scan StandardTest Access Port & Boundary Scan Standard
Layered on top of the 4 pin IC access of 1149.1:Layered on top of the 4 pin IC access of 1149.1:
••IEEE 1149.1 IEEE 1149.1 –– Test Access Port & Boundary Scan StandardTest Access Port & Boundary Scan Standard
Layered on top of the 4 pin IC access of 1149.1:Layered on top of the 4 pin IC access of 1149.1:y p py p p••IEEE 1149.6 IEEE 1149.6 -- Boundary Scan for AC coupled netsBoundary Scan for AC coupled nets••IEEE 1149.4 IEEE 1149.4 –– Boundary Scan for Mixed SignalBoundary Scan for Mixed Signal••IEEE 1532IEEE 1532 -- FPGA configuration over 1149 1FPGA configuration over 1149 1
y p py p p••IEEE 1149.6 IEEE 1149.6 -- Boundary Scan for AC coupled netsBoundary Scan for AC coupled nets••IEEE 1149.4 IEEE 1149.4 –– Boundary Scan for Mixed SignalBoundary Scan for Mixed Signal••IEEE 1532IEEE 1532 -- FPGA configuration over 1149 1FPGA configuration over 1149 1••IEEE 1532 IEEE 1532 -- FPGA configuration over 1149.1FPGA configuration over 1149.1••IEEE P1687 IEEE P1687 -- Internal Instrument access w/ 1149.1Internal Instrument access w/ 1149.1••IEEE ????? IEEE ????? -- AA--Toggle Study GroupToggle Study GroupIEEE ?????IEEE ????? SERDES BIST St d GSERDES BIST St d G
••IEEE 1532 IEEE 1532 -- FPGA configuration over 1149.1FPGA configuration over 1149.1••IEEE P1687 IEEE P1687 -- Internal Instrument access w/ 1149.1Internal Instrument access w/ 1149.1••IEEE ????? IEEE ????? -- AA--Toggle Study GroupToggle Study GroupIEEE ?????IEEE ????? SERDES BIST St d GSERDES BIST St d G••IEEE ????? IEEE ????? -- SERDES BIST Study GroupSERDES BIST Study Group
IEEE P1149.7 IEEE P1149.7 –– 2 Wire low2 Wire low--cost 1149.1cost 1149.1IEEE 1500 IEEE 1500 -- SoCSoC & Core test standard& Core test standard
••IEEE ????? IEEE ????? -- SERDES BIST Study GroupSERDES BIST Study GroupIEEE P1149.7 IEEE P1149.7 –– 2 Wire low2 Wire low--cost 1149.1cost 1149.1IEEE 1500 IEEE 1500 -- SoCSoC & Core test standard& Core test standardIEEE P1581 IEEE P1581 -- Static Interconnect for memoriesStatic Interconnect for memories
Is it practical to shut JTAG off? (such asIs it practical to shut JTAG off? (such as IMX32)IMX32)
IEEE P1581 IEEE P1581 -- Static Interconnect for memoriesStatic Interconnect for memories
Is it practical to shut JTAG off? (such asIs it practical to shut JTAG off? (such as IMX32)IMX32)
HOST 2009 7
Is it practical to shut JTAG off? (such as Is it practical to shut JTAG off? (such as IMX32)IMX32)Is it practical to shut JTAG off? (such as Is it practical to shut JTAG off? (such as IMX32)IMX32)
Anti-tamper JTAG FPGA
JTAG Security
Cloning – doesn’t need JTAGCloning – doesn’t need JTAG
HOST 2009 8
Anti-tamper JTAG FPGA
JTAG Security
Future?Future?
HOST 2009 9
Anti-tamper JTAG FPGA
JTAG Security
Trojan BitstreamsTrojan Bitstreams
NonNon--authenticated authenticated bitstreambitstream loaded loaded through through JTAG into flash JTAG into flash
NonNon--authenticated authenticated bitstreambitstream loaded loaded through through JTAG into flash JTAG into flash
Need protection:Need protection:MilitaryMilitaryTelecommTelecomm
FLASH
J
GamingGamingVotingVotingConsumerConsumer
Trojan Comm Design
JTAG
BackdoorPlain Text
ConsumerConsumer
Comm. DesignInserted with
backdoorPlain Text
CipherText
Key
FPGAFPGA acceptsUnencrypted Design despite P f AES k
HOST 2009 10
Presence of AES key
Anti-tamper JTAG FPGA
JTAG Security
AES Security to the rescue?AES Security to the rescue?XilinxXilinx VirtexVirtex 4/54/5XilinxXilinx VirtexVirtex 4/54/5Xilinx Xilinx VirtexVirtex 4/54/5RAM based key RAM based key –– battery backedbattery backedUse JTAG to program keyUse JTAG to program key256 bit key256 bit key
Xilinx Xilinx VirtexVirtex 4/54/5RAM based key RAM based key –– battery backedbattery backedUse JTAG to program keyUse JTAG to program key256 bit key256 bit key56 b y56 b yAccepts Accepts bitstreamsbitstreams unencryptedunencryptedKeys exposed to CMKeys exposed to CM
AltAlt St tiSt ti IIIIII
56 b y56 b yAccepts Accepts bitstreamsbitstreams unencryptedunencryptedKeys exposed to CMKeys exposed to CM
AltAlt St tiSt ti IIIIIIAltera Altera StratixStratix IIIIIIRAM or ROMRAM or ROMII II –– ROM basedROM basedNeed network blaster to program keyNeed network blaster to program key
Altera Altera StratixStratix IIIIIIRAM or ROMRAM or ROMII II –– ROM basedROM basedNeed network blaster to program keyNeed network blaster to program key
Battery
Need network blaster to program keyNeed network blaster to program key256 bit key256 bit keyAccepts Accepts bitstreamsbitstreams unencryptedunencryptedKeys exposed to CMKeys exposed to CM
Need network blaster to program keyNeed network blaster to program key256 bit key256 bit keyAccepts Accepts bitstreamsbitstreams unencryptedunencryptedKeys exposed to CMKeys exposed to CMy py p
Good for protection of IPGood for protection of IPNo preNo pre--programming ICprogramming ICAssumes attacker is not loading aAssumes attacker is not loading a trojantrojan bitstreambitstream
y py p
Good for protection of IPGood for protection of IPNo preNo pre--programming ICprogramming ICAssumes attacker is not loading aAssumes attacker is not loading a trojantrojan bitstreambitstream
HOST 2009 11
Assumes attacker is not loading a Assumes attacker is not loading a trojantrojan bitstreambitstreamNot available in Spartans and CyclonesNot available in Spartans and CyclonesBattery/Key programmed PER FPGABattery/Key programmed PER FPGA
Assumes attacker is not loading a Assumes attacker is not loading a trojantrojan bitstreambitstreamNot available in Spartans and CyclonesNot available in Spartans and CyclonesBattery/Key programmed PER FPGABattery/Key programmed PER FPGA
Anti-tamper JTAG FPGA
JTAG Security
Alternate SecurityAlternate Security
MaximDS28E01
Common keyCommon key Security initiated by FPGASecurity initiated by FPGA
Program both FPGAProgram both FPGADS28E01
SHA1 SHA11-wire
and preand pre--program Maximprogram MaximDevice with 64 bitDevice with 64 bitSHA1 KeySHA1 Key
Key
DesignEnable
PROM
Some logistics for Some logistics for manufacturing requiredmanufacturing requiredfor OBP over 1for OBP over 1--wirewire
Key
USERDESIGN PROM
JTAG
for OBP over 1for OBP over 1--wirewire-- keys exposed to CMkeys exposed to CM
Trojan in PROMTrojan in PROM
DESIGN
FPGAJTAG
JTAG Trojan in PROMTrojan in PROM-- PROM/FLASH open toPROM/FLASH open to
nonnon--authenticated authenticated bitstreambitstream
FPGA
HOST 2009 12
Anti-tamper JTAG FPGA
JTAG Security
Trojan/Hack proof FPGA ConfigTrojan/Hack proof FPGA Config
--Random data generated by FPGARandom data generated by FPGA--Random data generated by FPGARandom data generated by FPGARandom data generated by FPGARandom data generated by FPGA--SystemBIST Reads via JTAGSystemBIST Reads via JTAG--Generates HashGenerates Hash--Hash Written via JTAGHash Written via JTAG
Random data generated by FPGARandom data generated by FPGA--SystemBIST Reads via JTAGSystemBIST Reads via JTAG--Generates HashGenerates Hash--Hash Written via JTAGHash Written via JTAGHash Written via JTAGHash Written via JTAG-- Good matching Hash enables user logicGood matching Hash enables user logic
--22ndnd ‘OK’ Hash Read via JTAG‘OK’ Hash Read via JTAGS t BIST l FPGA b d h hS t BIST l FPGA b d h h
Hash Written via JTAGHash Written via JTAG-- Good matching Hash enables user logicGood matching Hash enables user logic
--22ndnd ‘OK’ Hash Read via JTAG‘OK’ Hash Read via JTAGS t BIST l FPGA b d h hS t BIST l FPGA b d h h-- SystemBIST clears FPGA on bad hashSystemBIST clears FPGA on bad hash-- SystemBIST clears FPGA on bad hashSystemBIST clears FPGA on bad hash
Altera Xilinx
JTAGHash IP
WithHash IP
WithJTAG JTAGAccess
JTAGAccess
HOST 2009 13
Common key Key not exposed to CM
Anti-tamper JTAG FPGA
JTAG Security
Biggest Challenge?Biggest Challenge?Biggest Challenge?Biggest Challenge?
1) Convincing 1) Convincing Hardware Designers Hardware Designers th t d it i / ti f th t d it i / ti f that despite size/expertise of that despite size/expertise of company and engineer, Security company and engineer, Security i h ld b l ft t it i h ld b l ft t it issues should be left to security issues should be left to security experts!experts!
2) PCB/System 2) PCB/System Level securityLevel security-- Enabling Enabling JTAG w/o compromiseJTAG w/o compromise-- Reducing snoop of systemReducing snoop of system
HOST 2009 14
Anti-tamper JTAG FPGA
JTAG Security
AntiAnti--Tamper BasicsTamper BasicsAntiAnti--Tamper BasicsTamper BasicsGround planes onGround planes on--Ground planes onGround planes onBoth sides of PCBBoth sides of PCB
-- Use blind Use blind viasvias under BGA packages to hide trace, under BGA packages to hide trace, Use blind Use blind viasvias under BGA packages to hide trace, under BGA packages to hide trace, prevent probing except with BGA removalprevent probing except with BGA removal
--Blacktop/Remark Blacktop/Remark parts (0.50parts (0.50--$$1.00 ea 1.00 ea from Intellitech)from Intellitech)pp p (p ( $$ ))
--Conformal coatConformal coat
--Consider lockable JTAG gateway devices Consider lockable JTAG gateway devices such such as Intellitech Scan Ring Linkeras Intellitech Scan Ring Linker
A tiA ti t FPGA t FPGA C fiC fi i S t BISTi S t BIST--AntiAnti--tamper FPGA tamper FPGA ConfigConfig via SystemBISTvia SystemBIST
--JTAG JTAG –– shut off or run continuously, integrated with shut off or run continuously, integrated with System mission?System mission?
HOST 2009 15
System mission?System mission?
Anti-tamper JTAG FPGA
JTAG Security
Further ReadingFurther ReadingUsing the Design Security Feature in Stratix II and Stratix II GX Using the Design Security Feature in Stratix II and Stratix II GX
DevicesDevices, Altera Corporation, July 2008. , Altera Corporation, July 2008. http://www.altera.com/literature/an/an341.pdfhttp://www.altera.com/literature/an/an341.pdf
Trusted Design in FPGAs, Trusted Design in FPGAs, Steve Trimberger, Xilinx, Design Steve Trimberger, Xilinx, Design Automation Conference, 2007Automation Conference, 2007
http://videos.dac.com/44th/papers/1_2.pdfhttp://videos.dac.com/44th/papers/1_2.pdfAuthentication of FPGA Bitstreams:Authentication of FPGA Bitstreams:Why and HowWhy and How, Saar Drimer, ARC 2007, Saar Drimer, ARC 2007http://www.springerlink.com/content/t71pqn4g7565w806/http://www.springerlink.com/content/t71pqn4g7565w806/A CodeA Code--less BIST Processor for Embedded Test and inless BIST Processor for Embedded Test and in--system system
configuration of Boards and Systems,configuration of Boards and Systems, CJ Clark, Intellitech Corp, CJ Clark, Intellitech Corp, Mike Ricchetti, ATI Research, ITC 2004, Mike Ricchetti, ATI Research, ITC 2004,
http://www.intellitech.com/pdf/itc04sb.pdfhttp://www.intellitech.com/pdf/itc04sb.pdfDesign Security in Stratix III FPGAs, Altera CorporationDesign Security in Stratix III FPGAs, Altera Corporationhttp://www.altera.com/products/devices/stratixhttp://www.altera.com/products/devices/stratix--fpgas/stratixfpgas/stratix--
iii/overview/architecture/st3iii/overview/architecture/st3--designdesign--security.htmlsecurity.htmlSecure Update Mechanism for Remote Update ofSecure Update Mechanism for Remote Update ofFPGAFPGA--Based SystemBased System, Benoît Badrignans1,2, Reouven Elbaz3 and , Benoît Badrignans1,2, Reouven Elbaz3 and
Lionel Torres. Lionel Torres. SEIS 2008, SEIS 2008, http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4569831/4577http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4569831/4577
HOST 2009 16
669/04577703.pdf?temp=x669/04577703.pdf?temp=x
Anti-tamper JTAG FPGA
JTAG Security
Further ReadingFurther ReadingPh i l U l bl F ti f D i Ph i l U l bl F ti f D i Physical Unclonable Functions for Device Physical Unclonable Functions for Device
Authentication and Secret Key GenerationAuthentication and Secret Key GenerationG. Edward Suh, Srinivas DevadasG. Edward Suh, Srinivas Devadashttp://videos dac com/44th/papers/1 3 pdfhttp://videos dac com/44th/papers/1 3 pdfhttp://videos.dac.com/44th/papers/1_3.pdfhttp://videos.dac.com/44th/papers/1_3.pdf
Xilinx® FPGA IFF Copy Protection with 1Xilinx® FPGA IFF Copy Protection with 1--Wire SHAWire SHA--1 1 Secure Memories, Maxim, Secure Memories, Maxim, Secure Memories, Maxim, Secure Memories, Maxim,
http://www.maximhttp://www.maxim--ic.com/appnotes.cfm/an_pk/3826ic.com/appnotes.cfm/an_pk/3826
An FPGA Design Security Solution Using a Secure An FPGA Design Security Solution Using a Secure Memory Device, Altera,Memory Device, Altera,
http://www.altera.com/literature/wp/wphttp://www.altera.com/literature/wp/wp--01033.pdf01033.pdf
Alt C fi ti H db kAlt C fi ti H db kAltera Configuration HandbookAltera Configuration Handbookhttp://www.altera.com/literature/lithttp://www.altera.com/literature/lit--config.jspconfig.jspXilinx VirtexXilinx Virtex--5 FPGA User Guide5 FPGA User Guidehttp://www xilinx com/support/documentation/user guihttp://www xilinx com/support/documentation/user gui
HOST 2009 17
http://www.xilinx.com/support/documentation/user_guihttp://www.xilinx.com/support/documentation/user_guides/ug190.pdfdes/ug190.pdf
Anti-tamper JTAG FPGA
JTAG Security