Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
We have a very good and expensive design that we want to give freely,
as an NGC file, with our generic FPGA products. How can we make the
design work only on our board.

Our current technology is S3 and the user needs to be able to compile
their project with our NGC file, but on OUR fpga product.

I thought of keeping a key in an external serial memory, but this is
futile if the netlist cost $100K.

Again, the points are:

Very expensive and useful NGC file
Want to avoid reverse engineer and copy to other FPGA stations
What should the best solution be.

Well if we had some die ID, we could hardwired it to the netlist, so
that it checks that everytime it runs.

Any suggestion from you ppl?

Merry xmas and a happy new year 2006 to all of you!
JA


Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
Why Ngc?
And is it necessary to stay on S3? Maybe you should think about Flash
based Fpgas (Actel, Lattice,..).

bye Thomas


Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
http://www.xilinx.com/bvdocs/appnotes/xapp780.pdf

Austin

Thomas Stanka wrote:

Quoted text here. Click to load it

Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
Thanks,
xapp780 is good food for the mind, and I think we would have to design
our own (Vanilla microcontroller) that would mimic a DS2432 secure
controller-key.
One thing though, would xilinx enhance the security feature of their S3
line? And finally, in case of a virtex2, can a design gain access to
the registers that hold the encryption keys.

In response to Thomas, all our products are X based, so we dont have
many choices. And as we dont want to provide our customers access to
the high level code, the only way to give them a usable core is to have
the design in a compiled obfuscated netlist file.

JA

Austin Lesea wrote:
Quoted text here. Click to load it


Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
Hi,

This Dallas part does look pretty good, it makes it hard enough to hack;

Do you have an idea of small quantity prices...? It's lasered with a unique
number, hopefully they have samples with 'not a unique' number for customers
that only need to give it a whirl...

Thx in advance,

--
Ignacio Ulises Hernandez
" I'm not normally a praying man, but if you're up there, please save me,
We've slightly trimmed the long signature. Click to see the full one.
Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
Quoted text here. Click to load it

all 1-wire products *must* have unique number, it is IMPOSSIBLE to something
else

Antti



Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?

Quoted text here. Click to load it
Well, not impossible.  The codes are customized to the customer.  IIRC,
it is a 48 bit code, and part of that number is a unique number assigned
to the customer, and part is a range of numbers assigned to that
customer.  You can (or at least you used to be able to) get duplicate
numbers within your range.  The codes, as I understand it, are added
after the silicon is manufactured.

The problem with using these in attempt to secure a bitstream is that
the code is not secure...anyone with a data sheet and an oscilloscope or
logic analyzer can extract the serial number easily.  Once you have the
serial number, it is nearly trivial to create a circuit that will mimic
the dallas part using what ever serial number you want to use.  These
parts are intended for electronic serial numbers, not for secure
encryption keys.

Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
As the appnote says: It is vulnerable to bitstream attack. The method
uses a Picoblaze to do the final go/nogo check (amongst others). Just
modify the bitstream with an other blockram contents (DATA2MEM), even
by trial and error, and you can overrule the whole mechanism. By
replacing the BlockRAM with distributed ROM could help here.
Regards,
Henk van Kampen
Mediatronix.com

Austin Lesea wrote:
Quoted text here. Click to load it


Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
I have the impression as you have mentioned, that the hardware
protection would be vulnerable to these kind of modifications at that
level, changing the BRAM code to something else. Wouldnt it be that
XAPP780 provides some kind of hardware check that is done in order to
verify for the sanity of the software. Like calculating the checksum.
This should be done in hardware though....

I really think that there isnt any ideal solution to that problem and
sooner or later, the design would be broken.

I was thinking to enclose it in a box, but now, someone told me that
some ppl can go up to EM radiation patterns detection. Guys, is this a
myth or reality?

JA

henk wrote:
Quoted text here. Click to load it


Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
Quoted text here. Click to load it

Actel are probably your best choice, in present technology.
They are doing something similar for their ARM7 marketing efforts.

FPGA vendors COULD add a Factory-Unique Serial number, but don't
currently bother. (Surprising given the customer bases )
Intel does this, but that's for revenue protection.... :)

Have you looked at the Rolling code security systems for CAR Alarms ?
That's designed to avoid simple record-playback hacking, and 'protects'
something worth a few 10K from theft.

If you have your own boards, you could add a small uC, that decrypts
the bitstream - improves security of shipping, and if you use BGA
packages, physical probe of the loading stream can be hiked to
require package removal.
That same small uC could have a mapped virtual memory, where some
areas acted as RAM, some as ROM, and some as Rolling-Code echo -
and only you know which does what, and the rules used. If the
repeat cycles are long enough, it makes hacking by sniffing impractical.
The attack method then is probably to try and hack the uC..

And you only really have to elevate it above the cost of bribing one of
your employees :)

-jg


Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
Quoted text here. Click to load it
Jim,
That's a key insight! I read Kevin Mitnick's books recently. Although the
security breaches he writes about involved an amount of technical
engineering knowledge, the social engineering undertaken was usually the key
to unlock the first door!
Cheers, Syms.



Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
Quoted text here. Click to load it

But you don't want to make it so hard that your competitors resort to
rubber-hose cryptanalysis.

Quoted text here. Click to load it

"The Art of Deception" should be required reading for anyone involved in
security.

Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
Hi Jax,
   After 5 days of discussion on how to protect the IP, could you say
what it is you want to protect?
If it's valuable enough for someone to want to copy, it may also be
valuable enough for someone to want to buy...


Re: Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?
Quoted text here. Click to load it

I wondering as well, there are hardly any IP that could make sense to be
valued at 100,000 USD for single FPGA netlist license. I cant imagine what
it could be that is valued at such high price.

If such an IP exist that really is so valueable, then I bet a clean room
engineering would be done almost instantly and there is no way to protect
against that. Of course in case that the clean room RE is possible without
some deep secret know how.

humm..

Antti



Site Timeline