I'm considering a VirtexIIPro device for a security sensitive application. This device offers bitstream encryption. I'm am worried about what parts of it are accessable after the bitstream has been loaded, eg through the JTAG interface. Can any of the FPGA state or RAM cells be read, written or verified? Can the PPC405 component be put into DEBUG mode, and instructions be read or injected? Can an attacker start a partial reconfiguration with a non-encrypted chosen bitstream, to modify the device configuration in a promising way? Eg can he overwrite the BRAM interface cells to dump RAM contents to I/O pins, etc?
Once in encrypted mode (key loaded, key BBRAM bit set to use key) ICAP is completely disabled. Readback is completely disabled. JTAG readback is completely disabled. The 405 PPC JTAG is not part of the pinned out JTAG access. So if you don't want anyone to get to it, you don't connect it to any pins.
Can the PPC405 component be put into DEBUG mode, and
Only if you have control of the bitstream/program. If you don't want to allow that kind of attack, use a decryptor in the fpga logic to decrypt instructions fetched from off chip. Or place all instructions on chip.
Can an attacker start a partial
Once in encrypted mode, all you can do is erase the entire configuration, and load a new one. There is no partial configuration allowed (that is disabled in this mode).
Attempting to readback the keys once programmed and in encrypted mode zeros them.
I had once placed out here the challenge to crack V2 Pro: we have a USB board with a secure bitstream, battery, and a V2 Pro device. We passed out all we made to interested parties.
That was over a year ago now.
No one has been able to tell me the key. Or to hack the bitstream (modify the function in any way, other than just erase it).
Just because a bunch of motivated students who crack smart cards in their junior year by using differential power analysis can't crack it of course does not make it bulletproof.
Other "agencies" and "contractors" have also looked at V2 Pro (I am told). And so far, we have heard nothing. That means they can't break it yet either.
As you may be aware, the latest recommendation is to use AES for new products. I believe the reason is that Triple DES has been shown to have a search space of 2E112, and with a huge array of FPGAs, you could actually search that space....?
So, we have the new Virtex 4, with 256 bit AES. 128 bit AES is considered by the real purists to be only marginally better that triple DES, and hence, not worth using.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.