Programming and copyright

You sue the bastards who copy it. Seriously.

If you want a technical solution, you are going to have to you a Xilinx Virtex II/IIpro/4 or an Altera Stratix II, which have encrypted bitfile loaders.

Digretion: I prefer the approach of the Xilinx parts (volatile vs nonvolatile key store), but that's just the paranoid in me. Both will probably fail against a $100k adversary, both will undoubtedly fail against a $1M adversary, while the altera one will probably fail to a $10k adversary while the Xilinx one will probably resist a $10k adversary until after a $100k adversary shows how to do it.

But really, the legal approach is probably the least cost, least hastle, and still reasonably effective way.

Wait for the Cyclone2 with built in Flash, if I'm right.

Rene

Hmmm... Does this mean that Spartan parts with embedded Flash are also around the corner? That would really make by wet dreams complete ;)

-- PabloBleyerKocik /"I believed that people would become programmers pbleyer / and not need companies as much. You can see how @embedded.cl / laughable that was." -- Steve Wozniak

As Nick Weaver explained, you have to assess the budget that your enemy can expend on his nasty effort. Fuses, antifuses, and EEPROM bits offer limited protection. Volatile storage ( with battery back-up) gives much stronger protection, as everybody "in the know" would agree. Finally, against the resources of the former KGB or present CIA, or their counterparts, there may be no complete security. But I hope that is not your real concern. ;-) Peter Alfke

Depends on the area of risk, and the product's operation.

If you are worried about production creep/midnight runs at an offshore manufacturer, then you need some portion that you program in house, and supply.

If you are worried about a 'knock off clone', then you need to protect up to the cost of them duplicate-engineering, as opposed to reverse engineering. You can include a small uC, or a CPLD, to decrypt the bitstream, and also provide some co-processing to the FPGA : you then increase the skill level considerably, way above simple chip-copying.

You can get FLASH FPGAs from ACTEL, plus there are the MAX II CPLDs and there are FLASH devices from Lattice, with more imminent, so there are a number of choices to secure the product, (all of which will probably need more than one device).

-jg

Wasn't there a story about some TLA (three letter agency) putting taps on fiber optic cables on the bottom of the ocean? (Without either end noticing.)

How does that compare to reading battery backed FPGA's?

-- glen

The problem is the cost of developpement is realy high, and the price we sell our product is high as well. So the engineering cost for the clone won't be high compared to the selling price.

Having read some documentation about it on the newsgroups, it seems that nothing can really protect the design, and even the biggest security can be break. That's bad.

Using a volatile sram + battery to keep the code scares me because i need to be sure that the product work in more than 10 years. I think I'll settle for an external prom chip and a special hanshake.

Thank you for all your answers.

Nick

Hi Nick,

I suggest you read the following article:

This uses a MAX II as a 'dongle'. The MAX II is - let's say - non-volatile and generates a continuous stream of bits. The same algorithm runs in the FPGA, and if there's a mismatch, the FPGA quits working.

I also have an unofficial whitepaper plus reference design that uses a MAX3 device to do something similar, albeit with a less cryptologically sound algorithm. Contact me on bentw at chello dot nl if you want it. The gmail address is a spam trap.

Best regards,

Ben

Hi Nick.

I don't think there are easy answers here.

If the config code is off-chip, then it can be copied from the flash or intercepted at the bitstream pins.

I used to work for a smartcard company and they have the same sort of issues: one has to get a load of blank cards programmed by someone you can't risk trusting (e.g. far eastern outfit). How to stop 'extra' cards being made?

The card manufacturer makes them with boot code so they can be programmed by the software writers to contain their OS boot code and crypto keys. This can be done in bulk, before shipping to banks.

The bank can then 'personalise' cards to individual customers, by talking to the OS. The OS handles secure communication, code and data are loaded in encrypted form. This includes random elements, so that the encrypted loading data is different every time (and thus harder to attack).

The card decrypts the code/data before storage. Smartcards are designed to make cracking difficult (though of course it is still possible). Address and data lines are in buried layers to make them harder to probe.

FPGAs are not designed with such anti-hacking measures (AFAIK). By nature, their structure is fairly regular. There is no dedicated micro to do encrypted loading, and if there were it would need a few K of ROM to hold the software. And there would still be a decrypted bitstream somewhere that could be probed.

I hear that FPGA makers are trying to add some crypto on some devices, but I don't know how effective it will be. Security is not a trivial matter to do right.

Essentially, each chip (or batch of chips) has to be different in some way (e.g. the loading keys) so that one config pattern cannot config endless numbers of pirate products.

One idea (for instance) might be to have the chips have each bit of the config shift register XORed with a key bit. You would need to know that pattern to XOR the config data. The chip maker would supply the XOR keys, and you would create the unique config data for each chip. They can then be made up by untrusted party in the far east, who cannot use the data for other chips.

Of course the XOR key would be as big as the data so some more practical crypto system would be used. But the principle of individualising the chips with a key is the same.

"glen herrmannsfeldt" schrieb im Newsbeitrag news: snipped-for-privacy@comcast.com...

Urban legends? Just PR?? Iam sure if you throw a hell of money at something, you can do things that are close to impossible. But the infromation warefare is much easier to do by spreading out legends, myths etc. Hollywood is always aside ("Enemy of the state" , nice movie ;-)

Regards Falk

"Nick" schrieb im Newsbeitrag news: snipped-for-privacy@4ax.com...

This discussion is not new, there is a article/website dicussing this very problem (Sorry, dont have the link handy) . And the external PROM/uC/CPLD ist not as secure as you might think.

Regards Falk

They almost certainly have the capability to do so, but if they've done it we wouldn't know, would we?

The nuclear-powered attack submarine USS Jimmy Carter (SSN-23) is specially equipped to allow undersea cables to be pulled into a payload bay and worked on.

That last-mentioned idea is the equivalent of the classical "one-time-pad", which is inherently unbreakable, but also not very practical. Peter Alfke

... Specially when you are talking about *re*-configurable devices :)

I was going to suggest quantum encryption but even that is being tampered these days.

Yep, I guess it is better to stay on the side of the good guys and attack the bad guys with the weight of the law. Since the bitstream is usually copied verbatim, sneaking a watermark in the IP may be a good way to hold your case in court.

Regards.

-- PabloBleyerKocik /"I believed that people would become programmers pbleyer / and not need companies as much. You can see how @embedded.cl / laughable that was." -- Steve Wozniak

Thank you very much Ben, this white paper is very interesting. It will provide a fairly good level of reliability for our design. I shall contact you in a few days.

Thank you again, you relieve me of a great pressure.

Nick

Sure it's not safe at all, but it increase by a small margin the cost of cloning. Anyway, Ben's white paper sounds very promising and i'll use a similar device.

Regards Nick

Oh absolutely. I just used it as an example.

OTOH, it is simple and each bit is decrypted at the place it is used.

If you have decryption done in a specific region, sooner or later someone will find the cleartext exit point and intercept it as it emerges.

Smartcard hardware and software does try to take defensive measures but none would claim to be uncrackable. One can only make it too difficult/expensive to be worth doing.

Eric Smith ( snipped-for-privacy@brouhaha.com) wrote: : glen herrmannsfeldt writes: : > Wasn't there a story about some TLA (three letter agency) : > putting taps on fiber optic cables on the bottom of the ocean? : > (Without either end noticing.)

: They almost certainly have the capability to do so, but if they've done : it we wouldn't know, would we?

: The nuclear-powered attack submarine USS Jimmy Carter (SSN-23) is : specially equipped to allow undersea cables to be pulled into a payload : bay and worked on.

Indeed. Quite a feat in itself, but then remember that before the advent of optically pumbed fibre amplifiers the fibre optic cores were encased in a high volage power supply for the amplifiers / regenerators!

All change again soon, for short distances at least quantum entanglement based encryption (for key exchanges) is now a fibre based reality... - the USP of this tech. is that by the (current) laws of Physics we *would* know if the data traveling through the fibre is tapped. So they'll just have to tap it somewhere else...

Christopher, There's an article all about Quantum Cryptography in this month's SciAm. Google "Best-Kept Secrets" sciam These people can do it over 120km!

to