Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Untitled Prezi

No description

Romaila Baqar

on 14 December 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Untitled Prezi

Background Study
Extensive reading of the application notes and white papers provided by Xilinx ensured that the methods we implement follow the best anti-tamper practices*

For each method that we would implement the reading literature has been taken from the documents provided by Xilinx which summarize the Anti Tamper features available in Virtex family, explain why these features exist, and implementation details for each feature.
1. Introduction
Problem Statement
2. Background study
3. Design
Technical Specifications
Design Requirements
Detailed Design
Competing Design Methodologies
4. Bibliography
Technical Specifications:
Xilinx ML605 Virtex 6 FPGA board
Model SIM and Xilinx ISE Design Suite
Plan Ahead
Bit Gen
Lithium ion battery as backup power supply
Design Requirements/ Specifications:
Readback/JTAG Disable
Xilinx devices with encryption have an SEU hardened readback disabling circuitry

Loading an encrypted config file: BitGen security option is overridden and read back is disabled automatically

Loaded file in non-encrypted form: Option of either enabling or disabling readback (not useful as we are using an encrypted bitstream in our project)
Bitstream Encryption
The 256 bit encryption key is stored in the dedicated RAM which is powered by an externally connected battery

This dedicated memory must receive continuous power from a separate battery supply to retain its contents

During normal operation, these memory cells are powered by an auxiliary voltage input to avoid draining this battery. On any attempted access or write to the battery-backed RAM causes its contents to be cleared
Global 3-State
This active-High pin is an input from the FPGA fabric

It causes all FPGA I/Os to immediately enter a high-Z state and prevent any more data from flowing outside the FPGA

Global Reset
The GSR is active high, it places all registers and flip-flops in their initial state

It is asserted in the STARTUP in response to a tamper event.

Occurrence of tamper event
Key Clear
It is an internal signal, when triggered in response to a tamper event, clears the AES decryption key

The KEYCLEARB assertion must occur before an IPROG command is sent. After the key is cleared, the FPGA device is useless until reprogrammed.
Once IPROG is received, the configuration memory is cleared

IPROG is an internal command sent through the ICAP interface in Virtex-6 devices that clears the FPGA configuration memory, all flip-flop contents, and key expansion memory - but not the key itself
Has the widest acceptance in government specifications

In a catastrophic condition it is difficult to guarantee that reliable power will be available to operate the over-write circuit

The common method is to over-write some number of times with all 0's, then all 1's or any random data
Power Failure
Key Erase via External Shunt
Erases the key when main power to the FPGA is not applied

The external battery power line to the VBATT pin is opened and the pin driven to ground with some sort of transistor shunt

Another option is to connect the battery to the VBATT pin via a resistor. By choosing the appropriate resistance value, the VBATT pin can be shunted to ground directly without causing excessive current flow out of the battery.
External battery source
Occurrence of tamper event
E-bombs or EMP
Short Circuit
Competing Design Methodologies
Sending Tamper Status Outputs to System
Physically Securing IP
Preemptive Key Erase
Device DNA
Presentation Agenda
Providing physical security to our Virtex 6 FPGA in conformity with the level 3 of FIPS 140-2 standard

FIPS 140-2 defines security requirements for cryptographic modules

The standard specifies four increasing, qualitative levels of security: level 1, level 2, level 3 and level 4

Security Level 3 attempts to prevent the intruder from gaining access to Critical Security Parameters held within the cryptographic module
Problem Statement
Preventing any unauthorized user from gaining access to the Critical Security Parameters (CSPs) present on the FPGA kit

CSPs include 256 bit Advanced Encryption Standard key stored in BBRAM and configuration files stored in off chip memory
Preventing an adversary from physically tampering with the device

The measures taken in such an attack will be in conformity with the FIPS 140-2 standard
* Peterson, E. ( 2013) . Developing Tamper Resistant Designs with Xilinx Virtex-6 and 7 Series FPGAs. Application Note-Xilinx, XAPP1084 (v1.3)
Global 3 State,GSR
RAM Overwrite
Load CT Only When Needed
User design can be partitioned into sections that contain non-critical and critical technology (CT) blocks

PARTIAL RECONFIGURATION (PR) features of the FPGA to allow the CT to be loaded only when needed

CT can then be erased when it has completed its tasks

In response to a tamper event, the CT block should be erased first
RAM Power Drop
Power to the RAM modules is removed which effectively clears the contents

A crow bar circuit which will be connected with the VCORE (powers the internal logic functions such as CLBs, block RAM and DSP blocks)

On the detection of a tamper event, a voltage level greater than that of the threshold of the crow bar circuit would cause the fuse/circuit breaker to trip
Extensive Literature Review
Tamper Techniques research analysis
Appropriated techniques selected
Familiarizing with Model Sim and ISE Design Suite
Training session and meetings
Began implementation of techniques
Full transcript