How to protect the IP in an FPGA design?

[Laplace]

Hey Guys,

What is the best way to prevent reverse engineering for FPGAs. How can I protect my IP?

 

[cube007]

I think you have no chance to protect your IP in an SRAM based FPGA. Actel is producing some Flash based FPGAs so no external (easy readable) Flash device is needed to configure the FPGA.

By,
cube007

 

[Ohh]

What about the Xilinx Virtex II family? It supports bitstream encryption using Triple-DES.

 

[cube007]

The Triple-DES looks very interesting for protection.

Here are the description from Xilinx:

Triple Data Encryption Standard (DES)

The Virtex-II solution provides design security through bitstream encryption. The bitstream is encrypted using a secure triple DES algorithm. The key is supplied through the IEEE 1149.1 JTAG interface, which is stored inside the chip using either a battery or other constant power supply. The encrypted bitstream is loaded into the FPGA with specific key bank designated for decryption. This feature provides high design security to prevent design theft and enables an entirely new business model for IP providers.


Does someone has got any experiences with it. How secure could this protection be?

cube007

 

[abednego]

SRAM FPGAs can be protected ! Disable readback, fill the FPGA with stream and run it on a battery.

triple-des is surely helpful.

If you want just to protect your algorithm, you can rely upon xilinx bitstream scrambling that's based upon randomness.

ABEDNEGO

 

[Bartart]

Hello!

I think that reverse engineering is an issue only if you are dealing with small designs, if you design a modular project to fit an huge FPGA it is quite imposibile to engineers to decompose the design, never tried but that is my opinion.

Do you agree?

But as there is the possibility to encrypt your design why don't use it.

Bart

 

[Ace-X]

Bartart

You forgot about another point: how to protect your design from illegal copy!? Pirate will never try to understand how your design work - he will just copy your bitstream file from on-board EEPROM and that's all! Therefore for Virtex2 it is good idea to use encryption of bitstream (the only inconvenience is that the external battery should be attached to FPGA to keep decryption keys). For others devices you could use technique which is well described here:

http://www.free-ip.com/copyprotection.html

Just select strong non-linear PRS generator.

Ace-X.

P.S. Also this link could be useful:
**broken link removed**

 

[fivaro1]

Antifuse is another solution, although prototyping is a bit more difficult. Should prototype with sram based FPGA and final design with antifuse. Of course that design has to be very well understood and synchronous, in order to avoid timing derivations between 2 different technologies and architectures.

I think 3DES can be sure now, but it`s a question of time it can be hacked in reasonable time.[/code]

 

[tlp71@hotmail.com]

about the VII. because the current to store the keys of triple DES is very very little, Xilinx Says handred of nanoamperes, if you use a 200 ma Battery you can store your keys for about 15 years.
a very rasonable time i think.
If somehone like to copy your code can also open the device and read the cells of antifuse, i think that is very hard but litterature sayd also this
Bye

G.

 

[Bartart]

Bartart

You forgot about another point: how to protect your design from illegal copy!? Pirate will never try to understand how your design work - he will just copy your bitstream file from on-board EEPROM and that's all!

You are right, i have never thought about it.

 

[sgrudu]

Also Lattice Semiconductors has another solution,
which is quite interesting:
an sram based fpga with e2prom integrated in the
chip!
https://www.latticesemi.com/products/technology/isp_xp.cfm

greets,
sgrudu

 

[simon2kk]

One interesting device is Actel ProASIC plus.
It is FlashMemory based FPGA not SRAM based. Once you set the configuration and use FlashLock, no one can read out the configuration.
You also don't need other extra battery to keep the protection.

 

[tahiti]

This is not true. A chip, especially fuse based devices, can be reingineered, if someone is willing to invest a significant amount of money.

And, as far as I know 3DES can be cracked, if you have extremely large computing power.

tahiti

 

[sgrudu]

And, as far as I know 3DES can be cr@cked, if you have extremely large computing power.

With current known technology and knowledge 3DES cannot be cr@cked, not in the time
of the life of a man
Currently with the budget of a government agency it is possible to cr@ck des in less
than 24 hours but des has 56 bit strength , 3DES is 112bit ... obviously you
must double the cr@cking power for each bit..


greets,
sgrudu

 

[hitower]

Ordinary DES can be cracked in hours using specialized processors (they can be built for example on Xilinx

 

[Ace-X]

Ordinary DES can be cracked in hours using specialized processors (they can be built for example on Xilinx

Really!? What a nice news!!! But what about the price? Because, if I would have infinite amount of money, I can theoretically break DES in 1 sec.

Read once more the post of sgrudu. He was right - only goverment agencies can afford to break DES in 24 hours!

Well, to be precise let's make some calculations:
1. Let's get the DES IP core from Memec Design as a reference:
**broken link removed**
It takes 318 slices in X2V and provides encryption speed 86*4=344 Mbit/sec.
2. To break DES we will use simple brute-force approach. Frankly, there are some techniques based on linear and differential cryptoanalysis to optimize it a little bit, but all of them suppose that you have some billions pairs of plaintext-ciphertext and they require a lot of memory. Therefore, we will not consider them here. We will suppose that we have one block [64 bits] of plaintext and corresponding ciphertext. Our task: to find the key that was used for encryption by trying all 2^56 possible keys.
3. You have 1 million $. Do you really want to spend them for breaking DES and not for new Porsche and some nice girls? :wink: OK, you do!!!
4. I selected XC2V3000 for 600$ as the best part in the terms of size/price. It has 32256 slices. So, for 1M$ you could reach encryption speed [1M$/600]*[32256/318] about 170 000 * 344 Mbit/sec = 58480000 Mbit /sec.
5. So, to try one key you have to encrypt 64 bits of plaintext, therefore on your Xilinx-based supercomputer you will be able to try 913750 Mkeys/sec.
6. 2^56 = 72057594037927936. After division we will get:
72057594037927936/913750000000 = 78859 sec. It is about 21 hours. And again - it is only if you have 1 million dollars [I didn't count here the money for core and PCB design]!

As to me, I still stay on new Porsche and some nice girls!

Ace-X.

 

[honey]

i don't think so

 

[homeadd]

I have meet a company who can copy the PCB entirely! For the current FPGA that uses the PROM to configurate the FPGA,if you can read the data from PROM according the PROM timing requirement,you will design a equipment more easily.
Of course,this is copying equipement,not copying IP.

 

[lucbra]

Well, interesting, but as mentioned above only Actel and Lattice Semiconductor offer a solution that is hard to break. No external bitstream, and reverse engineering is not so easy with a couple of layers of metal.
And one that can afford the money to have very advanced equipement, he can surely invest in engineering force to develop his own PCB.

Regards

 

[YUV]

If you have a huge and expensive design, add small CPLD which costs a couple of dollars. That CPLD has security protection and will work as a "key" for FPGA.
Also, you can spend 2 pins (in + out) of your FPGA for test traffic. Connection should be hidden into internal PCB layer. I don't think, that copying of multilayer PCB is so easy. If you have BGA package + 6 layers, perhaps, pirates will miss something. Moreover, in contrast to cracking by powerfull computer, that task have to be made using special equipment and almost manually.