Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
Synaptic Laboratories Limited
Five Essential Hardware Security Controls for all Commercial SoC FPGA ProjectsThis base-line of security is viable and easy to use today
Benjamin Gittins
M: +356 9944 9390E: [email protected]
2
synaptic-labs.com*
Agenda
• Key Benefits of Intel® SoC FPGA
• Threat Actors, Attack Vectors and Five Essential Base-line Hardware Security Controls
• Protection with Base-line Hardware Security Controls Viable Today
• Summary and Next steps
• Appendices
3
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAin today’s rapidly changing security landscape
• Today: A 1 euro online transaction is expected to have a base-line of security
• In this presentation we explore the minimum ESSENTIAL base-line of hardware security controls for use in all SoC FPGA’s – in all markets - This presentation is designed as a resource that you can download later
» Text in light grey is intended for reading at a later time
- There are links to more information in the slideshow appendices- You can see me or my colleagues today at the Intel stand- There are brochures for you to take away
4
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAin today’s rapidly changing security landscape
• Today:The incidence and cost of cyber attacks is escalating rapidly - Some reports estimate costs may exceed
USD $ trillions per year (3)
• All sectors of the community, from individuals to Governments and global markets, are increasingly security conscious- Some reports estimate security expenditure may reach
USD $1 Trillion over next 5 years (3)
5
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAin today’s rapidly changing security landscape
• Today: You can easily employ the five base-line hardware security controlsprovided by Intel and/or its partners in new and retro-fit SoC FPGA designs to Secure your products by default against a wide range of low-cost, high-impact attack vectorsAt a negligible cost of ownership
6
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAs over conventional microcontroller units
• A key advantage is that they:Permit the precise mapping of your product’s functionality seamlessly across hardware and software to best meet your product’s:- Cost- Performance - Safety- Security needs
7
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAs over conventional microcontroller units
• Advantageously, the tight coupling between thehard processor system and the FPGA fabric:- Significantly reduces the
attack surface area of your productIntel®FPGAFabric
Intel®HPS ✓
8
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAs over conventional microcontroller units
• Advantageously, the tight coupling between thehard processor system and the FPGA fabric:- Significantly reduces the
attack surface area of your product- Eliminates the need for cryptographically secure
encryption and authentication of the memory transfer requests issued between the ARM* cores and the logic in the FPGA fabric of Intel SoC FPGA§ This results in a higher-performance, lower design cost,
lower implementation cost, lower-power productwhen compared to coupling an External MCU with an FPGA
Intel®FPGAFabric
Intel®HPS ✓
9
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAs over conventional microcontroller units
• You are in greater control of your product’s architecture, behavior, and security:- SoC FPGAs permit you to
take advantage of hardware acceleration of your software
10
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAs over conventional microcontroller units
• You are in greater control of your product’s architecture, behavior, and security:- SoC FPGAs permit you to
take advantage of hardware acceleration of your software, (e.g. by using Intel® FPGA SDK for OpenCL* and/or DSP Builder for Intel FPGAs)without increasing your attack surface areadue to the use of an external microcontroller unit (MCU)
- Take advantage of the FPGA fabric to implement and control real-time peripherals with robust time and address space partitioning to ensure clock-cycle deterministic operation of those safety critical functionswith higher levels of correct operation then when compared tosoftware running on a MCU.
11
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAs over conventional microcontroller units
• Intel® SoC FPGA offer you many benefits:- Employ NEW security controls that
may become available in response to the constantly EVOLVING, ADAPTIVE security threat landscape
- Employ the latest hardware functionality and performance enhancementsto improve the value-proposition of your product in the market
12
synaptic-labs.com*
Key Benefits of Intel® SoC FPGAs over conventional microcontroller units
• For example:- Upgrading Intel® SoC FPGA-based Internet of Things (IoT) devices
in the field to support evolving standards,such as secure communications protocols,to stay safe and relevant in the market
- See the appendix of this slide show for another example
13
synaptic-labs.com*
Agenda
• Key Benefits of Intel® SoC FPGA
• Threat Actors, Attack Vectors and Five Essential Base-line Hardware Security Controls
• Protection with Base-line Hardware Security Controls Viable Today
• Summary and Next steps
• Appendices
14
synaptic-labs.com*
Three Broad Types of Threat Actors Managed
risk
YOUR DEPLOYED PRODUCT
Reprogram FPGA or flash memory over JTAG*, ...
Insiders
15
synaptic-labs.com*
Three Broad Types of Threat Actors Managed
risk risk
YOUR DEPLOYED PRODUCT
Reprogram FPGA or flash memory over JTAG*, ...
Reprogram FPGA or flash memory
over a network, ...
Insiders Outsiders
16
synaptic-labs.com*
Three Broad Types of Threat Actors Managed
risk risk
YOUR DEPLOYED PRODUCT
risk
Reprogram FPGA or flash memory
over a network, ...
Combining technical expertise with physical accessibility
Reprogram FPGA or flash memory over JTAG*, ...
Insiders Outsiders
Insiders and Outsiders colluding
17
synaptic-labs.com*
Three Broad Types of Threat Actors Managed
"Cyber threats today are a reality that will prove devastating unless you take preventative steps now to protect your embedded devices ... [by implementing] security into the device itself ... [because a] secure perimeter is not enough."
risk risk
YOUR DEPLOYED PRODUCT
risk
*
18
synaptic-labs.com*
Three Broad Types of Threat Actors Managedrisk risk
YOUR DEPLOYED PRODUCT
risk
• Insider and collusion attacks are a universal type of problem that should NOT be ignored
• The global audit firm KPMG*(1) asserts: - 90% of all fraud is by insiders or ex-insiders- 74% of fraud over $1 million is by insiders
acting alone or in collusion with outsiders
- Weak internal security controls are a contributor in 61% of cases
19
synaptic-labs.com*
Attacks Managed
• The five essential base-line hardware security controls manage key attacks, including:- Malware injection- Unauthorised monitoring / data theft- Reverse engineering of IP
20
synaptic-labs.com*
Attacks Managed
• The five essential base-line hardware security controls manage key attacks, including:- Malware injection- Unauthorised monitoring / data theft- Reverse engineering of IPOver multiple communication paths:- JTAG* pins (USB JTAG*)- Various types of flash memory- Ethernet* (Remote FPGA programming)
Flash Memory
Intel®FPGAFabric
ARM*
coreARM*
coreSystemManager
FPGAManager
JTAG*
USB Ethernet*
JTAG* pins
21
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
1. Intel® “Tamper Protection Mode” in SoC FPGA - Freely available, easy to use - You simply load key material
into the FPGA device FPGAMonitor FPGA
HW
Intel® SoC FPGA
22
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
1. Intel® “Tamper Protection Mode” in SoC FPGA - Freely available, easy to use - You simply load key material
into the FPGA device- Employs:
§ one-time-programmable fuses to store the key material in the FPGA (easy retrofitting)
or § An external battery source for maintaining
the value of keys stored in the volatile key storage module of the FPGA
FPGAMonitor FPGA
HW
Intel® SoC FPGA
23
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
1. Intel® “Tamper Protection Mode” in SoC FPGA
FPGAMonitor FPGA
HW
Intel® SoC FPGA
24
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
1. Intel® “Tamper Protection Mode” in SoC FPGA
FPGAMonitor FPGA
HW
Intel® SoC FPGA
FPGAconfiguration
file
25
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
1. Intel® “Tamper Protection Mode” in SoC FPGA
FPGAMonitor FPGA
HW
Intel® SoC FPGA
FPGAconfiguration
file
Encrypt and/or
authenticateconfiguration
file
®
26
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
FPGAMonitor FPGA
HW
FPGAconfiguration
file
Encrypt and/or
authenticateconfiguration
file
Intel® SoC FPGA
®
Storeand
forward(e.g. at power-on)
Memory or Configuration
Device
1. Intel® “Tamper Protection Mode” in SoC FPGA
27
1. Intel® “Tamper Protection Mode” in SoC FPGA
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
FPGAMonitor FPGA
HW
Intel® SoC FPGA
Ensure the FPGA monitoris configured to rejectunencrypted and/or
unauthenticated configuration files
during deployment
FPGAconfiguration
file
Encrypt and/or
authenticateconfiguration
file
®
Storeand
forward(e.g. at power-on)
Memory or Configuration
Device
28
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
FPGAMonitor FPGA
Fabric
- The encryption of the FPGA configuration file protects its contents against reverse engineering when at rest and when in transit to the FPGA device
Intel® SoC FPGA1. Intel® “Tamper Protection Mode” in SoC FPGA
29
1. Intel® “Tamper Protection Mode” in SoC FPGA
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
FPGAMonitor FPGA
Fabric
- By configuring the FPGA’s monitor circuit to REJECT unencrypted and/or unauthenticated configuration bitstreamsthe SoC FPGA resists malware injection into the FPGA configuration bitstream after deployment
✘Malware
Intel® SoC FPGA
30
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
1. Intel® “Tamper Protection Mode” in SoC FPGA
FPGAMonitor FPGA
Fabric
- Protection against the over-manufacture of your device can also be achieved by separating the roles and responsibilities with regard to each of:
- The loading of key material into the FPGA- The physical manufacture of the device- The programming of encrypted FPGA configuration files
Intel® SoC FPGA
31
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
2. Intel® Secure Boot controls for your specific SoC FPGA device- Freely available, easy to use- Provides a hardware root of trust
for ARM* software- Employs:
§ a Boot ROM in the hard processor system (HPS)
§ user key material stored securely in the FPGA manager
§ the AES* decryption hard macro in the FPGA manager
§ other security controls that may be implemented in the FPGA fabric
ARM*
coreARM*
coreSystemManager
FPGA Manager
Keys
AES HW
Boot ROM
Additional secure boot controls may be
implemented in the FPGA fabric
Intel®FPGA Fabric
Intel® SoC FPGA
32
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
HPS – ARM* Core(s)
FPGAFabric
✘FPGAMonitor
Intel® SoC FPGA
Malware
2. Intel® Secure Boot controls for your specific SoC FPGA device
- Intel’s secure boot controls for the hard processor system (HPS) secures the first stages of the ARM* software boot process
- The developer is then responsible for extending the secure boot flow down to the executive system. The developer may employ the use of security IP provided by Intel® and/or its partners
33
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
3. Inline Memory Encryption- Third party IP implemented in the FPGA fabric
Intel® SoC FPGA
ARM*or
Nios® II /e or /for
Peripheral
Memory Controller Encrypted
region of memory
AES INLINE
MEMORY ENCRYPTOR
34
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
3. Inline Memory Encryption- Third party IP implemented in the FPGA fabric
§ Automatically encrypts and decrypts data written to and read from external memory using the NIST* AES cipher without modifying the software
Intel® SoC FPGA
ARM*or
Nios® II /e or /for
Peripheral
Memory Controller Encrypted
region of memory
AESINLINE
MEMORY ENCRYPTOR
35
synaptic-labs.com*
Use Case 1:• Off-chip flash memory is typically the most exposed and
most easily attacked type of external memory connected to an SoC FPGA device
HPS FPGA Fabric
Intel® SoC FPGA
Flashcontroller
EPCQEPCS
Encrypted FPGA
configuration
Highly vulnerable
off-chip flash
contents
Code & Data
ARM*Core
36
synaptic-labs.com*
Use Case 1:• Employ Inline Memory Encryption to automatically protect the firmware
and data stored on vulnerable FLASH memory without modifying SW
HPS FPGA Fabric
Intel® SoC FPGA
Flashcontroller
EPCQEPCS
Encrypted FPGA
configuration
EncryptedARM*
FirmwareARM*Core
S/Labs*INLINE
ENCRYPTORSMEM-T001
From 209 ALMand 1 ROM Encrypted
Data
All code and data on highly
vulnerable off-chip flash is
now protected
37
synaptic-labs.com*
Use Case 1:• Employ Inline Memory Encryption to automatically protect the firmware
and data stored on vulnerable FLASH memory without modifying SW• Use to extend the Intel® Secure Boot Flow for the ARM* cores
by transparently decrypting executive software stored in EPCQ flash
HPS FPGA Fabric
Intel® SoC FPGA
Flashcontroller
EPCQEPCS
Encrypted FPGA
configuration
EncryptedARM*
FirmwareARM*Core
S/Labs*INLINE
ENCRYPTORSMEM-T001
From 209 ALMand 1 ROM Encrypted
Data
38
synaptic-labs.com*
Use Case 2: Nios® II Co-Processor • Also automatically and continuously protects firmware and data, and
provides a Secure Boot Flow for the Nios® II core
HPS FPGA Fabric
Intel® SoC FPGA
Altera®flash
controller
EPCQEPCS
Encrypted FPGA
configuration
EncryptedARM*
FirmwareARM*Core
Encrypted Data
S/Labs*INLINE
ENCRYPTORSMEM-T001
From 209 ALMand 1 ROM
Nios® II core/e or /f
Encrypted Nios® IIFirmware
Nios® II
39
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
3. Inline Memory Encryption
HPS FPGA Fabric
Intel® SoC FPGA
Flashcontroller
Encrypted FPGA
configuration
EncryptedFirmwareCore
S/Labs*INLINE
ENCRYPTOR
EncryptedData
- Encryption of the firmware and other data stored on the flash memory protects that information against reverse engineering and theft when at rest and in flight
40
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
3. Inline Memory Encryption to resist malware injection
- Any executable code (i.e. malware) injected and stored in cleartext on the flash memory will be mangled when read through the inline memory encryptor
- Mangling prevents its successful execution
HPS FPGA Fabric
Intel® SoC FPGA
Flashcontroller
Encrypted FPGA
configuration
CoreS/Labs*INLINE
ENCRYPTOR
✘ Malware
41
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
4. Intel® security controls on the maintenance and debug ports- Freely available, easy to use
JTAG*
✘
42
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
4. Intel® security controls on the maintenance and debug ports- Freely available, easy to use - In Cyclone® V through Stratix® 10 devices:
§ Turning on the Intel® “Tamper Protection Mode” automaticallyturns on JTAG* secure mode. This restricts the number of JTAG* instructions available from the external JTAG* port
JTAG*
✘
43
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
4. Intel® security controls on the maintenance and debug ports- Freely available, easy to use - In Cyclone® V through Stratix® 10 devices:
§ Turning on the Intel® “Tamper Protection Mode” automaticallyturns on JTAG* secure mode. This restricts the number of JTAG* instructions available from the external JTAG* port
§ In high security applications it is easy to disable JTAG* and Debug ports to stop all types of access
§ These controls can be enabled and disabledfrom within the FPGA fabric at run-time
JTAG*
✘
44
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
4. Intel® security controls on the maintenance and debug ports- Freely available, easy to use - In Stratix® 10 devices:
§ It is easy to turn on mandatory cryptographic authentication of all debug and maintenance inputs
§ Win both security and functionavailability simultaneously
JTAG* ✓✘
45
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
4. Intel® security controls on the maintenance and debug ports
- The JTAG* communication port is used in many ways to make the development of your software and hardware IP easier
- LOCK DOWN the JTAG* port to make it harder for malware developers and other attackers
✘JTAG*
✘Hack
46
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
5. ARM* TrustZone*- A type of hardware-based
address space partitioning control- Freely available- Embedded in the
hard processor system
software software
TrustedNon trusted
data
hardware
data
hardware
- Also consider using HW based Memory Management Unit as a security control- For Stratix® 10 SoC, also see: ARM Virtualization Extensions (ARM-VE)
47
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
5. ARM* TrustZone*- Freely available- Embedded in the
hard processor system- TrustZone* employs hardware
controls to create secure and non-secure worldsthat are isolated from each other
software software
TrustedNon trusted
data
hardware
data
hardware
48
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
5. ARM* TrustZone*- Freely available- Embedded in the
hard processor system- TrustZone* employs hardware
controls to create secure and non-secure worldsthat are isolated from each other
- Software and peripherals reside in either the secure world or the non-secure world
software software
TrustedNon trusted
data
hardware
data
hardware
49
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
5. ARM* TrustZone*- TrustZone* controls are easiest
to employ by using mainstreamexecutive systems
software software
TrustedNon trusted
data
hardware
data
hardware
50
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
5. ARM* TrustZone*- TrustZone* controls are easiest to employ by using
mainstream executive systems such as:
§ Wind River® VxWorks®§ SYSGO* PikeOS* § Mentor Graphics* Embedded Hypervisor* § Green Hills Software* INTEGRITY* Secure Virtualisation § Various Linux* distributions § Many others...
* * *
This information is being provided by Synaptic Labs as an accommodation and for guidance purposes only. Synaptic Labs’ makes no representations, warranties or guaranties, implied or express, as to the information contained herein, including as to the accuracy or completeness. Nor may you rely upon the information contained herein for any purpose. In accordance with US law, all exporters and re-exporter's of Altera products remain responsible for determining the classifications, license exceptions and licensing requirements,and compliance with applicable U.S. export regulations.
(Not listed in any particular order)
(TrustZone*-based secure boot, ARM VE)
(Secure world, ARM VE, ITAR free)
(Secure world, ITAR free)
(Non-secure world only)
(Secure world, ARM VE, ITAR free)
51
synaptic-labs.com*
Five Essential Hardware Security Controls at Negligible Cost
5. ARM* TrustZone*- Reduces the severity
of buffer overflow attacks in the non-secure world
§ TrustZone* hardware prevents (compromised) software running in the non-secure world from accessing memory or peripherals in the secure world
Hacksoftware software
TrustedNon trusted
data
hardware
data
hardware
✘
52
synaptic-labs.com*
Agenda
• Key Benefits of Intel® SoC FPGA
• Threat Actors, Attack Vectors and Five Essential Base-line Hardware Security Controls
• Protection with Base-line Hardware Security Controls Viable Today
• Summary and Next steps
• Appendices
53
synaptic-labs.com*
Protect Against the Known Lower Cost Attack Vectorswith Five Essential Hardware Security Controls from Intel and Their Partners
54
synaptic-labs.com*
Protect Against the Known Lower Cost Attack Vectors
• With zero to low negative impact on:- Developer costs:
§ Suitable for use by “mere mortals”Tutorials and guides are provided
§ Expert support from Intel’s FAE team for Intel’s security controls
§ Does NOT require information security experts to turn on or implement these controls
§ EASY for projects to enable or employ in new and retrofitted designs
55
synaptic-labs.com*
Protect Against the Known Lower Cost Attack Vectors
• With zero to low negative impact on:- Developer costs- Licensing costs:
§ Four of the five HW security controls are embedded in Intel® SoC FPGA for FREEYou can enable them without any extra licences needed
§ The other HW security control is a Qsys component with low license costs
56
synaptic-labs.com*
Protect Against the Known Lower Cost Attack Vectors
• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost:
§ Four of the five controls are embedded in the Intel® SoC FPGA silicon and do NOT consume any FPGA circuit area
57
synaptic-labs.com*
Protect Against the Known Lower Cost Attack Vectors
• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost:
§ The fifth HW control is an inline memory encryptor for flash. Synaptic Labs* offer a very low circuit area solution (from ~210 ALM)
~210 ALM is only ~2% of the smallest Cyclone® V SoC device
Additional IP is available from S/Labs* to reduce resource usage elsewhere in a Qsys project (such as in the interconnect) to reduce or eliminate the overhead of this security module to facilitate retrofitting inline memory encryption for flash into resource constrained designs. See the appendix of this slide show for more details.
58
synaptic-labs.com*
Protect Against the Known Lower Cost Attack Vectors
• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost- Software performance is NOT impacted:
§ All 5 HW security controls have (or can be configured to have) practically NO impact on software performance
59
synaptic-labs.com*
Protect Against the Known Lower Cost Attack Vectors
• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost- Software performance- Hardware performance is NOT impacted:
§ All five hardware security controls have practically NO impact on the performance of other hard or soft macros IP in your project
60
synaptic-labs.com*
Protect Against the Known Lower Cost Attack Vectors
• With zero to low negative impact on:- Developer costs- Licensing costs- Recurring product manufacturing cost- Software performance- Hardware performance- Maintenance in the field is NOT impacted:
§ All five controls are set or implemented once and continue to operate without day-to-day monitoring resulting in no extra burden for customers
61
synaptic-labs.com*
Protect Against the Known Lower Cost Attack VectorsThese Five Hardware Security Controls in Intel® SoC FPGAs:
• Have no ‘military grade’ issues - Intel’s commercial grade SoC FPGA’s
employ embedded security controls and are marketed in most countries
- We are advised by Intel PSG that enabling the security controls embedded in an Intel® SoC FPGA device does NOT activate U.S. ITAR export controls
This information is being provided by Synaptic Labs as an accommodation and for guidance purposes only. Synaptic Labs’ makes no representations, warranties or guaranties, implied or express, as to the information contained herein, including as to the accuracy or completeness. Nor may you rely upon the information contained herein for any purpose. In accordance with US law, all exporters and re-exporter's of Altera products remain responsible for determining the classifications, license exceptions and licensing requirements,and compliance with applicable U.S. export regulations.
62
synaptic-labs.com*
Employing Security in FPGA is Easy and Viable Today
• Failure to enable hardware security functionality that is freely availablein the device, to protect against low cost, high-impact attack vectors, is ‘unreasonable’
• Failure to enable those security controls exposes companies to various avoidable risks and costs in the event of a breach — including:- loss of customer loyalty, - government fines if client data is stolen, - increased insurance premiums, - and so on...
63
synaptic-labs.com*
Easy to Communicate the Five Controls and Their Security Value Proposition
• To your stakeholders:- To your own management and sales people- To your customers
• Easy for your customers to explain to their stakeholders - To their own customers, shareholders, auditors and regulatory authorities
• To show that the available, low cost security capabilities are enabled • To protect against the known attack vectors
Of course: A safety and security risk analysis should be performed by your company to determine if additional security controls may be required
64
synaptic-labs.com*
Agenda
• Key Benefits of Intel® SoC FPGA
• Threat Actors, Attack Vectors and Five Essential Base-line Hardware Security Controls
• Protection with Base-line Hardware Security Controls Viable Today
• Summary and Next Steps
• Appendices
65
synaptic-labs.com*
Summary and Next Steps
• Today, everyone expects a base-line of security to be present in commercial products and systems
66
synaptic-labs.com*
Summary and Next Steps
• You can easily employ the five base-line hardware security controlsprovided by Intel® and/or its partners
67
synaptic-labs.com*
Summary and Next Steps
• You can easily employ the five base-line hardware security controlsprovided by Intel® and/or its partners- In new and retro-fit SoC FPGA designs
- To secure your products by default against a wide range of low-cost, high-impact attack vectors
- At a negligible cost of ownership
- To increase the value proposition of your product
68
synaptic-labs.com*
Summary and Next Steps
• Remember, this presentation is designed as a resource that you can download later - There are links to more information in the appendices
- For example, to technical information on how to implement these security controls
- You can see me or my colleagues at the Intel stand today
- There are some brochures for you to take away
- Your Intel® Field Application Engineer (FAE) can also assist
69
synaptic-labs.com*
Additional Sources of Information
Meet us at the Intel PSG demo table in the exhibit hall.
More web based info (Context):(1) KPMG. Cyber security a failure of imagination by CEOs. White paper. Publication number: 132969-G. Dec 2015 (2) J. Gelinne, et al. “The hidden costs of an IP breach: Cyber theft and the loss of intellectual property”,
Deloitte Review issue 19, July 2016. (3) Steve Morgan, “Hackerpocalypse: A Cybercrime Revelation”, Herjavec Group, Q3 2016
More web based info (Technical):(4) Huffmire, T., et al, “Handbook of FPGA Design Security”, Springer Netherlands, 2010(5) Badrignans, B., et al, “Security Trends for FPGAs. From Secured to Secure Reconfigurable Systems”, Springer Netherlands, 2011(6) Altera AN-556, “Using the Design Security Features in Altera FPGAs”, June 2016(7) Altera AN-680, “Product Security Features for Altera Devices”, Jan 2015(8) Ryan Kenny, “SoC FPGA Hardware Security Requirements and Roadmap” ISDF16 SF, Aug 2016(9) Rodney Frazer, “SoC FPGA Secure Boot”, SW session, ISDF16 SF, Aug 2016(10) Rodney Frazer, “SoC FPGA Secure Boot”, HW session, ISDF16 SF, Aug 2016
....
70
synaptic-labs.com*
Additional Sources of Information
More web based info (Technical):(11) Altera CV_5v4, “Cyclone V Hard Processor System Technical Reference Manual”, May 2016(12) Altera AN-709, “HPS SoC Boot Guide - Cyclone V SoC Development Kit”, Jan 2016(13) Altera UG-1171, “Arria 10 SoC Boot User Guide”, Oct 2015(14) Altera AN-759, “Arria 10 SoC Secure Boot User Guide”, March 2016 (15) Synaptic Labs Inline Memory Encryptor IP for Qsys - www.synaptic-labs.com(16) http://www.arm.com/products/security-on-arm/trustzone(17) Felix Baum, “Securing Modern-Day Devices within Embedded Virtualization and ARM TrustZone Technology”, 2015, TECH 12360-w(18) Robert Bates, “Building Functional Safety and Security into Modern IIoT Enterprises and Ecosystems”, 2016, TECH 14410-w(19) Felix Baum, Alan Grau, “Developing Industrial Control Systems which meet Security and Regulatory Requirements”, Webinar (20) http://www.windriver.com/products/vxworks/(21) Michel Chabroux, “Building Secure, Connected, RTOS-based IoT Devices”, ISDF16 SF, Aug 2016(22) http://www.sysgo.com/products/pikeos-hypervisor/(23) http://www.mentor.com/embedded-software/hypervisor/(24) http://www.ghs.com/products/rtos/integrity_virtualization.html(25) Iisko Lappalainen, “Technologies for Securing Intel® SoC FPGAs using an Embedded Linux* System”, ISDF16 SF, Aug 2016(26) https://www.altera.com/products/soc/portfolio/cyclone-v-soc/ecosystem.html(27) Tehranipoor, M., et al, “Introduction to Hardware Security and Trust”, Springer New York, 2012
71
Benjamin GITTINSMobile: +356 9944 9390
www.synaptic-labs.comFindAppendiceson the nextfew slides
72
synaptic-labs.com*
Agenda
• Key Benefits of Intel® SoC FPGA
• Threat Actors, Attack Vectors and Five Essential Base-line Hardware Security Controls
• Protection with Base-line Hardware Security Controls Viable Today
• Summary and Next steps
• Appendices
73
synaptic-labs.com*
Adding inline-encryption in resource constrained FPGA projectsS/Labs inline memory encryptor for EPCQ flash (SMEM-T001) offers a range of throughput / circuit area configurations enabling efficient instantiations for a wide range of different projects. S/Labs also offers a wide range of IP for Qsys that can be used to reduce the resource usage of a typical Qsys project. E.g. by reducing the circuit area required to implement the interconnect. Reductions in circuit area won using S/Labs’ IP can be larger then the amount of circuit area required to instantiate SMEM-T001 in some projects. Reductions in circuit area facilitate retrofitting inline memory encryption for flash in severely resource constrained designs. Additionally, S/Labs growing range of IP for the Qsys ecosystem can result in high-clock speed designs and/or lower pipeline stages to further improve system performance. Visit synaptic-labs.com to explore our latest portfolio of solutions...
HPS
FPGA
Altera®flash
controller
Encrypted FPGA
configuration
EncryptedARM*
Firmware
Encrypted Data
Encrypted Nios® II Firmware
EPCS/EPCQflash memory
Intel® SoC FPGA
S/Labs* non-burst to
burst converterprovides burstaccess to flash
while eliminatingunnecessary burstlogic elsewhere in the interconnect
Nios® II/f
non-burst
ARM*Core
S/Labs*INLINE
ENCRYPTORSMEM-T001
From 209 ALMand 1 ROM
S/Labs* on-chipSRAM IP efficiently
allocates non-base 2regions of memory
with lower circuit area
S/Labs* Avalon-MM
interconnect technologies
replace parts of the Avalon Merlin
Interconnect toreduce circuit area
74
Nios® II/e
InlineMemory
Encryptor
for EPCQ flash with secure boot
ARM*Nios® II/eNios® II/f
Level 1 Caches
Up to 69x faster SW performanceFor SDRAM and on/off-chip flash
System Caches
for sharedcaching ofSDRAM
ARM*Nios® II/eNios® II/f
Efficienton-chip SRAM
Allocator
Save up to ~50% SRAM
Avalon Interconnect*
Enhancements
Save <36% circuit area, higher clock speeds, etc
ARM*Nios® II/eNios® II/f
ARM*Nios® II/eNios® II/f
MAX® 10on-chip Flash Accelerator
Up to 6.3x faster SW performance
New and Advanced Soft IP (Qsys) for theARM* and Nios® II Ecosystems on Intel® FPGA
• Security – a very small, high performance, low cost COTS inline flash encryptor for EPCQ flash• Software performance – with a range of advanced caches and interconnects • Memory usage – with finer grain on-chip SRAM allocation to save SRAM• Circuit area usage – better results in less circuit area• Clock speeds – fine grain pipelining controls facilitate easier place-and-route and timing sign-off
Improve the Value Proposition of Your New and/or Existing Products
Nios® II/f
SIGNIFICANTLY IMPROVES:–Adding security is
not a burden
synaptic-labs.com *
For more information and FREE trials
*
75
synaptic-labs.com*
Security IP Intel® Tamper Protection
Securitymeans Encryption
Sources Flash / SD card, JTAG*, Remote system upgrade
Devices All Intel® SoC FPGA, All modern Intel® FPGA
HardwareCost
FreeEmbedded in silicon
Developer Cost
Low effortLow cost
Retrofit Effort Easy
Intel® Tamper Protection ModeProtects the IP in the FPGA bitstream against reverse engineering
Encryption of the FPGA configuration file protects its contents against reverse engineering when at rest and when in transit to the FPGA device
FPGAMonitor FPGA
Fabric
76
synaptic-labs.com*
Intel® Tamper Protection ModeProtects against malware being injected through the FPGA bitstream
FPGAFabric
To achieve this, the FPGA’s monitor circuit must be configured to reject unencrypted and/or unauthenticated configuration bitstreams.
✘FPGAMonitor
Security IP Intel® Tamper Protection
Securitymeans Authentication
Sources Flash / SD card, JTAG*, Remote system upgrade
Devices All Intel® SoC FPGA, All modern Intel® FPGA
HardwareCost
FreeEmbedded in silicon
Developer Cost
Low effortLow cost
Retrofit Effort Easy
Malware
77
synaptic-labs.com*
Intel® Secure Boot Flow ProcessProtects against malware injection during the ARM* boot process
HPS – ARM* Core(s)
FPGAFabric
Intel’s secure boot controls for the HPS secures the first stages of the ARM* software boot process.The user is then responsible for extending the secure boot flow down to the executive system. The user may employ the use of security IP provided by Intel and/or its partners
Security IP Intel® Secure Boot Controls for the HPS
Securitymeans
Encryption and/orAuthentication
Sources Flash / SD card, JTAG*, Remote system upgrade
Devices All Intel® SoC FPGA
HardwareCost
FreeEmbedded in silicon
Developer Cost
Low effortLow cost
Retrofit Effort Relatively easy
FPGAMonitor
Malware ✘
78
synaptic-labs.com*
Security IP S/Labs* Inline Memory Encryptor
Securitymeans Encryption
Sources EPCQ / EPCS flash
Devices All Intel® SoC FPGA, All modern Intel® FPGA
HardwareCost
Low: <~210 ALM + 1 ROM+ low cost license
Developer Cost
Low effortLow cost
Retrofit Effort Easy
S/Labs* Inline Memory EncryptorProtects the software and data stored on flash from reverse engineering
Encryption of the firmware and other data stored on the flash memory protects thatinformation against reverse engineering and theft
HPS FPGA Fabric
Intel® SoC FPGA
Flashcontroller
Encrypted FPGA
configuration
EncryptedFirmwareCore
S/Labs*INLINE
ENCRYPTOR
EncryptedData
79
synaptic-labs.com*
S/Labs* Inline Memory EncryptorResists attackers modifying the software on flash to inject malware
The encryption controls of the inline memory encryptor transform executable code containing malware stored in the flash in way that prevents it from being successfully executed on the processor core
Security IP S/Labs* Inline Memory Encryptor
Securitymeans Encryption
Sources EPCQ / EPCS flash
Devices All Intel® SoC FPGA, All modern Intel® FPGA
HardwareCost
Low: <~210 ALM + 1 ROM+ low cost license
Developer Cost
Low effortLow cost
Retrofit Effort Easy
HPS FPGA Fabric
Intel® SoC FPGA
Flashcontroller
Encrypted FPGA
configuration
CoreS/Labs*INLINE
ENCRYPTOR
✘ Malware
80
synaptic-labs.com*
Intel® security controls for the JTAG* port Prevent attackers exploiting developer access ports as back doors...
The JTAG* communication port is used in many ways to make the development of your software and hardware IP easier
Lock down the JTAG* port to make malware developers life harder
Security IP Intel® security controls on the maintenance and debug ports
Securitymeans Access control
Sources JTAG
Devices All Intel® SoC FPGA,All modern Intel® FPGA
HardwareCost
FreeEmbedded in silicon
Developer Cost
Low effortLow cost
Retrofit Effort Easy
✘JTAG*
✘Hack
81
software software
TrustedNon trusted
data
hardware
data
hardware
synaptic-labs.com*
ARM* TrustZone*Reduces the severity of buffer overflow attacks in the non-secure world
TrustZone* hardware prevents (compromised) software running in the non-secure world from accessing memory or peripherals in the secure world
Security IP ARM* TrustZone*
Securitymeans Hardware virtualisation
Sources All bus-masters in the “non-secure” world
Devices All Intel® SoC FPGA
HardwareCost
FreeEmbedded in silicon
Developer Cost
Low effort when using existing RTOS / OS
Retrofit Effort Varies
✘Hack