For FPGA Security, Standardize and Certify the Hardware
September 12, 2023
The Intelligent Edge is becoming increasingly important to Industrial, IoT, enterprise, and operations in almost every vertical. And the sensors, networks, and systems that need to operate at the Edge are increasingly dependent on FPGA and other embedded systems to accomplish their goals.
To that end, and to operate safely, efficiently, and reliably, it’s critical to consider the security of FPGA integrated circuits (IC).
“You can’t do data security or information assurance unless you have these underlying layers of hardware security to support it,” said Tim Morin, technical fellow, FPGA, Microchip. “Most people think of IoT security in terms of cybersecurity, and we think they’re going to end up having to secure these physical systems.”
This issue is on the minds of the engineers at Microchip, and that thinking is reflected in the recent announcement that the United Kingdom’s National Cyber Security Centre (NCSC) has favorably reviewed the company’s PolarFire FPGA crypto design flow.
These certifications of secure design are not only critical for any OEM that intends to do government contracts but should be de rigueur for any chipset or silicon manufacturer targeting any market from industrial to consumer-facing. Security on the chip can take many forms and when a system like an FPGA is specifically designed to be programmed to suit the end user, even more care must be taken to prevent, detect, and recover from faults, attacks, or breaches.
System architects and designers need to be thinking about these measures from the design and build phase of any FPGA if we’re going to avoid repeats of incidents like Mirai and the dozens of other similar incidents enabled by unsecured Edge hardware.
“You have to go through the extra step of defining the separation at the system level before you do the design,” said Morin. “We’re investing a lot in physical security. We assume equipment is being left in compromised positions, and [bad actors or competitors] are looking to reverse engineer products.”
NCSC in the UK, NIST in the US, and similar bodies in most regions or countries do standardized testing against a variety of risk conditions, and every FPGA, board, SoC or other hardware needs to be certified by these bodies in order to be trustworthy.
According to its announcement, Microchip’s PolarFire FPGA has AES 256-encrypted configuration files with SHA 256-based HMAC authentication, true random number generators, processing protected against Differential Power Analysis (DPA) with technology licensed from Cryptography Research Incorporated (CRI), and public key cryptographic cores. There’s a lot more, and you can take a look at what Microchip is doing here, but it’s important to check for similar measures on any FPGA.
Similarly, in August, Rambus announced a series of security IP solutions for FPGA that includes Root of Trust, 800G MACsec, IPsec, and classic and quantum safe public key encryption.
These two companies are leading the way, but not alone in affirming the importance of FPGA security on the hardware in embedded devices not just at the Edge, but throughout connected systems.
Make sure your designs do not fall behind.