Production programming process prevents FPGA IP pilfering
The programme securely generates and injects cryptographic keys and configuration bitstreams into Microsemi’s FPGAs thus preventing cloning, reverse engineering, malware insertion, leakage of sensitive intellectual property (IP) such as trade secrets or classified data, overbuilding and other security threats.
Microsemi’s SPPS includes the use of “customer” and “manufacturer” hardware security modules (HSMs) combined with Microsemi firmware, the company’s new SPPS Job Manager software and advanced security protocols built into every Microsemi SmartFusion2 system-on-chip (SoC) FPGA and IGLOO2 FPGA. SPPS allows customers to automatically prevent security threats by external adversaries or competitors, contract manufacturers and their employees, or other insiders. SPPS is offered for any FPGA-based system that may be at risk for overbuilding in a wide variety of applications in the communications, defence, industrial and automotive markets. It allows users to safely use less expensive manufacturing resources such as offshore contract manufacturers, while reducing security risks, the company adds.
Key security features of the SPPS include:
· Prevents overbuilding and cloning
· Provides a secure audit trail of devices programmed and programming content
· Provides counterfeit part detection
· Secured key management (generation/storage/use)
· Secure field-upgrade file generation
Microsemi; www.microsemi.com/products/fpga-soc/design-resources/programming/spps
next page; SPPS detail…
The SPPS builds upon Microsemi’s existing internal HSM manufacturing infrastructure, which uses certified HSMs for provisioning factory keys and certificates during wafer sort and package testing. Provisioning by Microsemi allows its customers to securely program their unique key material and designs into the company’s SmartFusion2 SoC FPGAs and IGLOO2 FPGAs in untrusted locations around the world. HSMs effectively remove the vulnerability posed by insiders, especially those within manufacturing locations. This is all accomplished while maintaining confidentiality of sensitive data and preventing tampering, such as insertion of a Trojan horse.
Microsemi’s SPPS Job Manager software generates a job file containing encrypted security parameters, authorised production device limit counts and an FPGA bitstream, allowing the user to monitor all aspects of the FPGA production job, including specifying the key management options desired and allowing them to assert positive control over the number of systems produced. This file is only readable by the target manufacturing HSM. The SPPS also generates encrypted files for the reconfiguration of FPGAs previously “keyed” by the user, such as those in fielded systems.
All security-sensitive operations including device authentication (to provide supply chain assurance), cryptographic key generation, bitstream encryption, the authorisation and counting of produced systems, and the signing of audit logs are performed within the hardware security boundary of the FIPS140-2 level 3 certified Thales HSMs, rather than in a more vulnerable open Windows or Linux computer workstation. This provides the highest level of security in the FPGA industry for detecting counterfeit devices, protecting design IP and preventing overbuilding.
Microsemi is an official reseller of Thales’ hardware security modules, which are custom programmed for executing Microsemi’s FPGA design security protocols.
Microsemi; www.microsemi.com/products/fpga-soc/design-resources/programming/spps