Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > FPGAs/PLDs

Protecting FPGA system with secure authenticator

Posted: 04 Dec 2014 ?? ?Print Version ?Bookmark and Share

Keywords:FPGAs? OEM? intellectual property? IP? SRAM?

These days, counterfeiters increasingly target electronic devices because selling copied electronics can be quite lucrative. Furthermore, certain types of electronic components like FPGAsand especially their attached peripherals/sub-systemscan be relatively easy to copy. Consequently, all too often end users cannot be sure that they are using genuine OEM equipment. This can be quite disappointing when the end user encounters substandard counterfeit devices, items that break down easily or do not work properly. But perhaps more gravely, consider the implications of using a substandard or inaccurately calibrated surgical device. This can be deadly.

What about OEMs who see parts of their products being counterfeited? OEMs face revenue loss when their goods are counterfeited in the market. This phenomenon is not limited to emerging markets. Indeed, the supply chains for many electronic goods stretch worldwide, so counterfeit goods can find their way into virtually any supply chain.

This article outlines the general problems that counterfeiters pose for OEMs and end customers. It then turns to FPGA systems and explains how OEM system designers can address their concerns about the counterfeiting of FPGAs. Designers can secure their FPGA bitstream, protect IP, and prevent attached peripheral counterfeiting through use of secure authentication ICs that implement a SHA-256 or ECDSA algorithm.

Many reasons to counterfeit FPGA embedded devices
FPGAs and their attached components are especially susceptible to counterfeiting. Let's begin with attached peripherals, sub-systems, consumables, and sensors. A common business model is for OEM vendors to sell base equipment (e.g., the printed circuit board with the FPGA) at a very low gross margin or even at a loss; meanwhile they rely on sales of attached peripherals.

Gross margins on the attached peripherals are usually significantly higher and thus the attached components are targeted by counterfeiters. Think about printers and printer cartridges; gaming consoles and controllers; medical devices and attached disposable sensors.

The list goes on and on. For some of these peripherals or consumables, OEMs typically want to protect against reconfiguration or usage beyond the specified product lifetime. End users have been known to refill their printer cartridges, use batteries longer than their intended use, or use one-time-use medical sensors more than once which, in this case, can spread disease.

The FPGA itself is also a target for copying. Low-end FPGAs do not have any protection mechanisms against copying or theft of intellectual property (IP), and the motivations for copying are abundant. In modern supply chains, OEMs might wish to build their end product using third-party contract manufacturing. Subcontractors can be a useful extension of a supply chain; they can manufacture embedded systems efficiently and in a cost-effective manner. Unfortunately, unscrupulous contractor manufacturers (CMs) have been known to build more widgets than contracted. They are thus producing bootleg products of the same quality and authenticity as the OEM's. Indeed, by overbuilding, an unscrupulous CM freeloads on all of the R&D and marketing costs that the OEM incurred.

Besides copying there are other ways that counterfeiters can short-change OEM vendors. Some FPGAs utilise a "soft feature" setting. For example, initially engineers will design and manufacture fully featured FPGA systems. Then to save time and effort, and to achieve different price points or feature levels, they use the same base equipment but will defeature certain aspects in firmware. This effort, however, creates a new problem: a smart customer who needs several fully featured systems now could just buy one such unit and several cheaper units with the reduced features. Then, copying the firmware from the full-featured unit into the simpler units, all behave like the full-featured unit but for a lower price. This shortchanges OEM system vendors.

Sometimes companies create and sell reference designs (RDs), but not the physical hardware itself. These RDs can be subsequently bought, licensed to, and manufactured by third-party customers. Because the RD itself is not a physical material, its reuse is hard to track. Consequently, the developers of a RD require barriers and secure protection to prevent unauthorised use of their IP. Also for revenue reasons, these IP owners want to track and confirm the number of RD uses. The bottom line for the RD developer is straightforward: what's to stop the customer vendor from underreporting how many widgets are built? How can they secure their IP?

The unprotected FPGA is easy to counterfeit
Before we examine security measures, let us first explain why it is easy to counterfeit an FPGA. Static-RAM-based (SRAM) FPGAs have few safeguards to protect proprietary IP (the configuration data) or the FPGA implementation against illegal copying and theft. Once the configuration data is loaded from the bit file, it is held in SRAM memory cells, which can easily be probed to determine their contents.

1???2???3?Next Page?Last Page

Article Comments - Protecting FPGA system with secure a...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top