Prevent FPGA overbuilding, cloning & other security threats
Microsemi has announced its Secured Production Programming Solution (SPPS) for its FPGAs. The solution securely generates and injects cryptographic keys and configuration bitstreams into Microsemi's FPGAs in order to prevent cloning, reverse engineering, malware insertion, leakage of sensitive IP such as trade secrets or classified data, overbuilding and other security threats.
Microsemi's SPPS includes the use of 'customer' and 'manufacturer' Hardware Security Modules (HSMs) combined with Microsemi firmware, the company's new SPPS Job Manager software and state-of-the-art security protocols built into every Microsemi SmartFusion2 SoC FPGA and IGLOO2 FPGA. SPPS allows customers to automatically prevent today's major security threats by external adversaries or competitors, contract manufacturers and their employees, or other insiders. SPPS is a suitable solution for any FPGA-based system that may be at risk for overbuilding in a wide variety of applications in the communications, defence, industrial and automotive markets.
Bruce Weyer, Vice President and Business Unit Manager, Microsemi, commented: "Our proven SPPS flow enables end-to-end security and control throughout the manufacturing process, allowing customers to safely use less expensive manufacturing resources such as offshore contract manufacturers, while reducing security risks. SPPS extends our FPGA security leadership position and has already been successfully adopted by tier 1 commercial and defence companies."
Protecting IP and revenue
The U.S. Chamber of Commerce estimates that IP threats cost domestic companies more than $250bn per year in lost revenues, as well as the loss of approximately 750,000 jobs. More than 55m jobs in the U.S. are supported by IP-intensive industries.
Shakeel Peera, Senior Director, SoC Product Marketing, Microsemi, commented: "Microsemi's new SPPS offers industry-leading capabilities in the programmable logic market and can potentially save millions of dollars in lost revenue and brand theft. Offering the only FPGAs certified for DPA-resistant design security by an independent third-party laboratory, this product offering completes the supply chain assurance from wafer sort to customer-deployed systems, enabling our customers to trust that the systems they deploy are authentic and only the systems they wish to deploy."
Key security features of the SPPS include:
- Prevents overbuilding and cloning;
- Provides a secure audit trail of devices programmed and programming content;
- Provides counterfeit part detection;
- Secured key management (generation/storage/use); and
- Secure field-upgrade file generation.
Microsemi's SPPS
The SPPS builds upon Microsemi's existing internal HSM manufacturing infrastructure, which uses certified HSMs for provisioning factory keys and certificates during wafer sort and package testing. Provisioning by Microsemi allows customers to securely programme their unique key material and designs into the company's award-winning SmartFusion2 SoC FPGAs and IGLOO2 FPGAs in untrusted locations around the world. HSMs effectively remove the vulnerability posed by insiders, especially those within manufacturing locations. This is all accomplished while maintaining confidentiality of sensitive data and preventing tampering, such as insertion of a Trojan horse.
Microsemi's SPPS Job Manager software generates a job file containing encrypted security parameters, authorised production device limit counts and an FPGA bitstream, allowing the user to monitor all aspects of the FPGA production job, including specifying the key management options desired and allowing them to assert positive control over the number of systems produced. This file is only readable by the target manufacturing HSM. The SPPS also generates encrypted files for the reconfiguration of FPGAs previously 'keyed' by the user, such as those in fielded systems.
All security-sensitive operations including device authentication (to provide supply chain assurance), cryptographic key generation, bitstream encryption, the authorisation and counting of produced systems and the signing of audit logs are performed within the hardware security boundary of the FIPS140-2 level 3 certified Thales HSMs, rather than in a more vulnerable open Windows or Linux computer workstation. This provides the highest level of security in the FPGA industry for detecting counterfeit devices, protecting design IP and preventing overbuilding.
Microsemi's SPPS is available now.