FPGA secure-boot procedure resists side channel attacks, says Microsemi

June 19, 2015 // By Graham Prophet
Microsemi claims that its secure boot solution for its SmartFusion2 programmable devices addresses side channel analysis vulnerabilities that exist in other FPGAs requiring external configuration; recent completion of DPA testing has validated company’s secure solution, Microsemi adds.

Differential power analysis (DPA) testing has been applied to the secure boot field programmable gate array (FPGA) solution, which resolves side channel vulnerabilities inherent in the configuration process of large static random-access memory (SRAM) FPGAs. The DPA testing was completed using the Test Vector Leakage Assessment (TVLA) methodology developed by Cryptography Research Incorporated (CRI), a division of Rambus. Results of the testing show Microsemi’s secure boot solution has sufficient design margin to protect against side channel attacks. TVLA was developed to address the shortcomings of evaluation-based testing in this field. Rather than focusing on key extraction, which may depend heavily on the expertise of the evaluator, TVLA is based on a statistical approach to derive an objective pass/fail score on the underlying system’s information leakage.

Microsemi’s secure boot SRAM FPGA reference design is appropriate for systems with requirements for high value intellectual property (IP) protection, including mitigations against side-channel attacks. Key applications include protection of high value commercial and critical infrastructure systems from cloning and reverse engineering. All commercially available SRAM FPGAs on the market today – Microsemi asserts – are susceptible to DPA and other related side-channel attacks, which can expose the bitstream decryption key and risk loss of valuable IP. Microsemi’s secure boot FPGA solution uses the company’s SmartFusion2 system-on-chip (SoC) FPGA to securely load target SRAM FPGAs, with all cryptographic processing performed in a DPA-safe manner. All cryptographic processing IP in the solution includes pass-through licenses from CRI for both the SmartFusion2 host and target FPGA platforms.

“Microsemi’s secure boot solution ensures confidentiality and authentication of an underlying system design by leveraging the high security of our SmartFusion2 SoC FPGAs as a root-of-trust,” said Paul Quintana, director of vertical marketing for defence, security and computing at Microsemi. “Having a strong root-of-trust is often a critical element to protect and assure a design has not been modified.”

This technology is suitable for the defence and security market, as