Microsemi and Intrinsic-ID team up to deliver secure boot solution for electronic systems in the government, aerospace and defense markets
Pim Tuyls, Intrinsic-ID
Aliso Viejo and San Jose, CA, December 2 - Microsemi Corporation, a leading provider of semiconductor solutions differentiated by power, security, reliability and performance, and Intrinsic-ID, a leading provider of cyber physical security solutions based on physically unclonable functions (PUFs), today announced their joint development of a secure boot solution for mission critical electronic systems.
The new offering provides users unprecedented control and security over the provisioning at each start-up of sensitive boot code into programmable components such as field programmable gate arrays (FPGAs) and system-on-chips (SoCs) from vendors like Altera and Xilinx. These components are often used for mission critical applications in military and aerospace, as well as in data centers and cloud computing, requiring the highest level of security.
Securing a system consisting of multiple components such as FPGAs and microprocessors poses a very complex challenge. In particular, the protection of software against tampering by attackers is critical. For systems that are being used in the most demanding environments to carry out the most critical operations, the best security technology must be used.
Microsemi and Intrinsic-ID offer a new approach to building a complete secure boot process, from silicon to the system level. The combination of Microsemi FPGAs and secure authentication protocols using PUFs provides complete system integrity and confidentiality protection for securely booting a complex electronic system.
"We are always excited to work with Microsemi, a leader in critical system security used in government, commercial and industrial markets, and help it push the boundaries of security for cyber physical systems," said Pim Tuyls, CEO and founder of Intrinsic-ID. "The fact that Microsemi has again entrusted Intrinsic-ID to provide the PUF solution confirms the robustness of our products for the most demanding environments."
Microsemi has designed a unique secure boot protocol for protecting third-party FPGA logic from being cloned, reverse engineered or tampered with. The company has introduced the power-efficient, small-footprint flash-based SmartFusion™2 SoC FPGA to act as a secure boot manager. SmartFusion2 first performs its own built-in secure boot and then, acting as a root-of-trust, manages the additional large FPGAs and SoCs within the system with their secure boot. Sensitive encrypted bitstream or object code is sent via the SmartFusion2 FPGA to the target FPGAs or SoCs only after successful identification of the target device and authentication of its initial boot code using the Intrinsic-ID PUF. The sensitive code is authenticated and decrypted on the target device.
What makes this approach truly unique is that all devices' identities and secret keys are bound to the unique semiconductor physics of the device through the use of PUFs. All devices have a unique key that is generated on the device from uncontrollable—and thus unclonable—silicon nanoscale physical properties. This PUF secret key is bound to the device's hardware and never leaves the device. As the PUF key is not stored in memory when the device is powered off, the key is simply not there, making extraction by an attacker much more difficult.
"The unique PUF technology from Intrinsic-ID forms the trust anchor of the secure boot solution," said Esam Elashmawi, vice president and general manager at Microsemi. "After our successful collaboration on SmartFusion2 and IGLOO™2 FPGAs, we are happy to further expand the relationship with Intrinsic-ID to include secure PUF designs for other FPGA platforms. The new offering will extend our secure boot solution to otherwise less secure third-party FPGAs."
The type of PUF used on the target FPGA is called a "butterfly PUF." It is a soft PUF that can be included in any FPGA design and consists of an array of circuits, each consisting of two cross-coupled memory elements that have a bi-stable output behavior. During operation each circuit is brought temporarily into a "conflicting state," and once released the circuit will settle into one of the two allowed states. This preferred state depends on the nanoscale physical properties of the silicon. The result is a device-unique random bit pattern. In addition to this new PUF design, Intrinsic-ID also provides the logic to generate a secure and reliable random key from this PUF. This key is used in the Microsemi secure boot protocol to uniquely identify the target device and authenticate the first code uploaded to it; then subsequently the user's sensitive code is uploaded, authenticated and decrypted, mitigating potential boot-time attacks such as monitoring, side-channel, man-in-the-middle, replay, relay and memory modification attacks conducted at the integrated circuit, circuit-board, system, or network level.
Microsemi's secure boot solution for FPGA/SoCs including the soft PUF is available now. Microsemi's SmartFusion2 SoC FPGA and IGLOO2 FPGA product families with PUF and elliptic curve cryptography (ECC) technology are also available now.
About Microsemi's SmartFusion2 SoC FPGAs
Microsemi's SmartFusion2 SoC FPGAs deliver more resources in low density devices, with the lowest power, highest levels of security and exceptional reliability. These devices are ideal for general purpose functions such as Gigabit Ethernet or dual PCI Express control planes, bridging functions, input/output (I/O) expansion and conversion, video/image processing, system management and secure connectivity. Microsemi SoC FPGAs are used by customers in communications, industrial, medical, defense and aviation markets. PCIe Gen 2 connectivity starts at just 10K logic elements (LEs). SmartFusion2 SoC FPGAs offer a 166MHz ARM Cortex-M3 processor with up to 512KB of embedded flash, triple-speed Ethernet, USB 2.0 OTG, CAN controllers and general purpose peripherals, with the highest max I/O per LE density.
Microsemi Corporation (Nasdaq: MSCC) offers a comprehensive portfolio of semiconductor and system solutions for communications, defense & security, aerospace and industrial markets. Products include high-performance and radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and synchronization devices and precise time solutions, setting the world's standard for time; voice processing devices; RF solutions; discrete components; security technologies and scalable anti-tamper products; Ethernet solutions; Power-over-Ethernet ICs and midspans; as well as custom design capabilities and services. Microsemi is headquartered in Aliso Viejo, Calif., and has approximately 3,600 employees globally.
Intrinsic-ID is a world leader in the field of Cyber Physical Security Systems as a provider of "Physical Unclonable Functions" (PUF). Using our patented PUF technology, secret keys and identifiers are reliably extracted from the physical properties of chips. Much like the electronic equivalent of a human fingerprint the PUF uniquely identifies and authenticates any electronic device. PUFs can be used for secure hardware key management, to establish a hardware root of trust or to protect the electronic supply chains against clones and counterfeits. Intrinsic-ID's wide range of security solutions serve the following markets: Embedded systems, IoT, Identification, automotive, communications, content distribution, pay TV, government and defense. Intrinsic-ID is a spin-off from Philips Electronics. The company is headquartered in Eindhoven, the Netherlands and has sales offices in San Jose, Tokyo and Seoul.