Newsroom > Blog
September 16, 2022
Hacking used to be so rare that every cyber-attack and data breach seemed to make the nightly news. Today, hacking is so common and security threats are so prevalent that only the most audacious cyber security incidents are worth discussing. As the world moves into a landscape dominated by IoT networks, embedded systems, and distributed computing, the attack surface has increased massively. Security is no longer just a concern for software developers and web platforms, it’s becoming even more important at the hardware level.
The situation today is extremely concerning because anyone that can physically access your hardware could compromise it, as well as the network to which it is connected. To thwart these potential attacks and prevent unauthorized access to a larger network, systems designers now need to take a more comprehensive approach to security. For embedded devices, the best approach to hardware-level security starts by looking at system topology in addition to traditional application-level measures like encryption and authentication.
Any electronic device will have some associated hardware that can be accessed, probed, and manipulated. Hardware-level security aims to prevent or stop attacks directly on a device’s hardware and application using a mix of techniques. These techniques can be implemented at the hardware level, such as through creative system physical design and layout, or at the software level, through measures like encryption, authentication, firewalls, malware identification, and much more.
Some of the major security threats that can be exploited at the hardware level can be solved through a simple set of design decisions. Some of these security threats include:
There is no single design decision (either in hardware or an embedded application) that can address all of these possible attacks. However, certain security measures may be easier to implement by starting development with the right system architecture. Depending on the platform being designed, a particular system host or chipset can be easier to secure through application-based measures, as well as through physical design and layout.
Inside your personal computer or inside a data center, traditional processors are an important part of the hardware architecture, and they are largely secured at the software level. But for embedded systems that require hardware-level security, off-the-shelf processors are difficult to fully secure from physical access and in an embedded application simultaneously. While off-the-shelf processors and licensable core IP is well-documented and has aided ASIC development over the past decade, the vulnerabilities of these systems are easier to locate and exploit through their extensive documentation.
Embedded systems designers have two alternative approaches: design and manufacture a custom ASIC/SoC/SiP or implement all custom logic and application functions in an FPGA. The former is often implemented with licensed IP, so it has the same security problems as off-the-shelf components. FPGAs can be built as a much more secure solution at the hardware level, as well as at the application level.
An off-the-shelf FPGA gives a hardware designer nearly complete control over the logic that is implemented in the FPGA interconnect fabric. Implementation of system functionality and logic in an FPGA enables security through obfuscation, shielding of interfaces and data streams, and elimination of unsecured external components. Many of the security challenges relating to physical access and exploiting known application or interface vulnerabilities are solved by instantiation in an FPGA.
Most importantly for critical IP, such as in defense systems and AI, developers have total control over the logic implemented in the FPGA. None of the system architecture or lower-level logic implementation needs to be exposed publicly, so planning an attack on these systems will be much more difficult. This eliminates the untrusted foundry and reverse engineering issues mentioned above.
One of the most recent implementations of FPGAs in the newest processors is as a reconfigurable accelerator in an SoC/SiP package. The acceleration capabilities provided by FPGAs are implemented at a lower level, where a co-processor architecture is used inside the package and control is handled by the main MCU block. There is some logic in these packages that can’t be controlled or modified, but the core logic that enables an embedded system’s functionality is under full control of a developer.
The same architecture can be mirrored on a PCB with an external FPGA chip used as an accelerator. Specific compute workloads that enable an embedded system’s application and functionality can be implemented on the FPGA while system-level control is handled by the main MCU/MPU. By keeping everything implemented in the FPGA processor block and eliminating exposure to external components wherever possible, the system will be made much more secure. Physical access to the important logical functions in the system can be prevented, something which can be very difficult in standard MCU + ASIC system architectures.
The configurable logic blocks in an FPGA allow for easy implementation of application-level security measures that may not be present on a traditional off-the-shelf processor. Cryptography and encryption measures, innovative authentication techniques, device tamper sensing, interface probing sensing, and elimination of unnecessary logic functions are all possible at the application level in an FPGA. Because an FPGA developer can control the interconnect fabric in their system, these measures can be implemented in parallel with the main application logic instantiation.
No matter which system architecture is being used, the challenge for FPGA developers is to implement their hardware-level and application-level security measures. Not all developer resources and vendor IP for FPGAs will include security functionality that is configurable. However, some vendors that support secure configurable SoC IP and RISC-V implementations will give developers much more control over their system architecture, allowing more sophisticated security measures to be implemented in these systems. Efinix has included security measures into their FPGAs to ensure that only bitstreams from known trusted sources are used to configure the device eliminating the risk from malicious bitstreams while an on-chip encryption capability protects user IP.