Design Security Solutions

 Design Security Solutions  Data Security Solutions
 Secure Device Architecture

Design security is the protection of your intellectual property against theft, reverse engineering, cloning, overbuilding and counterfeiting. Built on our unique non-volatile FPGA architecture, Microsemi provides you the most flexible and secure use models for both the initial configuration and the upgrade of you FPGA and cSoC logic configuration and embedded MPU firmware. Below are some examples:

• Protection against Overbuilding
• Protection against Cloning
• Protection against Reverse Engineering
• Protection against Denial of Service

Protection against Overbuilding

In flash-based FPGAs and cSoCs there are several security options against over-building and cloning:

Flash Lock Technology with 128-bit Key

Flash Lock Technology with 128-bit Key Microsemi devices include FlashLock technology to lock the device with a 128-bit key, which allows the device to be unlocked and reprogrammed by providing the same key. In addition, permanent lock is possible, which disables programming access to the part.

Program in-house before sending to Contract Manufacturer

The flash FPGAs can be programmed in-house with an AES key, then shipped to a contract manufacturer for final programming. The contract manufacturer programs the device with your AES-encrypted bitstream, hence only devices with the same AES decryption key will get programmed.

Secure In-System-Programming (ISP)

Our devices can be reprogrammed remotely using an AES encrypted programming file for easy and secure field upgrades. Intercepting the encrypted configuration bitstream is useless. An appropriate AES decryption key is required in order for an encrypted configuration bitstream to work.

Protection Against Reverse Engineering

A number of factors complicate attempts to compromise a Microsemi flash FPGA or cSoC. In order to determine the state of any given flash element, the microscopic size and sheer number of the switches (20 million on the A3PE3000 for instance) make it essentially impossible to locate each cell and identify its programming state. Invasive probing to evaluate each flash switch would result in the destruction (flash cell charge) of the very programmed states needed to reverse engineer the design. Even if the bitstream could be extracted, reverse engineering the bitstream to a meaningful schematic is an extremely tedious process.

Protection Against Denial of Service (DoS)

While flash FPGAs can be in-system programmed (ISP), if desired, they can also prevent DOS attacks by only allowing ISP to key holders or by disabling the ISP capability completely (lock permanently). Flash FPGAs and cSoCs can also be programmed with AES encrypted bitstream, allowing only authorized and validated bitstreams to be programmed to the device.