Collaboration Extends Microsemi’s PUF-based Secure Boot Solution to High-end Altera & Xilinx FPGAs and SoCs
ALISO VIEJO, Calif. and SAN JOSE, Calif., Dec. 2, 2015 /PRNewswire/ — Microsemi Corporation (Nasdaq: MSCC), a leading provider of semiconductor solutions differentiated by power, security, reliability and performance, and Intrinsic-ID, a leading provider of cyber physical security solutions based on physically unclonable functions (PUFs), today announced their joint development of a secure boot solution for mission critical electronic systems.
The new offering provides users unprecedented control and security over the provisioning at each start-up of sensitive boot code into programmable components such as field programmable gate arrays (FPGAs) and system-on-chips (SoCs) from vendors like Altera and Xilinx. These components are often used for mission critical applications in military and aerospace, as well as in data centers and cloud computing, requiring the highest level of security.
Securing a system consisting of multiple components such as FPGAs and microprocessors poses a very complex challenge. In particular, the protection of software against tampering by attackers is critical. For systems that are being used in the most demanding environments to carry out the most critical operations, the best security technology must be used.
Microsemi and Intrinsic-ID offer a new approach to building a complete secure boot process, from silicon to the system level. The combination of Microsemi FPGAs and secure authentication protocols using PUFs provides complete system integrity and confidentiality protection for securely booting a complex electronic system.
“We are always excited to work with Microsemi, a leader in critical system security used in government, commercial and industrial markets, and help it push the boundaries of security for cyber physical systems,” said Pim Tuyls, CEO and founder of Intrinsic-ID. “The fact that Microsemi has again entrusted Intrinsic-ID to provide the PUF solution confirms the robustness of our products for the most demanding environments.”
Microsemi has designed a unique secure boot protocol for protecting third-party FPGA logic from being cloned, reverse engineered or tampered with. The company has introduced the power-efficient, small-footprint flash-based SmartFusion™2 SoC FPGA to act as a secure boot manager. SmartFusion2 first performs its own built-in secure boot and then, acting as a root-of-trust, manages the additional large FPGAs and SoCs within the system with their secure boot. Sensitive encrypted bitstream or object code is sent via the SmartFusion2 FPGA to the target FPGAs or SoCs only after successful identification of the target device and authentication of its initial boot code using the Intrinsic-ID PUF. The sensitive code is authenticated and decrypted on the target device.
What makes this approach truly unique is that all devices’ identities and secret keys are bound to the unique semiconductor physics of the device through the use of PUFs. All devices have a unique key that is generated on the device from uncontrollable—and thus unclonable—silicon nanoscale physical properties. This PUF secret key is bound to the device’s hardware and never leaves the device. As the PUF key is not stored in memory when the device is powered off, the key is simply not there, making extraction by an attacker much more difficult.
“The unique PUF technology from Intrinsic-ID forms the trust anchor of the secure boot solution,” said Esam Elashmawi, vice president and general manager at Microsemi. “After our successful collaboration on SmartFusion2 and IGLOO™2 FPGAs, we are happy to further expand the relationship with Intrinsic-ID to include secure PUF designs for other FPGA platforms. The new offering will extend our secure boot solution to otherwise less secure third-party FPGAs.”
The type of PUF used on the target FPGA is called a “butterfly PUF.” It is a soft PUF that can be included in any FPGA design and consists of an array of circuits, each consisting of two cross-coupled memory elements that have a bi-stable output behavior. During operation each circuit is brought temporarily into a “conflicting state,” and once released the circuit will settle into one of the two allowed states. This preferred state depends on the nanoscale physical properties of the silicon. The result is a device-unique random bit pattern. In addition to this new PUF design, Intrinsic-ID also provides the logic to generate a secure and reliable random key from this PUF. This key is used in the Microsemi secure boot protocol to uniquely identify the target device and authenticate the first code uploaded to it; then subsequently the user’s sensitive code is uploaded, authenticated and decrypted, mitigating potential boot-time attacks such as monitoring, side-channel, man-in-the-middle, replay, relay and memory modification attacks conducted at the integrated circuit, circuit-board, system, or network level.
Microsemi’s secure boot solution for FPGA/SoCs including the soft PUF is available now. Microsemi’s SmartFusion2 SoC FPGA and IGLOO2 FPGA product families with PUF and elliptic curve cryptography (ECC) technology are also available now. For more information visit: https://www.microsemi.com/products/fpga-soc/security/secure-boot and https://www.microsemi.com/products/fpga-soc/security/secure-boot-fpga. Customers can also contact Microsemi’s sales team at email@example.com.
About Microsemi’s SmartFusion2 SoC FPGAs
Microsemi’s SmartFusion2 SoC FPGAs deliver more resources in low density devices, with the lowest power, highest levels of security and exceptional reliability. These devices are ideal for general purpose functions such as Gigabit Ethernet or dual PCI Express control planes, bridging functions, input/output (I/O) expansion and conversion, video/image processing, system management and secure connectivity. Microsemi SoC FPGAs are used by customers in communications, industrial, medical, defense and aviation markets. PCIe Gen 2 connectivity starts at just 10K logic elements (LEs). SmartFusion2 SoC FPGAs offer a 166MHz ARM Cortex-M3 processor with up to 512KB of embedded flash, triple-speed Ethernet, USB 2.0 OTG, CAN controllers and general purpose peripherals, with the highest max I/O per LE density. For more information visit: https://www.microsemi.com/products/fpga-soc/soc-fpga/smartfusion2.
Microsemi Corporation (Nasdaq: MSCC) offers a comprehensive portfolio of semiconductor and system solutions for communications, defense & security, aerospace and industrial markets. Products include high-performance and radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and synchronization devices and precise time solutions, setting the world’s standard for time; voice processing devices; RF solutions; discrete components; security technologies and scalable anti-tamper products; Ethernet solutions; Power-over-Ethernet ICs and midspans; as well as custom design capabilities and services. Microsemi is headquartered in Aliso Viejo, Calif., and has approximately 3,600 employees globally. Learn more at www.microsemi.com.
Intrinsic-ID is a world leader in the field of Cyber Physical Security Systems as a provider of “Physical Unclonable Functions” (PUF). Using our patented PUF technology, secret keys and identifiers are reliably extracted from the physical properties of chips. Much like the electronic equivalent of a human fingerprint the PUF uniquely identifies and authenticates any electronic device. PUFs can be used for secure hardware key management, to establish a hardware root of trust or to protect the electronic supply chains against clones and counterfeits. Intrinsic-ID’s wide range of security solutions serve the following markets: Embedded systems, IoT, Identification, automotive, communications, content distribution, pay TV, government and defense. Intrinsic-ID is a spin-off from Philips Electronics. The company is headquartered in Eindhoven, the Netherlands and has sales offices in San Jose, Tokyo and Seoul. Learn more at www.intrinsic-id.com
Microsemi and the Microsemi logo are registered trademarks or service marks of Microsemi Corporation and/or its affiliates. Third-party trademarks and service marks mentioned herein are the property of their respective owners.
“Safe Harbor” Statement under the Private Securities Litigation Reform Act of 1995: Any statements set forth in this news release that are not entirely historical and factual in nature, including without limitation, statements related to the company and Intrinsic-ID, a leading provider of cyber physical security solutions based on PUF, announcing their joint development of a secure boot solution for mission critical electronic systems, are forward-looking statements. These forward-looking statements are based on our current expectations and are inherently subject to risks and uncertainties that could cause actual results to differ materially from those expressed in the forward-looking statements. The potential risks and uncertainties include, but are not limited to, such factors as rapidly changing technology and product obsolescence, potential cost increases, variations in customer order preferences, weakness or competitive pricing environment of the marketplace, uncertain demand for and acceptance of the company’s products, adverse circumstances in any of our end markets, results of in-process or planned development or marketing and promotional campaigns, difficulties foreseeing future demand, potential non-realization of expected orders or non-realization of backlog, product returns, product liability, and other potential unexpected business and economic conditions or adverse changes in current or expected industry conditions, difficulties and costs of protecting patents and other proprietary rights, inventory obsolescence and difficulties regarding customer qualification of products. In addition to these factors and any other factors mentioned elsewhere in this news release, the reader should refer as well to the factors, uncertainties or risks identified in the company’s most recent Form 10-K and all subsequent Form 10-Q reports filed by Microsemi with the SEC. Additional risk factors may be identified from time to time in Microsemi’s future filings. The forward-looking statements included in this release speak only as of the date hereof, and Microsemi does not undertake any obligation to update these forward-looking statements to reflect subsequent events or circumstances.
SOURCE Microsemi Corporation; Intrinsic-ID
For further information: Microsemi: Farhad Mafie, VP Worldwide Product Marketing, 949-380-6161, press[@]microsemi.com; Intrinsic-ID: +31 40 851 90 20, marketing[@]intrinsic-id.com