Microsemi Corporation recently announced that its SmartFusion®2 system-on-chip (SoC) field programmable gate arrays (FPGAs) and IGLOO®2 FPGAs successfully passed certification for resistance to differential power analysis (DPA) within the context of the DPA Countermeasure Validation Program developed by Rambus’ Cryptography Research Division (CRD). These are the first FPGAs to achieve the prestigious certification.
Certification was achieved following a thorough assessment by Riscure, (a Cryptography Research-accredited third-party independent test lab), of design security algorithms and protocols used by both FPGA product families. The validation allows Microsemi to use the Cryptography Research trademarked “DPA Lock” security logo – under license from the organization – in connection with the above-mentioned products.
More specifically, Riscure’s evaluation lab conducted a DPA resistance assessment of seven primary security protocols and services. These include protocols that authenticate and load confidential keys and bitstreams, verify stored keys and match passcodes without revealing them, as well as validate public key certificates to securely authenticate devices. In addition, Riscure confirmed the effectiveness of the DPA and DEMA countermeasures for the Advanced Encryption Standard (AES), Secure Hash (SHA) and Elliptic Curve Cryptography (ECC) hardware.
“To achieve the assurance level required, physical measurements of both the power and electromagnetic side channels of the SmartFusion2 and IGLOO2 hardware implementation of the AES and ECC algorithms were obtained and subjected by the lab to state-of-the-art side channel information leakage analyses and attack methods, in the context of their usage within these protocols,” Microsemi confirmed in a recent press release. “This includes attacks published within the last year to ensure the devices can address even the most challenging threats.”
As we’ve previously discussed on Rambus Press, DPA is an insidious and powerful technique used to extract secrets such as cryptographic keys from an electronic device by externally monitoring power consumed by the device while it is operating. According to Max Maxfield of the EE Times, a simple, readily available $400 setup can end up costing the owners and users of an unsecured system millions of dollars.
“It behooves the creators of electronic, computer, and embedded systems to make the security of these systems a top priority, and the folks at Microsemi are making this much easier for the rest of us,” he said.
To be sure, Microsemi’s SmartFusion2 and IGLOO2 devices are designed for the evolving high security needs of the industry, particularly in the defense, communications and industrial markets. The products are ideal for a variety of applications including anti-tamper, information assurance, and wired and wireless communications.
It should be noted that intellectual property (IP) theft costs U.S. companies $200 to $250 billion annually, while counterfeiting and piracy costs companies as much as $638 billion per year.
“[That is precisely why] CRD’s engineers have developed numerous fundamental countermeasures to DPA and other forms of side-channel analysis,” Maxfield added. “[Plus], they have obtained over 100 DPA patents. CRD licenses its DPA patent portfolio worldwide; in 2014, over 7 billion chips were secured using CRD-licensed technologies.” Actel, now part of Microsemi, was the first FPGA vendor to license CRD’s DPA countermeasures.