Responding to comments on features and performance . . . Stratix II Features: Altera has led the innovation to introduce high-density, high-performance FPGAs. In 2002, the Stratix family won EDN Innovation of Year award over Virtex-II Pro. This year, we introduced the Stratix II family which includes a new logic structure, a whole new set of features, and breakthrough performance. Altera is the first FPGA company to integrate dedicated SERDES and DPA circuitry into our devices for high-speed source-synchronous I/Os (LVDS, LVPECL, etc.). Altera is the first FPGA company to introduce dedicated DQ and DQS circuitry into our devices for external memory interface support (DDR, DDR2, etc.). Altera is the first FPGA company to introduce a new flexible logic structure � the Adaptive Logic Module (ALM). Stratix II Logic Efficiency: Altera studies highlighted that had we implemented the traditional logic structure on 90nm process technology, we would have seen minimal gains on performance and cost (over 130 nm products). Stratix II devices utilize new highly flexible adaptive logic modules (ALMs) that are optimized for 90nm process technology to maximize logic efficiency and performance. The inputs of a single ALM can be flexibly divided between the two output functions, allowing wide input functions to run fast and narrow input functions to efficiently use remaining resources. Stratix II is the industry's only FPGA with such a flexible logic structure, allowing it to provide 50% faster performance and consume 25% less logic comparing to other FPGAs. Stratix II Design Security: The Stratix II devices come with both the non-volatile key and volatile key storages for design security. Altera chose to only market the non-volatile key solution because it delivers the optimal features and functionality for customers. A volatile key solution requires a battery to backup the key when the power is off, which is not ideal as it increases the cost of the solution, board manufacturing complexity and is simply less reliable. Significant protections is put in place to make sure the non-volatile key is secure within the Stratix II FPGA. Reading poly fuses on a 9 layer 90nm process is not trivial. It cannot be done in "less than an hour". Our feature has been designed to make it as painful as possible to crack, and has been verified by independent security consultants. Since all crypto systems are crackable, including ones by our competitors, it is a question of how much money and time one is willing to spend on this endeavor. The battery solution for a volatile key provides no data integrity. What is the purpose of having security if you can over write a "supposedly secure design" (a design that has been loaded with an encrypted bit-stream) with any other design. You can do this in Virtex 4 devices which have a security key on board. A hacker can load a new design into a device with a security key onboard without knowing the key that resides onboard. He can also change the original key itself. A poly fuse system provides data integrity since the only bit-stream you can load is the encrypted bit-stream. A hacker trying to load any other bit-stream will be not be successful in loading the device and cannot change the original design. A 256 bit key in this situation provides minimal added security beyond a 128 bit key. If you are going to spend the money to attempt cracking either Altera or Xilinx devices by reverse engineering the silicon, the entire method is dependent on how difficult you make the reverse engineering rather than the key length. Since no known method exists for cracking AES, a brute force attack is the only way to attempt to crack the key. A 128 bit key length is more than sufficient for this. Performance Stratix II performance on average is 50% faster than Stratix performance � details are well documented at our web-site (http://www.altera.com/products/devices/performance/per-index.html). Virtex 4 literature highlights that performance doubles, yet we only see two concrete examples on this bulletin board, neither substantiating the claim. It doesn't appear there has been any change to the Virtex CLB since Virtex-II (except removing half of the distributed RAM in Spartan-3 and Virtex 4). Without changes to the core architecture (logic module), I question how performance can double and power be cut in half (we have not yet run our benchmark suite though). Altera will be happy to release benchmark information on the 2 architectures once available. Dave Greenfield Sr. Director of Product Marketing � High Density FPGAs Altera Corporation
Stratix II vs. Virtex 4 - features and performance
Started by ●September 21, 2004
Reply by ●September 21, 20042004-09-21
> Since no known method exists > for cracking AES, a brute force attack is the only way to attempt to > crack the key.Nope. Ever heard of differential power analysis? Kolja Sulimma
Reply by ●September 21, 20042004-09-21
In article <5c156a0b.0409202037.2c3ce6b4@posting.google.com>, Dave Greenfield <davidg@altera.com> wrote:>Stratix II Design Security:>The Stratix II devices come with both the non-volatile key and >volatile key storages for design security. Altera chose to only >market the non-volatile key solution because it delivers the optimal >features and functionality for customers. A volatile key solution >requires a battery to backup the key when the power is off, which is >not ideal as it increases the cost of the solution, board >manufacturing complexity and is simply less reliable. Significant >protections is put in place to make sure the non-volatile key is >secure within the Stratix II FPGA. > >Reading poly fuses on a 9 layer 90nm process is not trivial. It cannot >be done in "less than an hour". Our feature has been designed to make >it as painful as possible to crack, and has been verified by >independent security consultants. Since all crypto systems are >crackable, including ones by our competitors, it is a question of how >much money and time one is willing to spend on this endeavor.Give me enough of a reason: $$$, and geting the fuses out in less than an hour as a repeat performance wouldn't be a problem. Call me biased, but please market the volatile-key solution, as this forces sidechannel attacks and other tricks to be used. It's still not perfect, but it is a LOT better.>The battery solution for a volatile key provides no data integrity. >What is the purpose of having security if you can over write a >"supposedly secure design" (a design that has been loaded with an >encrypted bit-stream) with any other design. You can do this in Virtex >4 devices which have a security key on board. A hacker can load a new >design into a device with a security key onboard without knowing the >key that resides onboard. He can also change the original key itself. >A poly fuse system provides data integrity since the only bit-stream >you can load is the encrypted bit-stream. A hacker trying to load any >other bit-stream will be not be successful in loading the device and >cannot change the original design.True, BUT: If you are in a position where an attacker CAN load a bitfile of his choice/physical access to the board, you've lost anyway. I can see an advantage to authentication, but not enough to weaken confidentiality by using non-volatile memory for the keys.>A 256 bit key in this situation provides minimal added security beyond >a 128 bit key.For some strange reason, the NSA doesn't fully agree. In their authorization of AES for use in secured governmental communication, they require that Secret and Top Secret use 192 or 256 bit keys. I agree that in practice it won't make a difference, but you can't blame em for the marketing advantage.>If you are going to spend the money to attempt cracking >either Altera or Xilinx devices by reverse engineering the silicon, >the entire method is dependent on how difficult you make the reverse >engineering rather than the key length.And THIS is why you should push the volatile solution. You have a group of nonvolatile cells. The work in reverse engineering is going to be a strong O(1) operation, as once it is done, it is simply a matter of delidding the chip, probing in the right places, and reading the results. Compared with the volatile solution: you are probably going to need to do power or signal analysis on the encryption in action. Which means you are probably going to need to add probes to the power/ground pins, on a live board, without disrupting the power supply to the configuration loader (which can be made even harder by potting the FPGA with wires for the config voltage around it). -- Nicholas C. Weaver nweaver@cs.berkeley.edu
Reply by ●September 21, 20042004-09-21
In article <b890a7a.0409210258.6490580d@posting.google.com>, Kolja Sulimma <news@sulimma.de> wrote:>> Since no known method exists >> for cracking AES, a brute force attack is the only way to attempt to >> crack the key. >Nope. >Ever heard of differential power analysis?Well, thats a side-channel attack on IMPLEMENTATIONS. Probably the best way to attack the Xilinx bitfile security is either power or EM (signal) analysis, or figuring out a weakness in the readback protection. The best way to attack the Altera-marketed approach is just know-where-to-sand-and-drill. -- Nicholas C. Weaver nweaver@cs.berkeley.edu
Reply by ●September 22, 20042004-09-22
On 21 Sep 2004 03:58:37 -0700, news@sulimma.de (Kolja Sulimma) wrote:>> Since no known method exists >> for cracking AES, a brute force attack is the only way to attempt to >> crack the key. >Nope. >Ever heard of differential power analysis?I am completely clueless about this but doesn't filtering your current consumption with some large metal/metal or any other type of on die capacitors in addition to hiding the processing with some uniformly distributed other power events make this very difficult ?
Reply by ●September 22, 20042004-09-22
To throw a spanner in the works.. the code is only as good as the people ... if you really want to get the insides of the fpga ... go straight to the source... the money "invested" in cracking the code will probably buy one of the engineers who designed it :-)... you might even have some cash left over... And for those that think this is illegal.... is cracking codes legal ? Simon "Kolja Sulimma" <news@sulimma.de> wrote in message news:b890a7a.0409210258.6490580d@posting.google.com...> > Since no known method exists > > for cracking AES, a brute force attack is the only way to attempt to > > crack the key. > Nope. > Ever heard of differential power analysis? > > Kolja Sulimma
Reply by ●September 22, 20042004-09-22
>I am completely clueless about this but doesn't filtering your current >consumption with some large metal/metal or any other type of on die >capacitors in addition to hiding the processing with some uniformly >distributed other power events make this very difficult ?Probably, but is "very difficult" difficult enough? How much is your secret worth? If it's worth a lot then the bad guys will be willing to pay somebody a lot to work on the problem. Don't forget that the people designing chips have to be able to debug them. There are tools and techniques designed for debugging chips that can be used for "debugging" secrets. This comes up every year or two. I pull out these URLs: http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf http://www.cl.cam.ac.uk/~mgk25/sc99-tamper-slides.pdf Lots of pictures in the second one. Those papers are from 1999. The technology has changed since them. I doubt if the general ideas are out of date. -- The suespammers.org mail server is located in California. So are all my other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited commercial e-mail to my suespammers.org address or any of my other addresses. These are my opinions, not necessarily my employer's. I hate spam.
Reply by ●September 22, 20042004-09-22
Nicholas Weaver wrote:> > And THIS is why you should push the volatile solution. You have a > group of nonvolatile cells. The work in reverse engineering is going > to be a strong O(1) operation, as once it is done, it is simply a > matter of delidding the chip, probing in the right places, and reading > the results. > > Compared with the volatile solution: you are probably going to need to > do power or signal analysis on the encryption in action. Which means > you are probably going to need to add probes to the power/ground pins, > on a live board, without disrupting the power supply to the > configuration loader (which can be made even harder by potting the > FPGA with wires for the config voltage around it).I once learned how to use an electron microscope to probe signals on a chip. Once you figure out where the volatile bits are stored, wouldn't it be a simple matter to read them out with an electron microscope? Just pop the lid and stick the board (assuming it is small enough) under the scope. Probe it with a very low beam current and you should be able to see which bits are powered and which bits are off. -- Rick "rickman" Collins rick.collins@XYarius.com Ignore the reply address. To email me use the above address with the XY removed. Arius - A Signal Processing Solutions Company Specializing in DSP and FPGA design URL http://www.arius.com 4 King Ave 301-682-7772 Voice Frederick, MD 21701-3110 301-682-7666 FAX
Reply by ●September 22, 20042004-09-22
Rick, don't forget, there are ten layers of metal above the transistors that store the key or the configuration... Peter A>> > I once learned how to use an electron microscope to probe signals on a > chip. Once you figure out where the volatile bits are stored, wouldn't > it be a simple matter to read them out with an electron microscope? > Just pop the lid and stick the board (assuming it is small enough) under > the scope. Probe it with a very low beam current and you should be able > to see which bits are powered and which bits are off. > > -- > > Rick "rickman" Collins > > rick.collins@XYarius.com > Ignore the reply address. To email me use the above address with the XY > removed. > > Arius - A Signal Processing Solutions Company > Specializing in DSP and FPGA design URL http://www.arius.com > 4 King Ave 301-682-7772 Voice > Frederick, MD 21701-3110 301-682-7666 FAX
Reply by ●September 22, 20042004-09-22
..and dissolving them off with hydrofluoric acid while the chip's battery backed bit stays powered up would be a very neat trick indeed! Cheers, Syms. "Peter Alfke" <peter@xilinx.com> wrote in message news:BD773898.8C85%peter@xilinx.com...> Rick, don't forget, there are ten layers of metal above the transistorsthat> store the key or the configuration... > Peter A > > >> > > I once learned how to use an electron microscope to probe signals on a > > chip. Once you figure out where the volatile bits are stored, wouldn't > > it be a simple matter to read them out with an electron microscope? > > Just pop the lid and stick the board (assuming it is small enough) under > > the scope. Probe it with a very low beam current and you should be able > > to see which bits are powered and which bits are off. > > > > --
