Hello PPl, is there a way of locking a design (NGC) to a particular FPGA board?

We have a very good and expensive design that we want to give freely,
as an NGC file, with our generic FPGA products. How can we make the
design work only on our board.

Our current technology is S3 and the user needs to be able to compile
their project with our NGC file, but on OUR fpga product.

I thought of keeping a key in an external serial memory, but this is
futile if the netlist cost $100K.

Again, the points are:

Very expensive and useful NGC file
Want to avoid reverse engineer and copy to other FPGA stations
What should the best solution be.

Well if we had some die ID, we could hardwired it to the netlist, so
that it checks that everytime it runs.

Any suggestion from you ppl?

Merry xmas and a happy new year 2006 to all of you!
JA

Why Ngc?
And is it necessary to stay on S3? Maybe you should think about Flash
based Fpgas (Actel, Lattice,..).

bye Thomas

http://www.xilinx.com/bvdocs/appnotes/xapp780.pdf

Austin

Thomas Stanka wrote:

> Why Ngc?
> And is it necessary to stay on S3? Maybe you should think about Flash
> based Fpgas (Actel, Lattice,..).
> 
> bye Thomas
> 

Thanks,
xapp780 is good food for the mind, and I think we would have to design
our own (Vanilla microcontroller) that would mimic a DS2432 secure
controller-key.
One thing though, would xilinx enhance the security feature of their S3
line? And finally, in case of a virtex2, can a design gain access to
the registers that hold the encryption keys.

In response to Thomas, all our products are X based, so we dont have
many choices. And as we dont want to provide our customers access to
the high level code, the only way to give them a usable core is to have
the design in a compiled obfuscated netlist file.

JA

Austin Lesea wrote:
> http://www.xilinx.com/bvdocs/appnotes/xapp780.pdf
>
> Austin
>
> Thomas Stanka wrote:
>
> > Why Ngc?
> > And is it necessary to stay on S3? Maybe you should think about Flash
> > based Fpgas (Actel, Lattice,..).
> > 
> > bye Thomas
> >

Hi,

This Dallas part does look pretty good, it makes it hard enough to hack;

Do you have an idea of small quantity prices...? It's lasered with a unique 
number, hopefully they have samples with 'not a unique' number for customers 
that only need to give it a whirl...

Thx in advance,

-- 
Ignacio Ulises Hernandez
" I'm not normally a praying man, but if you're up there, please save me, 
Superman!" - Homer Simpson ;O)


<jaxato@gmail.com> wrote in message 
news:1134451285.285119.232390@g43g2000cwa.googlegroups.com...
> Thanks,
> xapp780 is good food for the mind, and I think we would have to design
> our own (Vanilla microcontroller) that would mimic a DS2432 secure
> controller-key.
> One thing though, would xilinx enhance the security feature of their S3
> line? And finally, in case of a virtex2, can a design gain access to
> the registers that hold the encryption keys.
>
> In response to Thomas, all our products are X based, so we dont have
> many choices. And as we dont want to provide our customers access to
> the high level code, the only way to give them a usable core is to have
> the design in a compiled obfuscated netlist file.
>
> JA
>
> Austin Lesea wrote:
>> http://www.xilinx.com/bvdocs/appnotes/xapp780.pdf
>>
>> Austin
>>
>> Thomas Stanka wrote:
>>
>> > Why Ngc?
>> > And is it necessary to stay on S3? Maybe you should think about Flash
>> > based Fpgas (Actel, Lattice,..).
>> >
>> > bye Thomas
>> >
> 

"I. Ulises Hernandez" <delete@e-vhdl.com> schrieb im Newsbeitrag 
news:dnm98l$lsm$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> Hi,
>
> This Dallas part does look pretty good, it makes it hard enough to hack;
>
> Do you have an idea of small quantity prices...? It's lasered with a 
> unique number, hopefully they have samples with 'not a unique' number for 
> customers that only need to give it a whirl...
>
> Thx in advance,

all 1-wire products *must* have unique number, it is IMPOSSIBLE to something 
else

Antti 

Antti Lukats wrote:

> all 1-wire products *must* have unique number, it is IMPOSSIBLE to something 
> else
> 
> Antti 
> 
> 
Well, not impossible.  The codes are customized to the customer.  IIRC, 
it is a 48 bit code, and part of that number is a unique number assigned 
to the customer, and part is a range of numbers assigned to that 
customer.  You can (or at least you used to be able to) get duplicate 
numbers within your range.  The codes, as I understand it, are added 
after the silicon is manufactured.

The problem with using these in attempt to secure a bitstream is that 
the code is not secure...anyone with a data sheet and an oscilloscope or 
logic analyzer can extract the serial number easily.  Once you have the 
serial number, it is nearly trivial to create a circuit that will mimic 
the dallas part using what ever serial number you want to use.  These 
parts are intended for electronic serial numbers, not for secure 
encryption keys.

"Ray Andraka" <ray@andraka.com> schrieb im Newsbeitrag 
news:WaAnf.17576$Mi5.17212@dukeread07...
> Antti Lukats wrote:
>
>> all 1-wire products *must* have unique number, it is IMPOSSIBLE to 
>> something else
>>
>> Antti
> Well, not impossible.  The codes are customized to the customer.  IIRC, it 
> is a 48 bit code, and part of that number is a unique number assigned to 
> the customer, and part is a range of numbers assigned to that customer. 
> You can (or at least you used to be able to) get duplicate numbers within 
> your range.  The codes, as I understand it, are added after the silicon is 
> manufactured.
>
> The problem with using these in attempt to secure a bitstream is that the 
> code is not secure...anyone with a data sheet and an oscilloscope or logic 
> analyzer can extract the serial number easily.  Once you have the serial 
> number, it is nearly trivial to create a circuit that will mimic the 
> dallas part using what ever serial number you want to use.  These parts 
> are intended for electronic serial numbers, not for secure encryption 
> keys.

Hi Ray,

you are one of the very few I am little bit 'scared' to argue with, but

from maxim:
"Unique, factory-lasered and tested 64-bit registration number assures 
absolute traceability because no two parts are alike"

this applies for the 1-wire 64 ROM code what is PRODUCT code + 48 bit serial 
+ CRC

normally most "Key" things use only this code as the key, what is TOTAL 
bullshit and nonsense as it way easier to copy a dallas memory button then 
nornal door-key, having a reader in your lap and placing your hand for a 
second would do the job. As soon as you have the 64 bits then its easy to 
rebuild the 'emulator' - I have not done that, but I know what it takes. 
surprisingly many companies are selling products that use this 64 bit rom 
code as security key. one example is Atmel FPLSIC dongle, but there are many 
many more.

the suggestion in this thread was to use secure SHA-1 memory for the 
protection, not the rom id code. DS2432 includes several nonvalotile areas 
that are protected and provide somewhat higher degree of safety. Whatever is 
written into those areas can sure be anything.

I have not checked the xilinx bitstream security application for design 
flows, it could be that the SHA-1 is not used or not used properly yielding 
the actualy protection to near void.

some hard macros from that XAPP I think are not correct at least failed with 
ISE 7.1 so I assume that design has not been tested a very big extent. The 
random number generator at least will not work out of box (at least not on 
all supported fpga families). And ah well the actual protection level 
depends on many more aspects if this approuch is used to protect edif or ngc 
files the protection level would be lower than protection .bit files

Antti

Antti Lukats wrote:


Antti, no reason to be scared of arguing with me.  I'm not always right, 
you know!

My experience with these 1 wire electronic serial numbers was with 
Dallas semiconductor parts almost 15 years ago.  In that case, the 
company I was working for was able to get duplicates made by Dallas.

Like you mentioned, these offer close to zero security.  Any yo-yo with 
an ounce of electronics knowledge can obtain the code from it, and it 
doesn't take much more than that to make a circuit that will mimic the 
serial number.  We did for testing in the lab using a PIC microcontroller.

So even with Maxim, it isn't technically impossible to get a duplicate, 
it is just made procedurally inconvenient by a company policy,but that's it.

>Ray wrote:
>Like you mentioned, these offer close to zero security.  Any yo-yo with
>an ounce of electronics knowledge can obtain the code from it, and it
>doesn't take much more than that to make a circuit that will mimic the
>serial number.

It's not the serial number that offers security, it's the 64-bit key
hidden behind SHA-1. I'm certainly not an expert, but googling turns up
that only recently has SHA-1 been broken:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
and it seems to have been around for quite a while. I don't think that
"any yo-yo" could break a system that has resisted attack for (it looks
like at least) 10 years.