With the ubiquity of IoT devices there is a growing demand for confidentiality and integrity of data. Solutions based on reconfigurable logic (CPLD or FPGA) have certain advantages over ASIC and MCU/SoC alternatives. Programmable logic devices are ideal for both confidentiality and upgradability purposes. In this context the hardware security aspects of CPLD/FPGA devices are paramount. Preliminary evaluation of the hardware security of Intel® MAX 10 devices will be given. These devices are one of the most suitable candidates for applications demanding extensive features and high level of security. Their strong and week security aspects are revealed and some recommendations are suggested to counter possible security vulnerabilities in real designs. Hardware Security flaws found in MAX 10 FPGAs open up broader discussion on suitability of standard devices such as microcontrollers, memory, SoCs, CPLDs and FPGAs for IoT applications with the high level of hardware security expectation. Does the situation with hardware security suit all parties? Can most chip manufacturers and developers cope with attack technologies? More importantly, can attack methods be foreseen or predicted? How well can we predict the behaviour of attackers and their approach?
The purpose of the talk is two-fold. First, it demonstrates that existing attack methods could easily thwart the hardware security protection in some latest FPGAs. Second, it opens up discussion about the balance between attack and defence technologies in modern semiconductor devices.
Dr. Sergei Skorobogatov is Senior Research Associate in the Security Group at the Computer Laboratory of the University of Cambridge in the UK.
He has background in chemistry, electronics, physics and computers. He received PhD degree in Computer Science from the University of Cambridge in 2005 and MSc degree in Physics in 1997. His research interests include hardware security analysis of smartcards, microcontrollers, FPGAs and ASICs. He pioneered optical fault injection attacks in 2001, which have influenced major rethink within semiconductor industry on the security protection of ICs and forced introduction of new evaluation procedures and countermeasures. Sergei's previous research has substantially improved side-channel attacks and optical fault injection attacks. His recent research set new standards on direct data extraction from EEPROM and Flash memory, while latest achievements demonstrated superior imaging capabilities of embedded memory. Sergei is a member of Program Committees at several major worldwide conferences on hardware security of semiconductor chips.