Hello Warren, I had a chance to review the material for day 2, and have some questions. You talk about techniques for securing devices and protecting code without referring to implementation methods. I write code in assembly and C, then flash the device (NVM flash), then engage the security bit so the code cannot be seen by JTAG, etc. However, there is no encryption during program load! How do you employ encryption during "flashing" and in the bit-stream (reading and writing to the device's NVM)? Thank you.
Warren's question was: What is typically most important in your design - low-cost, low power, performance, form factor, or something else? -- It depends on the application. Form Factor is one of the most common drivers, though.
However, I am also a proponent of delay-based PUFs (although not RO-PUFs or ARB-PUFs), as you can leverage the entropy in existing hardware, which I believe is more impervious to model-building attacks.
?A follow-up question. I've heard it said that obtaining source code by reverse engineering the binary code is like trying to get a cow from hamburger. But what is ths state of the art in reverse engineering? Are the hackers reverse engineering to get some low-level intermediate code (like assembly code) that requires lots of labor to exploit?
Wired magazine recently had an article on Stuxnet. The hard part was getting across the "air gap" between the inner network of centrifuges and the world-wide internet. That was a walk-net accomplishished by a vendor who was a spy of some sovereign government.
@Jarr- I believe PUFs are the best practical method for implementing security, but that's just MY opinion... Maybe it's just that the concept and implementation (of SRAM PUF for example) is just very cool...
? When I was consulting in the printing of business checks, I told customers to never let one person have all the control of a secure process. For example, if you need a signature, let it out under dual custody. Of course, today we say that signatures are useless because nobody reads them.
? We work with contract manufs and have them flash our MCUs or other chips, usnig binary files. Once the chip is flashed the code is secure in the chip. But how do we prevent the CM (or unscrupulous employee) from taking our binary program and reusing it?
Today's lecture was not very informative. This seemed to be a rehash of yesterday's lecture. The only new thing seemed to be the info on slide #9 concerning Microsemi Flash FPGAs' security features. Warren, please present some detail..less high-level vague stuff..more technical detail.
Zynq-7000, FPGAs, MCUs. I am a hardware security researcher - my Ph.D. research is in PUF design and experimentation. PUFs represent a very powerful countermeasure to the IC metering problem and unscrupulous overbuilding.
Hi all -Audio is live! If you don't see the audio bar at the top of the screen, please refresh your browser. It may take a couple tries. When you see the audio bar, hit the play button. If you experience audio interruptions and are using IE, try using FF or Chrome as your browser. Many people experience issues with IE. Also, make sure your flash player is updated with the current version. Some companies block live audio streams, so if that is the case for your company, the class will be archived on this page immediately following the class and you can listen then. People don't experience any issues with the audio for the archived version.
The streaming audio player will appear on this web page when the show starts at 2 PM Eastern time today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. If that doesn't work, try using Firefox or Google Chrome as your browser. Some users experience audio interruptions with IE. If that doesn't work, the class will be archived immediately following our live taping.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.