Robust & Reliable
Security
Analytical Capabilities
FirstPass maintains high standards for protecting customer information. Non-disclosure agreements are established with every customer, while visibility and access to project information from within FirstPass is managed on a ‘need to know’ basis.
ASIC / FPGA Security
Process Flow
Everyone is aware of the more common security threats. Standard attacks such as Distributed Denial of Service (DDoS), Malware and Spyware, Social Engineering, and others have become household words. But in recent years, a more insidious and, frankly, scary kind of cyber-security threat has emerged that seeks to embed itself at the lowest levels of computer architectures.
Security threats can worm their way into the very design processes of ASICs and FPGAs, literally placing malicious circuits into manufactured silicon, creating hardware Trojans, and making it possible to reverse engineer, and then counterfeit proprietary IP. Said another way, attackers are attempting to learn the secrets stored on, and processed by, the chip.
Security Threats
ASIC Tampering
Refers to intentionally changing the functionality of a device or working to uncover proprietary secrets in the design or operation of the ASIC.
Side-Channel Analysis
Relies on the way in which emissions from the circuitry is used to try to obtain the private keys employed by an embedded cryptocore. The attacks reveal information on the data being processed.
Bootloader Corruption
A hacker replaces key parts of the bootloader or the low-level firmware to compromise other software in the system used to support secure access.
Reverse Engineering
A process of identifying an Integrated Circuit’s (IC) structure, design, and functionality. Reverse engineering can include extraction of non-volatile memory contents, gate-level netlists, or deducing the functional specification from a gate-level netlist.
Security Solutions
FirstPass Engineering knows that, to be effective, cyber-security can’t just be layered on top of existing communications and storage structures. In today’s environment, it must be an integral part of the very processes used to design ASICs and FPGAs. This involves strong protections for communications and Intellectual Property (IP) archival, as well as specific hardware and software techniques, as summarized below:
Security Policies
A robust set of security policies that permeate all areas of FPE’s business. Ranging from encrypted communications, to specific password requirements, to highly-secure IP and information storage, this commitment to security is a way of life at FPE.
Integrated Circuit (IC) Camouflaging
A promising defense against so-called IC extraction attacks that seek to reverse engineer the netlist of a packaged IC using delayering and imaging techniques. Camouflaging works by hiding the Boolean functionality of selected gates in the netlist from reverse engineering, albeit at the cost of increased gate area and power.
Rogue Circuit Detection
Mauris blandit aliquet elit, eget tincidunt nibh pulvinar a. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Donec velit neque, auctor sit amet aliquam vel
Anti-Tampering Layers
Sometimes part of a broader IC Camouflaging strategy, Anti-Tampering consists of a random plane filled curve that is built in top level metal over specific IP or sensitive areas of the ASIC. Multiple lines can be employed, with each functioning as a powered and active screen rather than blockage simply used to hide sensitive areas.
Physically Unclonable Functions (PUFs)
A physical object that for a given input and conditions (challenge), provides a physically-defined “digital fingerprint” output (response) that serves as a unique identifier, most often for a semiconductor device such as a microprocessor. This unique identifier makes reverse engineering of an IC very difficult.
Hardware Root-of-Trust (HRoT) ICs
Specific ICs that implement secure boot, secure debug, secure storage, key generation and management, secure firmware and software update, Trusted Execution Environments (TEEs), secure communication, runtime monitoring to detect and report violations of security policies, and mechanisms to detect and react to physical tampering and fault attacks.
Anti-Tamper Design Methodologies
Anti-tamper and camouflage IP to protect Critical Technology elements at all levels
Zero Trust Initiative
Zero trust gains momentum as DOD’s new approach to microelectronics acquisition “…if a malicious or weak microchip is implanted into the military’s systems, it could open wide attack options.
Zero trust is the department’s new answer to replace the older “trusted foundry” system where DOD had oversight over the physical development of the microelectronics.
“We’ve seen a number of examples where the biggest threats that we face often are the insider threat. It’s the people inside the fence line, behind the guards, who we think we’ve cleared,” he said. “They’re the ones that pose the biggest threats to us.
– Mark Lewis, Director of Defense Research and Engineering for Modernization
IP Vetting
Synopsys engagement, tool enablement
Starting deployment on Secure Reference Design (SRD)
RTL sniffing
AI algorithms that can isolate unique RTL coding contributions
Developing and applying initial flow/algorithms on SRD
Secure Engine IP (aka Monitor IP)
Initial conceptual design and partitioning in progress
Expect ‘brochure’ management