An interesting question relating to embedded design security was posted recently on the Microcontroller Central LinkedIn group. The question asked if engineers considered design security, and if so, how they implemented it.
I immediately thought this topic would be interesting in the context of FPGA designs, because we face just as many -- if not more -- challenges with regard to securing our designs as our microcontroller cousins.
Let's start by considering the high-level issues we face as engineers attempting to secure our designs. These include the following:
- Competitors reverse engineering our design
- Unauthorized production runs
- Unauthorized modification of the design
- Unauthorized access to the data within the design
- Unauthorized control of the end system
The severity and impact of each of these will vary depending upon the end function of the design. In the case of an industrial control system, for example, someone being able to take unauthorized control could be critical and cause untold damage and loss of life. A secure data processing system will place emphasis on integrity of the data being critical. By comparison, in the case of a commercial product, preventing reverse engineering, unauthorized production runs, or even modification might be the driving factors.
Luckily, as engineers, we can use a number of approaches to prevent this sort of thing from happening.
The first, and most critical, is taking control of your design data -- source code, schematics, mechanical assemblies, etc. -- and ensuring it's secure. This information is the lifeblood of your company and must be protected all the way through the project life cycle, and beyond, to keep your competitive edge. Sadly, in this age of cyberattacks by anything from individuals to organized groups to nation states, this means having very good firewalls -- maybe even an "air gap" -- between your design network and one connected to the external world.
There are also efforts that can be undertaken to secure your design within the design process itself. These efforts can be split into the following approaches, which are in no way mutually exclusive:
Click here to read more ...