How to defend against the cloning of your FPGA designs

This article describes a new way of tagging designs to help to counter the rapidly growing trade in stolen IP and cloned designs. The topic is a difficult one for the industry to discuss; recently, however, more and more voices have been raised on the issue.

An estimate of the prevalence of counterfeit electronics has been put as high as 10%. (The International Chamber of Commerce website, for example, includes the statement: "Counterfeit electronics are estimated to account for 1 to 10 % of global electronic sales"). This is supported by the Alliance for Gray Markets and Counterfeit Abatement (AGMA) (www.agmaglobal.org), an industry group that consists of Hewlett Packard, Cisco, and other top tier electronics OEM companies, which estimates the loss to manufacturers at more than $100B. The hidden costs of damaged reputations and reliability issues for the end customer are more difficult to quantify.

One unfortunate consequence of the rise of programmable logic coupled with the decline of the ASIC is that it is now easier than ever to copy a design. Some Asian or Eastern European companies openly claim to specialise in "reverse engineering" or copying PCB layouts and memory contents. It is difficult, expensive, and time consuming to reverse engineer an ASIC, but simple to copy the configuration bit stream of the most popular FPGAs (see *note) as illustrated in Fig 1.

1. Stealing an FPGA design is not complex.

*Note: It is possible to encrypt bit streams for some SRAM based FPGAs. However, the overwhelming majority of customers do not use this because of added cost, complexity and logistics. The feature is not offered in the low cost parts that most customers use for high volume applications. Non-volatile FPGAs avoid this, but comprise only a small fraction of the overall market.

As a result, companies can find that overnight their Intellectual Property (IP) appears in the product of a competitor. The counterfeiter carries virtually no R&D cost, and can therefore undercut the legitimate supplier on price and steal market share.

The problem is how to deter theft and prove ownership of the design. This is where a product called DesignTag from Algotronix can help. When buried in the FPGA bit-stream, the DesignTag code is very difficult to locate and disable – even if the fraudster knows that it is included.

Once this code is duplicated into the pirated bit-stream, it acts like a beacon announcing that the design has been copied. There is a strong parallel with the concept of marking valuables with your Post Code or Zip code using UV pens. It cannot prevent the theft, but allows ownership to be established afterwards.

2. DesignTag provides "proof-of-theft".

The DesignTag occupies $0.57 cents worth of silicon in a XC3S2000 FPGA (using the 100+ list pricing), which represents 1.3% of the logic resources on the chip. This is a modest overhead compared to the potential damage represented by illegal copies.

A more insidious problem comes from so called "over-building". The background to this problem lies in the mass exodus over the last decade of companies exiting production in favour of designing products to be built by contract manufacturers (CEM). This positions the CEM in a central and critical role. The vast majority of CEMs, of course, are responsible and provide a valuable service. Unscrupulous ones, however, can supplement their profits by producing more units than they are contracted for and selling the excess onto the gray market. Again the DesignTag identifies the source and ownership of the design.

A further application of DesignTag is to provide serial numbering or version identification. For example, medical, automotive, industrial, military, or aerospace manufacturers may wish to tag equipment with end customer codes or track the FPGA configuration version. Version control is especially important where upgrades are routinely applied. The DesignTag can be detected in working systems without making electrical contact and is particularly beneficial for ball grid arrays where the top of the package is far more accessible than the electrical connections. Monitoring can also be achieved without resorting to software or hardware interrupts that might affect the normal operation.

Yet another twist is to have an embedded system interact with DesignTag so that it flags fault or status conditions. In this application, the DesignTag is programmed to output a different code that unobtrusively signals the internal condition.

So how does it work?
This is really going to surprise you... go to page 2 of this article for all to be revealed...