The Heart of Security

Every system has unique security, power, performance, safety, and business requirements. While many of these requirements can be addressed with the right selection of hardware and software, security is a requirement that spans nearly all parts of a system. Security is therefore both a strategic and technological problem for program managers and developers. Since it is generally unfeasible to solve security problems using a single technology, using mature security products based on established expertise is a far more effective approach. EnforcIT Security Monitor addresses complex security, performance, safety, and business requirements by providing a configurable, multilayered security IP block for Mercury's Smart-Fusion®2 and IGLOO®2 FPGAs. Built using nearly a decade of FPGA security experience and built into the heart of the lowest-power and most secure FPGA's on the market, EnforcIT Security Monitor allows the end-user to configure additional layers of tamper protections and tamper response penalties through a single soft IP block.

Intelligent Security

EnforcIT Security Monitor is a single, low-resource, soft IP block capable of monitoring and responding to an assortment of internal security flags and system conditions. Taking full advantage of the tamper detectors and responses built into the FPGA silicon, it can report threats, act autonomously, or some combination thereof. Once implemented it acts as an intelligent security controller for the hardware security mechanisms packaged with the Smart-Fusion-2 and IGLOO-2.

When configured for reporting, EnforcIT Security Monitor can report to the FPGA a variety of internal security flags and system conditions. When configured to act autonomously, EnforcIT Security Monitor can respond to FPGA threats and take action, mitigating further attack by protecting or destroying critical data and design.

Configurable Security

The EnforcIT Security Monitor IP block is made up of a JTAG monitoring core, a clock frequency monitor core, a system heartbeat, and a watch-­dog timer, all working together to ensure the FPGA is not under attack. Each of these four components can emit individual tamper responses. Under tamper, the user can configure various responses up to and including device zeroization.

Each component in EnforcIT Security Monitor can be independently configured for tamper monitoring and customized for response. The entire IP block utilizes less than 5 percent of Mercury SmartFusion 2 FPGA in a typical configuration and is easily customized by the end-user, minimizing impact to development schedules without compromising on security or performance.

Trusted Security

EnforcIT Security Monitor was built using nearly a decade of FPGA protection development experience. It can be used as part of the layered solution in NSA's Commercial Solutions for Classified Program. This and other Mercury cryptography, software, and hardware products including WhiteboxCRYPTO and EnforcIT are built in the U.S. in one of Mercury's trusted facilities.

Mercury Security Solutions

The Mercury SmartFusion-2 and IGLOO-2 FPGA families have the world's best suite of complementary security features for implementing protected embedded systems. These FPGAs can implement many security-­enhancing capabilities without negatively impacting system requirements. With innovative technology, holistic security conscious device architecture (from the bottom level silicon process all the way up to the target system), simplified design methodology, and extensive support ecosystem, many security capabilities can be implemented without any added system cost, additional power, or increased time to market.

Features and Benefits

Features

EnforcIT Security Monitor Benefits

Seamless Interface

Seamlessly interfaces with Mercury's SmartFusion®2 SoC and IGLOO®2, the most secure and lowest power FPGAs on the market.

Configurable

Configurable alarm actions include zeroize, lockdown, chip reset, and more.

Safety Controls

Safety controls permit the user to delay or cancel automatic responses.

Customizable Security

Customizable clock, JTAG, and timeout monitoring. Logic integrity and fault detection. Runtime IP version reporting.

Extensible

For advanced security needs, contact sales@mrcy.com about enhancing EnforcIT® Security Monitor with additional FPGA security IP cores including FIPS 140-­2 certified Suite B cryptography, secure memory controllers, secure logging, authentication, and more.

Docs & Specs

Product Overview  Mercury EnforcIT Security Monitor Overview (248.69 kB)

Diagram

Contact Us

Mercury is focused on serving our customers with unsurpassed responsiveness and technical expertise. We offer a wide range of services designed to deliver the best combination of technology, products and support to our customers.