To reach the highest levels of security, using a single type of protection mechanism is inadequate. Layers of security must be employed, and higher levels of security can be achieved by moving those layers into hardware. EnforcIT® raises the achievable level of protection with technology rooted in firmware, layered on top of software protection mechanisms. This technology is provided in the following EnforcIT security suites:

Cryptography Suite: Customizable, FIPS-compliant cryptographic cores enabling encryption, decryption, signing, and verifying of sensitive data and code.

Firmware Protection Suite: Independently configura­ble firmware protection mechanisms that protect critical technologies (CT) in your FPGA against reverse engi­neering and tampering.

Shared Memory Protection Suite: Intertwined soft­ware and FPGA AT modules; active defense against reverse engineering and tampering for CT.

System-Level Security

Cryptography Suite

Is a selection of NSA Suite B, FIPS compliant IP cores used to implement cryptographic operations in firmware and offload cryptographic operations from software. Users have access to AES, public key algorithms including ECC and RSA, and secure hashing including SHA-1, SHA-2, and MD5. Additionally, a random number generator is included to seed cryptography cores or to supply your own design with random data.

Firmware Protection Suite

Is a selection of IP cores that implement CT protection mechanisms in FPGAs. With these cores, users can protect their CT against unauthorized debugging, ensure clock integrity, authenticate end-point nodes, boots devices securely, provide FPGA tamper responses, and utilize numerous other standalone FPGA security features to prevent both static and dynamic reverse engineering, tampering, and counterfeiting attacks.

Shared Memory Protection

Integrates software and firmware anti-tamper mechanisms to protect CT in shared memory. This suite combines Mercury's CodeSEAL protection mechanisms with FPGA IP cores to create hardware-rooted security whereby the FPGA detects and reacts to software tampering, prevents static code analysis, and deters dynamic attacks in real-time. With the software protection offloaded onto the FPGA, this Suite also acts as a software AT accelerator.

 

EnforcIT Add-ons are additional protection technologies that interact with other EnforcIT security mechanisms to further increase the level of defense. Available enhancements include software protection integration with Mercury's CodeSEAL product and the ability to create device-specific encryption keys and prevent cloning of FPGA devices using a mature, robust, and relia­ble physically unclonable function (PUF).

How EnforcIT Works

EnforcIT is distributed as a customizable set of one or more netlists (VHDL can be pro­vided in certain situations). The Shared Memory Protection Suite also includes a library of software-based AT mechanisms and an insertion engine. These AT mechanisms are inserted into your software binary and/or firmware bitstream to provide protection cus­tomized specifically to your systems' security and performance requirements.

Protection Development Environment

System level protection is a complex activity, requiring a security engineer to have a system wide security view while maintaining focus on the detailed implementation of individual protections. EnforcIT's Protection Development Envi­ronment is a streamlined interface that walks you through the process of applying anti-tamper to your system.

EnforcIT provides utilities for generating threat trees, injecting binary level software protection mechanisms, configur­ing your protection network, and generating anti-tamper reports. Security can be configured down to the bit level, or viewed at the system level. The EnforcIT Protection Development Environment can be used as a standalone protec­tion management interface, but when used to inject EnforcIT protection mechanisms, will significantly decrease the complexity and time of implementing a system level protection.

The EnforcIT Advantage

EnforcIT Features

EnforcIT Benefits

FIPS Compliant Crypto

Cryptographic IP cores are FIPS 140-2 compliant, allowing you to build Suite B cryptography into your system without going through a costly, lengthy certification process.

Prevents Counterfeiting

Using unique functions intrinsic to individual manufactured hardware devices, users can generate an encryption key that only works with a single FPGA.

Multi-Layered Protection

The combination of software and hardware communicating with each other to secure your system's CT raises the level of sophistication and cost of tools required for an adversary to attack.

Software Anti-Tamper Acceleration

EnforcIT minimizes the performance impact on software by offloading cryptographic and AT protection mechanisms into the FPGA.

Broad FPGA Device Support

EnforcIT provides straightforward integration into existing systems with support for Mercury SmartFusion and IGLOO, Xilinx Virtex and Spartan, and Altera Cyclone and Stratix devices.

Docs & Specs

Product Overview   Mercury EnforcIT Product Overview (513.29 kB)

Diagram

Individual security IP Cores in each EnforcIT Protection Suites.

Contact Us

Mercury is focused on serving our customers with unsurpassed responsiveness and technical expertise. We offer a wide range of services designed to deliver the best combination of technology, products and support to our customers.

We can respond to your design questions via the General Support form.