Skip to main content

EnforcIT®

To reach the highest levels of security, using a single type of protection mechanism is inadequate. Layers of security must be employed, and higher levels of security can be achieved by moving those layers into hardware. EnforcIT® raises the achievable level of protection with technology rooted in firmware, layered on top of software protection mechanisms. This technology is provided in the following EnforcIT security suites:

Cryptography Suite: Customizable, FIPS-compliant cryptographic cores enabling encryption, decryption, signing, and verifying of sensitive data and code.

Firmware Protection Suite: Independently configura­ble firmware protection mechanisms that protect critical technologies (CT) in your FPGA against reverse engi­neering and tampering.

Shared Memory Protection Suite: Intertwined soft­ware and FPGA AT modules; active defense against reverse engineering and tampering for CT.

System-Level Security

  • Cryptography Suite Is a selection of NSA Suite B, FIPS compliant IP cores used to implement cryptographic operations in firmware and offload cryptographic operations from software. Users have access to AES, public key algorithms including ECC and RSA, and secure hashing including SHA-1, SHA-2, and MD5. Additionally, a random number generator is included to seed cryptography cores or to supply your own design with random data.
  • Firmware Protection Suite is a selection of IP cores that implement CT protection mechanisms in FPGAs. With these cores, users can protect their CT against unauthorized debugging, ensure clock integrity, authenticate end-point nodes, boots devices securely, provide FPGA tamper responses, and utilize numerous other standalone FPGA security features to prevent both static and dynamic reverse engineering, tampering, and counterfeiting attacks.

  • EnforcIT Add-ons are additional protection technologies that interact with other EnforcIT security mechanisms to further increase the level of defense. Available enhancements include software protection integration with Mercury's CodeSEAL product and the ability to create device-specific encryption keys and prevent cloning of FPGA devices using a mature, robust, and relia­ble physically unclonable function (PUF).

How EnforcIT Works

EnforcIT is distributed as a customizable set of IP cores. These AT mechanisms are inserted into your software binary and/or firmware bitstream to provide protection cus­tomized specifically to your systems' security and performance requirements.

Protection Development Environment

System level protection is a complex activity, requiring a security engineer to have a system wide security view while maintaining focus on the detailed implementation of individual protections. EnforcIT's Protection Development Envi­ronment is a streamlined interface that walks you through the process of applying anti-tamper to your system.

EnforcIT provides utilities for generating threat trees, injecting binary level software protection mechanisms, configur­ing your protection network, and generating anti-tamper reports. Security can be configured down to the bit level, or viewed at the system level. The EnforcIT Protection Development Environment can be used as a standalone protec­tion management interface, but when used to inject EnforcIT protection mechanisms, will significantly decrease the complexity and time of implementing a system level protection.

Features

Benefits

FIPS Compliant Crypto

Cryptographic IP cores are FIPS 140-2 compliant, allowing you to build Suite B cryptography into your system without going through a costly, lengthy certification process.

Prevents Counterfeiting

Using unique functions intrinsic to individual manufactured hardware devices, users can generate an encryption key that only works with a single FPGA.

Multi-Layered Protection

The combination of software and hardware communicating with each other to secure your system's CT raises the level of sophistication and cost of tools required for an adversary to attack.

Software Anti-Tamper Acceleration

EnforcIT minimizes the performance impact on software by offloading cryptographic and AT protection mechanisms into the FPGA.

Broad FPGA Device Support

EnforcIT provides straightforward integration into existing systems with support for Microsemi, Xilinx, and Intel FPGAs.

Contact Us

Mercury is focused on serving our customers with unsurpassed responsiveness and technical expertise. We offer a wide range of services designed to deliver the best combination of technology, products and support to our customers.