Protecting the designs and valuable intellectual property (IP) implemented inside FPGAs becomes more important the more you use FPGAs for core system functions. Altera's Stratix® series FPGAs are the only high-performance, high-density FPGAs providing both volatile and non-volatile design security to protect your designs against copying, reverse engineering, and tampering.
| Table 1. Stratix Series Design Security Comparison by FPGA Family | |||
| Stratix Series FPGA Family (1) |
Volatile |
Key Length |
|
| Stratix and Stratix GX | |||
| Stratix II and Stratix II GX |
Yes |
|
128 |
| Stratix III |
Yes |
Yes |
256 |
| Stratix IV E and Stratix IV GX |
Yes |
Yes |
256 |
-
Select the Stratix family name for complete details about a specific Stratix family's design security features.
Design Security
SRAM-based FPGAs are volatile and require a configuration bitstream to be sent from a flash memory or configuration device to the FPGA at power up. To prevent the configuration bitstream from being intercepted during transmission and to provide design security, Altera's Stratix series FPGAs use the advanced encryption standard (AES) and a 128-bit or 256-bit key for configuration bitstream encryption. The secure configuration flow is carried out in three steps:
- The user-defined AES key is programmed into the volatile or non-volatile key storage in Stratix series FPGAs (Stratix III FPGAs and later)
- The Quartus® II design software uses the same AES key to generate an encrypted configuration file, which is then stored in an external flash memory or configuration device
- At power-up, the flash memory or configuration device sends the encrypted configuration file to the Stratix series FPGA (Stratix III FPGAs and later), which then uses the stored AES key to decrypt the file and configure itself
AES is a Federal Information Processing Standard (FIPS) and has been approved to be used by United States government organizations to protect sensitive, unclassified information. It is also widely adopted both commercially and globally. The AES implementation in Stratix series FPGAs (Stratix III FPGAs and later) has been validated as conforming to the FIPS-197 (PDF) standard.
To provide you with more choices, Stratix series FPGAs (Stratix III and later) offer both volatile and non-volatile security key storage. The volatile security key storage provides more flexibility, where the non-volatile security key storage is more practical. Table21 shows a comparison of volatile and non-volatile key storage.
| Table 2. Volatile and Non-volatile Key Comparison | ||
| Feature | Volatile Key | Non-Volatile Key |
|---|---|---|
| Key Programmability | Reprogrammable and erasable key | One-time programmable key |
| External Battery | Required | Not required |
| Key Programming Method | On-board | Both on-board and off-board |
| Design Protection | Secure against copying and reverse engineering |
Secure against copying, reverse engineering, and tampering |
Applications of the Stratix Series Design Security Feature
Products containing valuable IP or sensitive information can benefit from the Stratix series design security feature. Here are some other example applications:
- Products manufactured or sold where IP laws are not well enforced—The built-in design security feature of Stratix series FPGAs protects your IP, revenue, and competitive advantage
- Product version control and customization—You can program different security keys into different Stratix series FPGAs to provide product version control and customization
- Royalty-based business model—IP vendors can ensure royalty income for their IP when delivered in a secure Stratix series FPGA with an encrypted configuration file. Because the encrypted configuration file only works with Stratix series FPGAs containing the correct key, IP vendors can keep track of the number of IP usages
- Security functions—Stratix series FPGAs provide device-level security in systems implementing security functions
- Gaming applications—The tamper protection capability of the Stratix series design security feature helps to prevent undesired modification of the gaming or gambling machines
- Military anti-tampering—You can use Stratix series FPGAs to protect military technologies and information
- Test market ASSPs —ASSP vendors can test market and adapt the functionality in their ASSPs by delivering secure Stratix series FPGAs as ASSP chips along with encrypted configuration files. Because the encrypted design file only works with Stratix series FPGAs containing the correct key, ASSP vendors can maintain control of the IP
