Design Security in Stratix II and Stratix II GX Devices
As the use of FPGAs for core system functions increases, protecting the designs and intellectual property (IP) implemented inside the FPGAs becomes more important. Altera's Stratix® II and Stratix II GX devices are the only high-performance high-density FPGAs providing non-volatile design security to protect designs against copying, reverse engineering and tampering.
Design Security Implementation in Stratix II and Stratix II GX Devices
SRAM-based FPGAs are volatile and require a configuration bitstream to be sent from a flash memory or configuration device to the FPGA at power up. The configuration bitstream could be intercepted during transmission. To provide design security, Stratix II and Stratix II GX devices use 128-bit advanced encryption standard (AES) and a non-volatile key for configuration bitstream encryption. Figure 1 shows the secure configuration flow which can be carried out in three steps:
- The user-defined AES key is programmed into the non-volatile key storage in the Stratix II or Stratix II GX device
- The Quartus® II software uses the same AES key to generate an encrypted configuration file, which is then stored in an external flash memory or configuration device
- At power-up, the flash memory or configuration device sends the encrypted configuration file to the Stratix II or Stratix II GX device, which then uses the stored AES key to decrypt the file and configure itself
Figure 1. Stratix II and Stratix II GX Secure Configuration Flow
AES is a Federal Information Processing Standard (FIPS-197) and has been approved to be used by United States government organizations to protect sensitive, unclassified information. It is also widely adopted both commercially and globally. The Stratix II AES implementation has been validated as conforming to the FIPS-197 standard.
The security key storage inside Stratix II and Stratix II GX is non-volatile, providing many benefits over a volatile key storage as shown in table 1.
|
Table 1. Benefits of Non-Volatile Security Key Over Volatile Security Key
|
| Benefits |
Description |
| No Need for Battery |
A non-volatile key is more reliable than a volatile key. A volatile key requires an external backup battery when the system is powered down. Batteries have a limited lifetime and are subject to degradation due to operating temperatures. In case of battery failure, products have to be sent back to the manufacturer for repair, resulting in high maintenance cost.
|
| Manufacturing Flexibility |
With a non-volatile key, the security key can be programmed into the Stratix II or Stratix II GX device with the FPGA either on-board or off-board. The security key can be programmed into the Stratix II or Stratix II GX device through socket programming by a partner, while the board can be manufactured in a different location. |
| Supports ASSP or Royalty-based Business Model |
A non-volatile key enables designers to sell a Stratix II or Stratix II GX device as an ASSP chip while protecting their IP. Designers can ship Stratix II or Stratix II GX devices with the security key programmed along with an encrypted configuration file to their customers. |
| Tamper Protection |
The non-volatile key in Stratix II and Stratix II GX devices is one-time programmable. Configuring a secure Stratix II or Stratix II GX device with an unencrypted configuration file or configuration file encrypted with the wrong key results in failure. Tampering or modification of the FPGA design to steal sensitive system data or conduct illegal functions can be detected. |
Applications of the Stratix II and Stratix II GX Design Security Feature
Products containing valuable IP or sensitive information can benefit from the Stratix II and Stratix II GX design security feature. Here are some example applications:
- Products manufactured or sold where IP laws are not well enforced – The built-in design security feature of Stratix II and Stratix II GX FPGAs protects the designers’ IP, revenue and competitive advantage
- Product version control and customization – Different security keys can be programmed into different Stratix II or Stratix II GX devices to provide product version control and customization
- Royalty-based business model – IP vendors can ensure royalty income for their IP when delivered in a secure Stratix II or Stratix II GX FPGA with an encrypted configuration file. Since the encrypted configuration file only works with Stratix II or Stratix II GX FPGAs containing the correct key, IP vendors can keep track of the number of IP usages
- Security functions – Stratix II and Stratix II GX FPGAs provide device-level security in systems implementing security functions
- Gaming applications – The tamper protection capability of the Stratix II and Stratix II GX design security feature helps to prevent undesired modification of the gaming or gambling machines
- Military anti-tampering – Stratix II and Stratix II GX FPGAs can be used to protect military technologies and information
- Test market ASSPs – ASSP vendors can test market and adapt the functionality in their ASSPs via Stratix II or Stratix II GX FPGAs while protecting their IP
Contact Altera for More Information
To learn more about how to use the Stratix II and Stratix II GX design security feature, please download a copy of AN 341: Using the Design Security Feature in Stratix II Devices (PDF) or contact your local Altera® sales representative.
Related Links
|
Literature
> 
