Design Security in Stratix III FPGAs
Only Stratix® III FPGAs provide both volatile and non-volatile design security to protect designs against copying, reverse engineering, and tampering.
Design Security Implementation in Stratix III Devices
SRAM-based FPGAs are volatile and require a configuration bitstream to be sent from a flash memory or configuration device to the FPGA at power up. To prevent the configuration bitstream from interception during transmission and to provide design security, Altera's Stratix III devices use the advanced encryption standard (AES) and 256-bit key for configuration bitstream encryption. Figure 1 shows the secure configuration flow, which is carried out in three steps:
- The user-defined AES key is programmed into the volatile or non-volatile key storage in the Stratix III device
- The Quartus® II software uses the same AES key to generate an encrypted configuration file, which is then stored in an external flash memory or configuration device
- At power-up, the flash memory or configuration device sends the encrypted configuration file to the Stratix III device, which then uses the stored AES key to decrypt the file and configure itself
Figure 1. Stratix III FPGA Secure Configuration Flow
AES is a Federal Information Processing Standard (FIPS-197 (PDF)) and has been approved to be used by United States government organizations to protect sensitive, unclassified information. It is also widely adopted both commercially and globally. The Stratix III AES implementation has been validated as conforming to the FIPS-197 standard.
To provide you with more choices, Stratix III FPGAs offer both volatile and non-volatile security key storage. The volatile security key storage provides more flexibility, where the non-volatile security key storage is more practical. Table 1 shows a comparison of volatile and non-volatile key storage.
| Table 1. Volatile and Non-volatile Key Comparison |
|
Volatile Key |
Non-Volatile Key |
| Key Length |
256-bit |
256-bit |
| Key Programmability |
Reprogrammable and erasable key |
One-time programmable key |
| External Battery |
Required |
Not required |
| Key Programming Method |
On-board |
Both on-board and off-board |
| Design Protection |
Secure against copying and reverse engineering |
Secure against copying, reverse engineering, and tampering |
Applications of the Stratix III FPGA Design Security Feature
Products containing valuable intellectual property (IP) or sensitive information can benefit from the Stratix III design security feature. Here are some other example applications:
- Products manufactured or sold where IP laws are not well enforced—The built-in design security feature of Stratix III FPGAs protects your IP, revenue, and competitive advantage
- Product version control and customization—You can program different security keys into different Stratix III devices to provide product version control and customization
- Royalty-based business model—IP vendors can ensure royalty income for their IP when delivered in a secure Stratix III FPGA with an encrypted configuration file. Because the encrypted configuration file only works with Stratix III FPGAs containing the correct key, IP vendors can keep track of the number of IP usages
- Security functions—Stratix III FPGAs provide device-level security in systems implementing security functions
- Gaming applications—The tamper protection capability of the Stratix III design security feature helps to prevent undesired modification of the gaming or gambling machines
- Military anti-tampering—Stratix III FPGAs can be used to protect military technologies and information
- Test market ASSPs—ASSP vendors can test market and adapt the functionality in their ASSPs by delivering secure Stratix III FPGAs as ASSP chips along with encrypted configuration files. Because the encrypted design file only works with Stratix III FPGAs containing the correct key, ASSP vendors can maintain control of the IP
Related Links
|
 Next Steps
Buy Now
Support
Documentation
|
Literature
> 
