Design Security in Stratix II GX Devices
As FPGAs advance in density, functionality, and performance, they are increasingly being used in more critical system functions that were traditionally filled by ASICs or ASSPs. Altera’s Stratix® II GX devices allow designers to secure their designs against intellectual property (IP) theft while meeting demanding design requirements. Stratix II GX devices support configuration bitstream encryption using the 128-bit advanced encryption standard (AES) and a non-volatile key. Altera's Stratix II device family architecture was the first in the industry to include this feature, and Stratix II GX FPGAs incorporate that same architecture.
Design Security Implementation in Stratix II GX Devices
SRAM-based FPGAs are volatile and require a configuration bitstream to be sent from a flash memory or configuration device to the FPGA at power up. This configuration bitstream could be intercepted during transmission. Design security in Stratix II GX FPGAs is enabled by encrypting the configuration bitstream using 128-bit AES and a non-volatile key. AES is a U.S. National Institute of Standards and Technology (NIST) standard for encryption, developed to replace the design encryption standard (DES). AES has been approved by the Federal Information Processing Standard (FIPS) for use by U.S. government organizations to protect sensitive, unclassified information (see FIPS-197 (PDF)). The 128-bit AES key makes it much more secure than DES (56-bit key size) and Triple DES (112-bit effective key size). The non-volatile key retains its information when power is off, eliminating the need for a battery backup. Figure 1 shows a secure configuration flow, which can be implemented in three steps:
- The 128-bit AES key is programmed into the non-volatile key storage in the Stratix II GX device.
- The Altera® Quartus® II software uses the same AES key to generate an encrypted configuration file, which is then stored in a flash memory or configuration device.
- At power-up, the flash memory or configuration device sends the encrypted configuration file to the Stratix II GX device, which then uses the stored AES key to decrypt the file and configure itself.
The encrypted configuration file cannot be decrypted without the key, thus preventing IP theft.
Figure 1. Stratix II GX Secure Configuration Flow
In addition to the high-performance, high-density, and feature-rich architecture, the Stratix II GX device family allows designers to protect their own designs. For more information or to use the Stratix II GX design security feature to protect your next FPGA design, please contact your local Altera sales representative.
|
 |
|
Literature
> 
