Continue to Site

Welcome to EDAboard.com

Welcome to our site! EDAboard.com is an international Electronics Discussion Forum focused on EDA software, circuits, schematics, books, theory, papers, asic, pld, 8051, DSP, Network, RF, Analog Design, PCB, Service Manuals... and a whole lot more! To participate you need to register. Registration is free. Click here to register now.

Secure Configuration of FPGA

Status
Not open for further replies.

javad

Member level 3
Joined
Aug 18, 2004
Messages
57
Helped
2
Reputation
4
Reaction score
1
Trophy points
1,288
Activity points
495
Although SRAM programmed Field Programmable Gate Arrays
(FPGA's) have come to dominate the industry due to their density and performance
advantages over non-volatile technologies they have a serious weakness
in that they are vulnerable to piracy and reverse engineering of the user
design. This is becoming increasingly important as the size of chips - and
hence the value of customer designs - increases. FPGA's are now being used in
consumer products where piracy is more common. Further, reconfiguration of
FPGA's in the field is becoming increasingly popular particularly in networking
applications and it is vital to provide security against malicious parties interfering
with equipment functionality through this mechanism.

See below paper to find more about securing your fpga design:

https://www.algotronix.com/content/security FPL 2001.pdf
 

Altera is offering a solution for their customers. More information is available from: https://www.altera.com/solutions/refdesigns/sys-sol/indust_mil/ref-des-secur.html

Overview
SRAM-based FPGAs are volatile devices. They require external memory to store the configuration data that is sent to them at power up. It is possible for the configuration bitstream to be captured during the transmission and used to configure other FPGAs. This form of intellectual property theft can cause revenue loss to the designer.
This reference design provides a solution to prevent FPGA designs from being copied. It allows the FPGA design to remain secure even if the configuration bitstream is captured. This is accomplished by disabling the functionality of the user design within the FPGA until handshaking tokens are passed to the FPGA from the MAX® II device. The MAX II devices are selected for generating the handshaking tokens because they are non-volatile and retain their configuration data during power down.


Bye,
cube007
 

Hi,
As I heard, when the configuration data from the configuration E2PROM for FPGA configuration goes to FPGA, it could be intercepted. Then the interceptor could replay it anywhere.
One idea is to secure this communications.
Kasra
 

In my openion , there is no way to protect the SRAM-based FPGAs from cloning 'cause they are volatile devices !!
In all cases the bit stream will be transferred from the ROM to the FPGA
so , what ever you did , any one can easly monitor this path and capture the bitstream and reload it again ! so how could you solve it ?
 

Vonn said:
so how could you solve it ?

Hello Vonn,

Solutions are given in the document which is linked by javad!


Bye,
cube007
 

Hi Cube007 ,
Have you read this pdf ?
The author tells you that Until the introduction of Virtex II, the advice
from the major SRAM FPGA vendors was that to protect against design
piracy by copying bitstream information the best approach was to
configure the FPGA before the product left the factory and
maintain the configuration in the field using a battery back up when the
main power supply to the equipment containing the FPGA
was switched off. which doesn't make sense in practical implementation.

Then he spoke about FPSLIC ; actually the FPSLIC is very specified
and you can't compare it with some families like Spartan of Xilinx ..

Again , he list a very old technique , which is encrypting the bit stream
inside the FPGA before storing it in the flash ; but he , himself, approve
that if you hacked by man in the middle your security will be broken!!

Also he spoke about Manufacturer Defined Key ; also this technique
can easly be broken if the hacker has a simple LA !

I believe that : As long as the bit stream outside the FPGA and is
downloaded when power up ; The cloning can be done whatever
you did to protect it !
 

Hello Vonn,

Of course I read the pdf. And I agree with you that if the bitstream isn’t encrypted it will be possible to clone the hardware. But what do you think about using additional devices (like CPLDs) for giving some more security? The reference design from Alter is based on a MAX II which acts as a dongle. I got the attached pdf (wp_m2dsgn.pdf) from the support team of Altera. The complete design is available from the sales representatives.


Bye,
cube007
 

This is all very nice, but it is a 2-chip solution and hence intrusion might still be possible.
A non-volatile but reconfigurable (SRAM based) FPGA with on board security bits provide more security than the proposed solution. Therefore, only 2 device families meet this requirement. Actel's flash based FPGA and Lattice's XPGA. Both provide possibility to block readout of the FPGA configuration, but there is still the possibility to overwrite/clear the contents and fill with another bit stream.
If your only concern is to block readout, then both families are OK, otherwise FPGA is no real solution.

Regards,
 

If the target of the attacker is only to destroy the FPGA, the mathod of overwiting the content is useful. But I think the attacker can get nothing from this action. So when talk about the security problem, I think there are two main aspects: the bitstream security. the running security. the running security means that you must protect the data transfering between the FPGA and the external SRAM memory. the optional method is implementing a cipher in FPGA itself.
 

Great point to talk on...
Material provided by some of our friends is really good... both for ALTERA and Xilinx....
I think these 2 files cover almost all points.
 

Status
Not open for further replies.

Part and Inventory Search

Welcome to EDABoard.com

Sponsor

Back
Top