White Paper

Design Security in Stratix III Devices

September 2009, ver. 1.5 1

WP-01010-1.5

SRAM-based FPGAs ar e volatile and requir e external memory to stor e their configuration files, which results in thr ee

security risks: copying, r everse engineering, and tamper ing. This white paper details the security protection provided

by the Stratix III design security solution .

Introduction

As FPGAs are increasingly used for critical system functions, protecting designs and intellectual property (IP)

implemented inside FPGAs is becoming more important. Alt e ra

St rat ix

III devices are the first high-density and

high-performance FPGAs to use the advanced encryption standard (AES) with both non-volati le and volatile key

programming to protect designs against copying, reverse engineering, and tampering. To make the Stratix III design

security solution more secure and to protect the AES key, many security features have been implemented. The

solution has been reviewed by external security consultants during the design phase and improvements have been

made based on their feedback. This white paper details the security protect ion provided by the Stratix III design

security solution.

SRAM-Based FPGA Design Security

SRAM-based FPGAs are volatile and require external memory to store their co nfiguration files, which results in three

security risks: copying, reverse engineering, and tampering.

Copying

Copying an FPGA involves making identical copies of the design without understanding how it works. A device can

be copied by either reading the design out of the memory device or capturing the configuration file when it is sent

from the memory device to the FPGA at power-up. The stolen design can then be used to configure other FPGAs.

This approach constitutes a primary form of IP theft and can cause significant revenue loss to the designer.

Reverse Engineering

Reverse engineering involves analyzing the configuration file to recreate the original design at the register transfer

level (RTL) or in schematic form. The recreated design can the n be modified to gain a competitive edge. This form of

IP theft is more complex than copying and usually requires significant technical expertise. It is also time- and

resource-intensive, and sometimes involv es more work than creating a design from scratch.

Tampering

Modifying the design stored in the dev ice or replacing it with a different design is considered tampering. The

tampered device may contain harmful design code capable of causing a system to malfunction or steal sensitive data.

This type of design security breach is a particular concern in military, financial, and gaming applications. Today,

tampering is also becoming a concern in the consumer market where a design can be modified to access unauthorized

or premium services.

Stratix III Design Security Solution

Stratix III devices are SRAM-based FPGAs. To provide design security, S t ratix III FPGAs use a 256-bit security key

for configuration bitstream encryption. The secure configuration flow can occur after synthesis, fitting, and timing

analysis in the Quartus II software.

Secure configuration can be carried out in the following three steps:

Design Security in Stratix III Devices Altera Corporation

1. Program the security key into the Stratix III FPGA: The Quartus

II software requires the user to enter a 256-bit

user-defined key, whi c h is then used to gen erate a key program m ing file. The key program mi ng file containing

the key information is then loaded into the S tratix III FPGA through the JTAG interface. The key is then stored in

the 256-bit key storage, which can either be volatile (SRAM-based) or non-volatile (poly fuse-based).

2. Encrypt the configuration file and store it in the external memory: The Quartus II software requires the same

256-bit user-defined keys us ed in step 1 to encrypt the configuration file. The encrypted configuration file is then

loaded into the external memory, such as a configuration or flash device.

3. Configur e S tratix III FPGA: At sys tem power -up, the external memory device sends the encrypted configuration

file to the Stratix III FPGA. The Stratix III built-in AES decryption engine then uses the key to decrypt the

configuration file and configure itself.

Stratix III Key Programming Solutions

Altera provides different types of solutions for design security key programming via the JTAG interface, supporting

on-board and off-board key programming.

f The steps for programming the volatile and non-volatile key are included in AN 512: Using the Design

Security Feature in Stratix III Devices.

AES Encryption Algorithm

AES is a Federal Information Processing Standard (FIPS-197) and has been approved to be used by U.S. government

organizations to protect sensitive, classified information. It is also expected to be widely adopted both commercially

and globally.

AES is a symmetric block cipher that encrypts and decrypts data in blocks of 128 bits . The encrypted data is subject

to a series of transformations including byte substi tutions, data mixing, data shifting, and key additions. AES comes

in three different key sizes: 128 bits, 192 bits, and 256 bits. The 256-bit AES key size is used in Stratix III FPGAs for

both security and efficiency. According to the National Institute of Standards and Technology (NIST), studies have

shown that if one could build a machine that could discover a data encryption standard (DES) key in seconds, then it

would take that same machine more than 149 trillion years to discover a 256-bit AES key. The St ratix III AES

implementation has been validated as conforming to the FIPS-197 st andard.

AES Decryption Block

The main functions of the decryption block are:

■ Determine whether the configuration data needs to be decrypted.

■ Determine the security mode.

■ Decrypt the data stream and decompress the data, if needed; otherwise, configure the device.

Prior to receiving encrypted data, the 256-bit security key must be entered and stored in the device. You can choose

between a non-volatile security key and a volatile security key with battery backup. The non-volatile key and the poly

fuse key verify bit (which indicates a poly fuse key is present) are stored in one-time programmable po ly fuses,

whereas the 256-bit volatile key and the volatile key verify bit (which indicates a volatile key is present) are stored in

volatile key registers that are backed up with external battery pow er.

Key Storage

The security key is stored in poly fuses and volatile key registers inside the Stratix III FPGA . Poly fuses are

non-volatile and one-time programmable. Volatile key storage requires an external backup battery that allows the key

to be stored in the event the device is powered down. The security key can be programmed into the Stratix III FPGA

during regular manufacturing flow, with the FPGA either on-board (for both volatile and non-volatile keys) or

off-board (for non-volatile key only).