How to improve design-level security with low-cost non-volatile FPGAs

By Mark Moran, Xilinx

The recent introduction of 90nm non-volatile Spartan-3AN FPGAs that provide SRAM FPGA system-level functionality (multipliers for DSP; block, distributed, and flash memories for storage and embedded code; digital clock management for multiple clock domains; power management for less heat dissipation, etc.) clearly moves the non-volatile FPGA to the heart of the system.

Non-volatile FPGAs are widely known for their higher level of security. As non-volatile FPGAs move to the core of the system, the need for security rises dramatically. To provide the next level of design security, 90nm non-volatile Spartan-3AN FPGAs utilize features such as Device DNA, a one-time programmable (OTP) storage area, and abundant flash memory for increasing data complexity.

First, let's take a look at the architecture of the Spartan-3AN and its ability to address the needs and operations found in the core of many systems today. This 90nm non-volatile FPGA is providing functionality never before available in the non-volatile FPGA market. Until now, FPGA-based designs requiring dedicated 18×18 multipliers, advanced carry chains for the construction of fast accumulates, and the block memories that are the building blocks for complex DSP functions like filters, error correction routines, encryption, and decryption could only be achieved with SRAM-based FPGAs. Now, all of these features can be easily incorporated right into a non-volatile design.

Functions found at the heart of the system are – in most cases – the primary value and key competitive edge in designs. In today's world of overbuilding, cloning, and reverse engineering, corporate success can teeter on protecting the heart of the system.

The basic concept of Spartan-3AN design-level security can be compared to the act of accessing an ATM; inserting the bank card – the Device DNA – and authenticating identity by entering a Personal Identification Number (PIN) – the Authorization Algorithm. Even if someone steals the ATM card, they cannot use it without also using the PIN number. The system then compares the information entered with the previously stored information on the bank's computer (the stored authorization code). If there's a match, the ATM is authorized to perform the desired function; otherwise the operation fails. This is the same process that can be used with the security features of a Spartan-3AN non-volatile FPGA.

However, the weakness in this system is if someone somehow obtains both the ATM card and its associated PIN. The PIN authorization algorithm number, once learned, is easily cloned. This is why the authorization algorithm is incorporated into the design itself. The algorithm is placed in the most secret location inside of programmable logic with millions of configuration options.

Click here to read more ...

×
Semiconductor IP