《美国国家航空航天局技术简报》近期在 6 月刊中以封面报道的形式刊登了《FPGA 在新一代安全 A&D 系统中的作用》一文。该**由 Xilinx 高级研究员应用工程师 (Senior Staff Applications Engineer) Ed Peterson 执笔。
The Role of FPGAs in Next- Generation Secure A&D Systems
Because an FPGA is programmable, companies can make changes to their systems even after they are deployed in the field. This is especially desirable in the A&D space, because design teams or technicians can make adjustments to the FPGAs in their systems to address new security threats or to simply upgrade systems to meet any new requirements for encryption standards like TDES to AES.
Because today’s FPGAs include millions of programmable logic elements, design teams can program an individual FPGA to do the job of many chips. To streamline the design process, design teams heavily leverage the hard IP that vendors incorporate into their FPGA architectures. Design teams also implement soft IP from FPGA vendors, IP vendors, or their own IP. Hard IP that FPGA vendors implement in their devices is typically very high-performance and lowpower. FPGA architectures commonly include hard IP blocks such as dedicated engines that are used only for bitstream decryption and a slew of general system functions like Ethernet MAC/PHY, PCI-E interface, and memory controllers. Some devices also include hardened microprocessor cores. An illustration of the typical Hard IP content of an FPGA is shown in Figure 2.
Soft IP from FPGA and IP vendors can range from standard functions/ blocks IP such as processor cores and graphics engines, to more market- and application-specific specialized functions and interfaces. Where hard IP is already implemented in the silicon and can’t be modified, design teams implement soft IP in programmable logic elements in the FPGA. As such, designers can place IP in almost any location in their FPGA designs. Design teams integrate the hardware description language code (typically Verilog or VHDL) for these soft IP blocks with the rest of the logic description for the design. They then use vendor tools (design software) to compile the design and create a bitstream that programs their design into the FPGA when the chip boots up.
Programming Considerations
![]() Xilinx has a multi-generational commitment to secure technology for the AT Community.
To ensure that programming transfer is secure, some FPGA products support encrypted bitstreams that get decrypted in the dedicated hard IP block inside the FPGA. This methodology allows for a standard development flow that uses in-house, vendor-provided, and third-party Electronic Design Automation (EDA) tools to ensure the system function is correct, and there’s a way to securely transfer the design information to the part. These cryptographic solutions follow the standard and support the NIST Hashed Message Auth entication Code (HMAC) standard for authentication.
The active security systems are grouped into three categories — prevention, detection, and penalty. The prevention methods are active functions that restrict the loading and transferring of data to specific times when the data movement has been approved. The detection methods are focused on the verification or contextual compliance, which can direct a penalty action in response to active overbuilding (cloning) detection, bitstream integrity checking, JTAG activity detection, temperature, and voltage monitoring. The FPGAs also have an eFUSE capability that extends to support a 57-bit Device DNA ID, which can be used to uniquely define a part and help eliminate counterfeiting and overproduction risks. The monitor and detection methods that can be incorporated into the design and are controllable in the device include readback CRC & JTAG disable, and a FIPS 140 system monitor.
The penalty responses from tampering are in the form of data clearing to shut down the operation of the FPGA. These are a keyclear function that will clear the AES key for decryption in BBR as a result of a tamper detect, and IPROG, which is an internal function that responds by clearing the contents of the configuration memory, all of the flipflops, and the key memory (but not the AES encryption key).
Modern FPGA devices are an essential part of high-performance and high-security application systems. The fundamental architectures of the product, the design/development tools, and workflows for the devices have progressively grown in sophistication to incorporate ever more advanced security features necessary for the task.
It should be noted that any AT features enabled at the FPGA-level should always be part of an overall system-level AT solution. The features and techniques outlined in this article will provide for a very good “AT umbrella” for the FPGA itself; however, AT is most effective when it is part of a multi-layer approach developed with the entire system in mind.
Remember, no single AT feature or technique is going to be 100% effective all of the time or solve all your AT needs for the entire system. However, making the adversary’s job as difficult (and expensive) as possible and following a layered approach will almost always yield very good (if not excellent) results.
This article was written by Ed Peterson, Senior Staff Applications Engineer, Xilinx Inc. (San Jose, CA). For more information, visit http://info.hotims.com/40434-500. |
|
楼主
标题置顶
标题高亮
