打印

美国航空航天局技术-FPGA在新一代安全A&D系统中的作用

[复制链接]
1612|4
手机看帖
扫描二维码
随时随地手机跟帖
跳转到指定楼层
楼主
feihong777|  楼主 | 2012-11-26 11:49 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
FPGA, TI, AN, TE, IO
《美国国家航空航天局技术简报》近期在 6 月刊中以封面报道的形式刊登了《FPGA 在新一代安全 A&D 系统中的作用》一文。该**由 Xilinx 高级研究员应用工程师 (Senior Staff Applications Engineer) Ed Peterson 执笔。
The Role of FPGAs in Next- Generation Secure A&D Systems

Because an FPGA is programmable, companies can make changes to their systems even after they are deployed in the field. This is especially desirable in the A&D space, because design teams or technicians can make adjustments to the FPGAs in their systems to address new security threats or to simply upgrade systems to meet any new requirements for encryption standards like TDES to AES.
Because today’s FPGAs include millions of programmable logic elements, design teams can program an individual FPGA to do the job of many chips. To streamline the design process, design teams heavily leverage the hard IP that vendors incorporate into their FPGA architectures. Design teams also implement soft IP from FPGA vendors, IP vendors, or their own IP. Hard IP that FPGA vendors implement in their devices is typically very high-performance and lowpower. FPGA architectures commonly include hard IP blocks such as dedicated engines that are used only for bitstream decryption and a slew of general system functions like Ethernet MAC/PHY, PCI-E interface, and memory controllers. Some devices also include hardened microprocessor cores. An illustration of the typical Hard IP content of an FPGA is shown in Figure 2.
Soft IP from FPGA and IP vendors can range from standard functions/ blocks IP such as processor cores and graphics engines, to more market- and application-specific specialized functions and interfaces. Where hard IP is already implemented in the silicon and can’t be modified, design teams implement soft IP in programmable logic elements in the FPGA. As such, designers can place IP in almost any location in their FPGA designs. Design teams integrate the hardware description language code (typically Verilog or VHDL) for these soft IP blocks with the rest of the logic description for the design. They then use vendor tools (design software) to compile the design and create a bitstream that programs their design into the FPGA when the chip boots up.
Programming Considerations

Xilinx has a multi-generational commitment to secure technology for the AT Community.
Programming FPGAs requires some planning to ensure that security aspects are addressed and implemented early enough in the design flow so as to not impact floor planning, resource, or pinout requirements. Practical designs require a security-centric design methodology. These security measures, also called anti-tamper (AT), can be grouped into two categories — active and passive security. The table shows the various active and passive security options in the Xilinx FPGA family.Passive security measures are those that do not require the user to do anything special other than select their use during various phases of the design cycle. The phases of the FPGA design cycle are no-power, power with no configuration, and configured. In the no-power condition, there are two major security options for storing the decryption key for the bitstream that is being used — Battery Backed and eFUSE. eFuse is a built-in technology and does not require additional components. BBRAM supports both active and passive key clearing but requires an external battery, which requires supplier support for operation at high-temp and long lifetimes.
To ensure that programming transfer is secure, some FPGA products support encrypted bitstreams that get decrypted in the dedicated hard IP block inside the FPGA. This methodology allows for a standard development flow that uses in-house, vendor-provided, and third-party Electronic Design Automation (EDA) tools to ensure the system function is correct, and there’s a way to securely transfer the design information to the part. These cryptographic solutions follow the standard and support the NIST Hashed Message Auth entication Code (HMAC) standard for authentication.
The active security systems are grouped into three categories — prevention, detection, and penalty. The prevention methods are active functions that restrict the loading and transferring of data to specific times when the data movement has been approved. The detection methods are focused on the verification or contextual compliance, which can direct a penalty action in response to active overbuilding (cloning) detection, bitstream integrity checking, JTAG activity detection, temperature, and voltage monitoring. The FPGAs also have an eFUSE capability that extends to support a 57-bit Device DNA ID, which can be used to uniquely define a part and help eliminate counterfeiting and overproduction risks. The monitor and detection methods that can be incorporated into the design and are controllable in the device include readback CRC & JTAG disable, and a FIPS 140 system monitor.
The penalty responses from tampering are in the form of data clearing to shut down the operation of the FPGA. These are a keyclear function that will clear the AES key for decryption in BBR as a result of a tamper detect, and IPROG, which is an internal function that responds by clearing the contents of the configuration memory, all of the flipflops, and the key memory (but not the AES encryption key).
Modern FPGA devices are an essential part of high-performance and high-security application systems. The fundamental architectures of the product, the design/development tools, and workflows for the devices have progressively grown in sophistication to incorporate ever more advanced security features necessary for the task.
It should be noted that any AT features enabled at the FPGA-level should always be part of an overall system-level AT solution. The features and techniques outlined in this article will provide for a very good “AT umbrella” for the FPGA itself; however, AT is most effective when it is part of a multi-layer approach developed with the entire system in mind.
Remember, no single AT feature or technique is going to be 100% effective all of the time or solve all your AT needs for the entire system. However, making the adversary’s job as difficult (and expensive) as possible and following a layered approach will almost always yield very good (if not excellent) results.
This article was written by Ed Peterson, Senior Staff Applications Engineer, Xilinx Inc. (San Jose, CA). For more information, visit http://info.hotims.com/40434-500.

相关帖子

沙发
GoldSunMonkey| | 2012-11-26 20:16 | 只看该作者
:lol感觉我的月薪应该加价了。

使用特权

评论回复
板凳
gtekled| | 2012-11-27 16:30 | 只看该作者
全是英文呀,看不太懂

使用特权

评论回复
地板
GoldSunMonkey| | 2012-11-27 18:07 | 只看该作者
:lol
Backkom80 发表于 2012-11-27 08:10
快来恭喜我啊。

使用特权

评论回复
发新帖 我要提问
您需要登录后才可以回帖 登录 | 注册

本版积分规则

132

主题

438

帖子

0

粉丝