The recent introduction of 90nm non-volatile Spartan-3AN FPGAs that provide SRAM FPGA system-level functionality (multipliers for DSP; block, distributed, and flash memories for storage and embedded code; digital clock management for multiple clock domains; power management for less heat dissipation, etc.) clearly moves the non-volatile FPGA to the heart of the system.
Non-volatile FPGAs are widely known for their higher level of security. As non-volatile FPGAs move to the core of the system, the need for security rises dramatically. To provide the next level of design security, 90nm non-volatile Spartan-3AN FPGAs utilize features such as Device DNA, a one-time programmable (OTP) storage area, and abundant flash memory for increasing data complexity.
First, let's take a look at the architecture of the Spartan-3AN and its ability to address the needs and operations found in the core of many systems today. This 90nm non-volatile FPGA is providing functionality never before available in the non-volatile FPGA market. Until now, FPGA-based designs requiring dedicated 18×18 multipliers, advanced carry chains for the construction of fast accumulates, and the block memories that are the building blocks for complex DSP functions like filters, error correction routines, encryption, and decryption could only be achieved with SRAM-based FPGAs. Now, all of these features can be easily incorporated right into a non-volatile design.
Functions found at the heart of the system are – in most cases – the primary value and key competitive edge in designs. In today's world of overbuilding, cloning, and reverse engineering, corporate success can teeter on protecting the heart of the system.
The basic concept of Spartan-3AN design-level security can be compared to the act of accessing an ATM; inserting the bank card – the Device DNA – and authenticating identity by entering a Personal Identification Number (PIN) – the Authorization Algorithm. Even if someone steals the ATM card, they cannot use it without also using the PIN number. The system then compares the information entered with the previously stored information on the bank's computer (the stored authorization code). If there's a match, the ATM is authorized to perform the desired function; otherwise the operation fails. This is the same process that can be used with the security features of a Spartan-3AN non-volatile FPGA.
However, the weakness in this system is if someone somehow obtains both the ATM card and its associated PIN. The PIN authorization algorithm number, once learned, is easily cloned. This is why the authorization algorithm is incorporated into the design itself. The algorithm is placed in the most secret location inside of programmable logic with millions of configuration options.
Spartan-3AN non-volatile FPGAs offer several security enhancements. The first security enhancement is the hidden bitstream that resides inside of the package while the device is configured. This makes it much more difficult to monitor the bitstream and copy it. The second enhancement is two unique ID numbers, the Device DNA that resides in the FPGA fabric, and the Factory Flash ID which is found in the flash memory. These two unique IDs not only provide more than 70 bytes of serial numbers resulting in a large number of algorithmic possibilities, but they also dramatically increase the time required to possibly breach the authentication algorithm. Now, the design can be specifically tied to both the FPGA and the flash IDs. Having two unique IDs is like requiring two different cards for the ATM machine (Fig 1).
1. Having two unique IDs is like requiring two
different cards for an ATM machine.
The third improvement is the provision of a stored authorization code; on the Xilinx Spartan-3AN platform for example, this authorization code can be stored on-chip in a special one-time programmable 64-byte register known as the Flash User Field. This allows the complete security system to be self-contained with no need of external interfaces or storage, thereby increasing the overall security and making it more difficult for anyone to reverse engineer.
Implementing design-level security
At the center of the Spartan-3AN's design-level security are two unique serial numbers. The device DNA is a unique nonvolatile permanently programmed factory serial number embedded in the FPGA fabric. The flash memory also contains a Factory Flash ID, which is a one-time factory programmable serial number. Both IDs are different in every device, thus allowing the design to be tied to a specific FPGA and flash memory. If someone tries to clone or copy the authenticated bitstream to a different device, it will have two different ID numbers, resulting in the non-authentication of the design. The device DNA is a 57-bit long serial number while the Factory Flash ID is a 64-byte long serial number. Together they represent 70 bytes of unique ID code that can be read by the user defined authentication algorithm. This algorithm merges both the IDs in a way known only to the designer.
The authentication algorithm is user defined to allow the designer to implement the appropriate level of security at the correct system cost. The authentication algorithm is also the primary secret in the security system. The algorithm being unknown is the key to the design-level security. Because the algorithm is implemented in the fabric of the FPGA, it becomes a handful of bits in the millions of configuration bits in the FPGA. Unless one knows how the bits fit together, or the algorithm, it's just a mass of numbers.
The user-defined algorithm can be as simple or complex as the system requires, from a simple hashing algorithm to a more complex triple DES, AES 64 / 128 / 256 bits, or even a fully customized polynomial. This flexibility is key for additional security as well as easy modification of the algorithm from generation to generation. With two unique serial numbers, multiple authentication algorithms can coexist in the same application for additional security.
The Spartan-3AN's design-level security – as illustrated in Fig 2 – provides a complete self-contained security solution. The flash contains both the FPGA configuration bitstream and a previously generated authorization code. This code is stored in the one-time programmable flash user field by a trusted/secured manufacturer or registration process. At power-up, the FPGA configures normally. Once configured, the FPGA application includes circuitry that validates that the design is authorized to operate on the associated FPGA. The Device DNA and Factory Flash ID will be read by the authentication algorithm, which will – in turn – generate the active authorization code that is compared to the previously generated authorization code stored in the flash user field. If both codes are equal, the device is authenticated; otherwise the device is illegitimate and unauthorized.
2. A completely self-contained security solution.
