Many modern FPGAs and microcontrollers provide security features that design engineers should consider using. Some of these include: tamper detection, one-time programmable memory, fused memory access and data stream encryption. Each of these features has both strengths and weaknesses. Typically, there is a trade-off between security and flexibility.
One example is Altera's Cyclone IV FPGA, which offers security features to help ensure that valuable IP is not tampered with or intercepted. SRAM-based FPGAs are volatile and require a configuration bit stream sent from a flash memory or configuration device to the FPGA at power-up. To prevent the configuration bit stream from being intercepted during transmission and to provide design security, Altera's FPGAs use the advanced encryption standard (AES) and a 128-bit or 256-bit key for configuration bit stream encryption. The secure configuration flow is carried out in three steps:
1. The user-defined AES key is programmed into the volatile or non-volatile key storage.
2. Quartus® II design software uses the same AES key to generate an encrypted configuration file, which is then stored in an external flash memory or configuration device.
3. At power-up, the flash memory or configuration device sends the encrypted configuration file to the Altera® FPGA, which then uses the stored AES key to decrypt the file and configure itself.
For more reading on this topic, see:
Cyber Attacks
Wireless Devices Vulnerable to Hacking
-NM