UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer
Explorer
650 Views
Registered: ‎08-31-2016

Xilinx FPGAs Digital Security : Encryption vs Authentication

Jump to solution

Hello,

Firstly, I want to know the difference between encrypting the bitstream file and having an authentication based security for FPGA?

Is there a way to secure my IP/FPGA design by using both encryption and authentications?

How are encryption and authentication implementations done for 7 series FPGA development boards?

Regards,

Vinay Shenoy

 

Vinay Shenoy
0 Kudos
1 Solution

Accepted Solutions
588 Views
Registered: ‎01-22-2015

Re: Xilinx FPGAs Digital Security : Encryption vs Authentication

Jump to solution

Hi Vinay,

Most (maybe all?) Xilinx FPGAs have no internal nonvolatile memory for storing the bitstream. Hence, the bitstream must be stored external to the FPGA and loaded into the FPGA during power-up/FPGA-configuration. External storage of the bitstream makes it vulnerable to snooping/copying and tampering.

In short, encryption prevents snooping/copying whereas authentication detects tampering.

Encryption uses a key (called the AES key) to scramble(encrypt) the bitstream. The key can also be used to unscramble(decrypt) the bitstream. In practice, you use the Xilinx tools to create the key and to encrypt the bitstream. You then load the key to a special location in the FPGA that (in theory) cannot be read. You also load the encrypted bitstream into the external memory.  Then, during FPGA configuration, the FPGA uses the key to unscramble(decrypt) the bitstream as it is loaded from external memory.

Authentication is used to detect whether someone has maliciously tampered with the bitstream. When tampering is detected by authentication then the tampered bitstream will not be loaded into the FPGA. You can think of authentication as a kind of advanced CRC (cyclic-redundancy-check).   Again, a key (called the HMAC key) is used. Like a CRC, the HMAC key is embedded in the AES-key encrypted bitstream.

So, Xilinx encryption and authentication are meant to be used together.

There is a nice summary of encryption and authentication in the section called “Bitstream Authentication – Overview” on about page 100 of UG470.  XAPP1084 has other information.

You should be very careful when using encryption.  If you make a mistake loading the AES-key into the FPGA then your FPGA is effectively destroyed - since the FPGA will be unable to load/decrypt any bitstream and (when the key is loaded to eFUSE storage) you can only load the key once.

Cheers,
Mark

5 Replies
589 Views
Registered: ‎01-22-2015

Re: Xilinx FPGAs Digital Security : Encryption vs Authentication

Jump to solution

Hi Vinay,

Most (maybe all?) Xilinx FPGAs have no internal nonvolatile memory for storing the bitstream. Hence, the bitstream must be stored external to the FPGA and loaded into the FPGA during power-up/FPGA-configuration. External storage of the bitstream makes it vulnerable to snooping/copying and tampering.

In short, encryption prevents snooping/copying whereas authentication detects tampering.

Encryption uses a key (called the AES key) to scramble(encrypt) the bitstream. The key can also be used to unscramble(decrypt) the bitstream. In practice, you use the Xilinx tools to create the key and to encrypt the bitstream. You then load the key to a special location in the FPGA that (in theory) cannot be read. You also load the encrypted bitstream into the external memory.  Then, during FPGA configuration, the FPGA uses the key to unscramble(decrypt) the bitstream as it is loaded from external memory.

Authentication is used to detect whether someone has maliciously tampered with the bitstream. When tampering is detected by authentication then the tampered bitstream will not be loaded into the FPGA. You can think of authentication as a kind of advanced CRC (cyclic-redundancy-check).   Again, a key (called the HMAC key) is used. Like a CRC, the HMAC key is embedded in the AES-key encrypted bitstream.

So, Xilinx encryption and authentication are meant to be used together.

There is a nice summary of encryption and authentication in the section called “Bitstream Authentication – Overview” on about page 100 of UG470.  XAPP1084 has other information.

You should be very careful when using encryption.  If you make a mistake loading the AES-key into the FPGA then your FPGA is effectively destroyed - since the FPGA will be unable to load/decrypt any bitstream and (when the key is loaded to eFUSE storage) you can only load the key once.

Cheers,
Mark

Explorer
Explorer
545 Views
Registered: ‎08-31-2016

Re: Xilinx FPGAs Digital Security : Encryption vs Authentication

Jump to solution

Hi markg@prosensing.com

Thank you for the best explaination.

What is the difference between encrypting a bitstream (With AES key) and setting a bistream security to LEVEL1/2 in GUI?

Is basic form of bitstream security (LEVEL 1) really useful to prevent bitstream readback?

I have above question as I don't have any extra battery backed RAM nor eFuse. My intention here is to prevent a third party from reading the bitstream information and to authenticate the bitstream file through an external authenticator ICs.

Kind Regards,

Vinay

 

 

Vinay Shenoy
0 Kudos
494 Views
Registered: ‎01-22-2015

Re: Xilinx FPGAs Digital Security : Encryption vs Authentication

Jump to solution

Vinay,

     What is the difference between encrypting a bitstream (With AES key) and setting a bistream security to LEVEL1/2 in GUI?
In short, UG470 says that LEVEL1/LEVEL2 security prevents readback of the bitstream back from an FPGA that is configured and running.  The problem with using only LEVEL1/LEVEL2 security is that you will have an unencrypted bitstream sitting in external memory (unless you plan to keep the FPGA running all the time), where it can be read by a third party.

     My intention here is to prevent a third party from reading the bitstream information and to authenticate the bitstream file through an external authenticator ICs.
An external authenticate/encrypt helps but, during FPGA configuration, you will be passing an unencrypted bitstream to the FPGA, which a third-party could intercept and read.  It is better to pass an encrypted bitstream to the FPGA and have the bitstream decryption occur inside the FPGA where a third party cannot see what is happening (ie. use the AES-key method).

     I don't have any extra battery backed RAM nor eFuse.
I believe that all Xilinx 7-Series FPGAs have the special battery-backed RAM and eFUSE that is used to store the AES-key.  Are you saying that you are using these special storage locations for something else?

Mark

Explorer
Explorer
421 Views
Registered: ‎08-31-2016

Re: Xilinx FPGAs Digital Security : Encryption vs Authentication

Jump to solution

Hi markg@prosensing.com

Thank you.

What I meant earlier, was that, I don't have a battery in my custom board. So I can't go for BBRAM option. eFuse is something not very clear to me at present and I don't know its requirements, limitations and depth in implementation.

In your first reply you had meantioned this "You should be very careful when using encryption.  If you make a mistake loading the AES-key into the FPGA then your FPGA is effectively destroyed - since the FPGA will be unable to load/decrypt any bitstream and (when the key is loaded to eFUSE storage) you can only load the key once"

I have done encrypting the bitstream file, loading the key to BBRAM and programming the FPGA for one of the Xilinx dev. boards and things seemed pretty simple and straightforward. With BBRAM method, I was able to load any unencrypted bitstream and also clear keys stored from BBRAM.

Was your caution related to using eFuse storage method? 

Regards,

Vinay 

 

Vinay Shenoy
0 Kudos
Highlighted
404 Views
Registered: ‎01-22-2015

Re: Xilinx FPGAs Digital Security : Encryption vs Authentication

Jump to solution

Vinay,

     Was your caution related to using eFuse storage method?
Yes. BBRAM and eFUSE are both memory inside the 7-Series FPGA where you can store the AES key. Tables 2 and 3 in XAPP1084 show advantages and disadvantages of using BBRAM and eFUSE. The important point is that eFUSE memory can only be programmed once - because bits of the eFUSE memory are actually fuses that are blown when you set the bit to 1. My caution comes from the Caution! below Table 5-17 in UG470 which says “When FUSE_CNTL[0] is programmed, only bitstreams encrypted with the eFUSE key can be used to configure the FPGA through external configuration ports.”. So, you can get into trouble if you program the eFUSE bit called FUSE_CNTL[0] to 1.

Here are problems that could occur after you set FUSE_CNTL[0]=1:

  • If you incorrectly wrote the AES-key to the other eFUSE bits then you could no longer send a bitstream to the FPGA.
  • If you lost the AES-key then you could not create a properly encrypted bitstream for sending to the FPGA .
  • The caution below Table 5-17 also says “Xilinx does not support … iMPACT indirect SPI/BPI flash programming for devices that have the FUSE_CNTL[0] bit programmed.”. This means (I think) that if your FPGA reads the encrypted bitstream from flash and you program the flash with iMPACT (thru the FPGA) then you must program the flash first before setting FUSE_CNTL[0]=1.

Mark

Tags (3)