UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Visitor floke
Visitor
11,527 Views
Registered: ‎05-11-2010

encrypted bitstream on Virtex-5

Hi, I'm having some questions on encrypted bitstreams in virtex-5.

1) In Virtex-5 FPGA Configuration Guide UG191 it states that Fallback reconfiguration is disabled after encryption is enabled. Why is this the case?

 

2) In "Solving Today's Design Security Concerns WP365" it says:  Authentication such as in Virtex-6 protects from altering the bitstream. What does this mean? Can an attacker modify a bit in an encrypted bitstream and the device would still configure if authentication isn't used?

0 Kudos
5 Replies
Scholar austin
Scholar
11,506 Views
Registered: ‎02-27-2008

Re: encrypted bitstream on Virtex-5

f,

 

1.  In order to prevent attacks, any features that attempt to recover are not enabled (as that would aid an attacker).

 

2.  The methods used prevent changing any bit (any change forces the bitstream to be rejected).  This is also important in security (cryptography).  Read about authentication  The authetication is built in, it cannot be disabled as it is part of the decryption process.  V5 does allow some types of attack, as its authentication was not as robust as later devices.

 

Austin Lesea
Principal Engineer
Xilinx San Jose
0 Kudos
Xilinx Employee
Xilinx Employee
11,503 Views
Registered: ‎08-01-2012

Re: encrypted bitstream on Virtex-5

The below link documents give some useful information for your requirement

http://www.xilinx.com/support/answers/55568.htm

http://www.xilinx.com/support/documentation/white_papers/wp365_Solving_Security_Concerns.pdf

http://forums.xilinx.com/xlnx/board/crawl_message?board.id=Virtex&message.id=18341

 

________________________________________________

Please mark this post as an "Accept as solution" in case if it helped to resolve your query. So that it will help to other forum users to directly refer to the answer.

Give kudos to this post in case if you think the information is useful and reply oriented.

0 Kudos
Visitor floke
Visitor
11,477 Views
Registered: ‎05-11-2010

Re: encrypted bitstream on Virtex-5

Thanks for your answers,

 

A,

1) Would you care to explain why fallback with encrypted bitstreams could aid an attacker? Are two bitstreams encrypted with the same key be less secure than one? 

 

2) OK, I understand now the authentication (in V6) is part of the config process and isn't optional.

Although possible to manipulate, the encrypted V5 bitstreams would not be possbile to copy. Is that correct?

 

M,

Your last link leads to this thread. Was that inentional?

0 Kudos
Scholar austin
Scholar
11,471 Views
Registered: ‎02-27-2008

Re: encrypted bitstream on Virtex-5

f,

 

1.  I leave that up to you to figure out.  It isn't up to me to help attackers succeed in an attack.  If you do not recognize it as a weakness, I am not going to explain it to you.

 

2.  A copy of the encrypted bitstream is easy to make.  And, if you know the key, easy to use.  Tying  a bitstream to a specific device requires a unique bitstream/key pair.  Or, it must somehow use something unique about that specific FPGA device.  To enable that capability is presently something that has lot of people seriously trying to figure out a reliable method to do.

 

 

Austin Lesea
Principal Engineer
Xilinx San Jose
0 Kudos
Visitor floke
Visitor
11,468 Views
Registered: ‎05-11-2010

Re: encrypted bitstream on Virtex-5

A,

1) I think you'll be perfectly safe telling me how. I, or anyone else for that matter, could not use this attack method since V5 does not support fallback with encrypted bitfiles anyhow!

 

2) OK thanks for clarifying. 

0 Kudos