This application is directed to field-programmable gate array (FPGA) devices and, in particular, to secure FPGA devices in which the confidentiality and authenticity of the FPGA load is desired.
Conventionally, techniques for configuring or programming an FPGA include encrypting configuration data, and storing the encrypted data in a memory unit within the FPGA or in an external storage device operatively connected with the FPGA. However, typically, the key to encrypt and decrypt (at the time of FPGA configuration) configuration data is stored internally in a memory unit in the FPGA. Alternatively, the key may be stored externally, and may be passed to the FPGA for configuration through a standard interface, such as the Joint Test Action Group (JTAG) interface. However, both these key management implementations do not provide a sufficiently robust method for confidentiality or authentication of the FPGA key or FPGA-configuration data.
Such key management implementations may be susceptible to an attack by a malicious entity, which may result in an unauthorized access to the FPGA key. The FPGA key may be captured from the unsecured storage unit in the FPGA, or may be captured during an unsecure transfer in the JTAG interface. The captured key may be then be used by an adversary to decrypt the FPGA-configuration data and make unauthorized copies. Alternatively, or in addition, the configuration data may be reverse-engineered to understand the functionality of the FPGA, and may be further modified to make the FPGA perform unintended functions.
What is needed is a system and method for maintaining the confidentiality of a decryption key for FPGA-configuration data, and conducting recurring authentication of the FPGA-configuration data thereafter.