Electronic digital logic circuitry – Multifunctional or programmable – Array
Reexamination Certificate
2000-11-28
2002-08-27
Tokar, Michael (Department: 2819)
Electronic digital logic circuitry
Multifunctional or programmable
Array
C326S037000, C326S046000
Reexamination Certificate
active
06441641
ABSTRACT:
FIELD OF THE INVENTION
The invention relates to PLDs, more particularly to protection of designs loaded into a PLD through a bitstream.
BACKGROUND OF THE INVENTION
A PLD (programmable logic device) is an integrated circuit structure that performs digital logic functions selected by a designer. PLDs include logic blocks and interconnect lines and typically both the logic blocks and interconnections are programmable. One common type of PLD is an FPGA (field programmable logic device), in which the logic blocks typically include lookup tables and flip flops, and can typically generate and store any function of their input signals. Another type is the CPLD (complex programmable logic device) in which the logic blocks perform the AND function and the OR function and the selection of input signals is programmable.
Problem with Storing Bitstream External to PLD
Designs implemented in PLDs have become complex, and it often takes months to complete and debug a design to be implemented in a PLD. When the design is going into a system of which the PLD is a part and is to be sold for profit, the designer does not want the result of this design effort to be copied by someone else. The designer often wants to keep the design a trade secret. Many PLDs, particularly FPGAs, use volatile configuration memory that must be loaded from an external device such as a PROM every time the PLD is powered up. Since configuration data is stored external to the PLD and must be transmitted through a configuration access port, the privacy of the design can easily be violated by an attacker who monitors the data on the configuration access port, e.g. by putting probes on board traces.
Current Solutions and Their Disadvantages
Efforts have been made to encrypt designs, but it is difficult to make the design both secure from attackers and easy to use by legitimate users. The encryption algorithm is not a problem. Several encryption algorithms, for example, the standard Data Encryption Standard (DES) and the more secure Advanced Encryption Standard (AES) algorithm, are known for encrypting blocks of data. The process of cipher block chaining (CBC), in which an unencrypted data word is XORed with the next encrypted data word before decryption allows the DES or AES to encrypt a serial stream of data and these are therefore appropriate for encrypting a bitstream for configuring a PLD. A key used for encrypting the design must somehow be communicated in a secure way between the PLD and the structure that decrypts the design, so the design can be decrypted by the PLD before being used to configure the PLD. Then, once the PLD has been configured using the unencrypted design, the design must continue to be protected from unauthorized discovery.
A Nov. 24, 1997 publication by Peter Alfke of Xilinx, Inc. entitled “Configuration Issues: Power-up, Volatility, Security, Battery Back-up” describes several steps that can be taken to protect a design in an existing FPGA device having no particular architectural features within the FPGA to protect the design. Loading design configuration data into the FPGA and then removing the source of the configuration data but using a battery to maintain continuous power to the FPGA while holding the FPGA in a standby non-operational mode is one method. However, power requirements on the battery make this method impractical for large FPGA devices.
Nonvolatile configuration memory is another possibility. If the design is loaded at the factory before the device is sold, it is difficult for a purchaser of the configured PLD device to determine what the design is. However, a reverse engineering process in which the programmed device is decapped, metal layers are removed, and the nonvolatile memory cells are chemically treated can expose which memory cells have been charged and thus can allow an attacker to learn the design. Further, nonvolatile memory requires a more complex and more expensive process technology than standard CMOS process technology, and takes longer to bring to market.
It is also known to store a decryption key in nonvolatile memory in a PLD, load an encrypted bitstream into the PLD and decrypt the bitstream using the key within the PLD. This prevents an attacker from reading the bitstream as it is being loaded into the PLD, and does retain the key when power is removed from the PLD. Such an arrangement is described by Austin in U.S. Pat. No. 5,388,157. But this structure does not protect the user's design from all modes of attack.
In addition to design protection, some users need data protection. They may have generated data within the PLD that should not be lost when the PLD loses power. It is desirable to protect such data.
There remains a need for a design protection method that is convenient, reliable, and secure.
SUMMARY OF THE INVENTION
The invention provides several structures and methods for protecting a PLD from unauthorized use and data loss.
If the PLD is configured by static RAM memory that must be loaded on power-up, the configuration data must be protected as it is being loaded into the device. As in the prior art, this is accomplished by encrypting the configuration data for storing it in a memory outside the integrated circuit device, loading one or more decryption keys into the PLD and maintaining the keys in the PLD when powered down, including a decryption circuit within the PLD that uses the key to decrypt the configuration data, generating decrypted configuration data within the PLD and configuring the PLD using the decrypted configuration data.
For additional security, rather than using nonvolatile memory to preserve keys, the invention preferably uses a battery connected to the PLD to preserve the key when power is removed from the PLD. Whereas it is possible to remove a PLD storing keys in nonvolatile memory, decap the PLD and observe which of the nonvolatile bits are programmed to logic 1 and which are programmed to logic 0, it is believed that it is very difficult to determine the contents of keys stored only in static memory cells since power must be maintained to the memory cells storing the keys in order for the keys to even be stored, and the PLD would have to be decapped, delayered, and probed while operating power is continuous to the PLD.
Ways an Attacker Can Steal a Design Once Loaded into a PLD
If a key does not offer sufficient security, an attacker may break the encryption code and determine the value of the key. The well-known Data Encryption Standard DES used a 56-bit encryption key, and has been broken in a few hours by a sophisticated computer to reveal the key. DES is described by Bruce Schneier in “Applied Cryptography Second Edition: protocols, algorithms, and source code in C” copyright 1996 by Bruce Schneier, published by John Wiley & Sons, Inc., at pages 265-278. If it is desirable to use such a well known encryption standard, then in order to increase security, the configuration data may be encrypted several times using different keys each time, thus strengthening the encryption code by about 2
56
each time the encryption is repeated. Or it may be encrypted using a first key, decrypted using a second key, and encrypted using a third key, a combination that is part of the triple DES standard. Other encryption algorithms may also be used, and it is not necessary to keep the algorithm secret since the security resides in the key. When the encryption method is symmetrical, the same keys used for encryption are stored in the PLD and used in reverse order for decryption.
In a PLD offering multiple keys, if the number of keys to be used and the addresses of all keys were provided in an unencrypted bitstream, an attacker might be able to attack the keys one at a time and more easily determine the key values. To avoid such attack, additional security is achieved by storing within the keys, not the bitstream, an indication of how many keys are to be used and whether a key is the last key of a set or whether more are to follow.
If the PLD offers the option of reading back the bitstream after it has been loaded into the PLD, another
Alfke Peter H.
Frake Scott O.
Goetting F. Erich
Kondapalli Venu M.
Pang Raymond C.
Brown Scott R.
Tokar Michael
Tran Anh
Xilinx , Inc.
Young Edel M.
LandOfFree
Programmable logic device with partial battery backup does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Programmable logic device with partial battery backup, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Programmable logic device with partial battery backup will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2880382