Secure field-programmable gate array (FPGA) architecture

US 8,516,268 B2
Filed: 08/23/2010
Issued: 08/20/2013
Est. Priority Date: 08/23/2010
Status: Active Grant

First Claim

Patent Images

1. A method of configuring a field-programmable gate array (FPGA), the method comprising:

receiving, at an FPGA, an encrypted FPGA load-decryption key from a remote key-storage device, wherein the remote key-storage device is external to and operatively connected with the FPGA;

calculating, at the FPGA, an ephemeral session key;

decrypting the encrypted FPGA load-decryption key in a key-security unit using the ephemeral session key to provide a decrypted FPGA load-decryption key;

receiving encrypted FPGA-configuration data at the FPGA;

decrypting and authenticating, in a configuration-data security unit, the FPGA-configuration data using the decrypted FPGA load-decryption key,wherein decrypting the FPGA-configuration data includes performing a function on the FPGA-configuration data to obtain an initialization vector, or extracting an initialization vector from the FPGA-configuration data;

receiving a challenge message at the FPGA from an authentication device, wherein the authentication device is external to and operatively connected with the FPGA;

encrypting the challenge message in a state-encryption unit using the initialization vector to generate a response message; and

sending the response message to the authentication device, wherein the authentication device decrypts the response to generate a decrypted challenge message and compares the challenge message with the decrypted challenge message to determine the authenticity of the FPGA-configuration data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message. The response message may then be sent to the authentication device to determine authenticity of the FPGA-configuration data.

Citations

23 Claims

1. A method of configuring a field-programmable gate array (FPGA), the method comprising:
- receiving, at an FPGA, an encrypted FPGA load-decryption key from a remote key-storage device, wherein the remote key-storage device is external to and operatively connected with the FPGA;
  
  calculating, at the FPGA, an ephemeral session key;
  
  decrypting the encrypted FPGA load-decryption key in a key-security unit using the ephemeral session key to provide a decrypted FPGA load-decryption key;
  
  receiving encrypted FPGA-configuration data at the FPGA;
  
  decrypting and authenticating, in a configuration-data security unit, the FPGA-configuration data using the decrypted FPGA load-decryption key,wherein decrypting the FPGA-configuration data includes performing a function on the FPGA-configuration data to obtain an initialization vector, or extracting an initialization vector from the FPGA-configuration data;
  
  receiving a challenge message at the FPGA from an authentication device, wherein the authentication device is external to and operatively connected with the FPGA;
  
  encrypting the challenge message in a state-encryption unit using the initialization vector to generate a response message; and
  
  sending the response message to the authentication device, wherein the authentication device decrypts the response to generate a decrypted challenge message and compares the challenge message with the decrypted challenge message to determine the authenticity of the FPGA-configuration data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 23)
- - 2. The method of claim 1, wherein the FPGA-configuration data is decrypted using an advanced encryption standard counter with cipher-block chaining-message authentication code (AES-CCM) encryption code.
  - 3. The method of claim 1, wherein the encrypted FPGA-configuration data is received from a memory device including a programmable read-only memory (PROM) device.
  - 4. The method of claim 1, wherein the step of decrypting and authenticating the FPGA-configuration data is non-bypassable for configuring the FPGA.
  - 5. The method of claim 1, wherein the challenge message is encrypted using an advanced encryption standard cipher-block chaining (AES-CBC) encryption mode.
  - 6. The method of claim 1, wherein the ephemeral session key is stored both in the FPGA and in the remote key-storage device.
  - 7. The method of claim 6, wherein the ephemeral session key is calculated at the FPGA and the remote key-storage device using a key-agreement protocol.
  - 8. The method of claim 7, wherein the key-agreement protocol comprises one of a Menezes-Qu-Vanstone (MQV) protocol, and Elliptic-curve MQV (EC-MQV) protocol, and a Diffie-Hellman protocol.
  - 9. The method of claim 1, wherein calculating the ephemeral session key comprises obtaining a binary representation of an x-coordinate of an ephemeral public key on an elliptical curve.
  - 10. The method of claim 1, wherein the FPGA is further configured for calculating the entirety of the ephemeral session key.
  - 23. An article of manufacture comprising a non-transitory computer-readable medium that contains computer instructions therein which, when executed by a processor, carries out the method of claim 2.

11. A non-transitory system for configuring a field-programmable gate array (FPGA), the non-transitory system comprising:
- a key interface configured for receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device, wherein the remote key-storage device is external to and operatively connected with the FPGA;
  
  a key-security unit configured for calculating an ephemeral session key;
  
  the key-security unit further configured for decrypting, using the ephemeral session key, the encrypted FPGA load-decryption key to provide a decrypted FPGA load-decryption key;
  
  a load interface configured for receiving encrypted FPGA-configuration data at the FPGA;
  
  a configuration-data security unit configured for decrypting and authenticating the FPGA-configuration data using the decrypted FPGA load-decryption key,wherein decrypting the FPGA-configuration data includes performing a function on the FPGA-configuration data to obtain an initialization vector, or extracting an initialization vector from the FPGA-configuration data;
  
  an authentication input interface configured for receiving a challenge message at the FPGA from an authentication device, wherein the authentication device is external to and operatively connected with the FPGA;
  
  a state-encryption unit for encrypting the challenge message in a state-encryption unit using the initialization vector to generate a response message; and
  
  an authentication output interface configured for sending the response message to the authentication device, wherein the authentication device decrypts the response to generate a decrypted challenge message and compares the challenge message with the decrypted challenge message to determine the authenticity of the FPGA-configuration data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. The non-transitory system of claim 11, wherein the configuration-data security unit is configured for decrypting the FPGA-configuration data using an advanced encryption standard counter with cipher-block chaining-message authentication code (AES-CCM) encryption mode.
  - 13. The non-transitory system of claim 11, wherein the encrypted FPGA-configuration data is received at the load interface from a memory device comprising a programmable read-only memory (PROM) device.
  - 14. The non-transitory system of claim 11, wherein at least one of the key-security unit, the configuration-data security unit and the state-encryption unit is internal to the FPGA.
  - 15. The non-transitory system of claim 11, wherein the configuration-data security unit is non-bypassable for configuring the FPGA.
  - 16. The non-transitory system of claim 15, wherein the state-encryption unit encrypts the challenge message using an advanced encryption standard cipher-block chaining (AES-CBC) encryption mode.
  - 17. The non-transitory system of claim 11, wherein the initialization vector is determined based on at least a part of the FPGA-configuration data.
  - 18. The non-transitory system of claim 11, wherein both the FPGA and the remote key-storage device are configured for storing ephemeral session key.
  - 19. The non-transitory system of claim 18, wherein the FPGA and the remote key-storage device are configured for calculating the ephemeral session key using a key-agreement protocol.
  - 20. The non-transitory system of claim 19, wherein the key-agreement protocol comprises one of a Menezes-Qu-Vanstone (MQV) protocol, an Elliptic-curve MQV (EC-MQV) protocol, and a Diffie-Hellman protocol.
  - 21. The non-transitory system of claim 19, wherein the remote key-storage device includes a secure processor, wherein the secure processor is configured for using the key-agreement protocol and for facilitating the generation of the ephemeral session key as an output of the remote key-storage device.
  - 22. The non-transitory system of claim 11, further comprising a programmable logic circuit programmed using the FPGA-configuration data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon Company (Rtx Corporation)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Woodall, Thomas R.
Primary Examiner(s)
GEORGANDELLIS, ANDREW C

Application Number

US12/861,586
Publication Number

US 20120047371A1
Time in Patent Office

1,093 Days
Field of Search

713/189
US Class Current

713/189
CPC Class Codes

G06F 21/76 in application-specific int...

Secure field-programmable gate array (FPGA) architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Secure field-programmable gate array (FPGA) architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links