A Key Management Architecture for Securing Off-Chip Data Transfers on an FPGA

Abstract

Data security is becoming ever more important in embedded and portable electronic devices. The sophistication of the analysis techniques used by attackers is amazingly advanced. Digital devices' external interfaces to memory and communications interfaces to other digital devices are vulnerable to malicious probing and examination. A hostile observer might be able to glean important details of a device's design from such an interface analysis. Defensive measures for protecting a device must therefore be even more sophisticated and robust.

This thesis presents an architecture that acts as a secure wrapper around an embedded application on a Field Programmable Gate Array (FPGA). The architecture includes functional units that serve to authenticate a user over a secure serial interface, create a key with multiple layers of security, and encrypt an external memory interface using that key. In this way, the wrapper protects all of the digital interfaces of the embedded application from external analysis. Cryptographic methods built into the system include an RSA-related secure key exchange, the Secure Hash Algorithm, a certificate storage system, and the Data Encryption Standard algorithm in counter mode. The principles behind the encrypted external memory interface and the secure authentication interface can be adjusted as needed to form a secure wrapper for a wide variety of embedded FPGA applications.