Intel® Stratix® 10 Secure Device Manager Provides

Introduction



Over the last ten to twenty years, all major FPGA component providers have
invested in security features to protect their users’ proprietary and sensitive
designs. These features have existed for several generations of FPGA families,
and primarily focus on the encryption and later authentication of confguration bit
streams. Over time, many of these features have proven valuable while others have
shown themselves to be vulnerable to published attacks and probing techniques.
Just as the explosive growth of cloud computing, software as a service, and the
‘Internet of Things’ have introduced entirely new classes of threats to the Internet
(i.e., cyber security), the complexities of FPGA products and customer designs have
contributed to an increase in potential malicious attacks on FPGAs and SoCs.
Despite FPGA company investment in new security capabilities and structures,
the fxed and predictable nature of the device confguration process itself
is an untapped area of security investment. In both SRAM and flash device
confguration processes, fxed state machines manage the order of authentication,
decryption, decompression, and actual device confguration. What is needed
is a failsafe, strongly authenticated but programmable security scheme, with
modern encryption blocks and hardware-based identity. Intel has recognized
these challenges and requirements across users of FPGA security features, and
responded with the design of the security architecture of Intel® Stratix® 10 FPGAs
and SoCs (formerly Altera® Stratix 10 FPGAs and SoCs)