关于fpga加密的问题
目前我们开发一个项目,研发已经接近完成,面临批量生产,用的控制芯片是fpga,xilinx spartan 6 lx16.
有几个问题请教:
1.通常窃取设计的方法有几种?
2.如何对fpga进行加密,使得我的源代码不被人窃取?
3.我在ise配置的时候,在Generate Programming File =》properties =》Readback Options=》disable readback and reconfiguration;以及在配置器件的时候选择Read Protect。 这样能够有效防止我的程序被人窃取么?
连asic都能破 更何况fpga
这得看你这产品有没有破的价值了
呵呵。将有关逻辑配合CPLD使用啥。完成一个译码加密的方式。
可虑增加一个MCU,进行硬加密。
COME ON BABY ,继续赚信元中。
应该可以被破解
赚信元。FPGA好像有专门的加密核。看你的加密等级了
这个我看到资料关于工程加密的,只是是altera的
其实大可不必多紧张,一般的加密手段是针对源代码的,对源码加密然后把源码提供给对方,对方能用但不知道具体内容。
第二种是提供个网表给对方,这基本就不大容易让人看到源码了,也可以保证设计。
第三种是有加密KEY,需要KEY才能解码,一般板上要专门的电池来存放密钥,这是最佳加密形式。
你的设计里并不设计到把工程交给别人,所以第一、二种用不上,一个bitfile别人已经基本无法对你破解,还要用加电池备份密钥的方式,真的有必要吗?你PCB板提供这样的功能吗?实现并不难,一般原型板都能提供这样的功能。
可以用DNA加密
不太清楚,学习学习
可以使用加密KEY,WWAGO公司分别提供下列Crypto IP coresES and 3-DES , Public Key engine, Random Number Generator,Hash engine,AES 。
(1) DES and 3-DES IP core
The DES/3DES core implements the Data Encryption Standard according to Federal Information Processing Standards Publication 46-3 the (FIPS 46-3) of the National Institute of Standards and Technology.
Features:
64-bit data block encryption and decryption in ECB, CBC, MAC and MDC2 mode
56-bit key in DES mode, 56 / 112 / 168-bit key in 3DES mode
Encryption or decryption performed in 16 cycles for DES, 48 cycles for 3DES
64-bit data input, data output and key input buses
1 clock signal (positive edge), 1 asynchronous reset
Compliant with FIPS 800-17 and FIPS 800-20 test specifications
Internal DMA with AMBA (AHB, AXI) Master interface (option)
Slave interface with AMBA (AHB, AXI) Slave interface (option)
APB Compliant interface for configuration
IP is available on ASIC / FPGA
(2) Public Key engine
The Public Key engine has a μCode based architecture that can support several algorithms and operations, allowing to completely (100%) offload the CPU. This architecture gives the efficiency of the hardware and the flexibility of the software. The flexibility and scalability of the Public Key engine enables us to find the best trade-off between functionalities, power, area, performance and technology.
Supported operations: RSA (up to 4096 bits), ECC (up to 571 bits), CRT, Rabin Miller, DSA/ECDSA,
primality test and key generation.
Features:
High-level of scalability with solutions implementing 4, 16, 64 or 256 multipliers
Highly pipe-lined solution
Available: ASIC, Actel, Altera, Xilinx
Supports all arithmetic operations in both fields F(p) and F(2m)
Modular Addition/Subtraction/Multiplication/Division/Inversion
Supports arbitrary data/key sizes up to 4096 bits
Point Doubling/Addition/Multiplication for ECC-F(p) and F(2m)
NIST recommended Curves are supported:
Prime Field: P-192, -224, -256, -384, -521
Binary Field: K/B-163, -233, -283, -409, -571
Supports a lot of standard PK algorithms: Modular Exponentiation, RSA and CRT, Elliptic Curve Cryptography (ECC), Digital Signature Algorithm (DSA) and Elliptic Curve DSA (ECDSA), Primality Test (Rabin-Miller) for Key Generation
100% CPU Offload: Pre- and post-processing automatically executed (no need of external SW resources)
Control Interface: APB-compliant CPU Interface
Data interface: Generic Memory Interface controlled by an internal scatter-gather DMA
Off-the-shelf and silicon-proven solution
Optional add-on for protection against SPA/DPA
Deliverables:
Netlist or RTL, Scripts for synthesis
Self-checking TestBench based on FIPS vectors
(3) Random Number Generator
The random number generator is an essential part of all secure systems. we provides a True Random Number Generator (TRNG) and a Deterministic Random Bit Generator (DRBG). The DRBG uses the hash function or AES primitive compliant with NIST 800-90A.
features:
True/Deterministic random number generation
Deterministic mode available for pseudo-random simulation
Configurable buffer memory (width, depth)
Convenient interfaces for easy integration (AHB/APB, AXI-4, FIFO, …)
TRNG compliant with NIST800-22 test suite
DRBG compliant with NIST800-90A (Hash_DRBG or AES_DRBG)
(4)Hash engine
Our Hash core supports several hashing algorithm widely used in cryptography world. The hash core is especially used for data integrity verification, authentication and secure boot.
Hashing modes: SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512), HMAC and MD5.
features:
Supports SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD-5, HMAC
Generic parameters allow customers to get the best trade-off between area and functionalities and performances in all configurations
64 or 80 cycles per 512- or 1024-bit chunk depending on the algorithm
Unused features result in optimized logic
Low power feature
Easy to integrate interfaces:
AMBA (AHB, AXI) with optional DMA
AMBA (APB, AXi-4 Lite) Configuration Interface
Available: ASIC, Actel, Altera, Xilinx
API for reference
(5) AES
- AES-GCM :The AES-GCM IP core provides high speed AES encryption and authentication with GCM and GMAC.
This encryption mode allows reaching high throughput with low latency and is, therefore, used in many networking applications. The IP core is scalable, and can be configured to reach the bandwidth needed (up to 100Gbps). It is compliant with the recommendation SP800-38D from NIST.
- AES-CCM :The AES-CCM IP core provides high speed AES encryption and authentication with CCM and CMAC.
This cipher mode is used in wireless protocols and others. It is compliant with the recommendation SP800-38C from NIST.
- AES-Flex engine :Our AES Flex engine supports a wide range of cipher modes and all key sizes (128-bit, 192-bit and 256-bit). The AES engine is flex ible and scalable. It can be configured to support specific modes with required
performance, providing the most compact solution.
Cipher modes: CTR, CCM/CMAC, GCM/GMAC, XTS, EBC, CBC, OFB, CFB, OMAC
详细资料,可联系sales@wwago-inc.com
有同样的疑问
dna功能怎么用