As the threat level from adversaries increases, security countermeasures must be deployed to protect devices used in mission-critical environments. Motivations for copying or altering sensitive data, cloning devices, and stealing valuable IP are abundant. In government and aerospace, nation-state attacks can result in loss of IP, leakage of classified information and compromised national security.

Synopsys PUF IP for Altera FPGAs is a secure key generation and key vault solution that enables users of Altera StratixTM and AgilexTM FPGA devices to augment security with intrinsically generated, device-unique cryptographic keys. Keys derived with Synopsys PUF IP for Altera FPGAs are never stored but are reliably reconstructed when required, providing a significantly higher security assurance.

Synopsys PUF IP for Altera FPGAs uses SRAM as a physical unclonable function or PUF source. Based on the randomness inside uninitialized SRAM the IP generates the entropy needed for a strong hardware root of trust. The Secure Device Manager (SDM), of which the Synopsys PUF IP is the hardware root of trust, is NIST-compliant security IP.

Proven Security Technology

Synopsys SRAM PUF hardware root of trust technology has been deployed by government and aerospace electronics end-customers for over a decade. It has been operational in challenging mission-critical environments – terrestrial and space-based – without breach or failure. The IP is agnostic to foundry and process node technology and is actively deployed in over 750 million devices.

Use Cases

  • Anti-counterfeiting: binding of proprietary mission-critical IP to the device
  • Secure communication: Authentication and encryption of data between heterogeneous devices
  • Secure supply chain: enabled by generation of end-user keys that can be wrapped or protected using device-unique cryptographic keys

Certifications

  • NIST-compliant crypto
  • DoD and EU government approved

Applications

  • Secure Key Storage
  • Device Authentication
  • Supply Chain Protection
  • Flexible Key Provisioning
  • Anti-Cloning
  • IP Binding
  • Protection of Bitstream Encryption Key

Benefits

  • No sensitive key material present on device
  • High protection against invasive attacks including tampering

Secure Supply Chain

An unlimited number of device-unique keys can be generated by each respective user/owner of the Altera FPGA device in the supply chain. None of these keys are ever stored on the device even when powered off.

This enables users to derive their own device-unique keys and import and protect other secrets. The wrapping functionality of Synopsys PUF IP for Altera FPGAs enables the applications and IP of each respective user/owner to be securely and reliably protected – for the lifetime of the device – prior to being deployed in the field.

Security Based on SRAM PUF

At power up, SRAM bits settle in the one or zero state in a non-deterministic way that not even the fabricator or designer can predict or duplicate. That is what makes a PUF that can be used as a unique “silicon fingerprint.”

An SRAM PUF response is a noisy fingerprint and turning it into a high-quality and secure key vault requires further processing. This is done with the Synopsys IP, which reliably reconstructs the same cryptographic key under all environmental circumstances. This (PUF) key is never stored in NVM or OTP. When it is needed, it can be reliably reconstructed.

Operational Range

Synopsys PUF IP has been embedded on SoC/ASICs in most foundry/process node combinations and has proven in diverse operating environments.

  • All major fabs from 0.35 μm to 5 nm
  • Operating temperatures of -55°C to 150°C
  • Voltage supply variation +/- 20%
  • Lifetime > 25 years

Deliverables

Synopsys PUF IP for Altera FPGAs is integrated into the Secure Device Manager of Altera StratixTM and AgilexTM FPGA devices. It is enabled after completion of a license agreement with Synopsys.

Standard deliverables include:

  • Synopsys PUF IP for Altera FPGAs pre-integrated on Altera FPGA hardware
  • Datasheet and training documentation

Stratix and Agilex are registered trademarks of Altera Corporation

Resources