Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: Circuits, methods, and systems are provided for securing an integrated circuit device against Differential Power Analysis (DPA) attacks. Plaintext (e.g., configuration data for a programmable device) may be encrypted in an encryption system using a cryptographic algorithm. Ciphertext may be decrypted in a decryption system using the cryptographic algorithm. The encryption and/or decryption systems may obfuscate the plaintext, the ciphertext, and/or the substitution tables used by the cryptographic algorithm. The encryption and/or decryption systems may also generate cryptographic key schedules by using different keys for encrypting/decrypting different blocks and/or by expanding round keys between encryption/decryption blocks. These techniques may help mitigate or altogether eliminate the vulnerability of cryptographic elements revealing power consumption information to learn the value of secret information, e.g., through DPA.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: Circuits, methods, and systems are provided for securing an integrated circuit device against Differential Power Analysis (DPA) attacks. Plaintext (e.g., configuration data for a programmable device) may be encrypted in an encryption system using a cryptographic algorithm. Ciphertext may be decrypted in a decryption system using the cryptographic algorithm. The encryption and/or decryption systems may obfuscate the plaintext, the ciphertext, and/or the substitution tables used by the cryptographic algorithm. The encryption and/or decryption systems may also generate cryptographic key schedules by using different keys for encrypting/decrypting different blocks and/or by expanding round keys between encryption/decryption blocks. These techniques may help mitigate or altogether eliminate the vulnerability of cryptographic elements revealing power consumption information to learn the value of secret information, e.g., through DPA.

Abstract: Integrated circuit devices and methods include utilizing security features including authenticating incoming data by receiving one or more hash blocks each including multiple hash sub-blocks. Authenticating also includes receiving encrypted data including multiple data sub-blocks. Authenticating also includes authenticating a first hash block of the one or more hash blocks using a root hash of an integrated circuit device. Authenticating further includes authenticating each of the multiple data sub-blocks using a corresponding hash sub-block of the multiple hash sub-blocks.

Abstract: The invention discloses a method of authenticating data stored in an integrated circuit. The method includes storing randomized data in the integrated circuit such that the randomized data occupies each address space of the memory circuit that is not occupied by the stored data. The method also includes generating a first digital signature using the integrated circuit in response to authenticating a concatenation of the stored data and the first copy of randomized data. The method further includes generating a second digital signature in response to authenticating concatenation of a manufacturer-provided copy of the stored data and the second copy of randomized data using a computer-implemented authentication application and authenticating the data stored in the integrated circuit according to whether the first signature matches the second signature.

Abstract: Methods, circuits, and systems for preventing data remanence in memory systems are provided. Original data is stored in a first memory, which may be a static random access memory (SRAM). Data is additionally stored in a second memory. Data in the first memory is periodically inverted, preventing data remanence in the first memory. The data in the second memory is periodically inverted concurrently with the data in the first memory. The data in the second memory is used to keep track of the inversion state of the data in the first memory. The original data in the first memory can be reconstructed performing a logical exclusive-OR operation between the data in the first memory and the data in the second memory.

Abstract: Systems and methods are disclosed for allowing security features to be selectively enabled during device configuration. For example, a programmable integrated circuit device is provided that receives configuration data and security requirement data. Control circuitry compares enabled security features in the device against the security requirements, and can configure the programmable integrated circuit device with the configuration data or prevent such configuration. Control circuitry may also use the security requirement data to set security features within the device.

Abstract: Methods, circuits, and systems for preventing data remanence in memory systems are provided. Original data is stored in a first memory, which may be a static random access memory (SRAM). Data is additionally stored in a second memory. Data in the first memory is periodically inverted, preventing data remanence in the first memory. The data in the second memory is periodically inverted concurrently with the data in the first memory. The data in the second memory is used to keep track of the inversion state of the data in the first memory. The original data in the first memory can be reconstructed performing a logical exclusive-OR operation between the data in the first memory and the data in the second memory.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: The invention discloses a method of authenticating data stored in an integrated circuit. The method includes storing randomized data in the integrated circuit such that the randomized data occupies each address space of the memory circuit that is not occupied by the stored data. The method also includes generating a first digital signature using the integrated circuit in response to authenticating a concatenation of the stored data and the first copy of randomized data. The method further includes generating a second digital signature in response to authenticating concatenation of a manufacturer-provided copy of the stored data and the second copy of randomized data using a computer-implemented authentication application and authenticating the data stored in the integrated circuit according to whether the first signature matches the second signature.

Abstract: Circuitry and methods prevent unauthorized programming, or reprogramming, of a programmable device, by requiring a signature in the configuration data to match a signature previously stored in the programmable device. A programmable integrated circuit device includes an input for configuration data, and programming control circuitry operable to derive a current signature from the configuration data, examine a first bit stored in the programmable integrated circuit device, and when the first bit is in a first state, compare the current signature to a first predetermined signature stored in the programmable integrated circuit device and configure the programmable integrated circuit device according to the configuration data only when the current signature matches the first predetermined signature, and when the first bit is in a second state, configure the programmable integrated circuit device according to the configuration data without comparing the current signature to the first predetermined signature.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: Systems and methods are disclosed for reducing or eliminating address lines that need to be routed to multiple related embedded memory blocks. In particular, one or more inputs are added to a block RAM such that when one or more of the inputs are asserted, the address input to the Block RAM may be incremented prior to being used to retrieve data contents of the block RAM. Thus, if address <addr> is provided to the block RAM and the address increment signal is asserted, data may be read from location <addr+N> instead of <addr>, where N may be an integer. Block RAMs with such address arithmetic may be used to implement wide First-In-First-Out (FIFO) queues, wide memories, and/or data-burst accessible block RAMs.

Abstract: Systems and methods are disclosed for allowing security features to be selectively enabled during device configuration. For example, a programmable integrated circuit device is provided that receives configuration data and security requirement data. Control circuitry compares enabled security features in the device against the security requirements, and can configure the programmable integrated circuit device with the configuration data or prevent such configuration. Control circuitry may also use the security requirement data to set security features within the device.

Abstract: Systems and methods are disclosed for allowing security features to be selectively enabled during device configuration. For example, a programmable integrated circuit device is provided that receives configuration data and security requirement data. Control circuitry compares enabled security features in the device against the security requirements, and can configure the programmable integrated circuit device with the configuration data or prevent such configuration. Control circuitry may also use the security requirement data to set security features within the device.

Abstract: Integrated circuits may include synchronous nodes and asynchronous routing elements coupled between the synchronous nodes. A synchronous design implemented in such an integrated circuit may identify a register chain having a source register, a destination register, and intermediate registers. A virtual register may be created for each of the intermediate registers, which may then be removed from the synchronous design. The created virtual registers may be connected in series to form a virtual register chain between the source and destination registers. Each of the created virtual registers may be assigned to an asynchronous routing element that connects the source and destination registers on the integrated circuit. EDA tools such as viewers or a timing analysis tool may be configured to display the virtual registers instead of the asynchronous interconnection elements.

Abstract: Methods and systems are provided for securing an integrated circuit device against various security attacks, such as side-channel attacks. By limiting the number of different challenge vectors that can be combined with a critical variable of an encryption operation, it becomes more difficult to create enough side channel measurements to successfully perform statistical side-channel analysis.

Abstract: Integrated circuits may include synchronous nodes and asynchronous routing elements coupled between the synchronous nodes. A synchronous design implemented in such an integrated circuit may identify a register chain having a source register, a destination register, and intermediate registers. A virtual register may be created for each of the intermediate registers, which may then be removed from the synchronous design. The created virtual registers may be connected in series to form a virtual register chain between the source and destination registers. Each of the created virtual registers may be assigned to an asynchronous routing element that connects the source and destination registers on the integrated circuit. EDA tools such as viewers or a timing analysis tool may be configured to display the virtual registers instead of the asynchronous interconnection elements.