Cyclone III FPGA: Security

Altera's Cyclone® III LS FPGAs are the first devices to implement a suite of security features at the silicon, software, and intellectual property (IP) level on a low-power, high-functionality FPGA platform. This suite of security features protects your IP from tampering, reverse engineering, and counterfeiting.

The suite of security features in Cyclone III LS FPGAs consists of:

  • Silicon security
    • 256-bit AES bitstream encryption
    • JTAG port protection
    • Internal oscillator
    • Zeroization (active clear)
    • Cyclical redundancy check (CRC)
  • Software security
    • Design separation
  • Supervisor IP

Silicon Security Features

The silicon security features of Cyclone III LS devices protect the FPGA design before, during, and after configuration. All Altera® devices restrict the direct readback of the FPGA configuration via the JTAG port, but the Cyclone III LS FPGA goes beyond this level of protection to give you increased control over access to the full JTAG port. Furthermore, the bitstream is protected during configuration using a 256-bit AES encryption algorithm. Once the design is functional, the Cyclone III LS FPGA ensures the system remains secure using CRC to monitor configuration changes and an internal oscillator as an uninterruptible clock source. In the event a problem is detected, the FPGA can clear itself using the zeroization feature. Figure 1 shows the various Cyclone III LS FPGA security features available on silicon.

Figure 1. Cyclone III LS FPGA Silicon Security Features

Read the Protecting the FPGA Design From Common Threats (PDF) white paper and the Cyclone III Device Handbook to learn more about the security features in the Cyclone III FPGA family.

Design Separation in Quartus II Development Software

Cyclone III LS FPGAs are the first low-power FPGAs to support the physical separation of logic within a single FPGA. The design separation feature in Quartus® II development software leverages the incremental compilation flow and the Logic Lock Region feature to help partition your design logically and physically on the device.

The design separation feature allows you to constrain security-sensitive portions of your design to a physical location on the device, as shown in Figure 2. This feature enables you to design with an increased level of confidence that each of your partitions function independently from each other as expected.

Figure 2. Design Separation

Supervisor IP

The Supervisor IP provides you with an easy interface to the silicon security features to help you create an intelligent, secure system. Supervisor IP continuously monitors the JTAG port for unauthorized access, the CRC for configuration errors during run time, and can initiate a clear and reconfiguration of the Cyclone III LS FPGA with a new design if any error is detected. The IP source code is provided for you to instantiate into your design and further customize your security solution. Contact Intel for more information.

For more information about the silicon security features in Cyclone III LS FPGAs, the design separation flow in Quartus II development software, and Supervisor IP, see: