Optimized FPGA Security for Every Node
Altera® FPGAs with in-line encryption blocks enable accelerated data security.
Secure Device Manager for Altera® FPGAs
Available with both Stratix® 10 and Agilex™ FPGAs, Secure Device Manager (SDM) is a hardware-enabled security and manageability module. SDM controls key device configuration settings for Altera® FPGAs and gives users control over the FPGA fabric, embedded IP blocks, and I/O blocks. The SDM operates on updateable firmware, making them patchable and updateable in response to the most common bitstream protocol vulnerabilities discovered by researchers. SDM is glitch resistant with physically uncloneable key protection, and provides more secure root key and device identity protection.
In Agilex™ 7 FPGA F-series and I-series with 019 and 023 densities, the SDM is being updated to comply with FIPS 140-3 1.2 security requirements for crypto modules.
Why Altera® FPGAs for Security?
Network Security
Agilex™ FPGA devices with 200G (half-duplex) hard crypto blocks and MACSec-IP for physical and data link layer protection capabilities help meet the growing demand for security at every node in a network system.
Integrated Anti-Tamper Controls
Secure Device Manager (SDM) serves as the central command center for the FPGA fabric, hard processor system (HPS) in SoCs, embedded hard IP blocks, and I/O blocks. The SDM controls key operations: configuration, device security, single event upset (SEU) responses, and power management.
Endpoint and Industrial Security
Endpoints must be secured from malicious commands and malware. Hardened authentication capabilities (in both hard and soft logic) built into Stratix® 10 and Agilex™ FPGAs help protect against remote attacks, and hardware command/control logic is inherently more secure than frequent software updates.
Security Applications Run Fast on Altera® FPGAs
Altera offers broad ecosystem support for programmable FPGAs and SoCs with hardened encryption blocks in Agilex™ FPGAs.
Agilex™ FPGAs
Support high-end use cases with advanced IP and the latest hardware. 3D system-in-package (SIP) technology and integrated 10nm SuperFin Technology bring better performance and power consumption to networking and edge compute.
Learn more
Stratix® 10 FPGAs
Mainstream performance for network encryption. Stratix® 10 FPGAs and SoCs feature revolutionary Intel® Hyperflex™ architecture and Embedded Multi-die Interconnect Bridge (EMIB) technology for better gen-over-gen optimization.
Learn more
FPGA Security Technical Specifications
Multiple entry points across the Altera® FPGA portfolio for data security give network builders the flexibility to find the right balance of performance, power, and features.
F-Series Flexible range of applications |
I-Series Bandwidth-intensive apps |
M-Series Compute-intensive apps |
|---|---|---|
| Up to 58 Gbps transceivers | Up to 116 Gbps transceivers | Up to 116 Gbps transceivers |
| PCIe 4.0 | PCIe 5.0 | PCIe 5.0 |
| DDR4 SDRAM | DDR4 SDRAM | DDR5 and Intel® Optane™ persistent memory |
| (Optional) Quad-core Arm Cortex-A53 SoC | Quad-core Arm Cortex-A53 SoC | Quad-core Arm Cortex-A53 SoC |
| Compute Express Link (CXL) to Intel® Xeon® Scalable processors | Compute Express Link (CXL) to Intel® Xeon® Scalable processor | |
| High-Bandwidth Memory |
GX Series High-throughput systems |
SX Series Embedded performance and power efficiency |
TX Series 5G communications, cloud computing, NFV |
DX Series Bandwidth-intensive, custom servers for CSPs |
NX Series Optimized for AI applications |
|---|---|---|---|---|
| 28 Gbps NRZ transceivers | 28 Gbps NRZ transceivers | 28 Gbps NRZ transceivers or 58 Gbps PAM-4 transceivers | 58 Gbps PAM-4 transceivers | 58 Gbps PAM-4 transceivers |
| PCIe 3.0 | PCIe 3.0 | PCIe 3.0 | PCIe 4.0 | PCIe 3.0 |
| Quad-core Arm Cortex-A53 | Quad-core Arm Cortex-A53 | Quad-core Arm Cortex-A53 | Quad-core Arm Cortex-A53 | |
| Up to 512 Gbps HBM2 DRAM SIP | Up to 512 Gbps HBM2 DRAM SIP | |||
| Dual mode modulation for backwards compatibility | Intel® Ultra Path Interconnect (Intel® UPI) for direct connection to Intel® Xeon® Scalable processors | AI Tensor Block with up to 143 INT8 TOPS at ~1 TOPS/W |
FPGA Cybersecurity Key Use Cases
From edge to perimeter to the data center core, Altera® FPGAs enable accelerated encryption of data to help secure network traffic at virtually every node.
Enhanced Cloud Security
Both private and public clouds need to secure customer or internal data and isolate workloads in a multitenant environment. Altera® FPGAs can provide additional security with hardware-enforced isolation, hardware-enabled identity management, and hardware-accelerated authentication. Agile bitstream and partial bitstream authentication tools enable cloud service providers (CSPs) to build integrity and confidentiality into their platforms and service offerings.
Data Center and Network Security
Data centers are increasingly migrating to software-defined networks (SDNs) and virtualized network functions (VNFs) for greater scalability and flexibility. Altera® FPGAs can support many of the high-speed search, sort, and security functions that allow enterprises and telecommunication providers to accelerate network management in an increasingly virtualized, containerized environment.
Edge Computing and 5G Networks
5G is driving the complex IoT deployments with more endpoints and edge servers, which means a larger and more complex attack surface overall. Altera® FPGAs offer hardware-accelerated encryption to help protect data from core to edge and feature built-in device failsafe and platform control tools that make FPGAs resistant to attacks.
Related Resources for Altera® FPGAs
Continue exploring Altera® FPGA resources for network security.
Stratix® 10 FPGAs and SoCs
Discover innovative advantages in performance, efficiency, density, and integration.
Altera® FPGA Product Catalog
A comprehensive guide to the full Altera® FPGA portfolio.
FAQs
Frequently Asked Questions
Field programmable gate arrays (FPGAs) are integrated circuits with logic that can be programmed or changed before or after deployment. FPGAs are often used to offload key workloads from other processors, like the CPU, to improve overall system performance. Multiple FPGAs can be deployed in a configuration, allowing for greater parallelization of workloads. In the context of data security, Altera® FPGAs also offer dedicated hardware blocks for data encryption, to help improve the performance and security of network traffic.
FPGAs can help harden a network from malware and other attacks by accelerating data encryption and making it more efficient. There are no specific threats that FPGAs are designed to defend against. However, Altera® FPGAs also offer embedded security and manageability features, like Secure Device Manager, that help prevent the FPGA from being compromised.
Telcos, CSPs, enterprise data centers, and virtually any business with a network can benefit from FPGA data security. FPGAs can be used to help secure data the moment it enters the network perimeter through remote waystations, Ethernet pipelines, VPN endpoints, or other channels. In many cases, it pays to encrypt data at every node in the fabric, and not just at the perimeter, to help defend against internal vectors of attack.