系统板 5822

ALCATRAZ (MAXREFDES34#):SHA-256安全认证设计



概述

SHA-256安全认证设计

智能工厂、工业医疗应用充分利用了现代FPGA的灵活性和高性能。随着这些系统的互联性越来越强,保护IP、利用软件支持系统特性以及防止造假等安全性问题也日益突出。Alcatraz (MAXREFDES34#)子系统参考设计利用DS28E15直接实现Xilinx® FPGA上的SHA-256安全认证。DS28E15通过单触点1-Wire®总线通信,减少实施方案所需的引脚数量。参考代码在FPGA上定义混合SHA-256处理器和1-Wire主机。

Alcatraz子系统设计方框图

图1. Alcatraz子系统设计方框图,含开发平台。

特性

应用

  • SHA-256安全认证
  • 单触点1-Wire接口
  • 示例源代码
  • Pmod™兼容规格

竞争优势

  • 强加密安全认证
  • 单引脚接口
  • 带硬件加速,实现快速性能
  • 防止造假
  • 外设安全认证
  • IP保护
  • 许可证及功能管理

Introduction

Smart factories, industrial and medical applications employ the flexibility and high performance of modern FPGAs. As these systems become increasingly connected, security emerges as a paramount feature to protect IP, enable system features using software and prevent counterfeiting. The Alcatraz (MAXREFDES34#) subsystem reference design uses the DS28E15 to immediately implement SHA-256 authentication on Xilinx®FPGAs. The DS28E15 communicates over the single-contact 1-Wire® bus, reducing the number of pins necessary to carry out the solution. The reference code defines a combined SHA-256 processor and 1-Wire Master on the host FPGA.

Figure 1. The Alcatraz subsystem design block diagram with development platform.

Features

Applications

  • SHA-256 authentication
  • Single-contact 1-Wire interface
  • Example source code
  • Pmod-compatible form factor

Competitive Advantages

  • Crypto-strong authentication
  • Single pin count interface
  • Fast performance with hardware acceleration
  • Counterfeit protection
  • Peripheral authentication
  • IP protection
  • License and feature management

Detailed Description of Hardware

Alcatraz interfaces with FPGA development boards using a 6-pin Pmod connector as illustrated. When plugging Alcatraz into a host board, make sure to correctly align the pins with the host Pmod connector, as shown in Figure 2.


Figure 2. The Alcatraz subsystem design correctly inserted into the MicroZed development platform.

Table 1 shows the supported platforms and ports.

Table 1. Supported Platforms and Ports

Supported Platforms Ports
LX9 3 platform (Spartan®-6) J5
MicroZed platform (Zynq®-7000) J5

For symmetric authentication schemes like SHA-256, protection of both the secure authenticator secret key, along with the FPGA secret key, are important. Symmetric authentication implementations with poor FPGA secret key security can be risky. To this end, the DS28E15 uses DeepCover® technology to protect against invasive and noninvasive attacks on its secret key; the reference design spells out various techniques to protect the FPGA secret key.

Detailed Description of Firmware for LX9 Platform

Table 1 shows currently supported platforms and ports. Support for additional platforms may be added periodically under Firmware Files in the All Design Files section.

The firmware allows for immediate interfacing to the hardware. The firmware is written in Verilog, developed using the Xilinx SDK tool, based on the Eclipse open source standard.

The firmware program sequence is used to compute and lock the secret (CLS), write page data to the DS28E15, and authenticate the DS28E15. The complete source code speeds customer development. Code documentation resides in the corresponding firmware platform files.

Detailed Description of Firmware for MicroZed Platform

The Alcatraz firmware design also supports the MicroZed kit and targets an ARM® Cortex® -A9 processor placed inside a Xilinx Zynq system-on-chip (SoC).

The firmware allows for immediate interfacing to the hardware. The firmware is written in C, developed using the Xilinx SDK tool, based on the Eclipse open source standard.

The firmware program sequence is used to compute and lock the secret (CLS), write page data to the DS28E15, and authenticate the DS28E15. The complete source code speeds customer development. Code documentation resides in the corresponding firmware platform files.

Quick Start

Required equipment:

  • Windows® PC with two USB ports
  • Alcatraz (MAXREFDES34#) board
  • Alcatraz-supported platform (i.e., LX9 development kit or MicroZed kit)

Detailed setup and programming instructions are included in the README.txt file within the provided firmware files.

1-Wire is a registered trademark of Maxim Integrated Products, Inc.
ARM is a registered trademark and registered service mark of ARM Limited.
Cortex is a registered trademark of ARM Limited. 
DeepCover is a registered trademark of Maxim Integrated Products, Inc.
Eclipse is a trademark of Eclipse Foundation, Inc.
HyperTerminal is a registered trademark of Hilgraeve, Incorporated.
ISE is a registered trademark of Xilinx, Inc.
Pmod is a trademark of Digilent Inc.
Spartan is a registered trademark of Xilinx, Inc.
Windows is a registered trademark and registered service mark of Microsoft Corporation.
Windows XP is a registered trademark and registered service mark of Microsoft Corporation.
Xilinx is a registered trademark and registered service mark of Xilinx, Inc.
ZedBoard is a trademark of ZedBoard.org.
Zynq is a registered trademarkof Xilinx, Inc.

Quick Start

Required equipment:

  • Windows® PC with two USB ports
  • Alcatraz (MAXREFDES34#) board
  • Alcatraz-supported platform (i.e., LX9 development kit or MicroZed kit)

Detailed setup and programming instructions are included in the README.txt file within the provided firmware files.

All Design Files

Download All Design Files

Hardware Files
Schematic
Bill of materials (BOM)
PCB layout
PCB Gerber

Firmware Files
The associated firmware files LX9 Platform (Spartan-6) and ZedBoard Platform (Zynq-7000) are available upon request. Please contact us.

 
Status:
Package:
Temperature:

DS28EL22
DeepCover安全认证器,带有1-Wire SHA-256和2Kb用户EEPROM

  • 基于SHA-256的对称加密双向安全认证模型
  • 专有的硬件SHA加速引擎产生SHA-256 MAC
  • 对高位计数、用户可编程密钥以及输入质询进行有效的安全认证

DS28EL25
DeepCover安全认证器,带有1-Wire SHA-256和4Kb用户EEPROM

  • 基于SHA-256的对称加密双向安全认证模型
  • 专用的硬件SHA加速引擎产生SHA-256 MAC
  • 利用高位计数、用户可编程密码及输入质询进行有效的安全认证
  • 6引脚TDFN封装

  • DS28EL15
    DeepCover安全认证器,带有1-Wire SHA-256和512位用户EEPROM

    • 基于SHA-256的对称加密双向安全认证模型
    • 对高位计数、用户可编程密钥以及输入质询进行有效的安全认证
    • 512位用户EEPROM分成2页,每页256位

    DS28E22
    内置1-Wire SHA-256和2Kb用户EEPROM的DeepCover安全认证方案

    • 基于SHA-256的对称加密双向安全认证模型
    • 专有的硬件SHA加速引擎产生SHA-256 MAC
    • 对高位计数、用户可编程密钥以及输入质询进行有效的安全认证

    DS28E25
    内置1-Wire SHA-256和4Kb用户EEPROM的DeepCover安全认证方案

    • 基于SHA-256的对称加密双向安全认证模型
    • 成熟的晶片和电路级保护方案,保护敏感数据和信号不被篡改
    • 专用的硬件SHA加速引擎产生SHA-256 MAC

    DS28E15
    内置1-Wire SHA-256和512位用户EEPROM的DeepCover安全认证方案

    • 基于SHA-256的对称加密双向安全认证模型
    • 对高位计数、用户可编程密钥以及输入质询进行有效的安全认证
    • 512位用户EEPROM分为16页,每页256位