Get Help On Your Device Design

Potential FPGA Security Concerns and Solutions to Address Them


Field-programmable gate arrays, also known as FPGAs, are unique integrated circuits. They utilize a series of configurable logic blocks, which help execute code in hardware at dramatically faster speeds than a standard processor. More importantly, they offer reprogramming flexibility.

FPGAs are nothing new, hitting the tech scene in the early 1980s. However, the last decade saw rapid growth in FPGA adoption and innovation. It continues to shape the tech landscape, appearing in biomedical engineering, artificial intelligence, video processing, and more. The FPGA market is growing fast, resulting in a projected value of $9.1 billion by 2026.

Despite its lasting impact, this technology isn't perfect. Thanks to its widespread use, security vulnerabilities are becoming more apparent. That's why it's more important than ever to consider FPGA security during product design and development.


FPGA Basics

Compared to other integrated circuit types, FPGAs offer far more flexibility. As mentioned earlier, they consist of thousands of logic blocks. With programmable interconnects joining them. When connected, the blocks create a physical array of logic that performs specific computing tasks. Essentially, FPGAs are configurable to behave like any digital circuit. They can be quickly reconfigured without changing any hardware. Best of all, you can reconfigure some of them on the fly to change the function of the FPGA while it is operating.

That's what sets an FPGA apart from the alternatives, such as an application-specific integrated circuit (ASIC). With an ASIC, the functionality is programmed only during design. It cannot be changed.

An FPGA offers the flexibility needed to update devices as security and applications evolve. The circuit's current configuration depends on the code, which typically loads as a bitstream from static memory during the device's boot process. The bitstream governs the executable actions, making it one of the most critical aspects of the FPGA.


Built-In Security Measures

A well-designed FPGA does have some inherent safety measures. At their core, FPGAs are less transparent than traditional processors. Processors must have a well-documented instruction set, data pipeline, and memory architecture to create code and software that performs well. That's not the case with FPGAs.

The developer creates the low-level function of FPGAs; thus, they are undocumented, creating an obscure environment that's far more difficult to identify weaknesses. It's still possible to break through and intrude into FPGAs, but the lack of documentation makes the process significantly more challenging.


Potential FPGA Security Threats

FPGAs receive praise for their core design, versatility, and overall functionality. However, several unique security concerns exist. Security breaches can lead to many problems, including IP theft, data loss, system damage, and a total loss of device control.

Here are four ways hackers can cause harm through unauthorized FPGA access.


1. Reverse Engineering

Once hackers intercept the bitstream, they can use reverse engineering tactics for diving deeper into the FPGA. Dedicated tools are available to map bitstream bits, recover circuit designs, and more.

While technically not hacking, reverse engineering all or just a portion of a bitstream constitutes the theft of intellectual property from the people who originated it.


2. Spoofing

Spoofing allows the hacker to replace the original with another program of their choosing. This can compromise the system, allowing the hacker to take control of the device or system effectively. For certain safety-critical applications, this action could result in injuries or deaths caused directly or indirectly by the actions of the hacker involved. If the bitstream can be accessed remotely, this can be a serious security threat.


3. Side-Channel Attacks

In side-channel attacks, cybercriminals don't hack into the FPGA by traditional means. Instead, they use the system's patterns of information against it.

The most common type of side-channel attack is fault injection. To put it simply, hackers will create faults to see how the system reacts. From there, they can develop controllable defects to change the FPGA. These attacks exploit voltage glitches, clock glitches, and laser pulses. Usually, the hacker needs to be near the device or have physical control of it to detect these patterns of information.


Contact Voler Systems


FPGA Security Solutions

While security threats for FPGAs are ever-evolving, so are the solutions. Implementing cutting-edge security measures into your FPGA system can mitigate the risks, protect your intellectual property, and improve the overall safety of your devices.

Voler Systems provides FPGA design, development, and programming services that prioritize safety. Here are some ways that we can address security concerns.

  • Robust Bitstream Encryption

    Encryption and proper authentication are a must for FPGA bitstreams. Proper encryption techniques can prevent data interception, side-channel attacks, and more.

    The best type of encryption for FPGAs utilizes a volatile key. These keys stay within battery-backed RAM, much like the bitstream data itself. As always, the bitstream always remains encrypted. Decryption only occurs when it leaves SRAM for use. Even then, it has heavy protection at every step of the process.

    With a volatile key, cryptographic data is gone after a system power cycle. This form of encryption relies on session keys that are unique each time. That way, hackers can't get in even if they use side-channel attacks or other interception methods.
  • Isolation of the Configuration Process

    Many FPGAs use on-chip isolation measures to keep the system safe from microprocessor attacks. Connected microprocessors are particularly vulnerable to security issues, which results in a similar burden for the FPGA.

    Isolating the standard data paths from the configuration process ensures that they don't affect one another. It changes the attack surface and acts similarly to a firewall. The isolation offers additional protection and ensures that the circuit can't change during execution.
  • Cyclical Redundancy Checks and Monitoring

    To keep FPGAs safe, you must assume that they are always the target of attack. Monitoring and continual checks can help identify threats before they become significant problems.

    Cyclical redundancy checks, or CRCs, can detect errors, accidental corruption, and other surprise problems. The CRCs allow you to check the bitstream during transmissions and look for errors or intentional changes.

    Logic analyzers can keep watch over the communication between flash memory and the FPGA during boot up. They are also practical for spotting unfamiliar Joint Test Access Group (JTAG) data or errors in other debug ports.
  • External Safety Devices

    FPGAs can utilize external safety devices for storing encryption keys. With this configuration, IFF techniques can apply. IFF stands for Identification Friend or Foe. Most commonly used in aircraft control, this technology is all about verifying the existence of that "friendly" external safety device.

    The FPGA uses a challenge-response protocol for verification. Only the external safety device knows the correct answer, so the FPGA grants access. This is a security technique that applies even when the hacker does not have access to the device.

    A similar concept applies to device identifier detection technology. Here, the FPGA has a unique identifier. The external safety device runs a security algorithm with a check code and only sends the bitstream if it matches the code on the FPGA.
  • Watermarks and Identifiers

    Watermarking and unique digital identifiers are effective ways to prevent cloning or overbuilding. The watermarks are discrete and built into the FPGA itself.

    Developers can embed these identifiers in many ways. They can occur on a behavioral, netlist, physical, or even bitstream level.

    Either way, the watermarks remove doubt about ownership, which protects your intellectual property.
  • Obfuscation

    Obfuscation is a security technique that reduces the risk of reverse engineering. The goal is to hide the functionality of a design by adding seemingly random combinational logic gates. It's a way to scramble the FPGA structure to make it even more difficult for cybercriminals to reverse engineer. It won't appear to make any sense at all.

    The structure of the bitstream file can utilize obfuscation methods, too. Thanks to bitstream obfuscation, hackers wouldn't make sense of the data even after getting their hands on it.


Designing a Secure FPGA System for Your Project

An FPGA can take your device to the next level. Whether you're making a consumer-level wearable or a medical device that's poised to save lives, this technology can make it more efficient and reliable than ever.

That said, it all starts with a secure design. FPGAs have vulnerabilities like any other device. Addressing those concerns early in the development process covers all your bases.

Turn to Voler Systems today for FPGA development, design, and programming service. We're ready to help you create a secure and functional FPGA system for your upcoming product.

New call-to-action



Do you have a question about our services, pricing, samples, resources, or anything else?

Contact Us Now

Related News

Cybersecurity Experts Hail New IoT law | Voler Systems

Cybersecurity experts are keenly aware of ongoing security issues that come with...

Read More

IoT Security: Obstacles That Continue to Challenge the Tech Industry

The Internet of Things (IoT) is quickly becoming an indispensable part of modern living....

Read More

What Are The Security Issues For IoT Devices

It is estimated that there will be more than 41 billion IoT devices by 2027. Indeed, IoT...

Read More

Interested in Learning More? Contact Us Today!