By Dan Herway
Inline memory encryption, a cornerstone of FPGA security, protects data during transit between memory and the processor. At Idaho Scientific, we prioritize this encryption to thwart unauthorized access to sensitive information, from military data to personal finances. By integrating advanced encryption algorithms directly into FPGA technology, we bolster system security and ensure data integrity. In this article, we explore the importance, role, target audience, performance impact, and implementation of inline memory encryption.
What Is Inline Memory Encryption?
Inline memory encryption safeguards data as it moves between memory and the processor within the FPGA at the microelectronics level. This protection is crucial, whether it's shielding sensitive radar data or safeguarding personal banking details on a smartphone. Without encryption, this information is vulnerable, especially if someone gains physical access to the device. With physical access, extracting data becomes relatively simple through probing.
The process involves encryption, decryption, and authentication. When the processor retrieves data from memory, it decrypts it, ensuring its integrity. However, authentication goes a step further, verifying if the data is genuine or if it has been tampered with. To achieve this, we employ an AES encryption algorithm with GCM, known as Galva Counter Mode. This method provides a fingerprint for the data, ensuring its authenticity.
The Role of Inline Memory Encryption in FPGA
From our company's standpoint, we see our role as bridging the gap between existing attack vectors and the capabilities of FPGA technology. Xilinx, as a leading manufacturer of FPGAs, integrates security measures directly into their products. Our objective is to leverage the programmable fabric of FPGAs to enhance security further.
For instance, inline memory encryption has been a recognized vulnerability for the past decade. To address this issue, we developed a solution within the FPGA itself. The latest iteration, Telluride from Xilinx, incorporates inline memory encryption directly into the FPGA, eliminating the need for additional programmable fabric for this function. However, it's essential to note that older FPGAs predating Telluride, which constitutes billions of devices, remain vulnerable until newer versions become available around 2027.
Who Should Care About Inline Memory Encryption?
Inline Memory Encryption holds particular significance for physically-accessible systems, notably in military settings where close proximity is a concern. Additionally, it's vital in automotive environments, where accessing a vehicle physically could lead to significant disruptions. The importance extends to IoT devices, where close proximity to hardware creates vulnerabilities.
Primarily, physical proximity serves as a prerequisite for exploiting this vulnerability, though there are virtual avenues, typically involving end-day exploits. These exploits involve latent firmware embedded within the FPGA, granting escalated privileges for malicious activities. However, physical attacks remain the primary concern in most cases.
The Performance Impact of Inline Memory Encryption
Security measures inevitably impact performance, but our approach aims to minimize this trade-off. We've managed to keep the performance hit to around 7%, which, for the majority of applications, translates to a negligible impact on throughput. Overall, it's not something that should cause significant concern.
Implementing Inline Memory Encryption
If you're utilizing an FPGA, there's typically an unprotected pathway from non-volatile memory, like DDR4, to the processor housed within, such as an A72 or an R5. This vulnerability persists when fetching contents from DDR4 memory.
It's worth noting that latency and authentication are significant distinguishing factors for our solution. Unlike other inline memory encryption options that solely focus on encryption and decryption, we prioritize authentication as well.
Conclusion
Inline memory encryption stands as a vital defense mechanism in safeguarding sensitive data within FPGA systems. Idaho Scientific remains committed to advancing this encryption technology to mitigate potential vulnerabilities and uphold data integrity across various sectors, from military operations to consumer electronics. As the digital landscape evolves, our dedication to enhancing security measures ensures that critical information remains protected against unauthorized access and exploitation. With ongoing advancements and vigilance, we continue to fortify systems and maintain trust in the integrity of data transmission processes.
Author Bio
Having spent 25 years in defense, Dan Herway has worn many hats – engineer, program manager, business developer, field engineer – you name it. From designing systems to witnessing their deployment in Iraq and Afghanistan, Dan’s journey has granted him a unique perspective on the technologies we create and how they're utilized by the military.
Dan’s journey into security began at the Idaho National Lab, where he delved into industrial control systems. In 2021, Dan transitioned to Idaho Scientific, focusing heavily on embedded cybersecurity. Although Dan is an engineer at heart, his roles have varied over time. Presently, he serves as the executive vice president at Idaho Scientific, where he oversees corporate strategy, product development, and program management.
