Design security solutions
In order to ensure that an FPGA-enabled system is adequately secure, there are a number of security-related components that must be considered when designing a system. Just like the links of a chain, each of these components is important - the failure of any of them will break the "security chain" and will leave a system vulnerable and open to attacks.
Xilinx has made significant investments in the area of FPGA security. It is important to note that security does not end at the FPGA device; it must always be a part of an overall system-level security solution. In general, for an overall secure system solution the following areas of concern must be addressed:
By taking advantage of various Xilinx FPGA AT features, a systems engineer can choose how much AT to include with the FPGA design. AT can be in the form of enabling individual silicon AT features or a combination of these AT features to cover three main AT categories:
- Prevention – For example, bitstream encryption and authentication
- Detection – For example, voltage and temperature monitoring
- Response – For example, bitstream BBRAM decryption key erasure penalty
The ability to control system failure modes through fault-tolerant design requires an implementation methodology that ensures fault propagation can be controlled. Xilinx Isolation Design Flow (IDF) provides fault containment at the FPGA module level, enabling single-chip fault tolerance by various techniques including:
- Modular redundancy
- Watchdog alarms
- Segregation by safety level
- Isolation of test logic for safe removal
Xilinx algorithm implementations have achieved Algorithm Validation Program (CAVP) certification.
The foundation of security is to ensure that only the true and intended devices, software, firmware, and IP used in the systems do only what they are designed to do and nothing more. Xilinx actively evaluates and monitors open standards such as NIST Standard 800-161 and 5200.44 to meet and exceed these documented specifications.
To learn more about Xilinx innovations for Industrial IoT Security, read Implementing Power-Fingerprinting Cybersecurity Using Zynq SoCs.
Smarter factories, cities, medical, and energy
Industrial Internet of Things (IIoT) is driving the fourth wave of the industrial revolution. It is dramatically altering manufacturing, energy, transportation, medical, cities, and other industrial sectors. IIoT is happening now and with very tangible, measurable business impact—it enables companies to collect, aggregate, and analyze data from sensors to maximize the efficiency of machines and the throughput of an entire operation. The pervasiveness of this paradigm demands real-time analytics with smarter functionality at the factory endpoints and gateways with secure connectivity. The combination of these elements enable smarter cities and factories, smarter power grids, more efficient transportation and remote diagnostics with predictive maintenance.
Only Xilinx provides a flexible and scalable standards-based solution that combines software programmability and hardware optimization. With real-time processing for high precision motion and motor control, sensor fusion for predictive analytics, and any-to-any connectivity with single chip security and functional safety, Xilinx Programmable SoCs are the ideal platform optimized for Industrial IoT systems. Xilinx, SDSoC™, SDAccel™ and Vivado® High-Level Synthesis enable customers to quickly develop their smarter, connected, and differentiated applications.
- White Paper: Embedding Security in the Internet of Things
- Industrial Internet Consortium – Security Claims Evaluation Tested
- White Paper: Xilinx Reduces Risk and Increases Efficiency for IEC61508 and ISO26262 Certified Safety Applications
- White Paper: Using Xilinx Devices to Solve Challenges in Industrial Applications
- Product Brief: Xilinx Machine Vision Solutions
The Critical Need for Device Security in the IoT
Protecting your data and devices begins with encryption. This process ensures privacy, authenticity and security in communication. This overview provides you with the information you need to understand the various device-level encryption options.