Board / Blade Authentication
In many defense and aerospace systems, large expensive FPGA devices with dense Ball Grid Arrays are used, often with 1000+ pins. To the extent that the binding between BGA device and underlying printed circuit board remains intact, authenticating FPGA silicon is an excellent proxy for authenticating the underlying board. This method, for example, can be used to aid authentication of networking or telecom plug-in cards, to prevent counterfeiting of these products (Fig 3).

3. Board / Blade authentication.

Deployment of Keyed Applications
Currently, in devices such as Xilinx Virtex-4 and Virtex-5 FPGAs, there exists a battery-backed key capability that is used to store a Bitstream decryption key. This key cannot be accessed from the programmable fabric. By incorporating Soft PUFs into these devices, system designer can now deploy cryptographic keys/seeds on FPGAs. For example, a single encrypted Bitstream can be deployed across thousands of FPGA devices, with each device producing chip-unique keys.

4. Deployment of keyed applications on FPGAs using Soft PUFs.
(Click this image to view a larger, more detailed version)

Other Application Ideas
Two more application ideas are as follows, but readers will doubtless think of many more possibilities:

• Features Rights Management: Different features in FPGA-based system can be activated, with activation rights anchored to the particular FPGA silicon die. Items activated include software/firmware running on FPGA-based systems; different modules or features within the software/firmware; or remote commands that are directed for a particular FPGA-based system. This is more secure than traditional anchoring methods such as use of USB dongle, MAC addresses, or similar technologies. 
   
• Detection of Cloning or Overbuilding of FPGA Silicon: Soft PUFs can be used to secure supply chain of commodity FPGA Silicon. They can be used, for example, to make sure that FPGAs purchased through distributors or secondary markets are in fact authentic.

Conclusions
When "platform" features such as high speed serial I/Os, DSP engines, and support for Bitstream encryption were introduced in FPGAs, system designers began to think about FPGAs in different ways, for use in areas traditionally relegated to ASICs and ASSPs.

Similarly, in the case of Soft PUFs, system designers have a new primitive to increase application space of FPGA-based designs. By having the ability to authenticate FPGAs at the device level, and the ability to store "volatile" keys in these devices, FPGAs have the potential to permeate into entire new application realms.

About Verayo: Verayo was founded in Silicon Valley in 2005. The company is focused on building security and authentication solutions based on Silicon Physical Unclonable Function (PUF) technology, which was invented and first implemented at MIT by Prof. Srini Devadas and his team.

Since its founding, the Verayo team has designed, built, and tested ICs using PUFs and built-up a growing body of additional IP and substantive know-how beyond the initial IP that Verayo licensed exclusively from MIT. In addition to developing commercial products, the company is working on projects for various U.S. Defense Agencies.

Mandel Yu is a Sr. Design Engineer at Verayo (www.verayo.com), and is a technical lead in the development of PUF-based intellectual property for ASICs and FPGAs.

Mandel has over 10 years of industry experience where he designed complex signal processing systems using ASICs, FPGAs, and embedded processors. He holds two US patents in signal processing and has held management, engineering, and research roles at TSI, Zoran, Oak Technologies, TeraLogic, Sprint Advanced Technology Labs, and Stanford Center for Telecommunications. Mandel holds BSEE and MSEE degrees from Stanford University, where he was a Mayfield Fellow. He can be reached at myu@verayo.com.