A Key Management Architecture for Securing Off-Chip Data Transfers

Data security is becoming ever more important in embedded and portable electronic devices. The sophistication of the malicious techniques used by attackers is amazingly advanced. Defensive measures for protecting a device must be even more sophisticated and robust. This paper presents an architecture that manages cryptographic keys for a secure memory interface on an FPGA. The architecture includes functional units that serve to authenticate a user, create a key with multiple layers of security, and encrypt an external memory interface using that key. Cryptographic methods built into the system include an RSA-related secure key exchange, the Secure Hash Algorithm, a certificate storage system, and the Data Encryption Standard algorithm in counter mode.