Targeted Bitstream Fault Fuzzing Accelerating BiFI on Large Designs

Abstract

Fault injection attacks are a powerful instrument in an attacker’s toolbox to extract secret keys from cryptographic primitives. Generally, detailed information about the implementation and platform is needed to conduct such an attack in a meaningful fashion. With Bitstream Fault Injection (BiFI), Swierczynski et al. demonstrated that even without any prior knowledge, an adversary could use bitstream faults to disclose the secret key of cryptographic implementations on FPGAs. With a brute-force strategy, an extensive set of faulty bitstreams is generated by manipulating the FPGA’s LUTs, some of which enable the adversary to attack the design successfully. The drawback of BiFI is that its runtime scales with the design size because of aforementioned brute-force approach. Hence, it can be prohibitively slow, e.g., months, for large state-of-the-art FPGAs.In this work, we present Targeted Bitstream Fault Fuzzing (TBFF), which accelerates BiFI by identifying candidates of vulnerable LUTs using automated netlist reverse-engineering algorithms. Hence, the goal of TBFF is to combine the best of both worlds: TBFF automatically identifies small but crucial structures that are part of most cryptographic primitives, such as counters, done signals, or SBoxes. Introducing faults in these structures often instantly results in faulty behavior that can be exploited to recover the secret key. As a result, instead of brute-forcing, only a few targeted bitstream manipulations are needed to recover the secret key with the marginal overhead of identifying the relevant areas. Extrapolating this result for large-scale designs, TBFF can be conducted in minutes compared to months using the previous brute-force approach. In various case studies, we demonstrate the efficacy of our attack by attacking several AES designs.