FPGA Bitstream Modification with Interconnect in Mind

Hardware and Architectural Support for Security and Privacy Pub Date : 2020-10-17 DOI:10.1145/3458903.3458908

M. Moraitis, E. Dubrova

{"title":"FPGA Bitstream Modification with Interconnect in Mind","authors":"M. Moraitis, E. Dubrova","doi":"10.1145/3458903.3458908","DOIUrl":null,"url":null,"abstract":"Bitstream reverse engineering is traditionally associated with Intellectual Property (IP) theft. Another, less known, threat deriving from that is bitstream modification attacks. It has been shown that the secret key can be extracted from FPGA implementations of cryptographic algorithms by injecting faults directly into the bitstream. Such bitstream modification attacks rely on changing the content of Look Up Tables (LUTs). Therefore, related countermeasures aim to make the task of identifying a LUT more difficult (e.g. by masking LUT content). However, recent advances in FPGA reverse engineering revealed information on how interconnects are encoded in the bitstream of Xilinx 7 series FPGAs. In this paper, we show that this knowledge can be used to break or weaken existing countermeasures, as well as improve existing attacks. Furthermore, a straightforward attack that re-routes the key to an output pin becomes possible. We demonstrate our claims on an FPGA implementation of SNOW 3G stream cipher, a core algorithm for confidentiality and integrity used in several 3GPP wireless communication standards, including the new Next Generation 5G.","PeriodicalId":141766,"journal":{"name":"Hardware and Architectural Support for Security and Privacy","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Hardware and Architectural Support for Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3458903.3458908","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Bitstream reverse engineering is traditionally associated with Intellectual Property (IP) theft. Another, less known, threat deriving from that is bitstream modification attacks. It has been shown that the secret key can be extracted from FPGA implementations of cryptographic algorithms by injecting faults directly into the bitstream. Such bitstream modification attacks rely on changing the content of Look Up Tables (LUTs). Therefore, related countermeasures aim to make the task of identifying a LUT more difficult (e.g. by masking LUT content). However, recent advances in FPGA reverse engineering revealed information on how interconnects are encoded in the bitstream of Xilinx 7 series FPGAs. In this paper, we show that this knowledge can be used to break or weaken existing countermeasures, as well as improve existing attacks. Furthermore, a straightforward attack that re-routes the key to an output pin becomes possible. We demonstrate our claims on an FPGA implementation of SNOW 3G stream cipher, a core algorithm for confidentiality and integrity used in several 3GPP wireless communication standards, including the new Next Generation 5G.

查看原文本刊更多论文

考虑互连的FPGA位流修改

传统上，比特流逆向工程与知识产权(IP)盗窃有关。另一个鲜为人知的威胁来自于比特流修改攻击。研究表明，通过将错误直接注入比特流，可以从FPGA实现的加密算法中提取密钥。这种比特流修改攻击依赖于更改查找表(lut)的内容。因此，相关的对策旨在使识别LUT的任务更加困难(例如，通过屏蔽LUT内容)。然而，FPGA逆向工程的最新进展揭示了互连如何在Xilinx 7系列FPGA的比特流中编码的信息。在本文中，我们证明了这些知识可以用来打破或削弱现有的对策，以及改进现有的攻击。此外，将密钥重新路由到输出引脚的直接攻击成为可能。我们在SNOW 3G流密码的FPGA实现上展示了我们的主张，这是一种用于多种3GPP无线通信标准(包括新的下一代5G)的机密性和完整性核心算法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Hardware and Architectural Support for Security and Privacy

自引率

0.00%

发文量