FPGA Trojans Through Detecting and Weakening of Cryptographic Primitives

This paper investigates a novel attack vector against cryptography realized on FPGAs, which poses a serious threat to real-world applications. We demonstrate how a targeted bitstream modification can seriously weaken cryptographic algorithms, which we show with the examples of AES and 3-DES. The att...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on computer-aided design of integrated circuits and systems Vol. 34; no. 8; pp. 1236 - 1249
Main Authors Swierczynski, Pawel, Fyrbiak, Marc, Koppe, Philipp, Paar, Christof
Format Journal Article
LanguageEnglish
Published New York IEEE 01.08.2015
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Advanced Encryption Standard (AES)
bitstream manipulation
Blocking
Boolean functions
Cryptography
data Encryption Standard (DES)
Design engineering
Field programmable gate arrays
field Programmable Gate Arrays (FPGAs)
Hardware
hardware security
Indexes
Mathematical analysis
Multiplexing
reverse-engineering
Table lookup
Tables
Three dimensional
Trojans
hardware security
data Encryption Standard (DES)
Advanced Encryption Standard (AES)
reverse-engineering
field Programmable Gate Arrays (FPGAs)
bitstream manipulation
Trojans
Online AccessGet full text

Cover

More Information
Summary:This paper investigates a novel attack vector against cryptography realized on FPGAs, which poses a serious threat to real-world applications. We demonstrate how a targeted bitstream modification can seriously weaken cryptographic algorithms, which we show with the examples of AES and 3-DES. The attack is performed by modifying the FPGA bitstream that configures the hardware elements during initialization. Recently, it has been shown that cloning of FPGA designs is feasible, even if the bitstream is encrypted. However, due to its proprietary file format, a meaningful modification is challenging. While some previous work addressed bitstream reverse-engineering, so far it has not been evaluated how difficult it is to detect and modify cryptographic elements. We outline two possible practical attacks that have serious security implications. We target the S-boxes of block ciphers that can be implemented in look-up tables or stored as precomputed set of values in the memory of the FPGA. We demonstrate that it is possible to detect and apply meaningful changes to cryptographic elements inside an unknown, proprietary, and undocumented bitstream. Our proposed attack does not require any knowledge of the internal routing. Furthermore, we show how an AES key can be revealed within seconds. Finally, we discuss countermeasures that can raise the bar for an adversary to successfully perform this kind of attack.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:0278-0070
1937-4151
DOI:10.1109/TCAD.2015.2399455