Reversing a Lattice ECP3 FPGA for Bitstream Protection

Field programmable gate arrays are used in nearly every industry, including consumer electronics, automotive, military and aerospace, and the critical infrastructure. The reprogrammability of field programmable gate arrays, their computational power and relatively low price make them a good fit for low-volume applications that cannot justify the non-recurring engineering costs of application-specific integrated circuits. However, field programmable gate arrays have security issues that stem from the fact that their configuration files are not protected in a satisfactory manner. Although major vendors offer some sort of encryption, researchers have demonstrated that the encryption can be overcome. The security problems are a concern because field programmable gate arrays are widely used in industrial control systems across the critical infrastructure. This chapter explores the reverse engineering process of a Lattice Semiconductor ECP3 field programmable gate array configuration file in order to assist infrastructure owners and operators in recognizing and mitigating potential threats.

[1]  Alessandro Barenghi,et al.  On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs , 2011, CCS '11.

[2]  María José Moure,et al.  Features, Design Tools, and Application Domains of FPGAs , 2007, IEEE Transactions on Industrial Electronics.

[3]  Christof Paar,et al.  Physical Security Evaluation of the Bitstream Encryption Mechanism of Altera Stratix II and Stratix III FPGAs , 2015, TRETS.

[4]  Eric Monmasson,et al.  FPGAs in Industrial Control Applications , 2011, IEEE Transactions on Industrial Informatics.

[5]  Steven Trimberger,et al.  Three Ages of FPGAs: A Retrospective on the First Thirty Years of FPGA Technology , 2015, Proceedings of the IEEE.

[6]  Swarup Bhunia,et al.  Hardware trojan attacks in FPGA devices: threat analysis and effective counter measures , 2014, GLSVLSI '14.

[7]  Jean-Baptiste Note,et al.  From the bitstream to the netlist , 2008, FPGA '08.

[8]  Zied Marrakchi,et al.  Tree-based Heterogeneous FPGA Architectures: Application Specific Exploration and Optimization , 2012 .

[9]  María José Moure,et al.  Advanced Features and Industrial Applications of FPGAs—A Review , 2015, IEEE Transactions on Industrial Informatics.

[10]  George Kornaros,et al.  Dynamic Power and Thermal Management of NoC-Based Heterogeneous MPSoCs , 2014, TRETS.

[11]  Saar Drimer,et al.  Security for volatile FPGAs , 2009 .

[12]  Rajat Subhra Chakraborty,et al.  Hardware Trojan Insertion by Direct Modification of FPGA Configuration Bitstream , 2013, IEEE Design & Test.

[13]  Jonathan Rose,et al.  Measuring the Gap Between FPGAs and ASICs , 2007, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[14]  Zied Marrakchi,et al.  FPGA Architectures: An Overview , 2012 .

[15]  Qiang Wu,et al.  Deriving an NCD file from an FPGA bitstream: Methodology, architecture and evaluation , 2013, Microprocess. Microsystems.