Bitstream Fault Injections (BiFI)–Automated Fault Attacks Against SRAM-Based FPGAs

This contribution is concerned with the question whether an adversary can automatically manipulate an unknown FPGA bitstream realizing a cryptographic primitive such that the underlying secret key is revealed. In general, if an attacker has full knowledge about the bitstream structure and can make changes to the target FPGA design, she can alter the bitstream leading to key recovery. However, this requires challenging reverse-engineering steps in practice. We argue that this is a major reason why bitstream fault injection attacks have been largely neglected in the past. In this paper, we show that malicious bitstream modifications are i) much easier to conduct than commonly assumed and ii) surprisingly powerful. We introduce a novel class of bitstream fault injection (BiFI) attacks which does not require any reverse-engineering. Our attacks can be automatically mounted without any detailed knowledge about either the bitstream format or the design of the crypto primitive which is being attacked. Bitstream encryption features do not necessarily prevent our attack if the integrity of the encrypted bitstream is not carefully checked. We have successfully verified the feasibility of our attacks in practice by considering several publicly available AES designs. As target platforms, we have conducted our experiments on Spartan-6 and Virtex-5 Xilinx FPGAs.

[1]  Alessandro Barenghi,et al.  On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs , 2011, CCS '11.

[2]  Régis Leveugle,et al.  Glitch and Laser Fault Attacks onto a Secure AES Implementation on a SRAM-Based FPGA , 2011, Journal of Cryptology.

[3]  Ingrid Verbauwhede,et al.  The Fault Attack Jungle - A Classification Model to Guide You , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[4]  Sorin A. Huss,et al.  Bil: A tool-chain for bitstream reverse-engineering , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[5]  Christof Paar,et al.  Physical Security Evaluation of the Bitstream Encryption Mechanism of Altera Stratix II and Stratix III FPGAs , 2015, TRETS.

[6]  Berk Sunar,et al.  Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults , 2008, IEEE Transactions on Computers.

[7]  Jason Moore,et al.  Authenticated encryption for FPGA bitstreams , 2011, FPGA '11.

[8]  Jean-Pierre Seifert,et al.  Simple photonic emission analysis of AES , 2013, Journal of Cryptographic Engineering.

[9]  Christof Paar,et al.  FPGA Trojans Through Detecting and Weakening of Cryptographic Primitives , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[10]  Saar Drimer,et al.  Volatile FPGA design security { a survey , 2008 .

[11]  Santiago Sánchez-Solano,et al.  AES T-Box tampering attack , 2015, Journal of Cryptographic Engineering.

[12]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[13]  Christof Paar,et al.  Interdiction in practice—Hardware Trojan against a high-security USB flash drive , 2016, Journal of Cryptographic Engineering.

[14]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[15]  Tim Kerins,et al.  A Cautionary Note on Weak Implementations of Block Ciphers , 2006 .

[16]  B. Preneel,et al.  Electromagnetic Analysis Attack on an FPGA Implementation of an Elliptic Curve Cryptosystem , 2005, EUROCON 2005 - The International Conference on "Computer as a Tool".

[17]  Amir Moradi,et al.  Improved Side-Channel Analysis Attacks on Xilinx Bitstream Encryption of 5, 6, and 7 Series , 2016, COSADE.

[18]  Qiang Wu,et al.  Deriving an NCD file from an FPGA bitstream: Methodology, architecture and evaluation , 2013, Microprocess. Microsystems.

[19]  Stefan Mangard,et al.  Protecting the Control Flow of Embedded Processors against Fault Attacks , 2015, CARDIS.

[20]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[21]  Stephen M. Trimberger,et al.  FPGA Security: Motivations, Features, and Applications , 2014, Proceedings of the IEEE.

[22]  Jean-Baptiste Note,et al.  From the bitstream to the netlist , 2008, FPGA '08.

[23]  Christof Paar,et al.  Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering , 2013, FPGA '13.

[24]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[25]  Christof Paar,et al.  Black-Box Side-Channel Attacks Highlight the Importance of Countermeasures - An Analysis of the Xilinx Virtex-4 and Virtex-5 Bitstream Encryption Mechanism , 2012, CT-RSA.

[26]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[27]  Jürgen Teich,et al.  Identifying FPGA IP-Cores Based on Lookup Table Content Analysis , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[28]  Michael Tunstall,et al.  Round Reduction Using Faults , 2005 .