Configuration Tampering of BRAM-based AES Implementations on FPGAs

Fault injection attacks constitute a major attack vector on cryptographic implementations, such as the Advanced Encryption Standard (AES). On Field Programmable Gate Arrays (FPGAs), the circuit can be altered by tampering the configuration data and thereby causing a desired faulty execution that leaks information about the secret key. Often it is not even necessary to conduct extensive reverse engineering of the propriety bitstream file format. In this paper, we present a novel strategy to recover the secret AES key by exploiting the properties of the FPGA’s memory elements called Block RAM (BRAM) that are often used to store the Rijndael S-boxes. The attack can be performed by a single reconfiguration with a faulty bitstream without any knowledge of either design properties or plaintext input. The advantage of our approach is that this attack works also with encrypted bitstreams. However, our experiments show that the number of reconfigurations might increase in this case.

[1]  Tim Kerins,et al.  A Cautionary Note on Weak Implementations of Block Ciphers , 2006 .

[2]  Sylvain Guilley,et al.  From cryptography to hardware: analyzing and protecting embedded Xilinx BRAM for cryptographic applications , 2013, Journal of Cryptographic Engineering.

[3]  Debdeep Mukhopadhyay,et al.  Fault Attacks on AES and Their Countermeasures , 2016 .

[4]  Jens-Peter Kaps,et al.  Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs , 2010, 2010 International Conference on Reconfigurable Computing and FPGAs.

[5]  Santiago Sánchez-Solano,et al.  AES T-Box tampering attack , 2015, Journal of Cryptographic Engineering.

[6]  Jason Moore,et al.  Authenticated encryption for FPGA bitstreams , 2011, FPGA '11.

[7]  Christof Paar,et al.  FPGA Trojans Through Detecting and Weakening of Cryptographic Primitives , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[8]  James F. Dray,et al.  Advanced Encryption Standard (AES) , 2001 .

[9]  Christof Paar,et al.  Bitstream Fault Injections (BiFI)–Automated Fault Attacks Against SRAM-Based FPGAs , 2018, IEEE Transactions on Computers.