Insights into the Mind of a Trojan Designer: The Challenge to Integrate a Trojan into the Bitstream

The threat of inserting hardware Trojans during the design, production, or in-field poses a danger for integrated circuits in real-world applications. A particular critical case of hardware Trojans is the malicious manipulation of third-party FPGA configurations. In addition to attack vectors during the design process, FPGAs can be infiltrated in a non-invasive manner after shipment through alterations of the bitstream. First, we present an improved methodology for bitstream file format reversing. Second, we introduce a novel idea for Trojan insertion

FPGA Trojans through Detecting and Weakening of Cryptographic Primitives

This paper investigates a novel attack vector against cryptography realized on FPGAs, which poses a serious threat to real-world applications.We demonstrate how a targeted bitstream modification can seriously weaken cryptographic algorithms, which we show with the examples of AES and 3DES. The attack is performed by modifying the FPGA bitstream that configures the hardware elements during initialization. Recently, it has been shown that cloning of FPGA designs is feasible, even if the bitstream is encrypted. However, due to its proprietary file format, a meaningful modification is very challenging. While some previous work addressed bitstream reverse-engineering, so far it has not been evaluated how difficult it is to detect and modify cryptographic elements. We outline two possible practical attacks that have serious security implications. We target the S-boxes of block ciphers that can be implemented in look-up tables or stored as precomputed set of values in the memory of the FPGA. We demonstrate that it is possible to detect and apply meaningful changes to cryptographic elements inside an unknown, proprietary and undocumented bitstream. Our proposed attack does not require any knowledge of the internal routing. Furthermore, we show how an AES key can be revealed within seconds. Finally, we discuss countermeasures that can raise the bar for an adversary to successfully perform this kind of attack

Bitstream Fault Injections (BiFI) – Automated Fault Attacks against SRAM-based FPGAs

This contribution is concerned with the question whether an adversary can automatically manipulate an unknown FPGA bitstream realizing a cryptographic primitive such that the underlying secret key is revealed. In general, if an attacker has full knowledge about the bitstream structure and can make changes to the target FPGA design, she can alter the bitstream leading to key recovery. However, this requires challenging reverse-engineering steps in practice. We argue that this is a major reason why bitstream fault injection attacks have been largely neglected in the past. In this paper, we show that malicious bitstream modifications are i) much easier to conduct than commonly assumed and ii) surprisingly powerful. We introduce a novel class of bitstream fault injection (BiFI) attacks which does not require any reverse-engineering. Our attacks can be automatically mounted without any detailed knowledge about either the bitstream format of the design or the crypto primitive which is being attacked. Bitstream encryption features do not necessarily prevent our attack if the integrity of the encrypted bitstream is not carefully checked. We have successfully verified the feasibility of our attacks in practice by considering several publicly available AES designs. As target platforms, we have conducted our experiments on Spartan-6 and Virtex-5 Xilinx FPGAs

Interdiction in Practice – Hardware Trojan Against a High-Security USB Flash Drive

As part of the revelations about the NSA activities, the notion of interdiction has become known to the public: the interception of deliveries to manipulate hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hardware level. With respect to hardware, FPGAs are particular interesting targets as they can be altered by manipulating the corresponding bitstream which configures the device. In this paper, we demonstrate the first successful real-world FPGA hardware Trojan insertion into a commercial product. On the target device, a FIPS-140-2 level 2 certified USB flash drive from Kingston, the user data is encrypted using AES-256 in XTS mode, and the encryption/decryption is processed by an off-the-shelf SRAM-based FPGA. Our investigation required two reverse-engineering steps, related to the proprietary FPGA bitstream and to the firmware of the underlying ARM CPU. In our Trojan insertion scenario the targeted USB flash drive is intercepted before being delivered to the victim. The physical Trojan insertion requires the manipulation of the SPI flash memory content, which contains the FPGA bitstream as well as the ARM CPU code. The FPGA bitstream manipulation alters the exploited AES-256 algorithm in a way that it turns into a linear function which can be broken with 32 known plaintext-ciphertext pairs. After the manipulated USB flash drive has been used by the victim, the attacker is able to obtain all user data from the ciphertexts. Our work indeed highlights the security risks and especially the practical relevance of bitstream modification attacks that became realistic due to FPGA bitstream manipulations

HAL — The Missing Piece of the Puzzle for Hardware Reverse Engineering, Trojan Detection and Insertion

Hardware manipulations pose a serious threat to numerous systems, ranging from a myriad of smart-X devices to military systems. In many attack scenarios an adversary merely has access to the low-level, potentially obfuscated gate-level netlist. In general, the attacker possesses minimal information and faces the costly and time-consuming task of reverse engineering the design to identify security-critical circuitry, followed by the insertion of a meaningful hardware Trojan. These challenges have been considered only in passing by the research community. The contribution of this work is threefold: First, we present HAL, a comprehensive reverse engineering and manipulation framework for gate-level netlists. HAL allows automating defensive design analysis (e.g., including arbitrary Trojan detection algorithms with minimal effort) as well as offensive reverse engineering and targeted logic insertion. Second, we present a novel static analysis Trojan detection technique ANGEL which considerably reduces the false-positive detection rate of the detection technique FANCI. Furthermore, we demonstrate that ANGEL is capable of automatically detecting Trojans obfuscated with DeTrust. Third, we demonstrate how a malicious party can semi-automatically inject hardware Trojans into third-party designs. We present reverse engineering algorithms to disarm and trick cryptographic self-tests, and subtly leak cryptographic keys without any a priori knowledge of the design’s internal workings

Proteomic Modeling for HIV-1 Infected Microglia-Astrocyte Crosstalk

Background: HIV-1-infected and immune competent brain mononuclear phagocytes (MP; macrophages and microglia) secrete cellular and viral toxins that affect neuronal damage during advanced disease. In contrast, astrocytes can affect disease by modulating the nervous system’s microenvironment. Interestingly, little is known how astrocytes communicate with MP to influence disease. Methods and Findings: MP-astrocyte crosstalk was investigated by a proteomic platform analysis using vesicular stomatitis virus pseudotyped HIV infected murine microglia. The microglial-astrocyte dialogue was significant and affected microglial cytoskeleton by modulation of cell death and migratory pathways. These were mediated, in part, through F-actin polymerization and filament formation. Astrocyte secretions attenuated HIV-1 infected microglia neurotoxicity and viral growth linked to the regulation of reactive oxygen species. Conclusions: These observations provide unique insights into glial crosstalk during disease by supporting astrocytemediated regulation of microglial function and its influence on the onset and progression of neuroAIDS. The results open new insights into previously undisclosed pathogenic mechanisms and open the potential for biomarker discovery an

Bitstream-based attacks against reconfigurable hardware

In den letzten drei Jahrzehnten haben sich FPGAs zu fortgeschrittenen re-programmierbaren Hardwarebausteinen entwickelt und wurden zu elementaren Komponenten für zahlreiche Informations- und Kommunikationssysteme. SRAM-basierte FPGAs werden in Anwendungen wie der Luft- und Raumfahrt, dem Gesundheitswesen, dem Militärbereich, der Automobilindustrie und in Computernetzwerken sowie Datenzentren genutzt. Viele Anwendungen sind sicherheitskritisch und benötigen deshalb kryptographische Operationen beispielsweise zur Generierung von Zufallszahlen, zum Schlüsselaustausch oder zur Verschlüsselung von Daten. In der Praxis werden kryptographische Schaltkreise durch proprietäre Bitstreams kodiert, welche für Angreifer häufig zugänglich sind, da diese extern über einen Konfigurationsbus übertragen und somit abgefangen bzw. ausgelesen werden können. Diese Arbeit zeigt auf, dass es einem Angreifer möglich ist kryptographische Hardwarekonfigurationen durch Bitstreammanipulationen zu kompromittieren

Physical security evaluation of the bitstream encryption mechanism of altera stratix II and stratix III FPGAs

To protect Field-Programmable Gate Array (FPGA) designs against Intellectual Property (IP) theft and related issues such as product cloning, all major FPGA manufacturers offer a mechanism to encrypt the bitstream that is used to configure the FPGA. From a mathematical point of view, the employed encryption algorithms (e.g., Advanced Encryption Standard (AES) or 3DES) are highly secure. However, it has been shown that the bitstream encryption feature of several FPGA families is susceptible to side-channel attacks based on measuring the power consumption of the cryptographic module. In this article, we present the first successful attack on the bitstream encryption of the Altera Stratix II and Stratix III FPGA families. To this end, we analyzed the Quartus II software and reverse engineered the details of the proprietary and unpublished schemes used for bitstream encryption on Stratix II and Stratix III. Using this knowledge, we demonstrate that the full 128-bit AES key of a Stratix II as well as the full 256-bit AES key of a Stratix III can be recovered by means of side-channel attacks. In both cases, the attack can be conducted in a few hours. The complete bitstream of these FPGAs that are (seemingly) protected by the bitstream encryption feature can hence fall into the hands of a competitor or criminal—possibly implying system-wide damage if confidential information such as proprietary encryption schemes or secret keys programmed into the FPGA are extracted. In addition to lost IP, reprogramming the attacked FPGA with modified code, for instance, to secretly plant a hardware Trojan, is a particularly dangerous scenario for many security-critical applications.</jats:p

Protecting against Cryptographic Trojans in FPGAs

International audienceIn contrast to ASICs, hardware Trojans can potentially be injected into FPGA designs post-manufacturing by bit-stream alteration. Hardware Trojans which target cryptographic primitives are particularly interesting for an adversary because a weakened primitive can lead to a complete loss of system security. One problem an attacker has to overcome is the identification of cryptographic primitives in a large bitstream with unknown semantics. As the first contribution, we demonstrate that AES can be algorithmically identified in a look-up table-level design for a variety of implementation styles. Our graph-based approach considers AES implementations which are created using several synthesis and technology mapping options. As the second contribution , we present and discuss the drawbacks of a dynamic obfuscation countermeasure which allows for the configuration of certain crucial parts of a cryptographic primitive after the algorithm has been loaded into the FPGA. As a result, reverse-engineering and modifying a primitive in the bitstream is more challenging