19 research outputs found
FPGA Trojans through Detecting and Weakening of Cryptographic Primitives
This paper investigates a novel attack vector against
cryptography realized on FPGAs, which poses a serious threat to
real-world applications.We demonstrate how a targeted bitstream
modification can seriously weaken cryptographic algorithms,
which we show with the examples of AES and 3DES. The attack
is performed by modifying the FPGA bitstream that configures
the hardware elements during initialization. Recently, it has
been shown that cloning of FPGA designs is feasible, even if
the bitstream is encrypted. However, due to its proprietary file
format, a meaningful modification is very challenging. While
some previous work addressed bitstream reverse-engineering,
so far it has not been evaluated how difficult it is to detect
and modify cryptographic elements. We outline two possible
practical attacks that have serious security implications. We
target the S-boxes of block ciphers that can be implemented
in look-up tables or stored as precomputed set of values in the
memory of the FPGA. We demonstrate that it is possible to
detect and apply meaningful changes to cryptographic elements
inside an unknown, proprietary and undocumented bitstream.
Our proposed attack does not require any knowledge of the
internal routing. Furthermore, we show how an AES key can
be revealed within seconds. Finally, we discuss countermeasures
that can raise the bar for an adversary to successfully perform
this kind of attack
Recommendation for a holistic secure embedded ISA extension
Embedded systems are a cornerstone of the ongoing digitization of our society, ranging from expanding markets around IoT and smart-X devices over to sensors in autonomous driving, medical equipment or critical infrastructures. Since a vast amount of embedded systems are safety-critical (e.g., due to their operation site), security is a necessity for their operation. However, unlike mobile, desktop, and server systems, where adversaries typically only act have remote access, embedded systems typically face attackers with physical access. Thus embedded system require an additional set of defense techniques, preferably leveraging hardware acceleration to minimize the impact on their stringent operation constraints. Over the last decade numerous defenses have been explored, however, they have often been analyzed in isolation.
In this work, we first systematically analyze the state of the art in defenses for both software exploitation and fault attacks on embedded systems. We then carefully design a holistic instruction set extension to augment the RISC-V instruction set architecture with instructions to deter against the threats analyzed in this work. Moreover we implement our design using the gem5 simulator system and a binary translation approach to arm software with our instruction set extension. Finally, we evaluate performance overhead on the MiBench2 benchmark suite. Our evaluation demonstrates a ROM overhead increase of 20% to defeat the aforementioned attacks
Teaching Hardware Reverse Engineering: Educational Guidelines and Practical Insights
Since underlying hardware components form the basis of trust in virtually any
computing system, security failures in hardware pose a devastating threat to
our daily lives. Hardware reverse engineering is commonly employed by security
engineers in order to identify security vulnerabilities, to detect IP
violations, or to conduct very-large-scale integration (VLSI) failure analysis.
Even though industry and the scientific community demand experts with expertise
in hardware reverse engineering, there is a lack of educational offerings, and
existing training is almost entirely unstructured and on the job. To the best
of our knowledge, we have developed the first course to systematically teach
students hardware reverse engineering based on insights from the fields of
educational research, cognitive science, and hardware security. The
contribution of our work is threefold: (1) we propose underlying educational
guidelines for practice-oriented courses which teach hardware reverse
engineering; (2) we develop such a lab course with a special focus on
gate-level netlist reverse engineering and provide the required tools to
support it; (3) we conduct an educational evaluation of our pilot course. Based
on our results, we provide valuable insights on the structure and content
necessary to design and teach future courses on hardware reverse engineering
Interdiction in Practice – Hardware Trojan Against a High-Security USB Flash Drive
As part of the revelations about the NSA activities,
the notion of interdiction has become known to the public:
the interception of deliveries to manipulate hardware in a way
that backdoors are introduced. Manipulations can occur on
the firmware or at hardware level. With respect to hardware,
FPGAs are particular interesting targets as they can be altered
by manipulating the corresponding bitstream which configures
the device. In this paper, we demonstrate the first successful
real-world FPGA hardware Trojan insertion into a commercial
product. On the target device, a FIPS-140-2 level 2 certified USB
flash drive from Kingston, the user data is encrypted using AES-256 in XTS mode, and the encryption/decryption is processed by
an off-the-shelf SRAM-based FPGA. Our investigation required
two reverse-engineering steps, related to the proprietary FPGA
bitstream and to the firmware of the underlying ARM CPU. In
our Trojan insertion scenario the targeted USB flash drive is
intercepted before being delivered to the victim. The physical
Trojan insertion requires the manipulation of the SPI flash
memory content, which contains the FPGA bitstream as well
as the ARM CPU code. The FPGA bitstream manipulation
alters the exploited AES-256 algorithm in a way that it turns
into a linear function which can be broken with 32 known
plaintext-ciphertext pairs. After the manipulated USB flash drive
has been used by the victim, the attacker is able to obtain all
user data from the ciphertexts. Our work indeed highlights the
security risks and especially the practical relevance of bitstream
modification attacks that became realistic due to FPGA bitstream
manipulations