27

A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs

 5 years ago
source link: https://www.usenix.org/conference/usenixsecurity20/presentation/ender
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Authors: 

Maik Ender and Amir Moradi, Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany; Christof Paar, Max Planck Institute for Cyber Security and Privacy and Horst Goertz Institute for IT Security, Ruhr University Bochum, Germany

Abstract: 

The security of FPGAs is a crucial topic, as any vulnerability within the hardware can have severe consequences, if they are used in a secure design. Since FPGA designs are encoded in a bitstream, securing the bitstream is of the utmost importance. Adversaries have many motivations to recover and manipulate the bitstream, including design cloning, IP theft, manipulation of the design, or design subversions e.g., through hardware Trojans. Given that FPGAs are often part of cyber-physical systems e.g., in aviation, medical, or industrial devices, this can even lead to physical harm. Consequently, vendors have introduced bitstream encryption, offering authenticity and confidentiality. Even though attacks against bitstream encryption have been proposed in the past, e.g., side-channel analysis and probing, these attacks require sophisticated equipment and considerable technical expertise.

In this paper, we introduce novel low-cost attacks against the Xilinx 7-Series (and Virtex-6) bitstream encryption, resulting in the total loss of authenticity and confidentiality. We exploit a design flaw which piecewise leaks the decrypted bitstream. In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely. In addition to the attacks, we discuss several countermeasures.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone.Support USENIX and our commitment to Open Access.

BibTeX

@inproceedings {251534,

title = {The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs},

booktitle = {29th {USENIX} Security Symposium ({USENIX} Security 20)},

year = {2020},

address = {Boston, MA},

url = {https://www.usenix.org/conference/usenixsecurity20/presentation/ender},

publisher = {{USENIX} Association},

month = aug,

}

Download

3emAneB.png!webEnder Paper (Prepublication) PDF


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK