Bitstream Fault Injections (BiFI)-Automated Fault Attacks Against SRAM-Based FPGAs

Bitstream Fault Injections (BiFI)-Automated Fault Attacks Against SRAM-Based FPGAs

This contribution is concerned with the question whether an adversary can automatically manipulate an unknown FPGA bitstream realizing a cryptographic primitive such that the underlying secret key is revealed. In general, if an attacker has full knowledge about the bitstream structure and can make c...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on computers Vol. 67; no. 3; pp. 348 - 360
Main Authors: Swierczynski, Pawel, Becker, Georg T., Moradi, Amir, Paar, Christof
Format: Journal Article
Language:English
Published: New York IEEE 01-03-2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
AES
automated key recovery
bitstream encryption vulnerability
bitstream fault injection
Circuit faults
Cryptography
Encryption
Field programmable gate arrays
FPGA security
Hardware
Table lookup
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This contribution is concerned with the question whether an adversary can automatically manipulate an unknown FPGA bitstream realizing a cryptographic primitive such that the underlying secret key is revealed. In general, if an attacker has full knowledge about the bitstream structure and can make changes to the target FPGA design, she can alter the bitstream leading to key recovery. However, this requires challenging reverse-engineering steps in practice. We argue that this is a major reason why bitstream fault injection attacks have been largely neglected in the past. In this paper, we show that malicious bitstream modifications are i) much easier to conduct than commonly assumed and ii) surprisingly powerful. We introduce a novel class of bitstream fault injection (BiFI) attacks which does not require any reverse-engineering. Our attacks can be automatically mounted without any detailed knowledge about either the bitstream format or the design of the crypto primitive which is being attacked. Bitstream encryption features do not necessarily prevent our attack if the integrity of the encrypted bitstream is not carefully checked. We have successfully verified the feasibility of our attacks in practice by considering several publicly available AES designs. As target platforms, we have conducted our experiments on Spartan-6 and Virtex-5 Xilinx FPGAs.
ISSN:0018-9340
1557-9956
DOI:10.1109/TC.2016.2646367