Fault attack on AES via hardware Trojan insertion by dynamic partial reconfiguration of FPGA over ethernet

Johnson, Anju P.; Saha, Soumen; Chakraborty, Rajat Subhra; Mukhopadhyay, Debdeep; Gören, Sezer

doi:10.1145/2668322.2668323

Cited by 23 publications

(17 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [19], the authors have designed a Trojan on a Basys FPGA board which gets triggered depending upon the "content and timing" of the signals. On the other hand, authors in [20] have designed a hardware Trojan which can be deployed on the FPGA via dynamic partial reconfiguration to induce faults in an AES circuitry for differential fault analysis.…”

Section: Destructive Applications Of Rlutmentioning

confidence: 99%

The Conflicted Usage of RLUTs for Security-Critical Applications on FPGA

et al. 2018

Self Cite

View full text Add to dashboard Cite

Modern field programmable gate arrays (FPGAs) have evolved significantly in recent years and have found applications in various fields like cryptography, defense, aerospace, and many more. The integration of FPGA with highly efficient modules like DSP and block RAMs has increased the performance of FPGA significantly. This paper addresses the lesser explored feature of modern FPGA called as reconfigurable LUT (RLUT) whose content can be updated internally, even during runtime. We describe the basic functionality of RLUT and discuss its potential applications for security from both destructive and constructive point of view, highlighting the conflicted usage of RLUTs. Several use cases exploiting RLUT feature in security-critical scenarios (physical attacks related in particular) are studied in detail. The paper proposes design of stealthy hardware Trojans having zero payload overhead to highlight destructive applications which can be built using hardware Trojans. On the other hand, this paper also highlights several constructive applications based on RLUT features, starting from lightweight side-channel countermeasures to kill switch to prevent the FPGA hardware from environmental hazards and malicious attack attempts.

show abstract

Section: Destructive Applications Of Rlutmentioning

confidence: 99%

The Conflicted Usage of RLUTs for Security-Critical Applications on FPGA

et al. 2018

Self Cite

View full text Add to dashboard Cite

show abstract

“…The other important aspect of our target architecture is the management of the data (both DPR and cryptographic) that is transferred to the FPGA via the Ethernet API controller. A popular choice is the open-source Simple Interface for Reconfigurable Computing (SIRC) platform [13,9,10]. SIRC consists of both software and synthesizable hardware components and facilitates the seamless transfer of arbitrary data to an FPGA via high-level C++ API calls.…”

Section: Remote Dpr Enabled Iot Architecturementioning

confidence: 99%

“…The HTH can be remotely triggered using DPR to maliciously alter the working of the cryptographic circuit on the fly, without the need for any dedicated conditional trigger circuit to be present on the FPGA. This reduces the attack overhead, makes the attack model more practical, efficient and challenging to debug and defend against [9,10]. In this paper, we focus on two such instances of remote Trojan insertion that remotely configure the output of the DCM to compromise the security of cryptographic modules:…”

Section: Exploitation Of Dpr For Remote Hth Insertionmentioning

confidence: 99%

“…cryptographic hashes) of possible hardware modifications to the system after successful passing of the design through HTH validations mechanisms. Any attempted DPR is allowed to modify the hardware if the signature of the partial bitstream matches with any of the pre-stored values [9].…”

Section: Countermeasures Against the Proposed Attackmentioning

confidence: 99%

“…This survey also says that "The IoT is and will be a great security challenge and an opportunity for new ways of thinking about ecologies of security". To the best of our knowledge, the idea of using remote DPR for inserting Hardware Trojan Horse (HTH) was first reported in [9]. This work implants an add-on HTH remotely via DPR by transferring bitstreams corresponding to a malicious HTH.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Remote dynamic partial reconfiguration: A threat to Internet-of-Things and embedded security applications

Johnson

Patranabis

Chakraborty

et al. 2017

Microprocessors and Microsystems

Self Cite

View full text Add to dashboard Cite

The advent of the Internet of Things has motivated the use of Field Programmable Gate Array (FPGA) devices with Dynamic Partial Reconfiguration (DPR) capabilities for dynamic non-invasive modifications to circuits implemented on the FPGA. In particular, the ability to perform DPR over the network is essential in the context of a growing number of Internet of Things (IoT)-based and embedded security applications. However, the use of remote DPR brings with it a number of security threats that could lead to potentially catastrophic consequences in practical scenarios. In this paper, we demonstrate four examples where the remote DPR capability of the FPGA may be exploited by an adversary to launch Hardware Trojan Horse (HTH) attacks on commonly used security applications. We substantiate the threat by demonstrating remotely-launched attacks on Xilinx FPGA-based hardware implementations of a cryptographic algorithm, a true random number generator, and two processor based security applications -namely, a software implementation of a cryptographic algorithm and a cash dispensing scheme. The attacks are launched by on-the-fly transfer of malicious FPGA configuration bitstreams over an Ethernet connection to perform DPR and leak sensitive information. Finally, we comment on plausible countermeasures to prevent such attacks.

show abstract