2016
DOI: 10.1007/s13389-016-0132-7
|View full text |Cite
|
Sign up to set email alerts
|

Interdiction in practice—Hardware Trojan against a high-security USB flash drive

Abstract: As part of the revelations about the NSA activities, the notion of interdiction has become known to the public: the interception of deliveries to manipulate hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hardware level. With respect to hardware, FPGAs are particular interesting targets as they can be altered by manipulating the corresponding bitstream which configures the device. In this paper, we demonstrate the first successful real-world FPGA hardware Trojan i… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
24
0

Year Published

2017
2017
2023
2023

Publication Types

Select...
5
3
1

Relationship

2
7

Authors

Journals

citations
Cited by 33 publications
(24 citation statements)
references
References 14 publications
0
24
0
Order By: Relevance
“…The notion of Trojans is wide-ranging and requires multiple dimensions for classification [65]-it relates to malicious hardware modifications that are (i) working at the system level, register-transfer level (RTL), gate/transistor level, or the physical level; (ii) seeking to leak information from an IC, reduce the IC's performance, or disrupt an IC's working altogether; (iii) are always on, triggered internally, or triggered externally; etc. Trojans are likely introduced by untrustworthy third-party IP, adversarial designers, or through "hacking" of design tools [66], or, arguably even more likely, during distribution and deployment of ICs [67]. 2 Defense schemes can be classified into (i) Trojan detection during design and manufacturing time and (ii) Trojan mitigation at runtime.…”
Section: Trojanmentioning
confidence: 99%
“…The notion of Trojans is wide-ranging and requires multiple dimensions for classification [65]-it relates to malicious hardware modifications that are (i) working at the system level, register-transfer level (RTL), gate/transistor level, or the physical level; (ii) seeking to leak information from an IC, reduce the IC's performance, or disrupt an IC's working altogether; (iii) are always on, triggered internally, or triggered externally; etc. Trojans are likely introduced by untrustworthy third-party IP, adversarial designers, or through "hacking" of design tools [66], or, arguably even more likely, during distribution and deployment of ICs [67]. 2 Defense schemes can be classified into (i) Trojan detection during design and manufacturing time and (ii) Trojan mitigation at runtime.…”
Section: Trojanmentioning
confidence: 99%
“…To accomplish this goal, the adversary targets to attach a payload circuit to the existing set-key circuit to permanently write the known key bits of k st into the FFs that process k. Thus, the external self-test falsely confirms the integrity of the FPGA AES IP core. To sum up, the described Trojan can trick an external self-test in cases where the self-test key is known like in [21].…”
Section: Adversary's Goal and Trojan Ideamentioning
confidence: 99%
“…Knowing the entire bitstream file format, the security of cryptographic hardware configuration can be appropriately analyzed. Thus quick-and-easy malicious bitstream manipulation attacks [1,4,[20][21][22], leading to a potential security breach, can be pentested beforehand and accordingly addressed by a security analyst. Defending of FPGA designs is even more crucial since most FPGA bitstream encryption schemes of older FPGA generations are vulnerable to side-channel attacks [10][11][12][13]23] or do not offer any bitstream encryption/authentication at all.…”
Section: Introductionmentioning
confidence: 99%
“…Hence, a reverse engineer can either access the non-volatile memory and dump its content, or wire-tap the communication between FPGA and non-volatile memory upon boot-up, cf. [18] Bitstream Decryption. In order to provide confidentiality of the bitstream, FPGA manufacturers deployed a bitstream encryption scheme for various device series using strong cryptographic primitives.…”
Section: Fpga Bitstream Reverse Engineeringmentioning
confidence: 99%