Securing FPGA SoC configurations independent of their manufacturers

Jacob, Nisha; Wittmann, Jakob; Heyszl, Johann; Hesselbarth, Robert; Wilde, Florian; Pehl, Michael; Sigl, Georg; Fischer, Kai

doi:10.1109/socc.2017.8226019

Cited by 13 publications

(7 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unterstein et al showed an implementation of a patchable bitstream encryption scheme on the Zynq-7000 platform [54], which is a realization of [38]. There are several variations of the same idea reported in references [19,21,22]. Note that the Zynq-7000, UltraScale and UltraScale+ devices have the needed public key scheme, while the 7-Series and older devices have not.…”

Section: Patchable Bitstream Encryptionmentioning

confidence: 99%

The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs

Ender,

Moradi,

Paar

2021

Preprint

View full text Add to dashboard Cite

The security of FPGAs is a crucial topic, as any vulnerability within the hardware can have severe consequences, if they are used in a secure design. Since FPGA designs are encoded in a bitstream, securing the bitstream is of the utmost importance. Adversaries have many motivations to recover and manipulate the bitstream, including design cloning, IP theft, manipulation of the design, or design subversions e.g., through hardware Trojans. Given that FPGAs are often part of cyber-physical systems e.g., in aviation, medical, or industrial devices, this can even lead to physical harm. Consequently, vendors have introduced bitstream encryption, offering authenticity and confidentiality. Even though attacks against bitstream encryption have been proposed in the past, e.g., side-channel analysis and probing, these attacks require sophisticated equipment and considerable technical expertise.In this paper, we introduce novel low-cost attacks against the Xilinx 7-Series (and Virtex-6) bitstream encryption, resulting in the total loss of authenticity and confidentiality. We exploit a design flaw which piecewise leaks the decrypted bitstream. In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely. In addition to the attacks, we discuss several countermeasures.

show abstract

Section: Patchable Bitstream Encryptionmentioning

confidence: 99%

The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs

Ender,

Moradi,

Paar

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Traditional solutions provide a unique key for every device stored in an NVM; however, the solution is prone to some read-back attacks [9]. A better solution is to deploy a clone-resistant device ID such as a PUF [10][11][12][13] in conjunction with the secure boot mechanism. Our proposed solution is introducing a digital SUC-based secured booting as proposed in [14], which is more resilient and practical for mass production than the analog PUF-technology solution seen in Section 5.1.…”

Section: Device Physical-layer Operational Security Requirementsmentioning

confidence: 99%

Contemporary Physical Clone-Resistant Identity for IoTs and Emerging Technologies

et al. 2021

View full text Add to dashboard Cite

Internet of things (IoT) technologies have recently gained much interest from numerous industries, where devices, machines, sensors, or simply things are linked with each other over open communication networks. However, such an operation environment brings new security threats and technology challenges in securing and stabilizing such large systems in the IoT world. Device identity in such an environment is an essential security requirement as a secure anchor for most applications towards clone-resistant resilient operational security. This paper analyzes different contemporary authenticated identification techniques and discusses possible future technologies for physically clone-resistant IoT units. Two categories of identification techniques to counteract cloning IoT units are discussed. The first category is inherently cloneable and includes the classical identification mechanisms based on secret and public key cryptography. Such techniques deploy mainly secret keys stored permanently somewhere in the IoT devices as classical means to make units clone-resistant. However, such techniques are inherently cloneable as the manufacturer or device personalizers can clone them by re-using the same secret key (which must be known to somebody) or reveal keys to third parties to create cloned entities. In contrast, the second, more resilient category is inherently unclonable because it deploys unknown and hard to predict born analog modules such as physical unclonable functions (PUFs) or mutated digital modules and so-called secret unknown ciphers (SUCs). Both techniques are DNA-like identities and hard to predict and clone even by the manufacturer itself. Born PUFs were introduced two decades ago; however, PUFs as analog functions failed to serve as practically usable unclonable electronic identities due to being costly, unstable/inconsistent, and non-practical for mass application. To overcome the drawbacks of analog PUFs, SUCs techniques were introduced a decade ago. SUCs, as mutated modules, are highly consistent, being digital modules. However, as self-mutated digital modules, they offer only clone-resistant identities. Therefore, the SUC technique is proposed as a promising clone-resistant technology embedded in emerging IoT units in non-volatile self-reconfiguring devices. The main threats and expected security requirements in the emerging IoT applications are postulated. Finally, the presented techniques are analyzed, classified, and compared considering security, performance, and complexity given future expected IoT security features and requirements.

show abstract

“…The white paper also lacks an analysis of the overall system security, and the various attack vectors which we later discuss are not considered. An implementation of that scheme was later published by Jacob et al [16] where they use AES in Galois counter mode (GCM) for decryption and authentication with a twisted bistable ring PUF for the key storage. Their implementation is basic in the way that it provided no comprehensive evaluation of the used PUF and contains no countermeasures against sidechannel attacks.…”

Section: Related Workmentioning

confidence: 99%

SCA secure and updatable crypto engines for FPGA SoC bitstream decryption: extended version

Unterstein

Jacob

Hanley³

et al. 2020

J Cryptogr Eng

Self Cite

View full text Add to dashboard Cite

FPGA system on chips (SoCs) are ideal computing platforms for edge devices in applications which require high performance through hardware acceleration and updatability due to long operation in the field. A secure update of hardware functionality can in general be achieved by using built-in cryptographic engines and provided secret key storage. However, reported examples have shown that such cryptographic engines may become insecure against side-channel attacks at any later point in time. This leaves already deployed systems vulnerable without any clear mitigation options. To solve this, we propose a comprehensive concept that uses an alternative and side-channel protected cryptographic engine within the FPGA logic instead of the built-in one for the crucial task of bitstream decryption. Remarkably this concept even allows to update the cryptographic engine itself. As proof of concept, we describe an application to the Xilinx Zynq-7020 FPGA SoC in detail. We provide two options for a leakage resilient decryption engine which are based on the same primitive, a leakage resilient pseudorandom function (LR-PRF). Depending on a side-channel evaluation of this primitive on the target platform, either a version with additional side-channel countermeasures or a more efficient variant is deployed. The lack of accessible secret key storage poses a significant challenge and requires the use of a physical unclonable function (PUF) to generate a device intrinsic secret within the FPGA logic. At the same time this means that manufacturer-provided secret key storage or cryptography is no longer required; only a public key for signature verification of the first stage bootloader and initial static bitstream. We provide empirical results proving the side-channel security of the protected cryptographic engine as well as an evaluation of the PUF quality. The full design and source code is made available to encourage further research in this direction.

show abstract

Securing FPGA SoC configurations independent of their manufacturers

Cited by 13 publications

References 15 publications

The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs

The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs

Contemporary Physical Clone-Resistant Identity for IoTs and Emerging Technologies

SCA secure and updatable crypto engines for FPGA SoC bitstream decryption: extended version

Contact Info

Product

Resources

About