Turning the Table: Using Bitstream Reverse Engineering to Detect FPGA Trojans

Danesh, Wafi; Banago, Joshua; Rahman, Mostafizur

doi:10.1007/s41635-021-00122-4

Cited by 8 publications

(5 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cheremisinov [53], achieving the same results in less time. In 2020, W. Danesh et al [54] presented a bitstream reverse engineering scheme demonstrated in a Virtex 5 device. The experimental results provided showed that after the database creation, which can take up to 120 hours, the bitstream reverse engineering process takes less than a minute.…”

Section: Bitstream Reverse Engineeringmentioning

confidence: 99%

FPGA Bitstream Modification: Attacks and Countermeasures

Moraitis

2023

IEEE Access

View full text Add to dashboard Cite

Advances in FPGA technology in recent years have resulted in an expansion of its usage in a very wide spectrum of applications. Apart from serving the traditional prototyping purposes, FPGAs are currently regarded as an integral part of embedded systems used in many industries, including communication, medical, aerospace, automotive, and military. Moreover, the emerging trend of AI has found FPGAs to be at the technological forefront with their use as deep learning acceleration platforms. The demand for FPGAs has grown to the point that major companies (e.g. Amazon) are offering cloudbased access to FPGAs, known as FPGA-as-a-Service. In many applications, FPGAs handle sensitive data and/or host cryptographic algorithm implementations. These FPGAs are not always located in a tamperresistant environment, which makes their security a major concern, especially in light of the ever-growing number of publications demonstrating effective attacks specifically tailored to exploit the physical traits of FPGA implementations. In this survey, we cover the subset of those attacks that involve tampering with the FPGA configuration bitstream. We start by discussing how the FPGA vendors attempt to protect their products and how malicious parties try to overcome this protection. We then proceed to present the different bitstream modification attacks that can be found in the literature organized according to their targets. Finally, we present various countermeasures that can be deployed, drawing on bibliographic references from works specifically focused on FPGA bitstream protection, as well as those initially proposed for different purposes or devices that can be adapted for bitstream protection.

show abstract

Section: Bitstream Reverse Engineeringmentioning

confidence: 99%

FPGA Bitstream Modification: Attacks and Countermeasures

Moraitis

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The complete extraction of the bitstream enables the potential for a cloning attack, and tampering with the hardware results in malfunctions, leading to potential damage. Additionally, intelligent reverse engineering [10][11][12][13][14][15][16][17][18][19][20][21] can be utilized to analyze the design of the netlist. When a circuit is attacked, the circuit does not behave as intended, causing serious problems.…”

Section: Introductionmentioning

confidence: 99%

“…Therefore, XDL and XDLRC files are essential for securing a database for reverse engineering. Although some reverse-engineering techniques using Vivado have been announced [15][16][17][18][19][20][21], the techniques are very limited and still at a rudimentary level. The reason the latest FPGA reverse-engineering techniques in Vivado are restricted and disturbed is the absence of textual netlist files such as XDLRC and XDL.…”

Section: Introductionmentioning

confidence: 99%

Approaches to Extend FPGA Reverse-Engineering Technology from ISE to Vivado

Choi,

Yoo

2024

Electronics

View full text Add to dashboard Cite

SRAM-based FPGA(Field Programmable Logic Arrays) requires external memory since its internal memory gets erased when power is cut off. The process of transmitting the circuit netlist in bitstream from external memory during power-up in FPGA is vulnerable to malicious attacks such as bitstream theft and tampering. Previous FPGA reverse-engineering methods focus on FPGAs, supported by ISE (ISE Design Suite). This is because ISE provides XDLRC (Xilinx Design Language Routing Configurable logic) and XDL (Xilinx Design language) files, which are essential for reverse engineering. However, Vivado Design Suite (Vivado) does not offer those files, making it impossible to extend the coverage of reverse engineering to the FPGAs supported by Vivado. In this paper, we propose a method to generate XDLRC and XDL through Vivado. According to experimental results, the XDLRC and XDL generated through Vivado, respectively, match 99% and 75% with those generated in ISE for Artix-7 100T. As a result, this paper has expanded the scope of reverse engineering from being mainly focused on ISE to now also include Vivado. It is important to note that this paper does not encourage bitstream attacks through reverse engineering but rather highlights the risk associated with malicious attacks and emphasizes the importance of security.

show abstract

“…In the very same paper the authors claimed the urgent need for tools able to implement such new paradigm. The work most similar to ours is the one proposed in [32] where reverse engineering of the generated configuration bitstream is exploited to extract the layout actually implemented onto the FPGA device. Such ''real'' (possibly infected) layout is then compared with the ''ideal'' layout coming from the design phases to find differences, and thus, to signal the presence of a HTH.…”

Section: Introduction and Related Workmentioning

confidence: 99%

“…Such ''real'' (possibly infected) layout is then compared with the ''ideal'' layout coming from the design phases to find differences, and thus, to signal the presence of a HTH. The big difference between our approach and the one in [32] is that we exploit machine learning to identify these differences while the one in [32] relies on a deep knowledge of the FPGA architecture and bitstream details.…”

Section: Introduction and Related Workmentioning

confidence: 99%