research-article

Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering

Authors:

Pawel SwierczynskiAuthors Info & Claims

FPGA '13: Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays

Pages 91 - 100

https://doi.org/10.1145/2435264.2435282

Published: 11 February 2013 Publication History

Abstract

In order to protect FPGA designs against IP theft and related issues such as product cloning, all major FPGA manufacturers offer a mechanism to encrypt the bitstream used to configure the FPGA. From a mathematical point of view, the employed encryption algorithms, e.g., AES or 3DES, are highly secure. However, recently it has been shown that the bitstream encryption feature of several FPGA product lines is susceptible to side-channel attacks that monitor the power consumption of the cryptographic module. In this paper, we present the first successful attack on the bitstream encryption of the Altera Stratix II FPGA. To this end, we reverse-engineered the details of the proprietary and unpublished Stratix II bitstream encryption scheme from the Quartus II software. Using this knowledge, we demonstrate that the full 128-bit AES key of a Stratix II can be recovered by means of side-channel analysis with 30,000 measurements, which can be acquired in less than three hours. The complete bitstream of a Stratix II that is (seemingly) protected by the bitstream encryption feature can hence fall into the hands of a competitor or criminal - possibly implying system-wide damage if confidential information such as proprietary encryption schemes or keys programmed into the FPGA are extracted. In addition to lost IP, reprogramming the attacked FPGA with modified code, for instance, to secretly plant a hardware trojan, is a particularly dangerous scenario for many security-critical applications.

References

[1]

Defense Science Board. http://www.acq.osd.mil/dsb/.

[2]

Hex-Rays SA. http://www.hex-rays.com.

[3]

On-line CRC calculation and free library. http://www.lammertbies.nl/comm/info/crc-calculation.html.

[4]

Stratix II Device Handbook, Volume 1. Technical report, Altera, 2007. http://www.altera.com/literature/hb/stx2/stratix2_handbook.pdf.

[5]

AN 341: Using the Design Security Feature in Stratix II and Stratix II GX Devices. Technical report, Altera, 2009. http://www.altera.com/literature/an/an341.pdf.

[6]

AIST. Side-channel Attack Standard Evaluation Board SASEBO-B Specification, 2008. http://www.risec.aist.go.jp/project/sasebo/download/SASEBO-B\_Spec\_Ver1.0\_English.pdf.

[7]

A. Barenghi, G. Pelosi, and Y. Teglia. Improving First Order Differential Power Attacks through Digital Signal Processing. In Security of Information and Networks - SIN 2010, pages 124--133. ACM, 2010.

Digital Library

[8]

E. Brier, C. Clavier, and F. Olivier. Correlation Power Analysis with a Leakage Model. In CHES 2004, volume 3156 of LNCS, pages 16--29. Springer, 2004.

[9]

T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. T. M. Shalmani. On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In CRYPTO 2008, volume 5157 of LNCS, pages 203--220. Springer.

Digital Library

[10]

C. Gebotys, C. Tiu, and X. Chen. A countermeasure for EM attack of a wireless PDA. In ITCC 2005, volume 1, pages 544--549. IEEE Computer Society, 2005.

Digital Library

[11]

P. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In CRYPTO 99, volume 1666 of LNCS, pages 388--397. Springer, 1999.

Digital Library

[12]

R. Krueger. Application Note XAPP766: Using High Security Features in Virtex-II Series FPGAs. Technical report, Xilinx, 2004. http://www.xilinx.com/support/documentation/application_notes/xapp766.pdf.

[13]

S. Mangard, E. Oswald, and T. Popp. Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, 2007.

Digital Library

[14]

A. Moradi, A. Barenghi, T. Kasper, and C. Paar. On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs. In CCS 2011, pages 111--124. ACM, 2011.

Digital Library

[15]

A. Moradi, M. Kasper, and C. Paar. Black-Box Side-Channel Attacks Highlight the Importance of Countermeasures - An Analysis of the Xilinx Virtex-4 and Virtex-5 Bitstream Encryption Mechanism. In CT-RSA 2012, volume 7178 of LNCS, pages 1--18. Springer, 2012.

Digital Library

[16]

NIST. FIPS 197 Advanced Encryption Standard (AES). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

[17]

NIST. Recommendation for Block 2001 Edition Cipher Modes of Operation, 2001. http://csrc.nist.gov/publications/nistpubs/800--38a/sp800--38a.pdf.

[18]

D. Oswald and C. Paar. Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World. In CHES 2011, volume 6917 of LNCS, pages 207--222. Springer, 2011.

Digital Library

[19]

T. Plos, M. Hutter, and M. Feldhofer. Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes. In RFIDSec 2008, pages 114--127, 2008.

[20]

S. Skorobogatov and C. Woods. In the blink of an eye: There goes your AES key. Cryptology ePrint Archive, Report 2012/296, 2012. http://eprint.iacr.org/.

[21]

C. W. Tseng. Lock Your Designs with the Virtex-4 Security Solution. XCell Journal, Xilinx, Spring 2005.

Cited By

Albartus* NEnder* MMöller* JFyrbiak MPaar CTessier R(2024)On the Malicious Potential of Xilinx’s Internal Configuration Access Port (ICAP)ACM Transactions on Reconfigurable Technology and Systems10.1145/363320417:2(1-28)Online publication date: 30-Apr-2024
https://dl.acm.org/doi/10.1145/3633204
Zhao HRatazzi P(2024)A Lightweight Hardware-Assisted Security Method for eFPGA Edge DevicesIEEE Internet of Things Journal10.1109/JIOT.2024.339166111:13(23673-23682)Online publication date: 1-Jul-2024
https://doi.org/10.1109/JIOT.2024.3391661
Proulx AChouinard JFortier PMiled A(2023)A Survey on FPGA Cybersecurity Design StrategiesACM Transactions on Reconfigurable Technology and Systems10.1145/356151516:2(1-33)Online publication date: 11-Mar-2023
https://dl.acm.org/doi/10.1145/3561515
Show More Cited By

Index Terms

Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Physical Security Evaluation of the Bitstream Encryption Mechanism of Altera Stratix II and Stratix III FPGAs

To protect Field-Programmable Gate Array (FPGA) designs against Intellectual Property (IP) theft and related issues such as product cloning, all major FPGA manufacturers offer a mechanism to encrypt the bitstream that is used to configure the FPGA. From ...
On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Over the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect the intellectual property and to prevent fraud, ...
One-Sided Countermeasures for Side-Channel Attacks Can Backfire
WiSec '18: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

Side-channel attacks are currently one of the most powerful attacks against implementations of cryptographic algorithms. They exploit the correlation between the physical measurements (power consumption, electromagnetic emissions, timing) taken at ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

FPGA '13: Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays

February 2013

294 pages

ISBN:9781450318877

DOI:10.1145/2435264

General Chair:
Brad Hutchings
Brigham Young University, USA
,
Program Chair:
Vaughn Betz
University of Toronto, Canada

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDA: ACM Special Interest Group on Design Automation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 February 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

FPGA '13

Sponsor:

SIGDA

FPGA '13: The 2013 ACM/SIGDA International Symposium on Field Programmable Gate Arrays

February 11 - 13, 2013

California, Monterey, USA

Acceptance Rates

Overall Acceptance Rate 125 of 627 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

77
Total Citations
View Citations
664
Total Downloads

Downloads (Last 12 months)34
Downloads (Last 6 weeks)6

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Albartus* NEnder* MMöller* JFyrbiak MPaar CTessier R(2024)On the Malicious Potential of Xilinx’s Internal Configuration Access Port (ICAP)ACM Transactions on Reconfigurable Technology and Systems10.1145/363320417:2(1-28)Online publication date: 30-Apr-2024
https://dl.acm.org/doi/10.1145/3633204
Zhao HRatazzi P(2024)A Lightweight Hardware-Assisted Security Method for eFPGA Edge DevicesIEEE Internet of Things Journal10.1109/JIOT.2024.339166111:13(23673-23682)Online publication date: 1-Jul-2024
https://doi.org/10.1109/JIOT.2024.3391661
Proulx AChouinard JFortier PMiled A(2023)A Survey on FPGA Cybersecurity Design StrategiesACM Transactions on Reconfigurable Technology and Systems10.1145/356151516:2(1-33)Online publication date: 11-Mar-2023
https://dl.acm.org/doi/10.1145/3561515
A. APatyal AChen H(2023)On Reliability Hardening of FPGA based RO-PUF by using Regression Methodologies2023 International VLSI Symposium on Technology, Systems and Applications (VLSI-TSA/VLSI-DAT)10.1109/VLSI-TSA/VLSI-DAT57221.2023.10134221(1-4)Online publication date: 17-Apr-2023
https://doi.org/10.1109/VLSI-TSA/VLSI-DAT57221.2023.10134221
Elnaggar RChaudhuri JKarri RChakrabarty K(2023)Learning Malicious Circuits in FPGA BitstreamsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.319077142:3(726-739)Online publication date: Mar-2023
https://doi.org/10.1109/TCAD.2022.3190771
Proulx AThibodeau JBourgault BChouinard JMiled AFortier P(2023)Investigating the Effect of Electromagnetic Fault Injections on the Configuration Memory of SRAM-Based FPGA Devices2023 IEEE Physical Assurance and Inspection of Electronics (PAINE)10.1109/PAINE58317.2023.10317982(1-7)Online publication date: 24-Oct-2023
https://doi.org/10.1109/PAINE58317.2023.10317982
Rajput SDofe JDanesh W(2023)Automating Hardware Trojan Detection Using Unsupervised Learning: A Case Study of FPGA2023 24th International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED57927.2023.10129335(1-6)Online publication date: 5-Apr-2023
https://doi.org/10.1109/ISQED57927.2023.10129335
Moraitis M(2023)FPGA Bitstream Modification: Attacks and CountermeasuresIEEE Access10.1109/ACCESS.2023.333150711(127931-127955)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3331507
Moraitis MDubrova E(2023)FPGA Design Deobfuscation by Iterative LUT Modification at Bitstream LevelJournal of Hardware and Systems Security10.1007/s41635-022-00130-y7:1(11-24)Online publication date: 16-Feb-2023
https://doi.org/10.1007/s41635-022-00130-y
Mahmoud DLenders VStojilović M(2022)Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous EraACM Computing Surveys10.1145/349833755:3(1-40)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498337
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents