Skip to main content
To KTH's start page To KTH's start page

Towards Securing the FPGA Bitstream: Exploiting Vulnerabilities and Implementing Countermeasures

Time: Wed 2024-06-12 09.00

Location: Ka-Sal C (Sven-Olof Öhrvik), Kistagången 16, Kista

Language: English

Subject area: Information and Communication Technology

Doctoral student: Michail Moraitis , Elektronik och inbyggda system

Opponent: Tenured Assistant Professor Peeter Ellervee, Tallinn University of Technology, Tallinn, Estonia

Supervisor: Elena Dubrova, Elektronik och inbyggda system; Mark T. Smith, Elektronik och inbyggda system

Export to calendar

QC 20240522

Abstract

Field-programmable gate arrays (FPGAs) are used across various industries due to their high performance, energy efficiency, and reconfigurability. However, the major advantage of reconfigurability is also a source of security challenges.The present doctoral thesis investigates the security vulnerabilities of the FPGA configuration file, i.e. the bitstream, focusing on the exploration and mitigation of targeted bitstream modification attacks. The results outlined in the seven chapters of the thesis are based on the appended collection of twelve papers. Out of those papers, seven present novel research on the topic of bitstream modification attacks and countermeasures, with the majority of contributions being on attacks. Four present novel research on the topic of FPGA-based countermeasures against side-channel analysis. The final paper presents a survey on bitstream modification attacks and countermeasures. The motivation behind the papers on side-channel countermeasures is to enhance the FPGA encryption schemes, as strong encryption can thwart targeted bitstream modification attacks. 

The attack vector of targeted bitstream modification is explored through a series of attacks against cryptographic FPGA implementations. The targets are popular stream ciphers (SNOW 3G, ACORN, and Trivium) and cryptographic primitives (an arbiter-based physical unclonable function and multi-ring-oscillator-based true random number generator). In the attacks on stream ciphers, the bitstream is modified to introduce faults that weaken the keystream by linearizing its generation process. A subsequent analysis of that faulty keystream reveals the secret key of the implementations. In the attacks on cryptographic primitives, the goal of the bitstream modification attack is to lower the bar or enable a side-channel analysis. The aim of the side-channel analysis is to predict the random output values produced by the primitives. To facilitate that, the bitstream modification attack identifies components in the bitstream that produce exploitable information leakage and creates multiple copies of them. The copies have the same values as the targets, but their outputs are not connected, thus having no impact on the functionality of the design. The study on bitstream modification is complemented with the introduction of low-cost obfuscation countermeasures and a general-purpose methodology against obfuscation based on constants. The methodology is able to defeat all the countermeasures we have previously defined, and its application extends to the general field of hardware design obfuscation.

On the topic of side-channel analysis countermeasures, the popular methodology of clock randomization is evaluated. The assumed side-channel analysis aims to extract the secret key of the advanced encryption standard (AES) block cipher. The evaluation reveales that clock randomization cannot offer protection when the side-channel measurements are sampled at a frequency significantly higher than the operational frequency of the device. In response to that, the clock randomization technique is coupled with encryption core duplication to form, a novel countermeasure called CRCD (clock randomization with encryption core duplication). The countermeasure is shown to effectively protect implementations of block ciphers such as AES, and post-quantum key encapsulation mechanisms such as CRYSTALS-Kyber. Further analysis of the countermeasure reveals a weakness that is exploited and finally patched in an updated implementation of CRCD.

urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-346665