International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Christof Paar

Publications

Year
Venue
Title
2024
TCHES
JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing
Fuzzing is a well-established technique in the software domain to uncover bugs and vulnerabilities. Yet, applications of fuzzing for security vulnerabilities in hardware systems are scarce, as principal reasons are requirements for design information access, i.e., HDL source code. Moreover, observation of internal hardware state during runtime is typically an ineffective information source, as its documentation is often not publicly available. In addition, such observation during runtime is also inefficient due to bandwidth-limited analysis interfaces, i.e., JTAG, and minimal introspection of hardware-internal modules.In this work, we investigate fuzzing for Xilinx 7-Series and UltraScale(+) FPGA configuration engines, the control plane governing the (secure) bitstream configuration within the FPGA. Our goal is to examine the effectiveness of fuzzing to analyze and document the opaque inner workings of FPGA configuration engines, with a primary emphasis on identifying security vulnerabilities. Using only the publicly available hardware chip and dispersed documentation, we first design and implement ConFuzz, an advanced FPGA configuration engine fuzzing and rapid prototyping framework. Based on our detailed understanding of the bitstream file format, we then systematically define 3 novel key fuzzing strategies for Xilinx FPGA configuration engines. Moreover, our strategies are executed through mutational structure-aware fuzzers and incorporate various novel custom-tailored, FPGA-specific optimizations to reduce search space. Our evaluation reveals previously undocumented behavior within the configuration engine, including critical findings such as system crashes leading to unresponsive states of the whole FPGA. In addition, our investigations not only lead to the rediscovery of the recent starbleed attack but also uncover a novel unpatchable vulnerability, denoted as JustSTART (CVE-2023-20570), capable of circumventing RSA authentication for Xilinx UltraScale(+). Note that we also discuss effective countermeasures by secure FPGA settings to prevent aforementioned attacks.
2024
CRYPTO
HAWKEYE – Recovering Symmetric Cryptography From Hardware Circuits
We present the first comprehensive approach for detecting and analyzing symmetric cryptographic primitives in gate-level descriptions of hardware. To capture both ASICs and FPGAs, we model the hardware as a directed graph, where gates become nodes and wires become edges. For modern chips, those graphs can easily consist of hundreds of thousands of nodes. More abstractly, we find subgraphs corresponding to cryptographic primitives in a potentially huge graph, the sea-of-gates, describing an entire chip. As we are particularly interested in unknown cryptographic algorithms, we cannot rely on searching for known parts such as S-boxes or round constants. Instead, we are looking for parts of the chip that perform highly local computations. A major result of our work is that many symmetric algorithms can be reliably located and sometimes even identified by our approach, which we call HAWKEYE. Our findings are verified by extensive experimental results, which involve SPN, ARX, Feistel, and LFSR-based ciphers implemented for both FPGAs and ASICs. We demonstrate the real-world applicability of HAWKEYE by evaluating it on OpenTitan's Earl Grey chip, an open-source secure micro-controller design. HAWKEYE locates all major cryptographic primitives present in the netlist comprising 424341 gates in 44.3 seconds.
2021
TCHES
LifeLine for FPGA Protection: Obfuscated Cryptography for Real-World Security 📺
Over the last decade attacks have repetitively demonstrated that bitstream protection for SRAM-based FPGAs is a persistent problem without a satisfying solution in practice. Hence, real-world hardware designs are prone to intellectual property infringement and malicious manipulation as they are not adequately protected against reverse-engineering.In this work, we first review state-of-the-art solutions from industry and academia and demonstrate their ineffectiveness with respect to reverse-engineering and design manipulation. We then describe the design and implementation of novel hardware obfuscation primitives based on the intrinsic structure of FPGAs. Based on our primitives, we design and implement LifeLine, a hardware design protection mechanism for FPGAs using hardware/software co-obfuscated cryptography. We show that LifeLine offers effective protection for a real-world adversary model, requires minimal integration effort for hardware designers, and retrofits to already deployed (and so far vulnerable) systems.
2020
TCHES
DANA Universal Dataflow Analysis for Gate-Level Netlist Reverse Engineering 📺
Reverse engineering of integrated circuits, i.e., understanding the internals of Integrated Circuits (ICs), is required for many benign and malicious applications. Examples of the former are detection of patent infringements, hardware Trojans or Intellectual Property (IP)-theft, as well as interface recovery and defect analysis, while malicious applications include IP-theft and finding insertion points for hardware Trojans. However, regardless of the application, the reverse engineer initially starts with a large unstructured netlist, forming an incomprehensible sea of gates.This work presents DANA, a generic, technology-agnostic, and fully automated dataflow analysis methodology for flattened gate-level netlists. By analyzing the flow of data between individual Flip Flops (FFs), DANA recovers high-level registers. The key idea behind DANA is to combine independent metrics based on structural and control information with a powerful automated architecture. Notably, DANA works without any thresholds, scenario-dependent parameters, or other “magic” values that the user must choose. We evaluate DANA on nine modern hardware designs, ranging from cryptographic co-processors, over CPUs, to the OpenTitan, a stateof- the-art System-on-Chip (SoC), which is maintained by the lowRISC initiative with supporting industry partners like Google and Western Digital. Our results demonstrate almost perfect recovery of registers for all case studies, regardless whether they were synthesized as FPGA or ASIC netlists. Furthermore, we explore two applications for dataflow analysis: we show that the raw output of DANA often already allows to identify crucial components and high-level architecture features and also demonstrate its applicability for detecting simple hardware Trojans.Hence, DANA can be applied universally as the first step when investigating unknown netlists and provides major guidance for human analysts by structuring and condensing the otherwise incomprehensible sea of gates. Our implementation of DANA and all synthesized netlists are available as open source on GitHub.
2020
TCHES
Doppelganger Obfuscation — Exploring theDefensive and Offensive Aspects of Hardware Camouflaging 📺
Max Hoffmann Christof Paar
Hardware obfuscation is widely used in practice to counteract reverse engineering. In recent years, low-level obfuscation via camouflaged gates has been increasingly discussed in the scientific community and industry. In contrast to classical high-level obfuscation, such gates result in recovery of an erroneous netlist. This technology has so far been regarded as a purely defensive tool. We show that low-level obfuscation is in fact a double-edged sword that can also enable stealthy malicious functionalities.In this work, we present Doppelganger, the first generic design-level obfuscation technique that is based on low-level camouflaging. Doppelganger obstructs central control modules of digital designs, e.g., Finite State Machines (FSMs) or bus controllers, resulting in two different design functionalities: an apparent one that is recovered during reverse engineering and the actual one that is executed during operation. Notably, both functionalities are under the designer’s control.In two case studies, we apply Doppelganger to a universal cryptographic coprocessor. First, we show the defensive capabilities by presenting the reverse engineer with a different mode of operation than the one that is actually executed. Then, for the first time, we demonstrate the considerable threat potential of low-level obfuscation. We show how an invisible, remotely exploitable key-leakage Trojan can be injected into the same cryptographic coprocessor just through obfuscation. In both applications of Doppelganger, the resulting design size is indistinguishable from that of an unobfuscated design, depending on the choice of encodings.
2018
TCHES
Stealthy Opaque Predicates in Hardware - Obfuscating Constant Expressions at Negligible Overhead 📺
Max Hoffmann Christof Paar
Opaque predicates are a well-established fundamental building block for software obfuscation. Simplified, an opaque predicate implements an expression that provides constant Boolean output, but appears to have dynamic behavior for static analysis. Even though there has been extensive research regarding opaque predicates in software, techniques for opaque predicates in hardware are barely explored. In this work, we propose a novel technique to instantiate opaque predicates in hardware, such that they (1) are resource-efficient, and (2) are challenging to reverse engineer even with dynamic analysis capabilities. We demonstrate the applicability of opaque predicates in hardware for both, protection of intellectual property and obfuscation of cryptographic hardware Trojans. Our results show that we are able to implement stealthy opaque predicates in hardware with minimal overhead in area and no impact on latency.
2018
TCHES
On the Difficulty of FSM-based Hardware Obfuscation
In today’s Integrated Circuit (IC) production chains, a designer’s valuable Intellectual Property (IP) is transparent to diverse stakeholders and thus inevitably prone to piracy. To protect against this threat, numerous defenses based on the obfuscation of a circuit’s control path, i.e. Finite State Machine (FSM), have been proposed and are commonly believed to be secure. However, the security of these sequential obfuscation schemes is doubtful since realistic capabilities of reverse engineering and subsequent manipulation are commonly neglected in the security analysis. The contribution of our work is threefold: First, we demonstrate how high-level control path information can be automatically extracted from third-party, gate-level netlists. To this end, we extend state-of-the-art reverse engineering algorithms to deal with Field Programmable Gate Array (FPGA) gate-level netlists equipped with FSM obfuscation. Second, on the basis of realistic reverse engineering capabilities we carefully review the security of state-of-the-art FSM obfuscation schemes. We reveal several generic strategies that bypass allegedly secure FSM obfuscation schemes and we practically demonstrate our attacks for a several of hardware designs, including cryptographic IP cores. Third, we present the design and implementation of Hardware Nanomites, a novel obfuscation scheme based on partial dynamic reconfiguration that generically mitigates existing algorithmic reverse engineering.
2017
ASIACRYPT
2016
CHES
2015
CHES
2014
CRYPTO
2013
CRYPTO
2013
CHES
2012
ASIACRYPT
2012
FSE
2011
EUROCRYPT
2011
CHES
2011
CHES
2011
ASIACRYPT
2011
JOFC
2009
CHES
2009
CHES
2009
CHES
2008
CHES
2008
CHES
2008
CRYPTO
2007
CHES
2007
CHES
2007
FSE
2006
CHES
2006
CHES
2005
CHES
2005
CHES
2004
CHES
2004
CHES
2003
CHES
2003
FSE
2001
CHES
2001
PKC
2001
JOFC
2000
CHES
1998
CRYPTO
1997
CRYPTO
1997
EUROCRYPT

Program Committees

CHES 2015
CHES 2014
Crypto 2013
CHES 2013
CHES 2011
Eurocrypt 2011
CHES 2010
Crypto 2009
CHES 2009
CHES 2008
CHES 2007
CHES 2006
CHES 2005
CHES 2003 (Program chair)
CHES 2002 (Program chair)
CHES 2001 (Program chair)
CHES 2000 (Program chair)
CHES 1999 (Program chair)

Coauthors

Nils Albartus (3)
Martin R. Albrecht (1)
Leonid Azriel (1)
Daniel V. Bailey (2)
Georg T. Becker (2)
Rainer Blümel (1)
Sinan Böcker (1)
Andrey Bogdanov (2)
Julia Borghoff (1)
Wayne P. Burleson (1)
Wayne Burleson (1)
Anne Canteaut (1)
Jonathan Déchelotte (1)
Itai Dinur (1)
Benedikt Driessen (2)
Thomas Eisenbarth (2)
Maik Ender (2)
Patrick Felke (1)
Jens Franke (1)
Jürgen Frinken (1)
Marc Fyrbiak (3)
Samaneh Ghandali (2)
Benedikt Gierlichs (1)
Jorge Guajardo (3)
Aiden Gula (1)
Tim Güneysu (6)
Felix Hahn (1)
Stefan Heyse (2)
Max Hoffmann (3)
Daniel E. Holcomb (1)
Markus Kasper (1)
Timo Kasper (2)
Elif Bilge Kavun (2)
Eike Kiltz (1)
Christian Kison (1)
Thorsten Kleinjung (1)
Simon Klix (1)
Miroslav Knezevic (1)
Lars R. Knudsen (2)
Uwe Krieger (1)
Sandeep S. Kumar (1)
Gregor Leander (8)
Kerstin Lemke-Rust (4)
Yang Li (1)
Lang Lin (1)
San Ling (1)
Vadim Lyubashevsky (1)
Oliver Mischke (1)
Amir Moradi (5)
Clemens Nasenberg (1)
Ventzislav Nikov (1)
Kazuo Ohta (1)
Gerardo Orlando (2)
David Oswald (2)
Christof Paar (44)
Jan Pelzl (3)
Gerd Pfeiffer (1)
Krzysztof Pietrzak (1)
Axel Poschmann (4)
Christine Priplata (1)
Jean-Jacques Quisquater (1)
Christian Rechberger (1)
Francesco Regazzoni (1)
Matthew J. B. Robshaw (2)
Peter Rombouts (1)
Kazuo Sakiyama (1)
Mahmoud Salmasizadeh (1)
Falk Schellenberg (1)
Manfred Schimmler (1)
Werner Schindler (1)
Kai Schramm (4)
Yannick Seurin (2)
Mohammad T. Manzuri Shalmani (1)
Adi Shamir (1)
Pedro Soria-Rodriguez (1)
Julian Speith (2)
Colin Stahlke (1)
Lukas Stennes (1)
Florian Stolz (1)
Daehyun Strobel (1)
Berk Sunar (1)
Sebastian Temme (1)
Russell Tessier (2)
Søren S. Thomsen (1)
C. Vikkelsoe (1)
Sebastian Wallat (1)
Huaxiong Wang (1)
Thomas J. Wollinger (2)
Tolga Yalçin (2)
Ralf Zimmermann (1)