International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 27 August 2014

Pawel Swierczynski, Marc Fyrbiak, Philipp Koppe, Christof Paar
ePrint Report ePrint Report
This paper investigates a novel attack vector against

cryptography realized on FPGAs, which can pose a serious threat

to real-world implementations. We demonstrate how a simple

bitstream modification can seriously weaken crypto algorithms,

which we show by example of the AES and 3DES. The attack is

performed by modifying the FPGA bitstream that configures the

hardware elements during initialization. It has been known for a

long time that cloning of FPGA designs, even if the bitstream

is encrypted, is a relatively easy task. However, due to the

proprietary format of the bitstream, a meaningful modification

of an unknown FPGA bitstream is very challenging. While

some previous work had addressed bitstream reverse-engineering,

so far it has not been evaluated how difficult it is to detect

and modify cryptographic elements. We outline two possible

practical attacks that can lead to serious security implications.

We target the non-linear S-boxes of crypto algorithms of a

synthesized FPGA design that can be either implemented as

Boolean equations in look-up tables, or as precomputed set

of values that are stored in the memory of the FPGA. We

demonstrate that it is possible to detect and apply meaningful

changes to cryptographic elements inside an unknown propriety

and undocumented bitstream. Furthermore, we also show how

an AES key can be revealed within seconds by modifying the

bitstream. Finally, we propose countermeasures that can raise

the bar for an adversary to successfully perform an attack.

Expand

Additional news items may be found on the IACR news page.