IACR News item: 27 August 2014
Pawel Swierczynski, Marc Fyrbiak, Philipp Koppe, Christof Paar
ePrint Reportcryptography realized on FPGAs, which can pose a serious threat
to real-world implementations. We demonstrate how a simple
bitstream modification can seriously weaken crypto algorithms,
which we show by example of the AES and 3DES. The attack is
performed by modifying the FPGA bitstream that configures the
hardware elements during initialization. It has been known for a
long time that cloning of FPGA designs, even if the bitstream
is encrypted, is a relatively easy task. However, due to the
proprietary format of the bitstream, a meaningful modification
of an unknown FPGA bitstream is very challenging. While
some previous work had addressed bitstream reverse-engineering,
so far it has not been evaluated how difficult it is to detect
and modify cryptographic elements. We outline two possible
practical attacks that can lead to serious security implications.
We target the non-linear S-boxes of crypto algorithms of a
synthesized FPGA design that can be either implemented as
Boolean equations in look-up tables, or as precomputed set
of values that are stored in the memory of the FPGA. We
demonstrate that it is possible to detect and apply meaningful
changes to cryptographic elements inside an unknown propriety
and undocumented bitstream. Furthermore, we also show how
an AES key can be revealed within seconds by modifying the
bitstream. Finally, we propose countermeasures that can raise
the bar for an adversary to successfully perform an attack.
Additional news items may be found on the IACR news page.