Paper 2015/768

Interdiction in Practice – Hardware Trojan Against a High-Security USB Flash Drive

Pawel Swierczynski, Marc Fyrbiak, Philipp Koppe, Amir Moradi, and Christof Paar

Abstract

As part of the revelations about the NSA activities, the notion of interdiction has become known to the public: the interception of deliveries to manipulate hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hardware level. With respect to hardware, FPGAs are particular interesting targets as they can be altered by manipulating the corresponding bitstream which configures the device. In this paper, we demonstrate the first successful real-world FPGA hardware Trojan insertion into a commercial product. On the target device, a FIPS-140-2 level 2 certified USB flash drive from Kingston, the user data is encrypted using AES-256 in XTS mode, and the encryption/decryption is processed by an off-the-shelf SRAM-based FPGA. Our investigation required two reverse-engineering steps, related to the proprietary FPGA bitstream and to the firmware of the underlying ARM CPU. In our Trojan insertion scenario the targeted USB flash drive is intercepted before being delivered to the victim. The physical Trojan insertion requires the manipulation of the SPI flash memory content, which contains the FPGA bitstream as well as the ARM CPU code. The FPGA bitstream manipulation alters the exploited AES-256 algorithm in a way that it turns into a linear function which can be broken with 32 known plaintext-ciphertext pairs. After the manipulated USB flash drive has been used by the victim, the attacker is able to obtain all user data from the ciphertexts. Our work indeed highlights the security risks and especially the practical relevance of bitstream modification attacks that became realistic due to FPGA bitstream manipulations.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
AESblock ciphershardware Trojanreverse-engineeringreal-world attack
Contact author(s)
pawel swierczynski @ rub de
History
2015-08-06: revised
2015-07-31: received
See all versions
Short URL
https://ia.cr/2015/768
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/768,
      author = {Pawel Swierczynski and Marc Fyrbiak and Philipp Koppe and Amir Moradi and Christof Paar},
      title = {Interdiction in Practice – Hardware Trojan Against a High-Security {USB} Flash Drive},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/768},
      year = {2015},
      url = {https://eprint.iacr.org/2015/768}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.