Paper 2020/821

Interconnect-Aware Bitstream Modification

Michail Moraitis and Elena Dubrova

Abstract

Bitstream reverse engineering is traditionally associated with Intellectual Property (IP) theft. Another, less known, threat deriving from that is bitstream modification attacks. It has been shown that the secret key can be extracted from FPGA implementations of cryptographic algorithms by injecting faults directly into the bitstream. Such bitstream modification attacks rely on changing the content of Look Up Tables (LUTs). Therefore, related countermeasures aim to make the task of identifying a LUT more difficult (e.g. by masking its content). However, recent advances in FPGA reverse engineering revealed information on how interconnects are encoded in the bitstream of Xilinx 7 series FPGAs. In this paper, we show that this knowledge can be used to break or weaken existing countermeasures, as well as improve existing attacks. Furthermore, a straightforward attack that re-routes the key to an output pin becomes possible. We demonstrate our claims on an FPGA implementation of SNOW 3G stream cipher. The presented results show that there is an urgent need for stronger bitstream protection methods.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Physical securitySNOW 3GStream cipherReverse engineeringBitstream modificationRouting bitstream format
Contact author(s)
micmor @ kth se
History
2020-07-07: received
Short URL
https://ia.cr/2020/821
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/821,
      author = {Michail Moraitis and Elena Dubrova},
      title = {Interconnect-Aware Bitstream Modification},
      howpublished = {Cryptology ePrint Archive, Paper 2020/821},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/821}},
      url = {https://eprint.iacr.org/2020/821}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.