skip to main content
10.1145/2046707.2046722acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs

Published: 17 October 2011 Publication History

Abstract

Over the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect the intellectual property and to prevent fraud, e.g., by cloning a design embedded into an FPGA or manipulating its content, many current FPGAs employ a bitstream encryption feature. We develop a successful attack on the bitstream encryption engine integrated in the widespread Virtex-II Pro FPGAs from Xilinx, using side-channel analysis. After measuring the power consumption of a single power-up of the device and a modest amount of off-line computation, we are able to recover all three different keys used by its triple DES module. Our method allows extracting secret keys from any real-world device where the bitstream encryption feature of Virtex-II Pro is enabled. As a consequence, the target product can be cloned and manipulated at the will of the attacker since no side-channel protection was included into the design of the decryption module. Also, more advanced attacks such as reverse engineering or the introduction of hardware Trojans become potential threats. While performing the side-channel attack, we were able to deduce a hypothetical architecture of the hardware encryption engine. To our knowledge, this is the first attack against the bitstream encryption of a commercial FPGA reported in the open literature.

References

[1]
Defense Science Board. http://www.acq.osd.mil/dsb/.
[2]
Side-channel Attack Standard Evaluation Board (SASEBO). Further information are available via http://www.rcis.aist.go.jp/special/SASEBO/.
[3]
Xilinx ISE Design Suite. http://www.xilinx.com/tools/designtools.htm.
[4]
IEEE Standard Test Access Port and Boundary-Scan Architecture. IEEE Std 1149.1--2001, pages i --200, 2001.
[5]
D. Abraham, G. Dolan, G. Double, and J. Stevens. Transaction Security System. In IBM Systems Journal 30, pages 206--229, 1991.
[6]
G. Agosta, A. Barenghi, F. D. Santis, and G. Pelosi. Record Setting Software Implementation of DES Using CUDA. Information Technology: New Generations, Third International Conference on, pages 748--755, 2010.
[7]
ALTERA. Using the Design Security Feature in Stratix II and Stratix II GX Devices (AN 341 version 2.3). Technical report, August 2009. http://www.altera.com/literature/an/an341.pdf.
[8]
ATK. XM25 Counter Defilade Target Engagement System. http://www.atk.com/customer_solutions_missionsystems/documents/sw_iw_xm%25.pdf, May 2009. Post "FPGAs in interesting places -- the XM25 Airburst Weapon System" by Saar Drimer on www.fpgasecurity.com.
[9]
A. Barenghi, G. Pelosi, and Y. Teglia. Improving first order differential power attacks through digital signal processing. In ACM-SIGSAC International Conference on Security of Information and Networks, pages 124--133. ACM, 2010.
[10]
A. Barenghi, G. Pelosi, and Y. Teglia. Information leakage discovery techniques to enhance secure chip design. In C. A. Ardagna and J. Zhou, editors, WISTP, volume 6633 of Lecture Notes in Computer Science, pages 128--143. Springer, 2011.
[11]
E. Brier, C. Clavier, and F. Olivier. Correlation Power Analysis with a Leakage Model. In CHES 2004, volume 3156 of LNCS, pages 16--29. Springer, 2004.
[12]
W. J. Broad, J. Markoff, and D. E. Sanger. Israeli Test on Worm Called Crucial in Iran Nuclear Delay. Technical report, New York Times, January 2011. http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html.
[13]
O. Coudert. Why FPGA startups keep failing, 2009. FPGA market shares according to Gartner Inc, 2008.
[14]
S. Drimer. Security for volatile FPGAs. Technical Report UCAM-CL-TR-763, University of Cambridge, Computer Laboratory, Novembre 2009. ISSN 1476--2986 http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-763.pdf.
[15]
T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. T. M. Shalmani. On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In CRYPTO 2008, volume 5157 of LNCS, pages 203--220. Springer.
[16]
Eric Peeters and François-Xavier Standaert and Jean-Jacques Quisquater. Power and Electromagnetic Analysis: Improved Model, Consequences and Comparisons. Integr. VLSI J., 40(1):52--60, 2007.
[17]
T. Güneysu, T. Kasper, M. Novotný, C. Paar, and A. Rupp. Cryptanalysis with COPACOBANA. IEEE Transactions on Computers, 57(11):1498--1513, 2008.
[18]
P. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In CRYPTO 99, volume 1666 of LNCS, pages 388--397. Springer, 1999.
[19]
R. Krueger. Application Note XAPP766: Using High Security Features in Virtex-II Series FPGAs. Technical report, XILINX, 2004. http://www.xilinx.com/support/documentation/application_notes/xapp766.p%df.
[20]
A. Lesea. IP Security in FPGAs, White Paper WP 261. Technical report, XILINX, February 2007.
[21]
L. Lin, M. Kasper, T. Güneysu, C. Paar, and W. Burleson. Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering. In CHES, volume 5747 of LNCS, pages 382--395. Springer, 2009.
[22]
A. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.
[23]
NIST. FIPS-46--3: Data Encryption Standard (DES), 1999.
[24]
J.-B. Note and É. Rannaud. From the bitstream to the netlist. In M. Hutton and P. Chow, editors, 16th International Symposium on Field Programmable Gate Arrays, FPGA 2008. ACM, 2008.
[25]
S. B. Örs, E. Oswald, and B. Preneel. Power-Analysis Attacks on an FPGA - First Experimental Results. In CHES 2003, volume 2779 of LNCS, pages 35--50. Springer, 2003.
[26]
Recurity Labs. Embedded Analysis. 27th Chaos Communication Congress, Dec. 2010. http://events.ccc.de/congress/2010/wiki/Embedded_Analysis.
[27]
F.-X. Standaert, S. B. Örs, J.-J. Quisquater, and B. Preneel. Power Analysis Attacks Against FPGA Implementations of the DES. In FPL 2004, volume 3203 of LNCS, pages 84--94. Springer, 2004.
[28]
A. Telikepalli. Is Your FPGA Design Secure? XCell Journal, XILINX, Fall 2003.
[29]
C. W. Tseng. Lock Your Designs with the Virtex-4 Security Solution. XCell Journal, XILINX, Spring 2005.
[30]
T. J. Wollinger, J. Guajardo, and C. Paar. Security on FPGAs: State-of-the-art implementations and attacks. ACM Transactions in Embedded Computing Systems (TECS), 3(3):534--574, 2004.
[31]
XILINX. Virtex-2 Platform FPGA User Guide (UG002 version 2.2). Technical report, November 2007. http://www.xilinx.com/support/documentation/user_guides/ug002.pdf.
[32]
XILINX. Virtex-II Pro and Virtex-II Pro X FPGA User Guide. Technical report, 2007. http://www.xilinx.com/support/documentation/user_guides/ug012.pdf.
[33]
XILINX. Virtex-II Pro Platform FPGAs: Complete Data Sheet (DS 083 version 4.7). Technical report, November 2007. http://www.xilinx.com/support/documentation/data_sheets/ds083.pdf.

Cited By

View all
  • (2024)FEINT: Automated Framework for Efficient INsertion of Templates/Trojans into FPGAsInformation10.3390/info1507039515:7(395)Online publication date: 8-Jul-2024
  • (2024)Stealing Maggie's Secrets-On the Challenges of IP Theft Through FPGA Reverse EngineeringProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690235(3391-3405)Online publication date: 2-Dec-2024
  • (2024)ABBY: Automating leakage modelling for side-channel analysisProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637665(231-244)Online publication date: 1-Jul-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security
October 2011
742 pages
ISBN:9781450309486
DOI:10.1145/2046707
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. FPGA
  2. bitstream encryption
  3. side-channel attacks
  4. triple des

Qualifiers

  • Research-article

Conference

CCS'11
Sponsor:

Acceptance Rates

CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)66
  • Downloads (Last 6 weeks)4
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)FEINT: Automated Framework for Efficient INsertion of Templates/Trojans into FPGAsInformation10.3390/info1507039515:7(395)Online publication date: 8-Jul-2024
  • (2024)Stealing Maggie's Secrets-On the Challenges of IP Theft Through FPGA Reverse EngineeringProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690235(3391-3405)Online publication date: 2-Dec-2024
  • (2024)ABBY: Automating leakage modelling for side-channel analysisProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637665(231-244)Online publication date: 1-Jul-2024
  • (2024)On the Malicious Potential of Xilinx’s Internal Configuration Access Port (ICAP)ACM Transactions on Reconfigurable Technology and Systems10.1145/363320417:2(1-28)Online publication date: 30-Apr-2024
  • (2024)Improved Reductions from Noisy to Bounded and Probing Leakages via Hockey-Stick DivergencesAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68391-6_14(461-491)Online publication date: 17-Aug-2024
  • (2024)HAWKEYE – Recovering Symmetric Cryptography From Hardware CircuitsAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68385-5_11(340-376)Online publication date: 18-Aug-2024
  • (2024)Power Consumption-Based Identification of Used Encryption Solution in IoT EnvironmentsComputational Intelligence and Mathematics for Tackling Complex Problems 510.1007/978-3-031-46979-4_15(109-114)Online publication date: 3-Jan-2024
  • (2023)Integrating Lorenz Hyperchaotic Encryption with Ring Oscillator Physically Unclonable Functions (RO-PUFs) for High-Throughput Internet of Things (IoT) ApplicationsElectronics10.3390/electronics1224492912:24(4929)Online publication date: 7-Dec-2023
  • (2023)Computational Intelligence and Soft Computing Paradigm for Cheating Detection in Online ExaminationsApplied Computational Intelligence and Soft Computing10.1155/2023/37399752023(1-23)Online publication date: 4-May-2023
  • (2023)A Survey on FPGA Cybersecurity Design StrategiesACM Transactions on Reconfigurable Technology and Systems10.1145/356151516:2(1-33)Online publication date: 11-Mar-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media