nach oben

Tipp

The Detection of Malicious Modifications in the FPGA

verfasst von: Kamran Zahid

Erschienen in: Journal of Electronic Testing | Ausgabe 3/2022

Einloggen, um Zugang zu erhalten

Abstract

Field Programmable Gate Arrays (FPGAs) are being widely used in a variety of embedded applications. Due to their programmable feature, FPGAs are the perfect choice for various hardware-based systems. In many of the competing types of FPGAs, the dominant types are Static Random-Access Memory (SRAM) based which can be reprogrammed at any stage of execution of a job. SRAM-based FPGAs are volatile and need an external memory to store configuration bitstream that is vulnerable to attacks. In the development as well as deployment stages, the threat of malicious modifications or inserting Hardware Trojans (HTs) into the bitstream is always present. FPGA’s bitstream can be infiltrated or corrupted in a non-invasive manner that may cause fatal consequences. Therefore, a framework is proposed that uses Xilinx Design Language (XDL) or Native Circuit Description (NCD) files that can be extracted from the infected bitstream of FPGA. Xilinx Command Line tools are used to get complete information on hardware primitives, resource utilization, timing constraints, and power summaries from XDL/NCD files in textual form. Further, Natural Language Processing (NLP) has been employed to extract the syntactic features from the descriptive artifact to find the malicious modifications/HTs. The proposed framework also identifies the types of the detected HTs and provides a good understanding to study the behavior of trojans. For logic implementation and testing, Xilinx ISE 14.7 along with PlanAhead^TM and FPGA Editor design tools are used. The experimental results show that the proposed framework can be successfully used for the detection of malicious modifications/HTs with optimal accuracy.

Vorheriger Artikel A Systematic Bit Selection Method for Robust SRAM PUFs

Nächster Artikel Cross-PUF Attacks: Targeting FPGA Implementation of Arbiter-PUFs

Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 69.000 Bücher
über 500 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 50.000 Bücher
über 380 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 58.000 Bücher
über 300 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

Jetzt informieren

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

Jetzt informieren

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

Jetzt informieren

Advanced Encryption Standard (AES) (2001). https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf

Beaumont M, Hopkins B, Newby T (2011) Hardware Trojans-prevention, detection, countermeasures (a literature review). Technical report, Defence Science and Technology Organisation Edinburgh (Australia) Command

Benz F, Seffrin A, Huss SA (2012) Bil: A tool-chain for bitstream reverse-engineering. In: Proc. 22nd International Conference on Field Programmable Logic and Applications (FPL). IEEE, pp 735–738

Bhunia S, Hsiao MS, Banga M, Narasimhan S (2014) Hardware Trojan attacks: threat analysis and countermeasures. Proc IEEE 102(8):1229–1247

Chakraborty RS, Saha I, Palchaudhuri A, Naik GK (2013) Hardware Trojan insertion by direct modification of FPGA configuration bitstream. IEEE Design & Test 30(2):45–54

Chechik G, Sharma V, Shalit U, Bengio S (2010) Large scale online learning of image similarity through ranking. J Mach Learn Res 11(3)

Cheremisinov DI (2013) Design automation tool to generate EDIF and VHDL descriptions of circuit by extraction of FPGA configuration. In: Proc. East-West Design & Test Symposium (EWDTS). IEEE, pp 1–4

Couch JD (2011) Applications of TORC: an open toolkit for reconfigurable computing. PhD thesis, Virginia Tech

Ding Z, Qiang W, Zhang Y, Zhu L (2013) Deriving an NCD file from an FPGA bitstream: Methodology, architecture and evaluation. Microprocessors and Microsystems 37(3):299–312 CrossRef

10.

Drimer S (2008) Volatile FPGA design security–a survey. IEEE Computer Society Annual Volume. pp 292–297

11.

Ender M, Moradi A, and Christof Paar (2020) The unpatchable silicon: a full break of the bitstream encryption of Xilinx 7-Series FPGAs. In: Proc. 29th {USENIX} Security Symposium ({USENIX} Security 20)

12.

Ender M, Swierczynski P, Wallat S, Wilhelm M, Knopp PM, Paar C (2019) Insights into the mind of a Trojan designer: the challenge to integrate a Trojan into the bitstream. In: Proceedings of the 24th Asia and South Pacific Design Automation Conference. pp 112–119

13.

Fyrbiak M, Wallat S, Swierczynski P, Hoffmann M, Hoppach S, Wilhelm M, Weidlich T, Tessier R, Paar C (2018) Hal–the missing piece of the puzzle for hardware reverse engineering, Trojan detection and insertion. IEEE Trans Dependable Secure Comput 16(3):498–510 CrossRef

14.

Gören S, Ozkurt O, Yildiz A, Ugurdag HF, Chakraborty RS, Mukhopadhyay D (2013) Partial bitstream protection for low-cost FPGAs with physical unclonable function, obfuscation, and dynamic partial self reconfiguration. Comput Electr Eng 39(2):386–397

15.

Guo X, Dutta RG, Jin Y, Farahmandi F, Mishra P (2015) Pre-silicon security verification and validation: A formal perspective. In: Proceedings of the 52nd Annual Design Automation Conference. pp 1–6

16.

Hicks M, Finnicum M, King ST, Martin MMK, Smith JM (2010) Overcoming an untrusted computing base: Detecting and removing malicious hardware automatically. In: Proc. IEEE Symposium on Security and Privacy. IEEE, pp 159–172

17.

Hirschberg J, Manning CD (2015) Advances in natural language processing. Science 349(6245):261–266

18.

Hoyoung Y, Lee H, Lee S, Kim Y, Lee H-M (2018) Recent advances in FPGA reverse engineering. Electronics 7(10):246 CrossRef

19.

Iwase T, Nozaki Y, Yoshikawa M, Kumaki T (2015) Detection technique for hardware Trojans using machine learning in frequency domain. In: Proc. IEEE 4th Global Conference on Consumer Electronics (GCCE). IEEE, pp 185–186

20.

Jyothi V, Rajendran JJV (2018) Hardware Trojan attacks in FPGA and protection approaches. In: The Hardware Trojan War. Springer, pp 345–368

21.

Karam R, Hoque T, Ray S, Tehranipoor M, Bhunia S (2016) Robust bitstream protection in FPGA-based systems through low-overhead obfuscation. In: Proc. International Conference on ReConFigurable Computing and FPGAs (ReConFig). IEEE, pp 1–8

22.

Karri R, Rajendran J, Rosenfeld K, Tehranipoor M (2010) Trustworthy hardware: Identifying and classifying hardware Trojans. Computer 43(10):39–46 CrossRef

23.

Khaleghi B, Ahari A, Asadi H, Bayat-Sarmadi S (2015) FPGA-based protection scheme against hardware Trojan horse insertion using dummy logic. IEEE Embed Syst Lett 7(2):46–50 CrossRef

24.

Lavin C, Padilla M, Lundrigan P, Nelson B, Hutchings B (2010) Rapid prototyping tools for FPGA designs: Rapidsmith. In: Proc. International Conference on Field-Programmable Technology. IEEE, pp 353–356

25.

Moradi A, Barenghi A, Kasper T, Paar C (2011) On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. In: Proceedings of the 18th ACM Conference on Computer and communications security. pp 111–124

26.

Note J-B, Rannaud É (2008) From the bitstream to the netlist. In: FPGA, vol 8. pp 264

27.

Nguyen J-F (2016) Analysing the bitstream of Altera’s MAX-V CPLDS

28.

Pham KD, Horta E, Koch D (2017) Bitman: a tool and API for FPGA bitstream manipulations. In: Proc. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017. IEEE, pp 894–897

29.

Rai D, Lach J (2009) Performance of delay-based Trojan detection techniques under parameter variations. In: Proc. IEEE International Workshop on Hardware-Oriented Security and Trust. IEEE, pp 58–65

30.

Raghavan AK, Sutton P (2002) JPG-a partial bitstream generation tool to support partial reconfiguration in virtex FPGAs. In: Proc. Parallel and Distributed Processing Symposium, International, vol 2. Citeseer, p 0155

31.

Salmani H (2016) Cotd: Reference-free hardware Trojan detection and recovery based on controllability and observability in gate-level netlist. IEEE Trans Inf Forensics Secur 12(2):338–350 CrossRef

32.

Salmani H, Tehranipoor M, Karri R (2013) On design vulnerability analysis and trust benchmarks development. In: Proc. IEEE 31st International Conference on Computer Design (ICCD). IEEE, pp 471–474

33.

Schroff F, Kalenichenko D, Philbin J (2015) Facenet: A unified embedding for face recognition and clustering. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition. pp 815–823

34.

Schütze H, Manning CD, Raghavan P (2008) Introduction to information retrieval, vol 39. Cambridge University Press Cambridge

35.

SymbiFlow (2017) Project x-ray. https://github.com/SymbiFlow/prjxray

36.

Steiner N, Wood A, Shojaei H, Couch J, Athanas P, French M (2011) Torc: towards an open-source tool flow. In: Proceedings of the 19th ACM/SIGDA international symposium on Field programmable gate arrays. pp 41–44

37.

Swierczynski P, Becker GT, Moradi A, Paar C (2017) Bitstream fault injections (BiFI)–automated fault attacks against SRAM-based FPGAs. IEEE Trans Comput 67(3):348–360

38.

Tehranipoor M, Koushanfar F (2010) A survey of hardware Trojan taxonomy and detection. IEEE Des Test Comput 27(1):10–25 CrossRef

39.

Tehranipoor M, Wang C (2011) Introduction to hardware security and trust. Springer Science & Business Media

40.

Wolf C (2015) Project icestorm. http://www.clifford.at/icestorm/

41.

Xilinx command line tools user guide (UG628) (2013). https://www.xilinx.com/support/documentation/sw_manuals/xilinx14_7/devref.pdf

42.

Xilinx Inc. (2022) https://www.xilinx.com/

43.

Yoo HY, Choi SY, Park JW (2020) Reverse engineering for Xilinx FPGA chips using ISE design tools. J Integr Circuits Syst 6(1)

44.

Yoon J, Seo Y, Jang J, Cho M, Kim J, Kim H, Kwon T (2018) A bitstream reverse engineering tool for FPGA hardware Trojan detection. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. pp 2318–2320

45.

Zhang T, Wang J, Guo S, Chen Z (2019) A comprehensive FPGA reverse engineering tool-chain: From bitstream to RTL code. IEEE Access 7:38379–38389 CrossRef

46.

Zhang J, Yuan F, Wei L, Liu Y, Qiang X (2015) Veritrust: Verification for hardware trust. IEEE Trans Comput Aided Des Integr Circuits Syst 34(7):1148–1161 CrossRef

47.

Zhao M, Suh GE (2018) FPGA-based remote power side-channel attacks. In: Proc. IEEE Symposium on Security and Privacy (SP). IEEE, pp 229–244

48.

Ziener D, Aßmus S, Teich J (2006) Identifying FPGA IP-cores based on lookup table content analysis. In: Proc. International Conference on Field Programmable Logic and Applications. IEEE, pp 1–6

Titel: The Detection of Malicious Modifications in the FPGA
verfasst von: Kamran Zahid
Publikationsdatum: 30.05.2022
Verlag: Springer US
Erschienen in: Journal of Electronic Testing / Ausgabe 3/2022
Print ISSN: 0923-8174
Elektronische ISSN: 1573-0727
DOI: https://doi.org/10.1007/s10836-022-06004-z

Springer Professional

Tipp

Weitere Artikel dieser Ausgabe durch Wischen aufrufen

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelectronics worldwide

ATZelektronik

Weitere Artikel der Ausgabe 3/2022

Built-In Self-Test for Multi-Threshold NULL Convention Logic Asynchronous Circuits using Pipeline Stage Parallelism

A Source-code Aware Method for Software Mutation Testing Using Artificial Bee Colony Algorithm

Test Technology Newsletter

A Systematic Bit Selection Method for Robust SRAM PUFs

Research on Analog Integrated Circuit Test Parameter Set Reduction Based on XGBoost

Deep Soft Error Propagation Modeling Using Graph Attention Network