Skip to main content
Erschienen in: Journal of Electronic Testing 3/2022

30.05.2022

The Detection of Malicious Modifications in the FPGA

verfasst von: Kamran Zahid

Erschienen in: Journal of Electronic Testing | Ausgabe 3/2022

Einloggen

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Field Programmable Gate Arrays (FPGAs) are being widely used in a variety of embedded applications. Due to their programmable feature, FPGAs are the perfect choice for various hardware-based systems. In many of the competing types of FPGAs, the dominant types are Static Random-Access Memory (SRAM) based which can be reprogrammed at any stage of execution of a job. SRAM-based FPGAs are volatile and need an external memory to store configuration bitstream that is vulnerable to attacks. In the development as well as deployment stages, the threat of malicious modifications or inserting Hardware Trojans (HTs) into the bitstream is always present. FPGA’s bitstream can be infiltrated or corrupted in a non-invasive manner that may cause fatal consequences. Therefore, a framework is proposed that uses Xilinx Design Language (XDL) or Native Circuit Description (NCD) files that can be extracted from the infected bitstream of FPGA. Xilinx Command Line tools are used to get complete information on hardware primitives, resource utilization, timing constraints, and power summaries from XDL/NCD files in textual form. Further, Natural Language Processing (NLP) has been employed to extract the syntactic features from the descriptive artifact to find the malicious modifications/HTs. The proposed framework also identifies the types of the detected HTs and provides a good understanding to study the behavior of trojans. For logic implementation and testing, Xilinx ISE 14.7 along with PlanAheadTM and FPGA Editor design tools are used. The experimental results show that the proposed framework can be successfully used for the detection of malicious modifications/HTs with optimal accuracy.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Weitere Produktempfehlungen anzeigen
Literatur
2.
Zurück zum Zitat Beaumont M, Hopkins B, Newby T (2011) Hardware Trojans-prevention, detection, countermeasures (a literature review). Technical report, Defence Science and Technology Organisation Edinburgh (Australia) Command Beaumont M, Hopkins B, Newby T (2011) Hardware Trojans-prevention, detection, countermeasures (a literature review). Technical report, Defence Science and Technology Organisation Edinburgh (Australia) Command
3.
Zurück zum Zitat Benz F, Seffrin A, Huss SA (2012) Bil: A tool-chain for bitstream reverse-engineering. In: Proc. 22nd International Conference on Field Programmable Logic and Applications (FPL). IEEE, pp 735–738 Benz F, Seffrin A, Huss SA (2012) Bil: A tool-chain for bitstream reverse-engineering. In: Proc. 22nd International Conference on Field Programmable Logic and Applications (FPL). IEEE, pp 735–738
4.
Zurück zum Zitat Bhunia S, Hsiao MS, Banga M, Narasimhan S (2014) Hardware Trojan attacks: threat analysis and countermeasures. Proc IEEE 102(8):1229–1247 Bhunia S, Hsiao MS, Banga M, Narasimhan S (2014) Hardware Trojan attacks: threat analysis and countermeasures. Proc IEEE 102(8):1229–1247
5.
Zurück zum Zitat Chakraborty RS, Saha I, Palchaudhuri A, Naik GK (2013) Hardware Trojan insertion by direct modification of FPGA configuration bitstream. IEEE Design & Test 30(2):45–54 Chakraborty RS, Saha I, Palchaudhuri A, Naik GK (2013) Hardware Trojan insertion by direct modification of FPGA configuration bitstream. IEEE Design & Test 30(2):45–54
6.
Zurück zum Zitat Chechik G, Sharma V, Shalit U, Bengio S (2010) Large scale online learning of image similarity through ranking. J Mach Learn Res 11(3) Chechik G, Sharma V, Shalit U, Bengio S (2010) Large scale online learning of image similarity through ranking. J Mach Learn Res 11(3)
7.
Zurück zum Zitat Cheremisinov DI (2013) Design automation tool to generate EDIF and VHDL descriptions of circuit by extraction of FPGA configuration. In: Proc. East-West Design & Test Symposium (EWDTS). IEEE, pp 1–4 Cheremisinov DI (2013) Design automation tool to generate EDIF and VHDL descriptions of circuit by extraction of FPGA configuration. In: Proc. East-West Design & Test Symposium (EWDTS). IEEE, pp 1–4
8.
Zurück zum Zitat Couch JD (2011) Applications of TORC: an open toolkit for reconfigurable computing. PhD thesis, Virginia Tech Couch JD (2011) Applications of TORC: an open toolkit for reconfigurable computing. PhD thesis, Virginia Tech
9.
Zurück zum Zitat Ding Z, Qiang W, Zhang Y, Zhu L (2013) Deriving an NCD file from an FPGA bitstream: Methodology, architecture and evaluation. Microprocessors and Microsystems 37(3):299–312CrossRef Ding Z, Qiang W, Zhang Y, Zhu L (2013) Deriving an NCD file from an FPGA bitstream: Methodology, architecture and evaluation. Microprocessors and Microsystems 37(3):299–312CrossRef
10.
Zurück zum Zitat Drimer S (2008) Volatile FPGA design security–a survey. IEEE Computer Society Annual Volume. pp 292–297 Drimer S (2008) Volatile FPGA design security–a survey. IEEE Computer Society Annual Volume. pp 292–297
11.
Zurück zum Zitat Ender M, Moradi A, and Christof Paar (2020) The unpatchable silicon: a full break of the bitstream encryption of Xilinx 7-Series FPGAs. In: Proc. 29th {USENIX} Security Symposium ({USENIX} Security 20) Ender M, Moradi A, and Christof Paar (2020) The unpatchable silicon: a full break of the bitstream encryption of Xilinx 7-Series FPGAs. In: Proc. 29th {USENIX} Security Symposium ({USENIX} Security 20)
12.
Zurück zum Zitat Ender M, Swierczynski P, Wallat S, Wilhelm M, Knopp PM, Paar C (2019) Insights into the mind of a Trojan designer: the challenge to integrate a Trojan into the bitstream. In: Proceedings of the 24th Asia and South Pacific Design Automation Conference. pp 112–119 Ender M, Swierczynski P, Wallat S, Wilhelm M, Knopp PM, Paar C (2019) Insights into the mind of a Trojan designer: the challenge to integrate a Trojan into the bitstream. In: Proceedings of the 24th Asia and South Pacific Design Automation Conference. pp 112–119
13.
Zurück zum Zitat Fyrbiak M, Wallat S, Swierczynski P, Hoffmann M, Hoppach S, Wilhelm M, Weidlich T, Tessier R, Paar C (2018) Hal–the missing piece of the puzzle for hardware reverse engineering, Trojan detection and insertion. IEEE Trans Dependable Secure Comput 16(3):498–510CrossRef Fyrbiak M, Wallat S, Swierczynski P, Hoffmann M, Hoppach S, Wilhelm M, Weidlich T, Tessier R, Paar C (2018) Hal–the missing piece of the puzzle for hardware reverse engineering, Trojan detection and insertion. IEEE Trans Dependable Secure Comput 16(3):498–510CrossRef
14.
Zurück zum Zitat Gören S, Ozkurt O, Yildiz A, Ugurdag HF, Chakraborty RS, Mukhopadhyay D (2013) Partial bitstream protection for low-cost FPGAs with physical unclonable function, obfuscation, and dynamic partial self reconfiguration. Comput Electr Eng 39(2):386–397 Gören S, Ozkurt O, Yildiz A, Ugurdag HF, Chakraborty RS, Mukhopadhyay D (2013) Partial bitstream protection for low-cost FPGAs with physical unclonable function, obfuscation, and dynamic partial self reconfiguration. Comput Electr Eng 39(2):386–397
15.
Zurück zum Zitat Guo X, Dutta RG, Jin Y, Farahmandi F, Mishra P (2015) Pre-silicon security verification and validation: A formal perspective. In: Proceedings of the 52nd Annual Design Automation Conference. pp 1–6 Guo X, Dutta RG, Jin Y, Farahmandi F, Mishra P (2015) Pre-silicon security verification and validation: A formal perspective. In: Proceedings of the 52nd Annual Design Automation Conference. pp 1–6
16.
Zurück zum Zitat Hicks M, Finnicum M, King ST, Martin MMK, Smith JM (2010) Overcoming an untrusted computing base: Detecting and removing malicious hardware automatically. In: Proc. IEEE Symposium on Security and Privacy. IEEE, pp 159–172 Hicks M, Finnicum M, King ST, Martin MMK, Smith JM (2010) Overcoming an untrusted computing base: Detecting and removing malicious hardware automatically. In: Proc. IEEE Symposium on Security and Privacy. IEEE, pp 159–172
17.
Zurück zum Zitat Hirschberg J, Manning CD (2015) Advances in natural language processing. Science 349(6245):261–266 Hirschberg J, Manning CD (2015) Advances in natural language processing. Science 349(6245):261–266
18.
Zurück zum Zitat Hoyoung Y, Lee H, Lee S, Kim Y, Lee H-M (2018) Recent advances in FPGA reverse engineering. Electronics 7(10):246CrossRef Hoyoung Y, Lee H, Lee S, Kim Y, Lee H-M (2018) Recent advances in FPGA reverse engineering. Electronics 7(10):246CrossRef
19.
Zurück zum Zitat Iwase T, Nozaki Y, Yoshikawa M, Kumaki T (2015) Detection technique for hardware Trojans using machine learning in frequency domain. In: Proc. IEEE 4th Global Conference on Consumer Electronics (GCCE). IEEE, pp 185–186 Iwase T, Nozaki Y, Yoshikawa M, Kumaki T (2015) Detection technique for hardware Trojans using machine learning in frequency domain. In: Proc. IEEE 4th Global Conference on Consumer Electronics (GCCE). IEEE, pp 185–186
20.
Zurück zum Zitat Jyothi V, Rajendran JJV (2018) Hardware Trojan attacks in FPGA and protection approaches. In: The Hardware Trojan War. Springer, pp 345–368 Jyothi V, Rajendran JJV (2018) Hardware Trojan attacks in FPGA and protection approaches. In: The Hardware Trojan War. Springer, pp 345–368
21.
Zurück zum Zitat Karam R, Hoque T, Ray S, Tehranipoor M, Bhunia S (2016) Robust bitstream protection in FPGA-based systems through low-overhead obfuscation. In: Proc. International Conference on ReConFigurable Computing and FPGAs (ReConFig). IEEE, pp 1–8 Karam R, Hoque T, Ray S, Tehranipoor M, Bhunia S (2016) Robust bitstream protection in FPGA-based systems through low-overhead obfuscation. In: Proc. International Conference on ReConFigurable Computing and FPGAs (ReConFig). IEEE, pp 1–8
22.
Zurück zum Zitat Karri R, Rajendran J, Rosenfeld K, Tehranipoor M (2010) Trustworthy hardware: Identifying and classifying hardware Trojans. Computer 43(10):39–46CrossRef Karri R, Rajendran J, Rosenfeld K, Tehranipoor M (2010) Trustworthy hardware: Identifying and classifying hardware Trojans. Computer 43(10):39–46CrossRef
23.
Zurück zum Zitat Khaleghi B, Ahari A, Asadi H, Bayat-Sarmadi S (2015) FPGA-based protection scheme against hardware Trojan horse insertion using dummy logic. IEEE Embed Syst Lett 7(2):46–50CrossRef Khaleghi B, Ahari A, Asadi H, Bayat-Sarmadi S (2015) FPGA-based protection scheme against hardware Trojan horse insertion using dummy logic. IEEE Embed Syst Lett 7(2):46–50CrossRef
24.
Zurück zum Zitat Lavin C, Padilla M, Lundrigan P, Nelson B, Hutchings B (2010) Rapid prototyping tools for FPGA designs: Rapidsmith. In: Proc. International Conference on Field-Programmable Technology. IEEE, pp 353–356 Lavin C, Padilla M, Lundrigan P, Nelson B, Hutchings B (2010) Rapid prototyping tools for FPGA designs: Rapidsmith. In: Proc. International Conference on Field-Programmable Technology. IEEE, pp 353–356
25.
Zurück zum Zitat Moradi A, Barenghi A, Kasper T, Paar C (2011) On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. In: Proceedings of the 18th ACM Conference on Computer and communications security. pp 111–124 Moradi A, Barenghi A, Kasper T, Paar C (2011) On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. In: Proceedings of the 18th ACM Conference on Computer and communications security. pp 111–124
26.
Zurück zum Zitat Note J-B, Rannaud É (2008) From the bitstream to the netlist. In: FPGA, vol 8. pp 264 Note J-B, Rannaud É (2008) From the bitstream to the netlist. In: FPGA, vol 8. pp 264
27.
Zurück zum Zitat Nguyen J-F (2016) Analysing the bitstream of Altera’s MAX-V CPLDS Nguyen J-F (2016) Analysing the bitstream of Altera’s MAX-V CPLDS
28.
Zurück zum Zitat Pham KD, Horta E, Koch D (2017) Bitman: a tool and API for FPGA bitstream manipulations. In: Proc. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017. IEEE, pp 894–897 Pham KD, Horta E, Koch D (2017) Bitman: a tool and API for FPGA bitstream manipulations. In: Proc. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017. IEEE, pp 894–897
29.
Zurück zum Zitat Rai D, Lach J (2009) Performance of delay-based Trojan detection techniques under parameter variations. In: Proc. IEEE International Workshop on Hardware-Oriented Security and Trust. IEEE, pp 58–65 Rai D, Lach J (2009) Performance of delay-based Trojan detection techniques under parameter variations. In: Proc. IEEE International Workshop on Hardware-Oriented Security and Trust. IEEE, pp 58–65
30.
Zurück zum Zitat Raghavan AK, Sutton P (2002) JPG-a partial bitstream generation tool to support partial reconfiguration in virtex FPGAs. In: Proc. Parallel and Distributed Processing Symposium, International, vol 2. Citeseer, p 0155 Raghavan AK, Sutton P (2002) JPG-a partial bitstream generation tool to support partial reconfiguration in virtex FPGAs. In: Proc. Parallel and Distributed Processing Symposium, International, vol 2. Citeseer, p 0155
31.
Zurück zum Zitat Salmani H (2016) Cotd: Reference-free hardware Trojan detection and recovery based on controllability and observability in gate-level netlist. IEEE Trans Inf Forensics Secur 12(2):338–350CrossRef Salmani H (2016) Cotd: Reference-free hardware Trojan detection and recovery based on controllability and observability in gate-level netlist. IEEE Trans Inf Forensics Secur 12(2):338–350CrossRef
32.
Zurück zum Zitat Salmani H, Tehranipoor M, Karri R (2013) On design vulnerability analysis and trust benchmarks development. In: Proc. IEEE 31st International Conference on Computer Design (ICCD). IEEE, pp 471–474 Salmani H, Tehranipoor M, Karri R (2013) On design vulnerability analysis and trust benchmarks development. In: Proc. IEEE 31st International Conference on Computer Design (ICCD). IEEE, pp 471–474
33.
Zurück zum Zitat Schroff F, Kalenichenko D, Philbin J (2015) Facenet: A unified embedding for face recognition and clustering. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition. pp 815–823 Schroff F, Kalenichenko D, Philbin J (2015) Facenet: A unified embedding for face recognition and clustering. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition. pp 815–823
34.
Zurück zum Zitat Schütze H, Manning CD, Raghavan P (2008) Introduction to information retrieval, vol 39. Cambridge University Press Cambridge Schütze H, Manning CD, Raghavan P (2008) Introduction to information retrieval, vol 39. Cambridge University Press Cambridge
36.
Zurück zum Zitat Steiner N, Wood A, Shojaei H, Couch J, Athanas P, French M (2011) Torc: towards an open-source tool flow. In: Proceedings of the 19th ACM/SIGDA international symposium on Field programmable gate arrays. pp 41–44 Steiner N, Wood A, Shojaei H, Couch J, Athanas P, French M (2011) Torc: towards an open-source tool flow. In: Proceedings of the 19th ACM/SIGDA international symposium on Field programmable gate arrays. pp 41–44
37.
Zurück zum Zitat Swierczynski P, Becker GT, Moradi A, Paar C (2017) Bitstream fault injections (BiFI)–automated fault attacks against SRAM-based FPGAs. IEEE Trans Comput 67(3):348–360 Swierczynski P, Becker GT, Moradi A, Paar C (2017) Bitstream fault injections (BiFI)–automated fault attacks against SRAM-based FPGAs. IEEE Trans Comput 67(3):348–360
38.
Zurück zum Zitat Tehranipoor M, Koushanfar F (2010) A survey of hardware Trojan taxonomy and detection. IEEE Des Test Comput 27(1):10–25CrossRef Tehranipoor M, Koushanfar F (2010) A survey of hardware Trojan taxonomy and detection. IEEE Des Test Comput 27(1):10–25CrossRef
39.
Zurück zum Zitat Tehranipoor M, Wang C (2011) Introduction to hardware security and trust. Springer Science & Business Media Tehranipoor M, Wang C (2011) Introduction to hardware security and trust. Springer Science & Business Media
43.
Zurück zum Zitat Yoo HY, Choi SY, Park JW (2020) Reverse engineering for Xilinx FPGA chips using ISE design tools. J Integr Circuits Syst 6(1) Yoo HY, Choi SY, Park JW (2020) Reverse engineering for Xilinx FPGA chips using ISE design tools. J Integr Circuits Syst 6(1)
44.
Zurück zum Zitat Yoon J, Seo Y, Jang J, Cho M, Kim J, Kim H, Kwon T (2018) A bitstream reverse engineering tool for FPGA hardware Trojan detection. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. pp 2318–2320 Yoon J, Seo Y, Jang J, Cho M, Kim J, Kim H, Kwon T (2018) A bitstream reverse engineering tool for FPGA hardware Trojan detection. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. pp 2318–2320
45.
Zurück zum Zitat Zhang T, Wang J, Guo S, Chen Z (2019) A comprehensive FPGA reverse engineering tool-chain: From bitstream to RTL code. IEEE Access 7:38379–38389CrossRef Zhang T, Wang J, Guo S, Chen Z (2019) A comprehensive FPGA reverse engineering tool-chain: From bitstream to RTL code. IEEE Access 7:38379–38389CrossRef
46.
Zurück zum Zitat Zhang J, Yuan F, Wei L, Liu Y, Qiang X (2015) Veritrust: Verification for hardware trust. IEEE Trans Comput Aided Des Integr Circuits Syst 34(7):1148–1161CrossRef Zhang J, Yuan F, Wei L, Liu Y, Qiang X (2015) Veritrust: Verification for hardware trust. IEEE Trans Comput Aided Des Integr Circuits Syst 34(7):1148–1161CrossRef
47.
Zurück zum Zitat Zhao M, Suh GE (2018) FPGA-based remote power side-channel attacks. In: Proc. IEEE Symposium on Security and Privacy (SP). IEEE, pp 229–244 Zhao M, Suh GE (2018) FPGA-based remote power side-channel attacks. In: Proc. IEEE Symposium on Security and Privacy (SP). IEEE, pp 229–244
48.
Zurück zum Zitat Ziener D, Aßmus S, Teich J (2006) Identifying FPGA IP-cores based on lookup table content analysis. In: Proc. International Conference on Field Programmable Logic and Applications. IEEE, pp 1–6 Ziener D, Aßmus S, Teich J (2006) Identifying FPGA IP-cores based on lookup table content analysis. In: Proc. International Conference on Field Programmable Logic and Applications. IEEE, pp 1–6
Metadaten
Titel
The Detection of Malicious Modifications in the FPGA
verfasst von
Kamran Zahid
Publikationsdatum
30.05.2022
Verlag
Springer US
Erschienen in
Journal of Electronic Testing / Ausgabe 3/2022
Print ISSN: 0923-8174
Elektronische ISSN: 1573-0727
DOI
https://doi.org/10.1007/s10836-022-06004-z

Weitere Artikel der Ausgabe 3/2022

Journal of Electronic Testing 3/2022 Zur Ausgabe

EditorialNotes

Editorial

Neuer Inhalt