Malicious Routing: Circumventing Bitstream-level Verification for FPGAs
Q.A. Ahmed, T. Wiersema, M. Platzner, in: 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2021 Design, Automation and Test in Europe Conference (DATE), Alpexpo | Grenoble, France, 2021.
Download
1812.pdf
394.01 KB
Conference Paper
| Published
| English
Department
Abstract
The battle of developing hardware Trojans and corresponding countermeasures has taken adversaries towards ingenious ways of compromising hardware designs by circumventing even advanced testing and verification methods. Besides conventional methods of inserting Trojans into a design by a malicious entity, the design flow for field-programmable gate arrays (FPGAs) can also be surreptitiously compromised to assist the attacker to perform a successful malfunctioning or information leakage attack. The advanced stealthy malicious look-up-table (LUT) attack activates a Trojan only when generating the FPGA bitstream and can thus not be detected by register transfer and gate level testing and verification. However, also this attack was recently revealed by a bitstream-level proof-carrying hardware (PCH) approach. In this paper, we present a novel attack that leverages malicious routing of the inserted Trojan circuit to acquire a dormant state even in the generated and transmitted bitstream. The Trojan's payload is connected to primary inputs/outputs of the FPGA via a programmable interconnect point (PIP). The Trojan is detached from inputs/outputs during place-and-route and re-connected only when the FPGA is being programmed, thus activating the Trojan circuit without any need for a trigger logic. Since the Trojan is injected in a post-synthesis step and remains unconnected in the bitstream, the presented attack can currently neither be prevented by conventional testing and verification methods nor by recent bitstream-level verification techniques.
Publishing Year
Proceedings Title
2021 Design, Automation & Test in Europe Conference & Exhibition (DATE)
Conference
Design, Automation and Test in Europe Conference (DATE'21)
Conference Location
Alpexpo | Grenoble, France
Conference Date
2021-02-01 – 2021-02-05
LibreCat-ID
Cite this
Ahmed QA, Wiersema T, Platzner M. Malicious Routing: Circumventing Bitstream-level Verification for FPGAs. In: 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE). 2021 Design, Automation and Test in Europe Conference (DATE); 2021. doi:10.23919/DATE51398.2021.9474026
Ahmed, Q. A., Wiersema, T., & Platzner, M. (2021). Malicious Routing: Circumventing Bitstream-level Verification for FPGAs. 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE). Design, Automation and Test in Europe Conference (DATE’21), Alpexpo | Grenoble, France. https://doi.org/10.23919/DATE51398.2021.9474026
@inproceedings{Ahmed_Wiersema_Platzner_2021, place={Alpexpo | Grenoble, France}, title={Malicious Routing: Circumventing Bitstream-level Verification for FPGAs}, DOI={10.23919/DATE51398.2021.9474026}, booktitle={2021 Design, Automation & Test in Europe Conference & Exhibition (DATE)}, publisher={2021 Design, Automation and Test in Europe Conference (DATE)}, author={Ahmed, Qazi Arbab and Wiersema, Tobias and Platzner, Marco}, year={2021} }
Ahmed, Qazi Arbab, Tobias Wiersema, and Marco Platzner. “Malicious Routing: Circumventing Bitstream-Level Verification for FPGAs.” In 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE). Alpexpo | Grenoble, France: 2021 Design, Automation and Test in Europe Conference (DATE), 2021. https://doi.org/10.23919/DATE51398.2021.9474026.
Q. A. Ahmed, T. Wiersema, and M. Platzner, “Malicious Routing: Circumventing Bitstream-level Verification for FPGAs,” presented at the Design, Automation and Test in Europe Conference (DATE’21), Alpexpo | Grenoble, France, 2021, doi: 10.23919/DATE51398.2021.9474026.
Ahmed, Qazi Arbab, et al. “Malicious Routing: Circumventing Bitstream-Level Verification for FPGAs.” 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2021 Design, Automation and Test in Europe Conference (DATE), 2021, doi:10.23919/DATE51398.2021.9474026.
All files available under the following license(s):
Creative Commons Attribution 4.0 International Public License (CC-BY 4.0):
Main File(s)
File Name
1812.pdf
394.01 KB
Access Level
Closed Access
Last Uploaded
2023-05-11T09:16:15Z
Link(s) to Main File(s)
Access Level
Closed Access