Malicious Routing: Circumventing Bitstream-level Verification for FPGAs

Q.A. Ahmed, T. Wiersema, M. Platzner, in: 2021 Design, Automation and Test in Europe Conference (DATE), Alpexpo | Grenoble, France, n.d.

Download
No fulltext has been uploaded.
Conference Paper | Accepted | English
Abstract
The battle of developing hardware Trojans and corresponding countermeasures has taken adversaries towards ingenious ways of compromising hardware designs by circumventing even advanced testing and verification methods. Besides conventional methods of inserting Trojans into a design by a malicious entity, the design flow for field-programmable gate arrays (FPGAs) can also be surreptitiously compromised to assist the attacker to perform a successful malfunctioning or information leakage attack. The advanced stealthy malicious look-up-table (LUT) attack activates a Trojan only when generating the FPGA bitstream and can thus not be detected by register transfer and gate level testing and verification. However, also this attack was recently revealed by a bitstream-level proof-carrying hardware (PCH) approach. In this paper, we present a novel attack that leverages malicious routing of the inserted Trojan circuit to acquire a dormant state even in the generated and transmitted bitstream. The Trojan's payload is connected to primary inputs/outputs of the FPGA via a programmable interconnect point (PIP). The Trojan is detached from inputs/outputs during place-and-route and re-connected only when the FPGA is being programmed, thus activating the Trojan circuit without any need for a trigger logic. Since the Trojan is injected in a post-synthesis step and remains unconnected in the bitstream, the presented attack can currently neither be prevented by conventional testing and verification methods nor by recent bitstream-level verification techniques.
Publishing Year
Conference
Design, Automation and Test in Europe Conference (DATE'21)
Conference Location
Alpexpo | Grenoble, France
Conference Date
2021-02-01 – 2021-02-05
LibreCat-ID

Cite this

Ahmed QA, Wiersema T, Platzner M. Malicious Routing: Circumventing Bitstream-level Verification for FPGAs. In: Alpexpo | Grenoble, France: 2021 Design, Automation and Test in Europe Conference (DATE).
Ahmed, Q. A., Wiersema, T., & Platzner, M. (n.d.). Malicious Routing: Circumventing Bitstream-level Verification for FPGAs. Presented at the Design, Automation and Test in Europe Conference (DATE’21), Alpexpo | Grenoble, France: 2021 Design, Automation and Test in Europe Conference (DATE).
@inproceedings{Ahmed_Wiersema_Platzner, place={Alpexpo | Grenoble, France}, title={Malicious Routing: Circumventing Bitstream-level Verification for FPGAs}, publisher={2021 Design, Automation and Test in Europe Conference (DATE)}, author={Ahmed, Qazi Arbab and Wiersema, Tobias and Platzner, Marco} }
Ahmed, Qazi Arbab, Tobias Wiersema, and Marco Platzner. “Malicious Routing: Circumventing Bitstream-Level Verification for FPGAs.” Alpexpo | Grenoble, France: 2021 Design, Automation and Test in Europe Conference (DATE), n.d.
Q. A. Ahmed, T. Wiersema, and M. Platzner, “Malicious Routing: Circumventing Bitstream-level Verification for FPGAs,” presented at the Design, Automation and Test in Europe Conference (DATE’21), Alpexpo | Grenoble, France.
Ahmed, Qazi Arbab, et al. Malicious Routing: Circumventing Bitstream-Level Verification for FPGAs. 2021 Design, Automation and Test in Europe Conference (DATE).

Export

Marked Publications

Open Data LibreCat

Search this title in

Google Scholar