{"has_accepted_license":"1","year":"2021","language":[{"iso":"eng"}],"_id":"20681","ddc":["006"],"file":[{"relation":"main_file","date_created":"2023-05-11T09:16:15Z","file_name":"1812.pdf","content_type":"application/pdf","success":1,"file_id":"44752","date_updated":"2023-05-11T09:16:15Z","access_level":"closed","file_size":394011,"creator":"qazi"}],"doi":"10.23919/DATE51398.2021.9474026","project":[{"name":"SFB 901 - Subproject B4","_id":"12"},{"_id":"3","name":"SFB 901 - Project Area B"},{"_id":"1","name":"SFB 901"}],"user_id":"72764","abstract":[{"lang":"eng","text":"The battle of developing hardware Trojans and corresponding countermeasures has taken adversaries towards ingenious ways of compromising hardware designs by circumventing even advanced testing and verification methods. Besides conventional methods of inserting Trojans into a design by a malicious entity, the design flow for field-programmable gate arrays (FPGAs) can also be surreptitiously compromised to assist the attacker to perform a successful malfunctioning or information leakage attack. The advanced stealthy malicious look-up-table (LUT) attack activates a Trojan only when generating the FPGA bitstream and can thus not be detected by register transfer and gate level testing and verification. However, also this attack was recently revealed by a bitstream-level proof-carrying hardware (PCH) approach. In this paper, we present a novel attack that leverages malicious routing of the inserted Trojan circuit to acquire a dormant state even in the generated and transmitted bitstream. The Trojan's payload is connected to primary inputs/outputs of the FPGA via a programmable interconnect point (PIP). The Trojan is detached from inputs/outputs during place-and-route and re-connected only when the FPGA is being programmed, thus activating the Trojan circuit without any need for a trigger logic. Since the Trojan is injected in a post-synthesis step and remains unconnected in the bitstream, the presented attack can currently neither be prevented by conventional testing and verification methods nor by recent bitstream-level verification techniques."}],"date_created":"2020-12-07T14:03:00Z","author":[{"id":"72764","first_name":"Qazi Arbab","full_name":"Ahmed, Qazi Arbab","orcid":"0000-0002-1837-2254","last_name":"Ahmed"},{"last_name":"Wiersema","full_name":"Wiersema, Tobias","first_name":"Tobias","id":"3118"},{"full_name":"Platzner, Marco","last_name":"Platzner","id":"398","first_name":"Marco"}],"title":"Malicious Routing: Circumventing Bitstream-level Verification for FPGAs","type":"conference","citation":{"ieee":"Q. A. Ahmed, T. Wiersema, and M. Platzner, “Malicious Routing: Circumventing Bitstream-level Verification for FPGAs,” presented at the Design, Automation and Test in Europe Conference (DATE’21), Alpexpo | Grenoble, France, 2021, doi: <a href=\"https://doi.org/10.23919/DATE51398.2021.9474026\">10.23919/DATE51398.2021.9474026</a>.","bibtex":"@inproceedings{Ahmed_Wiersema_Platzner_2021, place={Alpexpo | Grenoble, France}, title={Malicious Routing: Circumventing Bitstream-level Verification for FPGAs}, DOI={<a href=\"https://doi.org/10.23919/DATE51398.2021.9474026\">10.23919/DATE51398.2021.9474026</a>}, booktitle={2021 Design, Automation &#38; Test in Europe Conference &#38; Exhibition (DATE)}, publisher={2021 Design, Automation and Test in Europe Conference (DATE)}, author={Ahmed, Qazi Arbab and Wiersema, Tobias and Platzner, Marco}, year={2021} }","mla":"Ahmed, Qazi Arbab, et al. “Malicious Routing: Circumventing Bitstream-Level Verification for FPGAs.” <i>2021 Design, Automation &#38; Test in Europe Conference &#38; Exhibition (DATE)</i>, 2021 Design, Automation and Test in Europe Conference (DATE), 2021, doi:<a href=\"https://doi.org/10.23919/DATE51398.2021.9474026\">10.23919/DATE51398.2021.9474026</a>.","chicago":"Ahmed, Qazi Arbab, Tobias Wiersema, and Marco Platzner. “Malicious Routing: Circumventing Bitstream-Level Verification for FPGAs.” In <i>2021 Design, Automation &#38; Test in Europe Conference &#38; Exhibition (DATE)</i>. Alpexpo | Grenoble, France: 2021 Design, Automation and Test in Europe Conference (DATE), 2021. <a href=\"https://doi.org/10.23919/DATE51398.2021.9474026\">https://doi.org/10.23919/DATE51398.2021.9474026</a>.","apa":"Ahmed, Q. A., Wiersema, T., &#38; Platzner, M. (2021). Malicious Routing: Circumventing Bitstream-level Verification for FPGAs. <i>2021 Design, Automation &#38; Test in Europe Conference &#38; Exhibition (DATE)</i>. Design, Automation and Test in Europe Conference (DATE’21), Alpexpo | Grenoble, France. <a href=\"https://doi.org/10.23919/DATE51398.2021.9474026\">https://doi.org/10.23919/DATE51398.2021.9474026</a>","ama":"Ahmed QA, Wiersema T, Platzner M. Malicious Routing: Circumventing Bitstream-level Verification for FPGAs. In: <i>2021 Design, Automation &#38; Test in Europe Conference &#38; Exhibition (DATE)</i>. 2021 Design, Automation and Test in Europe Conference (DATE); 2021. doi:<a href=\"https://doi.org/10.23919/DATE51398.2021.9474026\">10.23919/DATE51398.2021.9474026</a>","short":"Q.A. Ahmed, T. Wiersema, M. Platzner, in: 2021 Design, Automation &#38; Test in Europe Conference &#38; Exhibition (DATE), 2021 Design, Automation and Test in Europe Conference (DATE), Alpexpo | Grenoble, France, 2021."},"publication_identifier":{"eisbn":["978-3-9819263-5-4"]},"publisher":"2021 Design, Automation and Test in Europe Conference (DATE)","publication_status":"published","date_updated":"2023-05-11T09:16:34Z","status":"public","main_file_link":[{"open_access":"1"}],"file_date_updated":"2023-05-11T09:16:15Z","conference":{"name":"Design, Automation and Test in Europe Conference (DATE'21)","end_date":"2021-02-05","start_date":"2021-02-01","location":"Alpexpo | Grenoble, France"},"oa":"1","place":"Alpexpo | Grenoble, France","publication":"2021 Design, Automation & Test in Europe Conference & Exhibition (DATE)","department":[{"_id":"78"}]}