Abstract
Reconfigurable platforms such as FPGAs and CPLDs are used to implement flexible and lightweight embedded systems often using soft-processors and a fixed instruction sequence stored in block memories. The bitstream format is proprietary for most vendors, however, in this work we demonstrate how to identify and extract block memory contents within the bitstream, allowing an adversary to learn and possibly modify the fixed instruction sequence. Manipulating the instruction sequence by inserting a Trojan in the bitstream as opposed to in the RTL code allows an adversary to bypass many verification steps. Moreover, the proposed Trojans only add extra instructions to the sequence to leak secret information, and do not change the original program behavior, making them virtually impossible to detect using functional tests. We present a case study where a Trojan is injected into a MIPS AES encryption program to leak internal state information by adding extra instructions from the available ones without changing the original program behavior.
| Original language | English |
|---|---|
| Title of host publication | FPL 2016 - 26th International Conference on Field-Programmable Logic and Applications |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| ISBN (Electronic) | 9782839918442 |
| DOIs | |
| Publication status | Published - 26 Sept 2016 |
| Externally published | Yes |
| Event | 26th International Conference on Field-Programmable Logic and Applications, FPL 2016 - Lausanne, Switzerland Duration: 29 Aug 2016 → 2 Sept 2016 |
Publication series
| Name | FPL 2016 - 26th International Conference on Field-Programmable Logic and Applications |
|---|
Conference
| Conference | 26th International Conference on Field-Programmable Logic and Applications, FPL 2016 |
|---|---|
| Country/Territory | Switzerland |
| City | Lausanne |
| Period | 29/08/16 → 2/09/16 |
Bibliographical note
Publisher Copyright:© 2016 EPFL.
Keywords
- FPGA
- Security
- System-on-chip
- Trojan