Journal of Cryptographic Engineering

, Volume 7, Issue 3, pp 199–211 | Cite as

Interdiction in practice—Hardware Trojan against a high-security USB flash drive

  • Pawel Swierczynski
  • Marc Fyrbiak
  • Philipp Koppe
  • Amir Moradi
  • Christof Paar
Regular Paper

Abstract

As part of the revelations about the NSA activities, the notion of interdiction has become known to the public: the interception of deliveries to manipulate hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hardware level. With respect to hardware, FPGAs are particular interesting targets as they can be altered by manipulating the corresponding bitstream which configures the device. In this paper, we demonstrate the first successful real-world FPGA hardware Trojan insertion into a commercial product. On the target device, a FIPS-140-2 level 2 certified USB flash drive from Kingston, the user data are encrypted using AES-256 in XTS mode, and the encryption/decryption is processed by an off-the-shelf SRAM-based FPGA. Our investigation required two reverse-engineering steps, related to the proprietary FPGA bitstream and to the firmware of the underlying ARM CPU. In our Trojan insertion scenario, the targeted USB flash drive is intercepted before being delivered to the victim. The physical Trojan insertion requires the manipulation of the SPI flash memory content, which contains the FPGA bitstream as well as the ARM CPU code. The FPGA bitstream manipulation alters the exploited AES-256 algorithm in a way that it turns into a linear function which can be broken with 32 known plaintext–ciphertext pairs. After the manipulated USB flash drive has been used by the victim, the attacker is able to obtain all user data from the ciphertexts. Our work indeed highlights the security risks and especially the practical relevance of bitstream modification attacks that became realistic due to FPGA bitstream manipulations.

Keywords

Hardware Trojan Real-world attack FPGA security AES 

References

  1. 1.
    Hex-Rays, S.A. http://www.hex-rays.com
  2. 2.
  3. 3.
    Report of the defense science board task force on high performance microchip supply. http://www.acq.osd.mil/dsb/reports/ADA435563.pdf? (2005)
  4. 4.
    DataTraveler 5000 FIPS 140-2 Level 2 certification. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt1316.pdf (2010)
  5. 5.
    Aldaya, A.C., Sarmiento, A.J.C., Sánchez-Solano, S.: AES T-Box tampering attack. J. Cryptogr. Eng., pp.1–18 (2015). doi:10.1007/s13389-015-0103-4
  6. 6.
    Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware Trojans. In: Cryptographic hardware and embedded systems–CHES 2013–15th International Workshop, Santa Barbara, CA, USA, August 20–23, 2013Google Scholar
  7. 7.
    Benz, F., Seffrin, A., Huss, S.: Bil: A tool-chain for bitstream reverse-engineering. In: Field programmable logic and applications (FPL), 2012 22nd International Conference on, pp. 735–738 (2012). doi:10.1109/FPL.2012.6339165
  8. 8.
    Chakraborty, R., Saha, I., Palchaudhuri, A., Naik, G.: Hardware Trojan insertion by direct modification of FPGA configuration bitstream. Des. Test IEEE 30(2), 45–54 (2013)CrossRefGoogle Scholar
  9. 9.
    Ding, Z., Wu, Q., Zhang, Y., Zhu, L.: Deriving an NCD file from an FPGA bitstream: methodology, architecture and evaluation. Microprocess. Microsyst.—Embed. Hardware Des. 37(3), 299–312 (2013)CrossRefGoogle Scholar
  10. 10.
    Drimer, S.: Security for volatile FPGAs. Technical Report UCAM-CLTR-763, University of Cambridge, Computer Laboratory (2009)Google Scholar
  11. 11.
    Eisenbarth, T., Güneysu, T., Paar, C., Sadeghi, A., Schellekens, D., Wolf, M.: Reconfigurable trusted computing in hardware. In: Workshop on scalable trusted computing, STC 2007, pp. 15–20. ACM (2007)Google Scholar
  12. 12.
    Greenwald, G.: No place to hide: Edward Snowden, the NSA and the surveillance state. Metropolitan Books, New York (2014)Google Scholar
  13. 13.
    IEEE Std 1619-2007: IEEE standard for cryptographic protection of data on block-oriented storage devicesGoogle Scholar
  14. 14.
    Kakarlapudi, B., Alabur, N.: FPGA implementations of S-box vs. T-box iterative architectures of AES, http://teal.gmu.edu/courses/ECE746/project/reports_2008/AES_T-box_report.pdf
  15. 15.
    Karri, R., Rajendran, J., Rosenfeld, K.: Trojan taxonomy. In: Tehranipoor, M., Wang, C. (eds.) Introduction to hardware security and trust. Springer-Verlag, (2012)Google Scholar
  16. 16.
    King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET’08, pp. 5:1–5:8. Berkeley, CA, USA:USENIX Association (2008). http://dl.acm.org/citation.cfm?id=1387709.1387714
  17. 17.
    Kingston Technology: Protect sensitive data with FIPS 140-2 Level 2 validation and 100 per cent privacy. http://www.kingston.com/datasheets/dt5000_en.pdf
  18. 18.
    Macri, G.: Leaked Photos Show NSA Hardware Interception And Bug-Planting Workstation (2014). http://dailycaller.com/2014/05/15/leaked-photosshow-nsa-hardware-interception-and-bug-plantingworkstation/
  19. 19.
    McGrath, D.: Analyst: Altera to catch Xilinx in 2012. EE Times (2011)Google Scholar
  20. 20.
  21. 21.
    Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. In: ACM Conference on Computer and Communications Security, pp. 111–124 (2011)Google Scholar
  22. 22.
    Moradi, A., Kasper, M., Paar, C.: Black-box side-channel attacks highlight the importance of countermeasures—an analysis of the Xilinx Virtex-4 and Virtex-5 bitstream encryption mechanism. In: The Cryptographers’ Track at the RSA Conference, pp. 1–18 (2012)Google Scholar
  23. 23.
    Moradi, A., Oswald, D., Paar, C., Swierczynski, P.: Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering. In: Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays, FPGA ’13, pp. 91–100. New York, NY, USA :ACM (2013)Google Scholar
  24. 24.
    Narasimhan, S., Bhunia, S.: Hardware Trojan detection. In: Tehranipoor, M., Wang, C. (eds.) Introduction to Hardware Security and Trust. Springer-Verlag (2012)Google Scholar
  25. 25.
    Nohl, K., Kriler, S., Lell, J.: BadUSB—On accessories that turn evil. BlackHat (2014). https://srlabs.de/badusb/
  26. 26.
    Rannaud, É.: From the bitstream to the netlist. In: Proceedings of the 16th International ACM/SIGDA Symposium on Field Programmable Gate Arrays, pp. 264–264 (2008)Google Scholar
  27. 27.
  28. 28.
  29. 29.
    Swierczynski, P., Fyrbiak, M., Koppe, P., Paar, C.: FPGA Trojans through detecting and weakening of cryptographic primitives. Comput-Aided Des. Integr. Circuits Syst. IEEE Trans. 34(8), 1236–1249 (2015). doi:10.1109/TCAD.2015.2399455 CrossRefGoogle Scholar
  30. 30.
    Ziener, D., Assmus, S., Teich, J.: Identifying fpga ip-cores based on lookup table content analysis. In: Field Programmable Logic and Applications, 2006. FPL ’06. International Conference on, pp. 1–6 (2006). doi:10.1109/FPL.2006.311255

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Pawel Swierczynski
    • 1
  • Marc Fyrbiak
    • 1
  • Philipp Koppe
    • 1
  • Amir Moradi
    • 1
  • Christof Paar
    • 1
    • 2
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-UniversitätBochumGermany
  2. 2.University of Massachusetts AmherstAmherstUSA

Personalised recommendations