A recent paper published by a team of German researchers concludes that the bitstream encryption mechanism of Xilinx Virtex-4 and Virtex-5 FPGAs can be "completely broken with moderate effort" through side-channel analysis attacks, posing a potential risk of IP theft and more serious attacks such as reverse engineering or the introduction of hardware Trojans.
The researchers—Amir Moradi, Markus Kasper and Christof Paar of the Horst Gortz Institute for IT-Security at Ruhr University in Bochum, Germany—reported using off-the-shelf hardware to extract the bitstream encryption keys by monitoring the power consumption of the device during power up. Analyzing the power traces the researchers were able to identify the instances where decryption occurs within the devices and then, using a statistical technique known as differential power analysis, crack the AES-256 key.
The researchers reported recovering the Virtex-4 key in six hours and recovering the Virtex-5 key in nine hours. To the best of their knowledge, the paper reports the first successful attack against the bitstream encryption of Virtex-4 and Virtex-5 devices.
The attacks demonstrate that industrial products require the implementation of side-channel countermeasures and "that side-channel attacks are not a pure academic playground but have a real-world impact in the security of embedded systems," the researchers wrote in the paper, titled "On the Portability of Side-Channel Attacks."
A spokesperson for Xilinx said the company is aware of the potential vulnerability of FPGAs to side-channel differential power analysis attacks such as the one described in the paper and that Xilinx has researchers dedicated to studying all facets of the security of FPGAs. The spokesperson said such attacks require a certain degree of sophistication, a high level of motivation and for the attacker to physically access and modify the board on which the FPGA sits. No Xilinx customer has ever reported being victimized by one of these attacks, the spokesman said.
For customers concerned about these types of attacks or others, there are countermeasures at the system level and anti-tampering technology that they can take advantage of, the spokesman said.
In their paper, the researchers from Horst Gortz Institute for IT-Security claim that their was the first successful attack against the Virtex 4 and Virtex 5 FPGAs where the side-channel analysis of bit-stream encryption was utilized. While the technical vulnerability is acknowledged, the important questions is on whether a corresponding business vulnerability exists for FPGA users in it or not.
The Xilinx spokesperson argues (as expected) that the attack requires a higher degree of sophistication, a high level of motivation and for the attacker to have physically access to the circuitry and therefore, the business vulnerability is minimal at present. This seems like many other claims that the vendors tend offer before a serious breach occurs.
What I believe is that technical landscapes can change very very fast. For an example, side-channel attacks on the AES algorithm at the software-level is no longer a sophisticated process. In few more months, a side-channel attack on attack on an FPGA may not require the same level of sophistication and motivation as is argued. Besides, who can disregard the motivation to reverse-engineer a state-of-the-art product to steal its IP? The motivation is present all the time.
David Patterson, known for his pioneering research that led to RAID, clusters and more, is part of a team at UC Berkeley that recently made its RISC-V processor architecture an open source hardware offering. We talk with Patterson and one of his colleagues behind the effort about the opportunities they see, what new kinds of designs they hope to enable and what it means for today’s commercial processor giants such as Intel, ARM and Imagination Technologies.