Abstract
As part of the revelations about the NSA activities, the notion of interdiction has become known to the public: the interception of deliveries to manipulate hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hardware level. With respect to hardware, FPGAs are particular interesting targets as they can be altered by manipulating the corresponding bitstream which configures the device. In this paper, we demonstrate the first successful real-world FPGA hardware Trojan insertion into a commercial product. On the target device, a FIPS-140-2 level 2 certified USB flash drive from Kingston, the user data are encrypted using AES-256 in XTS mode, and the encryption/decryption is processed by an off-the-shelf SRAM-based FPGA. Our investigation required two reverse-engineering steps, related to the proprietary FPGA bitstream and to the firmware of the underlying ARM CPU. In our Trojan insertion scenario, the targeted USB flash drive is intercepted before being delivered to the victim. The physical Trojan insertion requires the manipulation of the SPI flash memory content, which contains the FPGA bitstream as well as the ARM CPU code. The FPGA bitstream manipulation alters the exploited AES-256 algorithm in a way that it turns into a linear function which can be broken with 32 known plaintext–ciphertext pairs. After the manipulated USB flash drive has been used by the victim, the attacker is able to obtain all user data from the ciphertexts. Our work indeed highlights the security risks and especially the practical relevance of bitstream modification attacks that became realistic due to FPGA bitstream manipulations.
Similar content being viewed by others
Notes
Many categories even fulfill the qualitative security level 3, cf. [4].
References
Hex-Rays, S.A. http://www.hex-rays.com
Suite B Cryptography. https://www.nsa.gov/ia/programs/suiteb_cryptography/ (2001)
Report of the defense science board task force on high performance microchip supply. http://www.acq.osd.mil/dsb/reports/ADA435563.pdf? (2005)
DataTraveler 5000 FIPS 140-2 Level 2 certification. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt1316.pdf (2010)
Aldaya, A.C., Sarmiento, A.J.C., Sánchez-Solano, S.: AES T-Box tampering attack. J. Cryptogr. Eng., pp.1–18 (2015). doi:10.1007/s13389-015-0103-4
Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware Trojans. In: Cryptographic hardware and embedded systems–CHES 2013–15th International Workshop, Santa Barbara, CA, USA, August 20–23, 2013
Benz, F., Seffrin, A., Huss, S.: Bil: A tool-chain for bitstream reverse-engineering. In: Field programmable logic and applications (FPL), 2012 22nd International Conference on, pp. 735–738 (2012). doi:10.1109/FPL.2012.6339165
Chakraborty, R., Saha, I., Palchaudhuri, A., Naik, G.: Hardware Trojan insertion by direct modification of FPGA configuration bitstream. Des. Test IEEE 30(2), 45–54 (2013)
Ding, Z., Wu, Q., Zhang, Y., Zhu, L.: Deriving an NCD file from an FPGA bitstream: methodology, architecture and evaluation. Microprocess. Microsyst.—Embed. Hardware Des. 37(3), 299–312 (2013)
Drimer, S.: Security for volatile FPGAs. Technical Report UCAM-CLTR-763, University of Cambridge, Computer Laboratory (2009)
Eisenbarth, T., Güneysu, T., Paar, C., Sadeghi, A., Schellekens, D., Wolf, M.: Reconfigurable trusted computing in hardware. In: Workshop on scalable trusted computing, STC 2007, pp. 15–20. ACM (2007)
Greenwald, G.: No place to hide: Edward Snowden, the NSA and the surveillance state. Metropolitan Books, New York (2014)
IEEE Std 1619-2007: IEEE standard for cryptographic protection of data on block-oriented storage devices
Kakarlapudi, B., Alabur, N.: FPGA implementations of S-box vs. T-box iterative architectures of AES, http://teal.gmu.edu/courses/ECE746/project/reports_2008/AES_T-box_report.pdf
Karri, R., Rajendran, J., Rosenfeld, K.: Trojan taxonomy. In: Tehranipoor, M., Wang, C. (eds.) Introduction to hardware security and trust. Springer-Verlag, (2012)
King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET’08, pp. 5:1–5:8. Berkeley, CA, USA:USENIX Association (2008). http://dl.acm.org/citation.cfm?id=1387709.1387714
Kingston Technology: Protect sensitive data with FIPS 140-2 Level 2 validation and 100 per cent privacy. http://www.kingston.com/datasheets/dt5000_en.pdf
Macri, G.: Leaked Photos Show NSA Hardware Interception And Bug-Planting Workstation (2014). http://dailycaller.com/2014/05/15/leaked-photosshow-nsa-hardware-interception-and-bug-plantingworkstation/
McGrath, D.: Analyst: Altera to catch Xilinx in 2012. EE Times (2011)
Micro, R.: Ensuring trust in cyberspace. http://www.spyrus.com/company/literature/SPYRUSdatasheets/DSRosettaMicroSeriesII.pdf
Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. In: ACM Conference on Computer and Communications Security, pp. 111–124 (2011)
Moradi, A., Kasper, M., Paar, C.: Black-box side-channel attacks highlight the importance of countermeasures—an analysis of the Xilinx Virtex-4 and Virtex-5 bitstream encryption mechanism. In: The Cryptographers’ Track at the RSA Conference, pp. 1–18 (2012)
Moradi, A., Oswald, D., Paar, C., Swierczynski, P.: Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering. In: Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays, FPGA ’13, pp. 91–100. New York, NY, USA :ACM (2013)
Narasimhan, S., Bhunia, S.: Hardware Trojan detection. In: Tehranipoor, M., Wang, C. (eds.) Introduction to Hardware Security and Trust. Springer-Verlag (2012)
Nohl, K., Kriler, S., Lell, J.: BadUSB—On accessories that turn evil. BlackHat (2014). https://srlabs.de/badusb/
Rannaud, É.: From the bitstream to the netlist. In: Proceedings of the 16th International ACM/SIGDA Symposium on Field Programmable Gate Arrays, pp. 264–264 (2008)
Snyder, B.: Snowden: The NSA planted backdoors in Cisco products (2014). http://www.infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html
SPIEGEL Staff: Inside TAO: Documents reveal top NSA hacking unit (2013). http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html
Swierczynski, P., Fyrbiak, M., Koppe, P., Paar, C.: FPGA Trojans through detecting and weakening of cryptographic primitives. Comput-Aided Des. Integr. Circuits Syst. IEEE Trans. 34(8), 1236–1249 (2015). doi:10.1109/TCAD.2015.2399455
Ziener, D., Assmus, S., Teich, J.: Identifying fpga ip-cores based on lookup table content analysis. In: Field Programmable Logic and Applications, 2006. FPL ’06. International Conference on, pp. 1–6 (2006). doi:10.1109/FPL.2006.311255
Acknowledgments
The authors would like to thank Kai Stawikowski and Georg T. Becker for their fruitful comments and help regarding this project. Part of the research was conducted at the University of Massachusetts Amherst. This work was partially supported through NSF grants CNS-1318497 and CNS-1421352. It has been also partially supported by the Bosch Research Foundation.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Swierczynski, P., Fyrbiak, M., Koppe, P. et al. Interdiction in practice—Hardware Trojan against a high-security USB flash drive. J Cryptogr Eng 7, 199–211 (2017). https://doi.org/10.1007/s13389-016-0132-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-016-0132-7