Breaking the Anti-Counterfeiting Scheme of FPGAs (known as bitstream encryption)
The bitstream encryption feature of Xillinx FPGAs allows users to protect their designs from being copied, altered or reversed engineered. To achieve this goal, the configuration file that is loaded into the device at powere-up is stored inside the external configuration memory in an encrypted form. The encrypted file will then be read by the FPGA and internally decrypted. The secret decryption key is stored in a special battery-powered memory area of the FPGA. Removal of the battery will result in a loss of the secret key. To use the bitstream encryption, Xillinx design tools offer features to generate an encrypted bitstream with corresponding keyfile and allow to program them into the FPGA. The secret key used for encryption/decryption can be selected by the user.
We analyzed the security of this protection mechanism and found that it can be circumvented by means of side-channel analysis. This class of methods analyze the power consumption of an electronic device to obtain insights of the internally processed data. In this case we employed a differential power analysis, or DPA, attack to extract the secret key that is used to decrypt the bitstream inside the FPGA during configuration.
It is important to note the difference between the bitstream encryption, which is a hardwired feature of the FPGA device which can not be used by a designer for any other purpose, and a cipher implemented on the FPGA fabric by a developer. The former one can not be modified and changed by anyone else than the hardware manufacturerer (i.e., Xillinx Inc.), while responsibility for the security of the latter one is with the FPGA designer.
We consider our attacks to be of serious interest to everyone who is responsible to ensure protection of valuable IP and sensitive secrets within FPGAs. Hardware manufacturers and users need to be aware of these attacks to find solutions to protect themselves from IP theft and security breaks.
- November 28, 2011: Website launched
|This website has been launched.|
- October 27, 2011: Virtex-4 Virtex-5 paper at CT-RSA 2012
- November 7, 2011: Successful attack on SPARTAN-6
|We have successfully performed our attack on bitstream encryption module of Spartan-6. We accordingly have updated our short summary "eprint" report. |
- July 20, 2011: Successful attacks on Virtex-4 and Virtex-5
- July 17, 2011: Virtex-II pro paper at ACM-CCS 2011
- July 15, 2011: Scientific paper on breaking bitstream encryption released
- January 16, 2011
|We succeeded with recovering the secret key used in bitstream encryption of Virtex-II pro FPGAs of Xilinx. We informed Xilinx about our findings.|