Configuration Tampering of BRAM-based AES Implementations on FPGAs

Daniel Ziener, Jutta Pirkl, Jürgen Teich

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Downloads (Pure)

Abstract

Fault injection attacks constitute a major attack vector on cryptographic implementations, such as the Advanced Encryption Standard (AES).
On Field Programmable Gate Arrays (FPGAs), the circuit can be altered by tampering the configuration data and thereby causing a desired faulty execution that leaks information about the secret key. Often it is not even necessary to conduct extensive reverse engineering of the propriety bitstream file format. In this paper, we present a novel strategy to recover the secret AES key by exploiting the properties of the FPGA's memory elements called Block RAM (BRAM) that are often used to store the Rijndael S-boxes. The attack can be performed by a single reconfiguration with a faulty bitstream without any knowledge of either design properties or plaintext input. The advantage of our approach is that this attack works also with encrypted bitstreams. However, our experiments show that the number of reconfigurations might increase in this case.
Original languageEnglish
Title of host publication2018 International Conference on ReConFigurable Computing and FPGAs
PublisherIEEE Computer Society
Number of pages7
ISBN (Electronic)9781728119687
ISBN (Print)9781728119687
Publication statusAccepted/In press - 3 Dec 2018
Event2018 International Conference on ReConFigurable Computing and FPGAs - Cancun, Mexico
Duration: 3 Dec 20185 Dec 2018

Conference

Conference2018 International Conference on ReConFigurable Computing and FPGAs
Abbreviated titleReConFig 2018
CountryMexico
CityCancun
Period3/12/185/12/18

Fingerprint

Random access storage
Cryptography
Field programmable gate arrays (FPGA)
Reverse engineering
Data storage equipment
Networks (circuits)
Experiments

Cite this

Ziener, D., Pirkl, J., & Teich, J. (Accepted/In press). Configuration Tampering of BRAM-based AES Implementations on FPGAs. In 2018 International Conference on ReConFigurable Computing and FPGAs IEEE Computer Society.
Ziener, Daniel ; Pirkl, Jutta ; Teich, Jürgen. / Configuration Tampering of BRAM-based AES Implementations on FPGAs. 2018 International Conference on ReConFigurable Computing and FPGAs. IEEE Computer Society, 2018.
@inproceedings{ee97062b1aa64575b01651e1778624f4,
title = "Configuration Tampering of BRAM-based AES Implementations on FPGAs",
abstract = "Fault injection attacks constitute a major attack vector on cryptographic implementations, such as the Advanced Encryption Standard (AES).On Field Programmable Gate Arrays (FPGAs), the circuit can be altered by tampering the configuration data and thereby causing a desired faulty execution that leaks information about the secret key. Often it is not even necessary to conduct extensive reverse engineering of the propriety bitstream file format. In this paper, we present a novel strategy to recover the secret AES key by exploiting the properties of the FPGA's memory elements called Block RAM (BRAM) that are often used to store the Rijndael S-boxes. The attack can be performed by a single reconfiguration with a faulty bitstream without any knowledge of either design properties or plaintext input. The advantage of our approach is that this attack works also with encrypted bitstreams. However, our experiments show that the number of reconfigurations might increase in this case.",
author = "Daniel Ziener and Jutta Pirkl and J{\"u}rgen Teich",
year = "2018",
month = "12",
day = "3",
language = "English",
isbn = "9781728119687",
booktitle = "2018 International Conference on ReConFigurable Computing and FPGAs",
publisher = "IEEE Computer Society",
address = "United States",

}

Ziener, D, Pirkl, J & Teich, J 2018, Configuration Tampering of BRAM-based AES Implementations on FPGAs. in 2018 International Conference on ReConFigurable Computing and FPGAs. IEEE Computer Society, 2018 International Conference on ReConFigurable Computing and FPGAs , Cancun, Mexico, 3/12/18.

Configuration Tampering of BRAM-based AES Implementations on FPGAs. / Ziener, Daniel; Pirkl, Jutta; Teich, Jürgen.

2018 International Conference on ReConFigurable Computing and FPGAs. IEEE Computer Society, 2018.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Configuration Tampering of BRAM-based AES Implementations on FPGAs

AU - Ziener, Daniel

AU - Pirkl, Jutta

AU - Teich, Jürgen

PY - 2018/12/3

Y1 - 2018/12/3

N2 - Fault injection attacks constitute a major attack vector on cryptographic implementations, such as the Advanced Encryption Standard (AES).On Field Programmable Gate Arrays (FPGAs), the circuit can be altered by tampering the configuration data and thereby causing a desired faulty execution that leaks information about the secret key. Often it is not even necessary to conduct extensive reverse engineering of the propriety bitstream file format. In this paper, we present a novel strategy to recover the secret AES key by exploiting the properties of the FPGA's memory elements called Block RAM (BRAM) that are often used to store the Rijndael S-boxes. The attack can be performed by a single reconfiguration with a faulty bitstream without any knowledge of either design properties or plaintext input. The advantage of our approach is that this attack works also with encrypted bitstreams. However, our experiments show that the number of reconfigurations might increase in this case.

AB - Fault injection attacks constitute a major attack vector on cryptographic implementations, such as the Advanced Encryption Standard (AES).On Field Programmable Gate Arrays (FPGAs), the circuit can be altered by tampering the configuration data and thereby causing a desired faulty execution that leaks information about the secret key. Often it is not even necessary to conduct extensive reverse engineering of the propriety bitstream file format. In this paper, we present a novel strategy to recover the secret AES key by exploiting the properties of the FPGA's memory elements called Block RAM (BRAM) that are often used to store the Rijndael S-boxes. The attack can be performed by a single reconfiguration with a faulty bitstream without any knowledge of either design properties or plaintext input. The advantage of our approach is that this attack works also with encrypted bitstreams. However, our experiments show that the number of reconfigurations might increase in this case.

M3 - Conference contribution

SN - 9781728119687

BT - 2018 International Conference on ReConFigurable Computing and FPGAs

PB - IEEE Computer Society

ER -

Ziener D, Pirkl J, Teich J. Configuration Tampering of BRAM-based AES Implementations on FPGAs. In 2018 International Conference on ReConFigurable Computing and FPGAs. IEEE Computer Society. 2018