Compromising FPGA SoCs using malicious hardware blocks

Nisha Jacob, Carsten Rolfes, Andreas Zankl, Johann Heyszl, Georg Sigl

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Scopus citations

Abstract

Modern FPGA System-on-Chips (SoCs) combine high performance application processors with reconfigurable hardware. This allows to enhance complex software systems with reconfigurable hardware accelerators. Unfortunately, even when state-of-the-art software security mechanisms are implemented, this combination creates new security threats. Attacks on the software are now possible through the reconfigurable hardware as these cores share resources with the processor and may contain unwanted functionality. In this paper, we discuss software protection mechanisms offered in conventional SoCs and how they can be circumvented by malicious hardware blocks. As a concrete example, we show how the malicious functionality within an IP core accesses and replaces critical memory sections. We refer to this type of attacks as hardware-assisted attacks against running software systems. We carry-out a proof-of-concept on the Xilinx Zynq device which runs a Linux OS and a software application that verifies system updates. The malicious IP core replaces the public key used to verify system updates, thus, allowing an attacker to maliciously update the FPGA SoC. Additionally, we propose a countermeasure that can be applied against such threats in the form of a security wrapper for hardware modules.

Original languageEnglish
Title of host publicationProceedings of the 2017 Design, Automation and Test in Europe, DATE 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1122-1127
Number of pages6
ISBN (Electronic)9783981537093
DOIs
StatePublished - 11 May 2017
Event20th Design, Automation and Test in Europe, DATE 2017 - Swisstech, Lausanne, Switzerland
Duration: 27 Mar 201731 Mar 2017

Publication series

NameProceedings of the 2017 Design, Automation and Test in Europe, DATE 2017

Conference

Conference20th Design, Automation and Test in Europe, DATE 2017
Country/TerritorySwitzerland
CitySwisstech, Lausanne
Period27/03/1731/03/17

Keywords

  • FPGA SoCs
  • Hardware-assisted attacks
  • Third party IP
  • Zynq

Fingerprint

Dive into the research topics of 'Compromising FPGA SoCs using malicious hardware blocks'. Together they form a unique fingerprint.

Cite this