Physical security evaluation of the bitstream encryption mechanism of altera stratix II and stratix III FPGAs

Research output: Contribution to journalArticle

Authors

Colleges, School and Institutes

External organisations

  • Universitat Bochum

Abstract

To protect Field-Programmable Gate Array (FPGA) designs against Intellectual Property (IP) theft and related issues such as product cloning, all major FPGA manufacturers offer a mechanism to encrypt the bitstream that is used to configure the FPGA. From a mathematical point of view, the employed encryption algorithms (e.g., Advanced Encryption Standard (AES) or 3DES) are highly secure. However, it has been shown that the bitstream encryption feature of several FPGA families is susceptible to side-channel attacks based on measuring the power consumption of the cryptographic module. In this article, we present the first successful attack on the bitstream encryption of the Altera Stratix II and Stratix III FPGA families. To this end, we analyzed the Quartus II software and reverse engineered the details of the proprietary and unpublished schemes used for bitstream encryption on Stratix II and Stratix III. Using this knowledge, we demonstrate that the full 128-bit AES key of a Stratix II as well as the full 256-bit AES key of a Stratix III can be recovered by means of side-channel attacks. In both cases, the attack can be conducted in a few hours. The complete bitstream of these FPGAs that are (seemingly) protected by the bitstream encryption feature can hence fall into the hands of a competitor or criminal-possibly implying system-wide damage if confidential information such as proprietary encryption schemes or secret keys programmed into the FPGA are extracted. In addition to lost IP, reprogramming the attacked FPGA with modified code, for instance, to secretly plant a hardware Trojan, is a particularly dangerous scenario formany security-critical applications.

Details

Original languageEnglish
Article number34
JournalACM Transactions on Reconfigurable Technology and Systems
Volume7
Issue number4
Publication statusPublished - 1 Dec 2014

Keywords

  • AES, Altera, Bitstream encryption, Hardware security, Reverse engineering, Side-channel attack, Stratix II, Stratix III

ASJC Scopus subject areas