热度 21
2011-7-29 13:30
3435 次阅读|
0 个评论
According to a paper recently published by a team of German researchers, the bitstream encryption mechanism of Xilinx Virtex-4 and Virtex-5 FPGAs can be "completely broken with moderate effort" through side-channel analysis attacks, posing a potential risk of IP theft and more serious attacks such as reverse engineering or the introduction of hardware Trojans. The researchers—Amir Moradi, Markus Kasper and Christof Paar of the Horst Gortz Institute for IT-Security at Ruhr University in Bochum, Germany—reported using off-the-shelf hardware to extract the bitstream encryption keys by monitoring the power consumption of the device during power up. Analyzing the power traces the researchers were able to identify the instances where decryption occurs within the devices and then, using a statistical technique known as differential power analysis, crack the AES-256 key. The researchers reported recovering the Virtex-4 key in six hours and recovering the Virtex-5 key in nine hours. To the best of their knowledge, the paper reports the first successful attack against the bitstream encryption of Virtex-4 and Virtex-5 devices. The attacks demonstrate that industrial products require the implementation of side-channel countermeasures and "that side-channel attacks are not a pure academic playground but have a real-world impact in the security of embedded systems," the researchers wrote in the paper, titled " On the Portability of Side-Channel Attacks ." A spokesperson for Xilinx said the company is aware of the potential vulnerability of FPGAs to side-channel differential power analysis attacks such as the one described in the paper and that Xilinx has researchers dedicated to studying all facets of the security of FPGAs. The spokesperson said such attacks require a certain degree of sophistication, a high level of motivation and for the attacker to physically access and modify the board on which the FPGA sits. No Xilinx customer has ever reported being victimized by one of these attacks, the spokesman said. For customers concerned about these types of attacks or others, there are countermeasures at the system level and anti-tampering technology that they can take advantage of, the spokesman said.ÿ A known issue for some time The feasibility of side-channel attacks on FPGAs and other devices has been known for some time. Firms such as Cryptography Research Inc. (CRI) offer countermeasures for differential power analysis attacks. More than 5 billion chips incorporating CRI's technology ship each year. (CRI was acquired by technology licensor Rambus Inc. earlier this year and now operates as an independent unit of Rambus). It's not clear how many successful side-channel analysis attacks have been performed. The paper by the Ruhr University researchers cites several previous academic examples, including one by the same authors apparently describing a power analysis attack on a Virtex-II device. While the recent Ruhr paper focuses specifically on Xilinx devices, CRI executives say vulnerability to side-channel is an issue with all FPGAs, as well as other types of devices. The need for countermeasures to thwart side-channel attacks is obvious in applications like cable TV set top boxes—where customers have access to the hardware and could be motivated to break the encryption in order to gain access to more channels and pay-per-view events. But, aside from aerospace and defense applications where security is paramount, do typical FPGA applications demand countermeasures to prevent side-channel attacks? Actel Corp. (now part of Microsemi Corp.) licensed technology from CRI in 2010 to enhance the security of its products against differential power analysis and other side-channel related attacks. CRI has not publicly announced any other FPGA vendor licensees. Paul Kocher, CRI's founder and a pioneer in differential power analysis research, said the new research represents a problem for Xilinx because of the huge number of FPGAs Xilinx has in the field, which cannot be fixed through a simple software patch but must be physically altered or replaced. "Hardware vulnerabilities like this one can only be fixed by replacing the physical chips," Kocher said. "That's very difficult and expensive to fix. If you are Xilinx, this is a big challenge to deal with," Kocher said. But Kocher said protecting Xilinx chips from vulnerability to attacks would be pretty straightforward, requiring the implementation of cryptography algorithms in other ways. "It's actually not a terribly difficult issue to fix if you know what you are doing," Kocher said. For the record, Kocher acknowledges that he has tried to persuade FPGA vendors—including Xilinx—to license CRI technology, which would reduce the devices' vulnerability to side-channel attacks. But he says he is more interested in promoting awareness of the issue than landing a particular customer. "It's a bit like selling life insurance," Kocher said. "You don't go into this business hoping that people will have vulnerabilities." Dylan McGrath EE Times