Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Compromising FPGA SoCs using malicious hardware blocks

 
: Jacob, N.; Rolfes, C.; Zankl, A.; Heyszl, J.; Sigl, G.

:

European Design Automation Association -EDAA-; IEEE Computer Society, Technical Council Test Technology; IEEE Solid-State Circuits Society; International Federation for Information Processing -IFIP-:
Design, Automation & Test in Europe, DATE 2017. Proceedings : 27-31 March 2017, Swisstech, Lausanne, Switzerland
Piscataway, NJ: IEEE, 2017
ISBN: 978-3-9815370-8-6
ISBN: 978-3-9815370-9-3
ISBN: 978-1-5090-5826-6
S.1122-1127
Design, Automation & Test in Europe Conference & Exhibition (DATE) <20, 2017, Lausanne>
Englisch
Konferenzbeitrag
Fraunhofer AISEC ()

Abstract
Modern FPGA System-on-Chips (SoCs) combine high performance application processors with reconfigurable hardware. This allows to enhance complex software systems with reconfigurable hardware accelerators. Unfortunately, even when state-of-the-art software security mechanisms are implemented, this combination creates new security threats. Attacks on the software are now possible through the reconfigurable hardware as these cores share resources with the processor and may contain unwanted functionality. In this paper, we discuss software protection mechanisms offered in conventional SoCs and how they can be circumvented by malicious hardware blocks. As a concrete example, we show how the malicious functionality within an IP core accesses and replaces critical memory sections. We refer to this type of attacks as hardware-assisted attacks against running software systems. We carry-out a proof-of-concept on the Xilinx Zynq device which runs a Linux OS and a software application that verifies system updates. The malicious IP core replaces the public key used to verify system updates, thus, allowing an attacker to maliciously update the FPGA SoC. Additionally, we propose a countermeasure that can be applied against such threats in the form of a security wrapper for hardware modules.

: http://publica.fraunhofer.de/dokumente/N-455866.html