14 Recent Attacks and Defenses on FPGA-Based Systems
Total Page:16
File Type:pdf, Size:1020Kb
Recent Attacks and Defenses on FPGA-based Systems JILIANG ZHANG, Hunan University, China GANG QU, University of Maryland, College Park, USA Field-programmable gate array (FPGA) is a kind of programmable chip that is widely used in many areas, including automotive electronics, medical devices, military and consumer electronics, and is gaining more popularity. Unlike the application specific integrated circuits (ASIC) design, an FPGA-based system hasits own supply-chain model and design flow, which brings interesting security and trust challenges. In this sur- vey, we review the security and trust issues related to FPGA-based systems from the market perspective, where we model the market with the following parties: FPGA vendors, foundries, IP vendors, EDA tool ven- dors, FPGA-based system developers, and end-users. For each party, we show the security and trust problems they need to be aware of and the associated solutions that are available. We also discuss some challenges and opportunities in the security and trust of FPGA-based systems used in large-scale cloud and datacenters. CCS Concepts: • Security and privacy → Security in hardware; Hardware security implementation; Hard- ware attacks and countermeasures; • Hardware → Reconfigurable logic and FPGAs; Additional Key Words and Phrases: FPGA security, FPGA trust, hardware security ACM Reference format: 14 Jiliang Zhang and Gang Qu. 2019. Recent Attacks and Defenses on FPGA-based Systems. ACM Trans. Recon- figurable Technol. Syst. 12, 3, Article 14 (August 2019), 24 pages. https://doi.org/10.1145/3340557 1 INTRODUCTION With the rapid development of information technology, ICs have become the base of information systems and been applied widely in various fields such as industrial control, transportation, mo- bile communication, and financial payment. Currently, information security areas mainly focus on system security such as network communication security, operating system security, and data- base security. However, with the wide use of ICs, hardware security issues bring serious threats not only to personal privacy and security but also to the national economy and even national de- fense security. For instance, the intellectual property (IP) infringement to high-end chips such as cloning and reverse engineering brings the loss of approximately $250 billion dollars and 750,000 jobs annually [2]. It was reported by IEEE Spectrum that in 2007 the Syrian radar defense system This work is supported by the National Natural Science Foundation of China under Grant No. 61874042 and 61602107, the Hu-Xiang Youth Talent Program under Grant No. 2018RS3041, the Key Research and Development Program of Hunan Province under Grant No. 2019GK2082, and the Fundamental Research Funds for the Central Universities. Authors’ addresses: J. Zhang (corresponding author), College of Computer Science and Electronic Engineering, Hunan Uni- versity, Changsha, China, and also with Cyberspace Security Research Center, Peng Cheng Laboratory, Shenzhen, China; email: [email protected]; G. Qu, Department of Electrical and Computer Engineering, University of Maryland, College Park, Maryland, USA; email: [email protected]. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. © 2019 Association for Computing Machinery. 1936-7406/2019/08-ART14 $15.00 https://doi.org/10.1145/3340557 ACM Transactions on Reconfigurable Technology and Systems, Vol. 12, No. 3, Article 14. Pub. date: August 2019. 14:2 J. Zhang and G. Qu did not provide necessary warning against the guided missiles from Israel. According to scientists’ analysis, it was because a commercial chip used in Syrian radar defense systems was implanted with a hardware Trojan or backdoor in the fabrication process. When receiving the predesigned program from an adversary, the chip will occur malfunction, resulting in the failure of radar [3]. According to the report in 2012, a Microsemi chip widely applied in Internet communication, fi- nance, industrial control, and military systems was implanted with a backdoor that can be used to extract sensitive information [4]. In 2014, for the appeal case of “HKIAC/A11022 arbitration” heard by Hong Kong High Court, VIA Technologies Inc. admitted the existence of a backdoor in their VT3421 chip. Customers do not know the backdoor and cannot trigger it by themselves. Nev- ertheless, VIA Technologies can easily start the backdoor to obtain some sensitive data including conversation, address book, credit card, and location information from end devices (e.g., mobile phone, set-top-box). The causes of hardware security issues are multiple and complex, in which the primary causes are outsourcing of IC fabrication and IP reuse. Field Programmable Gate Array (FPGA) is a kind of programmable chip and regarded as a semi- custom circuit in the ASIC area, which is not limited by the number of gates comparing with pre- vious programmable chips while overcoming the shortcomings of the custom circuit. It also brings other advantages such as shorter time-to-market and lower non-recurring engineering costs. FP- GAs have been applied in various areas, including automatic electronics, military, consumer elec- tronics, and medical service, and have recently been adopted in large-scale cloud datacenters and flexible System-on-Chips (SoCs)16 [ ]. The battle between ASIC and FPGA has been around for more than three decades and it will not end in the near future. With the advances in semiconductor technologies and the increased design complexity, FPGA has become a design platform for a large variety of systems, which we refer to as FPGA-based systems. IP is a fundamental part of FPGA systems. Unlike ASIC, an FPGA bitstream is essentially a binary file that is more vulnerable to various attacks: adversaries can easily obtain decrypted FPGA bitstream files by wire-tap7 [ ]; adversaries can reverse engineer FPGA design to steal valuable IP information [78]; adversaries can directly sell cloned IPs/systems or integrate IPs into their own systems; adversaries can replay and attack the previous system version with vulnerabilities [75], which may bring serious threats to security-critical areas using FPGA-based systems; adversaries can even conduct remote side-channel attacks without phys- ical access or proximity to the hardware when FPGAs are adopted in cloud and datacenters or integrated into SoCs [16]. Therefore, with the popularity of FPGA applications, the FPGA sys- tem security issues attract much attention [7–11, 22]. There are many excellent tutorials, surveys, and books on all aspects of the FPGA-based system design. In the next section, we will provide a short description of these works and define the scope of this survey to distinguish our work from theirs. 2 RELATED SURVEYS The fundamentals of FPGA-based system design can be found in a handful of textbooks such as Reference [120]. A survey on the architecture and design challenges of modern commercial FPGA is given in Reference [121]. As the first comprehensive survey on FPGA design automation, Refer- ence [8] elaborates both the basics and new advances in all major phases in the FPGA design flow. These and many other similar works focus on FPGA concepts and design issues of FPGA-based systems, security, and trust are not discussed. The 2004 paper by Wollinger et al. [9] is the first survey on FPGA security covering the fol- lowing three topics: the advantages of using FPGA for cryptographic applications; the security vulnerabilities and existing attacks to FPGAs; and the available countermeasures against these attacks. Drimer’s 2008 report [7] gave a more in-depth discussion and classification of attacks ACM Transactions on Reconfigurable Technology and Systems, Vol. 12, No. 3, Article 14. Pub. date: August 2019. Recent Attacks and Defenses on FPGA-based Systems 14:3 Fig. 1. The supply-and-demand flows in the FPGA-based system market. “→”: service requesting; “→→”: service providing. to FPGA-based systems. It also provided more modern issues such as trust, adversary classifica- tion, and security metrics. Majzoobi et al. [10] presented a complementary view of the problem in their 2011 book chapter entitled “FPGA-Oriented Security.” In addition to a detailed analysis of vulnerabilities in both FPGA synthesis flow and FPGA-based systems, they discuss FPGA se- curity primitives by the examples of physical unclonable functions (PUF), true random number generators (TRNG), and top FPGA security challenges. Another 2011 book [11], Security Trends for FPGAs: From Secured to Secure Reconfigurable Systems, consists of contributions from the following five topics: security FPGA analysis, side-channel attack, countermeasures against physical attacks, FPGA TRNG, and embedded systems security for FPGA. In 2015, Druyer et al. [1, 12] summarized security features in Modern FPGAs and compared relevant functionalities of the most advanced products of Altera, Microsemi, and Xilinx to evaluate whether the security features in the current FPGAs address the threats. Besides the above survey