On the Malicious Potential of Xilinx’ Internal Configuration Access Port (ICAP)-Reference-Cited by-同舟云学术

On the Malicious Potential of Xilinx’ Internal Configuration Access Port (ICAP)

Published:2023-11-17 Issue: Volume: Page:
ISSN:1936-7406
Container-title:ACM Transactions on Reconfigurable Technology and Systems
language:en
Short-container-title:ACM Trans. Reconfigurable Technol. Syst.

Author:

Albartus Nils¹,Ender Maik¹,Möller Jan-Niklas¹,Fyrbiak Marc¹,Paar Christof¹,Tessier Russell²

Affiliation:

1. Max Planck Institute for Security and Privacy, Germany

2. University of Massachusetts Amherst, USA

Abstract

FPGAs have become increasingly popular in computing platforms. With recent advances in bitstream format reverse engineering, the scientific community has widely explored static FPGA security threats. For example, it is now possible to convert a bitstream to a netlist, revealing design information, and apply modifications to the static bitstream based on this knowledge. However, a systematic study of the influence of the bitstream format understanding in regards to the security aspects of the dynamic configuration process, particularly for Xilinx’s Internal Configuration Access Port (ICAP), is lacking. This paper fills this gap by comprehensively analyzing the security implications of ICAP interfaces, which primarily support dynamic partial reconfiguration. We delve into the Xilinx bitstream file format, identify misconceptions in official documentation, and propose novel configuration (attack) primitives based on dynamic reconfiguration, i.e., create/read/update/delete circuits in the FPGA, without requiring pre-definition during the design phase. Our primitives are consolidated in a novel Stealthy Reconfigurable Adaptive Trojan ( STRAT ) framework to conceal Trojans and evade state-of-the-art netlist reverse engineering methods. As FPGAs become integral to modern cloud computing, this research presents crucial insights on potential security risks, including the possibility of a malicious tenant or provider altering or spying on another tenant’s configuration undetected.

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3633204

Reference95 articles.

1. 2021. XAPP1098 - Developing Tamper-Resistant Designs with UltraScale and UltraScale+ FPGAs. https://docs.xilinx.com/v/u/en-US/xapp1098-tamper-resist-designs. 2021. XAPP1098 - Developing Tamper-Resistant Designs with UltraScale and UltraScale+ FPGAs. https://docs.xilinx.com/v/u/en-US/xapp1098-tamper-resist-designs.

2. DANA Universal Dataflow Analysis for Gate-Level Netlist Reverse Engineering;Albartus Nils;IACR Trans. Cryptogr. Hardw. Embed. Syst.,2020

3. Chips Alliance. [n. d.]. Project U-Ray. https://github.com/f4pga/prjuray Chips Alliance. [n. d.]. Project U-Ray. https://github.com/f4pga/prjuray

4. Chips Alliance. [n. d.]. Project X-Ray. https://github.com/f4pga/prjxray Chips Alliance. [n. d.]. Project X-Ray. https://github.com/f4pga/prjxray

5. Lilas Alrahis , Muhammad Yasin , Hani H. Saleh , Baker Mohammad , and Mahmoud Al-Qutayri . 2019 . Functional Reverse Engineering on SAT-Attack Resilient Logic Locking. In IEEE International Symposium on Circuits and Systems, ISCAS 2019 , Sapporo, Japan , May 26-29, 2019. IEEE, 1–5. Lilas Alrahis, Muhammad Yasin, Hani H. Saleh, Baker Mohammad, and Mahmoud Al-Qutayri. 2019. Functional Reverse Engineering on SAT-Attack Resilient Logic Locking. In IEEE International Symposium on Circuits and Systems, ISCAS 2019, Sapporo, Japan, May 26-29, 2019. IEEE, 1–5.