June 14, 2021


Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs. (arXiv:2105.13756v1 [cs.CR])

The security of FPGAs is a crucial topic, as any vulnerability within the
hardware can have severe consequences, if they are used in a secure design.
Since FPGA designs are encoded in a bitstream, securing the bitstream is of the
utmost importance. Adversaries have many motivations to recover and manipulate
the bitstream, including design cloning, IP theft, manipulation of the design,
or design subversions e.g., through hardware Trojans. Given that FPGAs are
often part of cyber-physical systems e.g., in aviation, medical, or industrial
devices, this can even lead to physical harm. Consequently, vendors have
introduced bitstream encryption, offering authenticity and confidentiality.
Even though attacks against bitstream encryption have been proposed in the
past, e.g., side-channel analysis and probing, these attacks require
sophisticated equipment and considerable technical expertise. In this paper, we
introduce novel low-cost attacks against the Xilinx 7-Series (and Virtex-6)
bitstream encryption, resulting in the total loss of authenticity and
confidentiality. We exploit a design flaw which piecewise leaks the decrypted
bitstream. In the attack, the FPGA is used as a decryption oracle, while only
access to a configuration interface is needed. The attack does not require any
sophisticated tools and, depending on the target system, can potentially be
launched remotely. In addition to the attacks, we discuss several