一种针对FPGA位流的自动化故障注入分析方法

Automatic Fault Injection Analysis Method Against FPGA Bitstreams

理论上通过篡改FPGA位流,利用其实现的密码算法的错误输出可以分析出密钥,但这种攻击通常需要非常了解目标FPGA的内部结构与位流的对应关系。而位流逆向的难度很大,导致此类攻击的实用性不高。文章提出一种针对FPGA位流的自动化故障注入分析方法,不需要逆向位流,结合张帆等人提出的持久性故障分析理论,把因篡改算法常量导致的出错结果作为可利用的故障。并首次在Xilinx-7系列FPGA开发板上利用Spider进行电压故障注入实验,480条错误密文就可以得到AES-128的密钥,且在10 min内可以完成数据的采集和分析。对于加密位流的情况,可以先利用电磁侧信道分析方法得到明文位流,再结合该文的分析方法来进行密钥破解。

Tampering with FPGA bitstreams and then running a cryptographic algorithm would result in ciphertext errors.This phenomenon can be used to theoretically analyze the secret key of a device.This analysis method often requires adversaries to fully understand the corresponding relationship between the internal structure of the target FPGA and the bitstream.However,reversing the bitstream is difficult and impractical.This study proposes an automatic fault injection analysis method against FPGA bitstreams.This method does not involve reversing engineering,and combined with the persistent fault analysis theory proposed by Zhang Fan et al.,it considers the wrong output caused by tampering with algorithm constants,as an exploitable fault.An experiment on voltage fault injection by Spider on a Xilinx-7 series FPGA development board shows that the AES-128 bit key can be obtained within 480 wrong ciphertexts,and the data collection and analysis can be completed within 10 min.For easy encryption of the bitstream,the plaintext bitstream can be obtained using the electromagnetic side-channel analysis method.Subsequently,combined with the analysis method in this study,the AES key can be successfully broken.