一种针对Virtex-7加密位流的侧信道分析方法

随着FPGA在商业、国防等领域的广泛应用,出现了很多针对FPGA的攻击方法,电路安全性面临着极大挑战。为了进一步研究FPGA的安全机制,文章介绍了一种新的侧信道分析(SCA)方法,并首次在Xilinx Virtex-7芯片上分析了加密位流在加载过程中存在的安全漏洞。相比之前的攻击目标,Virtex-7芯片规模更大,采集的信号信噪比更低,攻击难度更大。之前的研究使用的是SASEBO或SAKURA这类专为SCA设计的测试板,而该文的分析是第一个在Xilinx官方评估板上进行的实例,由于官方评估板不是针对侧信道信号采集设计的电路板,因此需要经过处理才能获得足够的信噪比。使用电磁辐射作为侧信道测量值,在80万条电磁曲线内就能够获得一组密钥。通过密钥解密,得到明文位流,攻击者就能够对FPGA进行逆向分析、克隆等操作,从而影响FPGA的安全。

A Side-Channel Analysis Method Against Bitstream Encryption of Virtex-7

With the wide application of FPGA in the fields such as commercial or national defense, the security of FPGA is facing great challenges and many attacks against FPGA have been proposed. In order to further research the security mechanism of the FPGA, this paper introduced a new Side-Channel Analysis (SCA) method and firstly studied the security vulnerabilities of bitstream encryption in the loading process of Xilinx Virtex-7 chips. Compared with previous targets, Virtex-7 chips have larger chip scale, lower signal-to-noise ratio, and are more difficult to be attacked. Previous studies always use SASEBO or SAKURA boards that are specially designed for SCA, while this study is the first to be carried out on Xilinx official evaluation board. The board does not consider the side-channel measurement acquisition case, so some manually modification is needed and then an adequate signal-to-noise ratio can be obtained. The Electro Magnetic (EM) radiation was took as the side-channel measurement, and each set key can be obtained within 800,000 EM traces. The adversary can obtain the bitstream plaintext by using the key, and then reverse the FPGA design or clone products, and so on. It will affect the security of FPGA.