Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.
Have you ever come across an FPGA in a real-world device and wondered what is going on inside of it? Would you like to take a look into the circuit implemented on the FPGA, investigate its functionality, and potentially even perform manipulations to, e.g., leak cryptographic secrets?
FPGAs are re-configurable logic devices that can be programmed to implement arbitrary hardware designs. The implemented circuit is stored in a so-called "bitstream" configuration file that encodes the circuit in a proprietary format. To recover said circuit, the bitstream format needs to be reverse engineered to allow for the conversion into a gate-level netlist. This netlist, however, is nothing but an unstructured sea-of-gates that lacks any descriptive symbols or hierarchy. To perform a security evaluation of the implementation or even apply malicious modifications, some understanding of this gate-level netlist is required. However, this is difficult to achieve without proper tooling and training.
This training gives you an introduction to FPGA reverse engineering, starting at bitstream-level and going all the way to achieving an understanding of (parts of) its implementation. For that purpose, we first provide the relevant background on FPGAs, netlists, and cryptography. Using hands-on exercises, we then introduce you to the (mostly open-source) tooling required to perform bitstream-to-netlist conversion, netlist analysis, and bitstream manipulation. For netlist analysis, we walk you through the netlist reverse engineering framework HAL. To familiarize yourself with the tooling, we provide project tasks of varying complexity before taking on larger cryptographic designs. This training builds the foundations for you to start reverse engineering real-world FPGA implementations on your own. While the analysis of ASICs is not part of this training, the acquired knowledge on FPGA netlist reverse engineering can also be applied to ASIC netlists.
The training is split into two parts: (1) an introduction to the theoretical foundations of FPGA reverse engineering as well as small exercises to gather first hands-on experience with the tools and (2) performing a full-scale case-study on a realistic FPGA implementation to detect (and remove) a hardware Trojan and perform manipulations causing leakage of cryptographic secrets.
After completing the training, the participants will be able to
This training is aimed at
Julian Speith is a PhD student in the Embedded Security group at the Max Planck Institute for Security and Privacy, where he is advised by Prof. Christof Paar. His research involves various aspects of hardware security and includes developing new approaches for hardware reverse engineering as well as hardware Trojan deployment and detection. He did both his B.Sc. and M.Sc. in IT security at Ruhr University Bochum, one of Europe's most prestigious research hubs for cyber security.
Simon Klix is a PhD student in the Embedded Security group at the Max Planck Institute for Security and Privacy, where he is advised by Prof. Christof Paar. He received his M.Sc. degree in IT Security from Ruhr University Bochum. His main research interest lies in embedded security with a focus on hardware reverse engineering.