image image

Julian Speith & Simon Klix

FPGA Reverse Engineering for Trojan Detection and Secret Extraction calender


Trainer: Julian Speith & Simon Klix

Date: 30th May to 1st June 2023

Time: 9:00am to 5:00pm PDT

Venue: Santa Clara Marriott

Training Level: Basic;Intermediate


Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.

Objectives:

Have you ever come across an FPGA in a real-world device and wondered what is going on inside of it? Would you like to take a look into the circuit implemented on the FPGA, investigate its functionality, and potentially even perform manipulations to, e.g., leak cryptographic secrets?

FPGAs are re-configurable logic devices that can be programmed to implement arbitrary hardware designs. The implemented circuit is stored in a so-called "bitstream" configuration file that encodes the circuit in a proprietary format. To recover said circuit, the bitstream format needs to be reverse engineered to allow for the conversion into a gate-level netlist. This netlist, however, is nothing but an unstructured sea-of-gates that lacks any descriptive symbols or hierarchy. To perform a security evaluation of the implementation or even apply malicious modifications, some understanding of this gate-level netlist is required. However, this is difficult to achieve without proper tooling and training.

This training gives you an introduction to FPGA reverse engineering, starting at bitstream-level and going all the way to achieving an understanding of (parts of) its implementation. For that purpose, we first provide the relevant background on FPGAs, netlists, and cryptography. Using hands-on exercises, we then introduce you to the (mostly open-source) tooling required to perform bitstream-to-netlist conversion, netlist analysis, and bitstream manipulation. For netlist analysis, we walk you through the netlist reverse engineering framework HAL. To familiarize yourself with the tooling, we provide project tasks of varying complexity before taking on larger cryptographic designs. This training builds the foundations for you to start reverse engineering real-world FPGA implementations on your own. While the analysis of ASICs is not part of this training, the acquired knowledge on FPGA netlist reverse engineering can also be applied to ASIC netlists.


Training Detailed Description:

The training is split into two parts: (1) an introduction to the theoretical foundations of FPGA reverse engineering as well as small exercises to gather first hands-on experience with the tools and (2) performing a full-scale case-study on a realistic FPGA implementation to detect (and remove) a hardware Trojan and perform manipulations causing leakage of cryptographic secrets.


Day 1:
  • Theoretical Foundations:
  • FPGAs and their architecture
  • bitstreams and the process of FPGA configuration
  • bitstream reverse engineering and conversion
  • FPGA netlists
  • netlist reverse engineering
  • hardware implementations of selected symmetric ciphers
  • Introduction to HAL:
  • importing a project
  • using the GUI for visual netlist exploration
  • developing Python scripts interacting with the netlist
  • analyzing combinational logic by inspecting Boolean functions, e.g., using SMT solving
  • grouping related netlist components to reconstruct hierarchy

Day 2 & Day 3:
  • Hardware Trojan Detection
  • locating a cryptographic algorithm using datapath analysis
  • identifying a hardware Trojan subverting the cryptographic implementation
  • determining the Trojan trigger using SMT solving
  • activating and observing the Trojan in simulation and on a real device
  • removing the Trojan from the implementation and the bitstream
  • Leaking Cryptographic Secrets
  • detecting the cryptographic S-boxes in the netlist
  • locating and analyzing the FSM controlling the cryptographic algorithm
  • manipulating the S-boxes and/or FSM to tamper with the execution of the cryptographic algorithm
  • injecting the manipulations into the bitstream and flashing it to a real device
  • analyzing the device output and reconstructing the cryptographic key

What to Expect? | Key Learning Objectives:

After completing the training, the participants will be able to

  • understand FPGAs and their low-level architecture
  • reverse engineer proprietary bitstream formats
  • convert bitstreams to gate-level netlists
  • analyze gate-level FPGA netlists using the open-source netlist reverse engineering tool HAL
  • understand dataflow and control within an unknown and unstructured netlist
  • use SMT solving for functional netlist analysis and verification of reverse engineering results
  • simulate a (partial) netlist for dynamic analysis
  • analyze parts of a cryptographic algorithms within a netlist
  • detect hardware Trojans within the implementation of a cryptographic algorithm
  • manipulate bitstreams to leak secrets from a cryptographic implementation

Who Should Attend? | Target Audience:

This training is aimed at

  • forensic investigators
  • hardware reverse engineers
  • FPGA designers and manufacturers
  • security researchers
  • hardware hackers

What to Bring? | Software and Hardware Requirements:

  • a laptop with at least one USB-A port (or a suitable USB-C adapter)
  • Ubuntu 20.04 or 22.04 running natively or within a VM (combined with knowledge on how to forward your USB ports to the VM)

What to Bring? | Prerequisite Knowledge and Skills:

  • Basic understanding of Python is strictly required
  • Basic understanding of FPGAs and netlists is strongly recommended
  • Basic understanding of cryptography is helpful, but not required

Resources Provided at the Training | Deliverables:

  • Slides covering the background and the basics
  • Access to the required tools (if not available open-source)
  • Exercise sheets detailing the hands-on tasks
  • Bitstreams and netlists required for the exercises
  • Digilent Basys3 boards featuring a Xilinx Artix-7 FPGA

ABOUT THE TRAINERS

Julian Speith is a PhD student in the Embedded Security group at the Max Planck Institute for Security and Privacy, where he is advised by Prof. Christof Paar. His research involves various aspects of hardware security and includes developing new approaches for hardware reverse engineering as well as hardware Trojan deployment and detection. He did both his B.Sc. and M.Sc. in IT security at Ruhr University Bochum, one of Europe's most prestigious research hubs for cyber security.

Simon Klix is a PhD student in the Embedded Security group at the Max Planck Institute for Security and Privacy, where he is advised by Prof. Christof Paar. He received his M.Sc. degree in IT Security from Ruhr University Bochum. His main research interest lies in embedded security with a focus on hardware reverse engineering.