The recent discovery of the Starbleed bug is a serious threat to a widely used family of FPGA devices. The security of FPGAs is a crucial topic, as any vulnerability within the hardware can have severe consequences, if they are used in a secure design. Since FPGA designs are encoded in a bitstream, securing the bitstream is of the utmost importance. Adversaries have many motivations to recover and manipulate the bitstream, including design cloning, IP theft, manipulation of the design, or design subversions e.g., through hardware Trojans. Consequently, vendors have introduced bitstream encryption, offering authenticity and confidentiality. Even though attacks against bitstream encryption have been proposed in the past, e.g., side-channel analysis and probing, these attacks require sophisticated equipment and considerable technical expertise.
In this talk, we introduce the novel low-cost Starbleed attack against the Xilinx 7-Series (and Virtex-6) bitstream encryption, resulting in the total loss of authenticity and confidentiality. We will explain how to exploit the design flaw which piecewise leaks the decrypted bitstream. In addition to the attacks, we discuss several possible countermeasures.
Maik Ender is a PhD candidate of the Horst Goertz Institute for IT Security in Bochum, Germany, and also associated with the Embedded Security Group of Christof Paar at the recently founded Max Planck Institute for Security and Privacy. His research interests are in the field of FPGA security, their internals, and how to build and defense Hardware Trojans.