Methods of Reverse Engineering a Bitstream for Field Programmable Gate Array Protection

Abstract

Field Programmable Gate Arrays (FPGAs) are found in numerous industries including consumer electronics, automotive, military and aerospace, and critical infrastructure. The ability to be reprogrammed as well as large computational power and relatively low price make them a good fit for low-volume applications that cannot justify the Non-Recurring Engineering (NRE) costs associated with producing Application-Specific Integrated Circuits (ASICs). FPGAs however, have seen a variety of security issues stemming from the fact that their configuration files are not inherently protected. This research assesses the feasibility of reverse engineering the bitstream format for a previously unexplored FPGA, as well as the utilization of the knowledge gained during that process to create a bitstream parser and perform a bitstream modification attack. The reverse engineering process utilizes Tool Command Language (TCL) scripts to automate the modification of various configuration options and then synthesize the resulting bitstream. Various configuration options for Input/Output Blocks (IOBs) are mapped to their respective locations in the bitstream and the encoding format for the configuration of several Look-Up Tables (LUTs) is discovered. This information is then utilized to create a bitstream parser that takes a bitstream as an input and outputs configuration information for IOBs. Additionally, a bitstream modification attack is performed that changes the original design logic by modifying the bitstream directly to change the configuration values of a LUT. Both the parser and bitstream modification attack are shown to work validating the information gained through the reverse engineering process.

Document Details

Document Type

Technical Report

Publication Date

Mar 23, 2018

Accession Number

AD1055984

Entities

Tags