Seminar on Security of Embedded Electronic Systems

Home     Presentation     Previous years

Amir Moradi


Physical Security Evaluation of Xilinx and Altera Bitstream Encryption - difficulties and challenges

In order to protect FPGA designs against IP theft and related issues such as product cloning, all major FPGA manufacturers offer a mechanism to encrypt the bitstream used to configure the FPGA. From a mathematical point of view, the employed encryption algorithms, e.g., AES or 3DES, are highly secure. However, it has been shown that the bitstream encryption feature of several FPGA product lines is susceptible to side-channel attacks that monitor the power consumption of the cryptographic module.


In this talk, the first successful attack on the bitstream encryption of the products of both major FPGA vendors Xilinx and Altera is presented. Our attacks include physical cryptanalysis, known as side-channel attacks, and a prior reverse engineering step. For example, we reverse-engineered the details of the proprietary and unpublished Stratix II (and Stratix III) bitstream encryption scheme from the Quartus II software of Altera. Our method allows extracting secret keys from any real-world device where the bitstream encryption feature of most of the Xilinx and Altera FPGAs is enabled. As a consequence, the target product can be cloned and manipulated at the will of the attacker since no side-channel protection was included into the design of the decryption module.