Protecting against Cryptographic Trojans in FPGAs

Pawel Swierczynski, Marc Fyrbiak, Chris­tof Paar, Christophe Huriaux, Russell Tessier

In the Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, Vancouver, British Columbia, May 2015.


In contrast to ASICs, hardware Trojans can potentially be injected into FPGA designs post-manufacturing by bitstream alteration. Hardware Trojans which target cryptographic primitives are particularly interesting for an adversary because a weakened primitive can lead to a complete loss of system security. One problem an attacker has to overcome is the identification of cryptographic primitives in a large bitstream with unknown semantics. As the first contribution, we demonstrate that AES can be algorithmically identified in a look-up table-level design for a variety of implementation styles. Our graph-based approach considers AES implementations which are created using several synthesis and technology mapping options. As the second contribution, we present and discuss the drawbacks of a dynamic obfuscation countermeasure which allows for the configuration of certain crucial parts of a cryptographic primitive after the algorithm has been loaded into the FPGA. As a result, reverseengineering and modifying a primitive in the bitstream is more challenging.