Altera vs. Xilinx which one keeps your design hidden?
22. Aug. 2013
Amir Moradi
Embedded Security Group
Ruhr University Bochum, Germany
2
Embedded Security Group
Acknowledge
Alessandro Barenghi
Markus Kasper
Timo Kasper
David Oswald
Pawel Swierczynski
Christof Paar
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
3
Embedded Security Group
SCA on Bitstream Encryption Feature
PCB board
E2PROM
Power-up DEC
VCC-IO VCC-AUX VCC-INT
E2PROM unencrypted bitstream
IEEE CASS| Singapore | 03. Apr. 2013 Amir Moradi
4
Embedded Security Group
Broken Families
Virtex-II Pro, SASEBO
Virtex-4, Xilinx DevBoard
Virtex-5, SASEBO-GII
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
5
Embedded Security Group
Broken Families
Spartan-6, SASEBO-W
Stratix-II, SASEBO-B
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
6
Embedded Security Group
New Targets
Stratix-III, Altera DevKit
Kintex-7, SASEBO-GIII
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
7
Embedded Security Group
EM Analysis
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
8
Embedded Security Group
EM Analysis
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
9
Embedded Security Group
EM Analysis
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
10
Embedded Security Group
EM Analysis
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
11
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
12
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
13
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
14
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
15
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
16
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
17
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
18
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
19
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
20
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
21
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
22
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
23
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
24
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
25
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
26
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
27
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
28
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
29
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
30
Embedded Security Group
Decapping
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
31
Embedded Security Group
Altera’s Key Derivation
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
Key1, Key2
FPGA
AES Key
32
Embedded Security Group
AES Key=ENCKey1(Key2)
Selecting an arbitrary Key1’
Key2’=DECKey1’(AES Key)
(Key1’,Key2’) works the same as (Key1,Key2)
no added security!
Altera’s Key Derivation
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
Key1, Key2
FPGA
f AES Key ENC
Counter
Bitstream Encrypted Bitstream
AES Key
33
Embedded Security Group
Altera:
– AES-128 is replaced by AES-256
• Key derivation stays the same
– Counter is not increased arithmetically
• much heuristics + proprietary schemes
– revealed by reverse engineering the PC software
Old vs. New Generations
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi
34
Embedded Security Group
Altera:
– AES-128 is replaced by AES-256
• Key derivation stays the same
– Counter is not increased arithmetically
• much heuristics + proprietary schemes
– revealed by reverse engineering the PC software
Xilinx:
– AES-256 in CBC mode (as before)
– HMAC is introduced (Virtex-6 and all 7 series)
• no place in FPGA to save the HMAC key!
• The first block of the encrypted bitstream is the HMAC key!
Old vs. New Generations
CHES 2013| Ramp Session | Santa Barbara | 22. Aug 2013 Amir Moradi