A critical security flaw exists in the Field Programmable Gate Arrays chips. Dubbed ‘Starbleed’, this vulnerability allows an attacker take complete control over target FPGA chips.
Starbleed Vulnerability In FPGA Chips
Researchers from German institutes have shared their findings regarding a critical vulnerability in the Field Programmable Gate Arrays (FPGA) chips. This vulnerability, which they call ‘Starbleed’, can allow an adversary to gain complete control of all chip functionalities.
FPGA chips are frequently used in various key industries such as aviation and medical fields. These chips are powered by bitstream which bears encryption for securing the chips against cyber attacks. They are flexible for reprogramming which makes the chips highly useful for industrial devices.
However, the same property now turns into vulnerability as researchers found a way to decrypt bitstream during reconfiguration. This allows gaining explicit access to execute various malicious activities. According to researchers:
If an attacker has access to the bitstream and breaks its confidentiality, he can reverse-engineer the design, clone intellectual property, or gather information for subsequent attacks e.g., by finding cryptographic keys or other design aspects of a system. If the adversary succeeds in violating the bitstream authenticity, he can then change the functionality, implant hardware Trojans, or even physically destroy the system in which the FPGA is embedded by using configuration outside the specifications.
In their study, the researchers could successfully break the bitstream encryption of Xilinx 7-Series and Virtex-6 devices. They then broke the authenticity of the encryption too by encrypting arbitrary messages.
Decrypting Bitstream Content
Briefly, the researchers used MultiBoot address register WBSTAR to enable the FPGA boot with a different memory address. They then manipulated bitstream to write a single 32-bit word to the register in decrypted form. Hence, they redirect the decrypted bitstream content to the register to read it following a reset.
Repeating this process allows an attacker to retrieve the entire bitstream content. Though, retrieving one word at a time may take several hours. For example, it took 3 hours and 42 minutes for the researchers to decrypt and read Kintex-7 XC7K160T bitstream.
Breaking Encryption Authenticity
In a subsequent attack, the researchers used FPGA as a decryption oracle to encrypt arbitrary messages. Repeating the process allowed them to encrypt the entire bitstream with legit encryption and validation.
Before disclosing their findings, the researchers went through responsible disclosure by informing Xilinx first.
Also in their paper, the researchers also mentioned two countermeasures to protect current 7-Series devices. The first being the obfuscation of the design which will prevent reverse-engineering but won’t change the functionality. Whereas, the second possible countermeasure is the use of Revision Select (RS) pins to reset FPGA.
The researchers have proposed four defense techniques involving the upgradation of the silicon chip. The vendors can employ these measures in the future. Whereas, partial implementation of two of these techniques is already evident in the new Xilinx UltraScale(+) and Zynq series. These defense techniques include validation before use, patchable bitstream encryption, information flow analysis and model checking, and open-source hardware design.
While the details of their work are available in the researchers’ white paper, they will also present the study at the 29th Usenix Security Symposium to be held in August 2020 in Boston, Massachusetts, USA.