Indepth Analysis And Utilization Method Of Typical FPGA Hardware Vulnerability

Field Programmable Gate Arrays(FPGA)are widely used in all aspects of production and life due to their reconfigurability,low development cost and high performance,while their programmability increases the risk of malicious modification.The hardware vulnerability of FPGAs has attracted a lot of attention from researchers.The protection of FPGA bitstreams is the first line of defense for FPGA hardware security design.In the thesis,a FPGA bitstream decryption technique that can be used for hardware vulnerability analysis is proposed for the hardware vulnerability of FPGA bitstream files,and FPGA bitstream mapping relationship resolution method is further proposed.Additionally,an automated FPGA bitstream decryption tool and a bitstream parsing tool are constructed,and the obtained decrypted bitstream files and FPGA configurable mapping database provide a research basis for hardware vulnerability analysis of FPGAs.The major work is as follows.(1)An FPGA bitstream decryption technique is studied.In view of the encryption mechanism and authentication mechanism introduced by FPGA vendors to protect the bitstream,thesis analyzes the existence of vulnerabilities in them and proposes an FPGA bitstream decryption method.The method obtains the decrypted bitstream by transferring the decrypted bitstream to the configuration register of FPGA and reading it out from the JTAG interface.Hence,the method can achieve full decryption of the encrypted bitstream without obtaining the bitstream encryption key.In addition,a bitstream decryption accuracy optimization algorithm is implemented in the thesis.(2)An FPGA bitstream decryption tool is implemented.To address the problem of low time efficiency of software-based bitstream decryption,thesis implements an automated decryption tool called "bitstream decryption machine" based on the hardware FPGA platform,which can automatically modify the bitstream data,configure the bitstream to the target FPGA,read back the configuration registers and store the bitstream file.It greatly optimizes the decryption time efficiency.For the Xilinx xc7vx485tffg1761 chip with large resources,the decryption time of this tool is within 21 hours.(3)The method of resolving the FPGA bitstream mapping relationship is studied.For the mapping relationship between the bitstream data of FPGA and the configurable resources within the chip,thesis proposes a test method for the FPGA bitstream mapping relationship.The method provides the mapping relationship between FPGA bitstream data and configurable interconnection points and configurable logic points in the netlist.In addition,thesis implements an automated test tool for the configurable point mapping relationship and establishes a complete configurable logic point mapping database,configurable interconnection point mapping database and offset database for the target chip.The feasibility and accuracy of this method are verified through experiments with a number of test samples in real engineering,which provides strong support for the subsequent inverse technology and bitstream hardware vulnerability analysis.