Ruhr-Uni-Bochum

Stealing Maggie's Secrets – On the Challenges of IP Theft Through FPGA Reverse Engineering

2024

Konferenz / Journal

Autor*innen

Christof Paar Daniel Holcomb Sebastian Sester-Wehle Jörn Langheinrich Christian Kison Daniel Lammers Annika Wilde Alice Verstege Paul Staat Julian Speith Nils Albartus Simon Klix

Research Hub

Research Hub B: Eingebettete Sicherheit

Research Challenges

RC 4: Platform Trojans

Abstract

Intellectual Property (IP) theft is a cause of major financial and reputational damage, reportedly in the range of hundreds of billions of dollars annually in the U.S. alone. Field Programmable Gate Arrays (FPGAs) are particularly exposed to IP theft, because their configuration file contains the IP in a proprietary format that can be mapped to a gate-level netlist with moderate effort. Despite this threat, the scientific understanding of this issue lacks behind reality, thereby preventing an in-depth assessment of IP theft from FPGAs in academia. We address this discrepancy through a real-world case study on a Lattice iCE40 FPGA found inside iPhone 7. Apple refers to this FPGA as Maggie. By reverse engineering the proprietary signal-processing algorithm implemented on Maggie, we generate novel insights into the actual efforts required to commit FPGA IP theft and the challenges an attacker faces on the way. Informed by our case study, we then introduce generalized netlist reverse engineering techniques that drastically reduce the required manual effort and are applicable across a diverse spectrum of FPGA implementations and architectures. We evaluate these techniques on six benchmarks that are representative of different FPGA applications and have been synthesized for Xilinx and Lattice FPGAs, as well as in an end-to-end white-box case study. Finally, we provide a comprehensive open-source tool suite of netlist reverse engineering techniques to foster future research, enable the community to perform realistic threat assessments, and facilitate the evaluation of novel countermeasures.

Tags

Real-world Attacks
Hardware Reverse Engineering
FPGA Security