Abstract

Due to a variety of commercial pressures such as IP protection, support cost, and time to market, modern COTS devices contain many functions that are not exposed to the end user. This creates a risk in government systems that undocumented hardware functions could become a security vulnerability. Traditional approaches require imaging a device and reverse engineering its functionality, a time consuming process which requires access to costly capital equipment. In this feasibility study, we present an approach tailored for FPGAs which leverages run-time active probing to greatly reduce the cost and time to discover undocumented functionality. We conduct an analysis on the Xilinx Virtex-5 DSP48E unit for which we identify the functionality for 1,136 undocumented modes.

Date

2017

Authors

Matthew French, Andrew Schmidt, Aravind Dasu

Journal

NDIA Trusted Microelectrons Conference:" Special Topic: Field Programmable Gate Array (fpga) Assurance