DEFCON 16: hardware trojans using FPGA

Posted on Tuesday, January 25th, 2011 in FPGA, hacks by the machinegeek

At the DEFCON 16 hacker conference, Fouad Kiamilev and Ryan Hoover gave a presentation on the security threat presented by hardware Trojans, extra circuitry illicitly added to hardware during its manufacture. When triggered, the hardware Trojan performs an illicit action such as leaking secret information, allowing attackers clandestine access or control, or disabling or reducing functionality of the device. While this 18 minute presentation doesn’t offer details on how to program FPGAs to compromise a system, it serves to illustrate how the growing use of programmable hardware devices means that our hardware is increasingly vulnerable to a Trojan attack.

This talk explores three possible methods that a hardware Trojan can use: thermal, optical and radio. The hardware platform for this demonstration was the Spartan-3E Starter Kit from XILINX. The objective of their Trojan was to illicitly leak the AES encryption keys from a compromised device once triggered.

The illustrations are available as a PDF download.

This entry was posted on Tuesday, January 25th, 2011 at 6:29 pm and is filed under FPGA, hacks. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “DEFCON 16: hardware trojans using FPGA”

  1. uhe says:

    Reminds me of the Illinois Malicious Processor from 2008:

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • KH: IMHO PCA9685 is not a really good part for this application. It's a PWM LED driver for goodness' sake. NXP _does_not_ mention servos in the...
  • KH: So it's a servo library designed by a software guy, or a library targeted at embedded newbies, or a learner bike. Given the design of...
  • Max: A thing I wish I knew getting into Arduino-controlled servos is that the typical "180 degrees" servos DO NOT move 180 degrees for the standard...
  • Max: I have certainly noticed certain suppliers (like Adafruit, Pololu) being... "western-facing" - which is another way to say their prices definitely aren't Eastern Europe compatible,...
  • Shawn: Hello