International Association for Cryptologic Research

International Association
for Cryptologic Research

Transactions on Cryptographic Hardware and Embedded Systems, Volume 2024

JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing


Maik Ender
Max Planck Institute for Security and Privacy, Bochum, Germany

Felix Hahn
Max Planck Institute for Security and Privacy, Bochum, Germany

Marc Fyrbiak
Max Planck Institute for Security and Privacy, Bochum, Germany

Amir Moradi
Technische Universität Darmstadt, Darmstadt, Germany

Christof Paar
Max Planck Institute for Security and Privacy, Bochum, Germany


Keywords: FPGA, FPGA Configuration Engine, FPGA Security, FPGA Bitstream Protection, Hardware Fuzzing, Fuzzing Framework, Vulnerability Discovery, starbleed


Abstract

Fuzzing is a well-established technique in the software domain to uncover bugs and vulnerabilities. Yet, applications of fuzzing for security vulnerabilities in hardware systems are scarce, as principal reasons are requirements for design information access, i.e., HDL source code. Moreover, observation of internal hardware state during runtime is typically an ineffective information source, as its documentation is often not publicly available. In addition, such observation during runtime is also inefficient due to bandwidth-limited analysis interfaces, i.e., JTAG, and minimal introspection of hardware-internal modules. In this work, we investigate fuzzing for Xilinx 7-Series and UltraScale(+) FPGA configuration engines, the control plane governing the (secure) bitstream configuration within the FPGA. Our goal is to examine the effectiveness of fuzzing to analyze and document the opaque inner workings of FPGA configuration engines, with a primary emphasis on identifying security vulnerabilities. Using only the publicly available hardware chip and dispersed documentation, we first design and implement ConFuzz, an advanced FPGA configuration engine fuzzing and rapid prototyping framework. Based on our detailed understanding of the bitstream file format, we then systematically define 3 novel key fuzzing strategies for Xilinx FPGA configuration engines. Moreover, our strategies are executed through mutational structure-aware fuzzers and incorporate various novel custom-tailored, FPGA-specific optimizations to reduce search space. Our evaluation reveals previously undocumented behavior within the configuration engine, including critical findings such as system crashes leading to unresponsive states of the whole FPGA. In addition, our investigations not only lead to the rediscovery of the recent starbleed attack but also uncover a novel unpatchable vulnerability, denoted as JustSTART (CVE-2023-20570), capable of circumventing RSA authentication for Xilinx UltraScale(+). Note that we also discuss effective countermeasures by secure FPGA settings to prevent aforementioned attacks.

Publication

Transactions of Cryptographic Hardware and Embedded Systems, Volume 2024, Issue 2

Paper

Artifact

Artifact number
tches/2024/a16

Artifact published
May 31, 2024

Badge
IACR CHES Artifacts Functional

README

ZIP (44269617 Bytes)  

View on Github

License
This work is licensed under the MIT License.

Some files in this archive are licensed under a different license. See the contents of this archive for more information.


BibTeX How to cite

Ender, M., Hahn, F., Fyrbiak, M., Moradi, A., & Paar, C. (2024). JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(2), 426–450. https://doi.org/10.46586/tches.v2024.i2.426-450 Artifact available at https://artifacts.iacr.org/tches/2024/a16