Transactions on Cryptographic Hardware and Embedded Systems, Volume 2024
JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing
Maik Ender
Max Planck Institute for Security and Privacy, Bochum, Germany
Felix Hahn
Max Planck Institute for Security and Privacy, Bochum, Germany
Marc Fyrbiak
Max Planck Institute for Security and Privacy, Bochum, Germany
Amir Moradi
Technische Universität Darmstadt, Darmstadt, Germany
Christof Paar
Max Planck Institute for Security and Privacy, Bochum, Germany
Keywords: FPGA, FPGA Configuration Engine, FPGA Security, FPGA Bitstream Protection, Hardware Fuzzing, Fuzzing Framework, Vulnerability Discovery, starbleed
Abstract
Fuzzing is a well-established technique in the software domain to uncover bugs and vulnerabilities. Yet, applications of fuzzing for security vulnerabilities in hardware systems are scarce, as principal reasons are requirements for design information access, i.e., HDL source code. Moreover, observation of internal hardware state during runtime is typically an ineffective information source, as its documentation is often not publicly available. In addition, such observation during runtime is also inefficient due to bandwidth-limited analysis interfaces, i.e., JTAG, and minimal introspection of hardware-internal modules. In this work, we investigate fuzzing for Xilinx 7-Series and UltraScale(+) FPGA configuration engines, the control plane governing the (secure) bitstream configuration within the FPGA. Our goal is to examine the effectiveness of fuzzing to analyze and document the opaque inner workings of FPGA configuration engines, with a primary emphasis on identifying security vulnerabilities. Using only the publicly available hardware chip and dispersed documentation, we first design and implement ConFuzz, an advanced FPGA configuration engine fuzzing and rapid prototyping framework. Based on our detailed understanding of the bitstream file format, we then systematically define 3 novel key fuzzing strategies for Xilinx FPGA configuration engines. Moreover, our strategies are executed through mutational structure-aware fuzzers and incorporate various novel custom-tailored, FPGA-specific optimizations to reduce search space. Our evaluation reveals previously undocumented behavior within the configuration engine, including critical findings such as system crashes leading to unresponsive states of the whole FPGA. In addition, our investigations not only lead to the rediscovery of the recent starbleed attack but also uncover a novel unpatchable vulnerability, denoted as JustSTART (CVE-2023-20570), capable of circumventing RSA authentication for Xilinx UltraScale(+). Note that we also discuss effective countermeasures by secure FPGA settings to prevent aforementioned attacks.
Publication
Transactions of Cryptographic Hardware and Embedded Systems, Volume 2024, Issue 2
PaperArtifact
Artifact number
tches/2024/a16
Artifact published
May 31, 2024
Badge
✅ IACR CHES Artifacts Functional
License
This work is licensed under the MIT License.
Some files in this archive are licensed under a different license. See the contents of this archive for more information.
BibTeX How to cite
Ender, M., Hahn, F., Fyrbiak, M., Moradi, A., & Paar, C. (2024). JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(2), 426–450. https://doi.org/10.46586/tches.v2024.i2.426-450 Artifact available at https://artifacts.iacr.org/tches/2024/a16