摘要
针对Xilinx公司7系列/Virtex-6 FPGA中存在的StarBleed漏洞,通过分析漏洞攻击过程及其关键环节,提出了基于配置位流混淆的加固方法.首先针对Vivado生成的密文位流进行解密得到明文位流.针对明文位流中的配置指令,提出了指令顺序混淆、指令字混淆和指令参数混淆方法.针对明文位流中的HMAC签名区域,混淆其中的i_key_pad和o_key_pad数据区.而后对混淆后的位流重新进行HMAC签名计算.最后重新进行AES加密得到混淆后的密文位流,实现以多种方式对漏洞攻击中最关键的修改密文位流环节进行防御.完成混淆后,利用机器学习算法对混淆效果进行评估.实验表明,混淆方法可以提升明文数据与密文数据的相似程度.在不需要修改硬件的条件下,能有效地增加漏洞攻击难度,可以用较低的代价增强针对StarBleed漏洞的防护能力.
Aiming at the StarBleed vulnerability in Xilinx's 7 series/Virx-6 FPGA,an new enhanced method based on configuration bitstream confusion was proposed by analyzing the attack process and its key steps.Firstly,it decrypts the ciphertext bitstream generated by Vivado to get the plaintext bitstream.Methods of instruction sequence confusion,instruction words confusion and instruction parameters confusion were proposed for configuration instructions in plaintext bit stream.For the HMAC signature area in the plaintext bitstream,the i_key_pad and o_key_pad data areas are confused as well.Then HMAC signature recalculation is performed after the confusion.Then re-perform the AES encryption to obtain the final confused ciphertext bitstream.That's the multi-method which realize the prevention on the critical step of ciphertext modification in vulnerability attack.Evaluation on the obfuscation with machine learning algorithm shows that confusion method can improve the similarity between the plaintext data and the ciphertext data.It can effectively increase the attack difficulty without hardware change and can improve the protection ability on the StarBleed vulnerability at a low cost.
作者
于志杰
赵欢
李铀
YU Zhi-jie;ZHAO Huan;LI You(Beijing Institute of Control Engineering,Beijing 100190,China;Beijing Sunwise Information Technology Ltd,Beijing 100190,China)
出处
《微电子学与计算机》
2021年第6期7-12,共6页
Microelectronics & Computer
