Remote Dynamic Clock Reconfiguration based Attacks on Internet of Things Applications

Anju P. Johnson, Sikhar Patranabis, Rajat Subhra Chakraborty, Debdeep Mukhopadhyay

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Many Internet of Things (IoT) applications can potentially benefit from the
remote Dynamic Partial Reconfiguration (DPR) capabilities of modern Field Programmable Gate Arrays~(FPGAs). Such capabilities enable changes in
the circuit mapped on the FPGA, for modification or enhancement of functionality offered by the FPGA without taking it offline, via remote communications over a network. However, the use of remote DPR can result in security threats with catastrophic consequences. In this paper, we design two Hardware Trojan Horse attacks that exploit the remote DPR capability of the FPGA, on an encryption circuit and a true random number generator circuit,
respectively. In particular, these attacks target the clock signal management circuitry on the FPGA to disrupt functionality. We substantiate the threat by demonstrating successful remote attacks via transfer of malicious bitstreams to a Virtex-5 FPGA, thereby embedding the HTH. Finally, we propose plausible
countermeasures to prevent such attacks.
Original languageEnglish
Title of host publicationIEEE Xplore, EUROMICRO Digital System Design Conference (DSD) (special session on Architectures and Hardware for Security Applications), Limassol, Cyprus, 2016
Publication statusPublished - 31 Aug 2016

Cite this