Dirección de investigación : Andrea PINNA

Co-supervisión : PILLEMENT Sébastien

Automatic Interpretation of Bitstream and Malicious Circuit Detection by Artificial Intelligence for FPGA Security

FPGAs (Field-Programmable Gate Arrays) have considerably expanded their use in a wide range of applications (aerospace, security, defence, telecommunications, etc.). Thanks to their increased logic capacity and performance, they are now being integrated into computing systems such as data centers, to accelerate computationally intensive applications. However, the security implications of their integration, and of resource sharing between multiple users, are numerous and challenging. Side channels, fault injection and covert channel attacks can be designed and implemented by malicious users. Most attacks are achieved by implementing circuits based on ring oscillators (ROs). These oscillators are undetectable by conventional analysis tools such as design rule checking. Furthermore, current design tools do not offer Bitstream analysis modules to detect these attacks before they are loaded into the FPGA. To overcome these attacks, the state of the art proposes, on the one hand, reverse engineering, which has the limitation of revealing the user's intellectual property; and on the other hand, the classification of malicious Bitstreams using machine learning methods. The latter's limitations include the impossibility of extracting RO patterns, as well as finding their location in the Bitstream.
This thesis focuses on the detection of ROs from a Bitstream without first reverse engineering it. The aim of the study is to represent the patterns of ring oscillators, enabling them to be recognized and located in a Bitstream. To this end, two main methods are proposed:

• Semantic interpretation and modeling of the Bitstream in the form of an image are proposed, followed by the detection of ROs based on the template matching method;
• A neural network-based detection where a labeled database for the detection of ROs is proposed. Followed by a binary classification of malicious patterns characterizing these oscillators using two inference models based on a multilayer perceptron (MLP) architecture.

Evaluation using VTR (Verilog-To-Routing) and OpenFPGA design tools, and targeting the Stratix-IV-like FPGA, demonstrates the effectiveness of the proposed security solutions.

Publicaciones 2022-2024

• 2024
  • S. Takougang Tchinda : “Interprétation automatique de Bitstream et détection des circuits malveillants par intelligence artificielle pour la sécurité des FPGA”, tesis, defensa 10/01/2024, dirección de investigación Pinna, Andrea, co-supervisión : Pillement, Sébastien (2024)
• 2023
  • S. Takougang : “Exploration des architectures reconfigurables avec l’outil Verilog-To-Routing (VTR)”, 17^e Colloque du GDR SOC2, Lyon, France (2023)
• 2022
  • S. Takougang, A. Pinna, S. Pillement : “Semantic analysis of bitstreams: Application to ring oscillator detection for FPGA security”, 16^th Colloque of the GDR SOC2, Strasbourg, France (2022)