Dark Mode

Settings

Capec-674 Detail

Design for FPGA Maliciously Altered

Detailed Supply Chain Hardware Likelihood: Low Typical Severity: High

Parents: 447

Description

An adversary alters the functionality of a field-programmable gate array (FPGA) by causing an FPGA configuration memory chip reload in order to introduce a malicious function that could result in the FPGA performing or enabling malicious functions on a host system. Prior to the memory chip reload, the adversary alters the program for the FPGA by adding a function to impact system operation.

Not present

External ID Source Link Description
CAPEC-674 capec https://capec.mitre.org/data/definitions/674.html
T1195.003 ATTACK https://attack.mitre.org/wiki/Technique/T1195/003 Supply Chain Compromise: Compromise Hardware Supply Chain
REF-660 reference_from_CAPEC https://docplayer.net/13041016-Supply-chain-attack-patterns-framework-and-catalog.html Melinda Reed, John F. Miller, Paul Popick, Supply Chain Attack Patterns: Framework and Catalog, 2014--08, Office of the Assistant Secretary of Defense for Research and Engineering
REF-439 reference_from_CAPEC http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation
REF-662 reference_from_CAPEC Jeremy Muldavin, Assuring Microelectronics Innovation for National Security & Economic Competitiveness (MINSEC), 2017--11, Office of the Deputy Assistant Secretary of Defense for Systems Engineering

Not present

  1. An adversary would need to have access to FPGA programming/configuration-related systems in a chip maker’s development environment where FPGAs can be initially configured prior to delivery to a customer or have access to such systems in a customer facility where end-user FPGA configuration/reconfiguration can be performed.

Not present

High
An adversary would need to be skilled in FPGA programming in order to create/manipulate configurations in such a way that when loaded into an FPGA, the end user would be able to observe through testing all user-defined required functions but would be unaware of any additional functions the adversary may have introduced.
Integrity
Alter Execution Logic
  1. An adversary with access and the ability to alter the configuration/programming of FPGAs in organizational systems, introduces a trojan backdoor that can be used to alter the behavior of the original system resulting in, for example, compromise of confidentiality of data being processed.

We use cookies to ensure you get the best experience on our website.