PSIRT-118: Chypnosis: Undervoltage Static Side-Channel Attack

This vulnerability could allow an attacker to gain access to storage elements on the device while the clock is stalled. We are researching this novel attack for other product families and are in the process of assessing the impact of this technique on our bitstream security.

During device programming, bitstream authentication and decryption is performed through a multi-stage process involving several cryptographic keys. These keys are hierarchically derived from a root key, which is derived from a Physically Unclonable Function (PUF). Due to the layered key derivation, and the infrequent nature of the programming event, which is usually performed in a trusted location, we believe the likelihood of extracting bitstream keys during programming to be extremely low.

For a client’s FPGA design, users should implement a clock monitor and an asynchronous reset mechanism in the FPGA fabric. The reporters of this vulnerability have experimentally verified the effectiveness of such a mitigation.

Microchip wishes to thank K. Mitard, S. K. Monfared, F. K. Dana, S. Tajik, R. Dumitru and Y. Yarom for their research and reporting on this issue.