



POLYTECHNIQUE Montréal

TECHNOLOGICAL

Presented by John Doe March 26, 2024

IP Core Identification in FPGA Configuration Files using Machine Learning Techniques

Mahmood et al.



US Edition ∨

Businessweek | Feature

### The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America's technology supply chain, according to extensive interviews with government and corporate sources.







J. 7

US Edition ∨

Businessweek | Feature

The Big Hack: How China

Infiltrate U.S. Companies

The attack by Chinese spies reached almost 30 U.S.

**Used a Tiny Chip to** 

# **Bloomberg** Businessweek The Big Hack How China used a tiny chip to infiltrate America's top companies

companies, including Amazon and Apple, by compromising America's technology supply chain, according to extensive interviews with government and corporate sources.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

























microblaze 0 local memory . + DLMB + ILMB LMB CIk microblaze\_0 SYS\_Rst mdm 1 DLMB + + INTERRUPT MicroBlaze axi smo MBDEBUG\_0 + + DEBUG microblaze\_0\_axi\_periph Clk Debug\_SYS\_Rst + S00\_AXI + SOO\_AXI ACLK + S01\_AXI aclk aresetn M\_AXI\_IC + MicroBlaze Debug Module (MDM) ACLK ARESETN S00\_ACLK S00\_ARESETN M00\_ACLK MicroBlaze - eth\_ref\_clk axi\_gpio\_0 microblaze\_0\_axi\_intc led\_4bits + S AXI M00\_AXI + + s\_axi GPIO + s\_axi\_ack M00\_ARESETN M00\_ARESETN M01\_ACLK M01\_ACLK M01\_ARESETN M01\_AXI + M02\_AXI + M02\_AXI + M02\_AXI + M02\_AXI + s\_axi\_aclk GPIO2 + — dip\_switches\_4bits s\_axi\_aresetn s\_axi\_aresetn interrupt + M01\_ACLK AXI GPIO processor\_clk M02\_ARESETN M03\_ACLK M03\_ARESETN M04\_ACLK M05\_AXI + processor\_rst mig\_7series\_0 rst\_mig\_7series\_0\_83M clk\_wiz\_0 AXI Interrupt Controller slowest\_sync\_clk mb\_reset -+ S\_AXI DDR3 + ddr3\_sdram M04\_ARESETN clk\_out1 ext reset in bus struct reset[0:0] sys\_rst ui\_clk\_sync\_rst M05\_ACLK locked resetn aux reset in peripheral reset[0:0] \_\_\_\_\_ clk ref i ui\_ck 🗕 M05\_ARESETN clk\_in1 clk\_out2 -- mb\_debug\_sys\_rst interconnect\_aresetn[0:0] sys\_clk\_i mmcm\_locked clk\_out3 🗕 dcm\_locked aresetn init\_calib\_complete peripheral\_aresetn[0:0] 🔶 axi timer 0 + S\_AXI - capturetrig0 reset 📄 generateo capturetrig1 generateout1 freeze pwm0 axi\_ethemetlite\_0 sys\_clock D s\_avi\_ack MDIO + Ch\_mdio\_mdc s\_axi\_aclk interrupt s\_axi\_aresetn s\_axi\_aresetn ip2intc\_irpt AXI Timer AXI EthernetLite microblaze\_0\_xlconcat axi\_uartlite\_0 - In0(0:0) + S\_AXI -D usb\_uart In1[0:0] dout[3:0] UART + s\_axi\_aclk interrupt In2[0:0] s\_axi\_aresetn In3[0:0] AXI Uartlite axi\_quad\_spi\_0 + AXI\_LITE ext\_spi\_clk SPI\_0 + -D qspi\_flash s\_axi\_aclk ip2intc\_irpt s\_axi\_aresetn AXI Quad SPI



























### **One-vs-All Classification:**

Individual Neural network models are trained to identify one hardware module (eg. Adder) against all other modules.





### **One-vs-All Classification:**

Individual Neural network models are trained to identify one hardware module (eg. Adder) against all other modules.





























Conclusion

Paper Presentation: IP Core Identification in FPGA Configuration Files using Machine Learning Techniques

### There is a Need for Post-Development Integrity Verification in FPGA Designs

### **Main Findings**

 CNNs can successfully identify know logic blocks in generated binaries with an accuracy rate of over 87.8 %, high precision and high recall



Conclusion

Paper Presentation: IP Core Identification in FPGA Configuration Files using Machine Learning Techniques

### There is a Need for Post-Development Integrity Verification in FPGA Designs

### **Main Findings**

 CNNs can successfully identify know logic blocks in generated binaries with an accuracy rate of over 87.8 %, high precision and high recall

# Implications

Enable developers to scan their designs for known malicious logic



Conclusion

#### Paper Presentation: IP Core Identification in FPGA Configuration Files using Machine Learning Techniques

### There is a Need for Post-Development Integrity Verification in FPGA Designs

### **Main Findings**

 CNNs can successfully identify know logic blocks in generated binaries with an accuracy rate of over 87.8 %, high precision and high recall

# Implications

Enable developers to scan their designs for known malicious logic

### **Future Works**

• Test the approach with complex logic blocks



#### john.doe@polymtl.ca



POLYTECHNIQUE Montréal

TECHNOLOGICAL ∃ UNIVERSITY

