Defeating Cisco Trust Anchor: A Case-Study of Recent Advancements in Direct FPGA Bitstream Manipulation

Field-programmable gate arrays (FPGAs) are widely used in real-time, data-intensive, and mission critical system designs. In the space of trusted computing, FPGA-based security modules have appeared in a number of widely used security conscious devices. The Cisco Trust Anchor module (TAm) is one such example that is deployed in a significant number of enterprise network switches, routers, and firewalls. We discuss several novel direct FPGA bitstream manipulation techniques that exploit the relative simplicity of input and output pin configuration structures.

We present an analysis of the efficacy of Cisco TAm and discuss both the high-level architectural flaws of the TAm as well as implementation specific vulnerabilities in a TAm protected Cisco router. By combining techniques presented in this paper with other recent advancements in FPGA bitstream manipulation, we demonstrate the feasibility of reliable remote exploitation of all Cisco TAms implemented using Xilinx Spartan-6 FPGAs. The TAm exploit described in this paper allows the attacker to fully bypass all Trust Anchor functionality, including hardware-assisted secure boot, and to stealthily inject persistent malicious implants within both the TAm FPGA and the application processor. Lastly, we discuss the applicability of our bitstream manipulation techniques to other FPGA-based devices and propose several practical mitigations.