Toward a hardware Man-in-the-Middle attack on PCIe bus

Abstract The growing need for high rate communication of recent embedded systems is leading to the adoption of the PCIe protocol (Peripheral Component Interconnect express) as an internal data bus. This technology is used in some recent smartphones, and will probably be adopted globally in the next few years. The communication between the processor (in the SoC) and its memory through the PCIe bus represents an important source of information for criminal investigations. In this paper, we present a new attack vector on PCIe based on a hardware Man-in-the-Middle. This system allows real-time data analysis, data-replay, and a copy technique inspired by the shadow-copy principle. Through this one, it is possible to locate, duplicate, and replay sensitive data. The main challenge here is to develop an architecture compliant with PCIe protocol constraints, such as response time, frequency, and throughput, in order to be non-detectable to the communication parts. We designed a proof of concept of an emulator based on a computer with PCIe 3.0 bus and a Stratix 5 FPGA with an endpoint PCIe port as a development target.