Toward a Hardware Man-in-the-Middle Attack on PCIe Bus for Smart Data Replay

The growing need for speed of recent embedded systems leads to the adoption of the high speed communication PCIe protocol (Peripheral Component Interconnect Express) as an internal data bus. This technology is used in some recent smartphones, and will be probably adopted by the others in the next few years. The communication between the SoC and its memory through the PCIe bus represent an important source of information for criminal investigations. In this paper, we present a new reliable attack vector on PCIe. We chose to perform a hardware Man-in-the-Middle attack, allowing real-time data analysis, data-replay and a copy technique inspired by the shadow-copy principle. Through this attack, we will be able to locate, duplicate and replay sensitive data. The main challenge of this article is to develop an architecture compliant with PCIe protocol constraints such as response time, frequency and throughput, in order to be invisible to the communication parts. We designed a proof of concept of an emulator based on a computer with PCIe 3.0 bus and a Stratix 5 FPGA with an endpoint PCIe port as development target.