Hardware Security & Latest R&D

Hardware Security & Latest R&D RISE Funders & Universities RISE Stakeholder Board (ISAB) Standards & Regulation

Potential labelling scheme for consumer IoT products Insecure ‘Smart’ Devices Tech Republic’s list of the least secure connected devices - Feb 2018

Symantec IoT Report “Insecure Routers were the source of 75% of DDoS IoT attacks” - Apr 2019

Adapted from https://www.techrepublic.com/pictures/photos‐the‐11‐least‐secure‐connected‐devices/ IoT Threats 2002-2018 • Mirai • Hajime • IoT Reaper • Hide N Seek • VPNFilter

2014

Source: F‐Secure, April 2019 The Internet of ‘Cloned’ Things

What about counterfeit devices and untrusted supply chains? • Globalisation of supply chains - use of overseas foundries, third party IP, third party test facilities

• Supply chains susceptible to a range of hardware-based security threats • Counterfeit devices could host malicious software, firmware or hardware

IEEE Spectrum, Oct 2013 Threat of Hardware Trojans

First successful real-world FPGA hardware Trojan insertion into a commercial product

Journal of Cryptographic Engineering, Sept 2017 The Big Hack (2018)

• Did it happen? No data • Is it technically plausible? Yes Recent Vulnerabilities – SCA’s

Meltdown, Jan 2018 Spectre, Jan 2018 Zombieload, May 2019

November 2018: New Meltdown- and Spectre-type transient execution attacks uncovered that affect Intel, AMD and ARM devices Canella et al. “A Systematic Evaluation of Transient Execution Attacks and Defenses”, arXiv preprint [CVBS+ 18] RISE Spring School 2018 – Daniel Gruss

https://www.ukrise.org/springschool/programme/ Major Research Challenges

• How do we detect counterfeit devices?

• How do we detect manipulated devices?

• Is it possible to build attack- resilient hardware platforms?

• How do we deal with untrusted manufacturing processes & untrusted supply chains? Need for Hardware Security

• Demand for Hardware Security research & innovation increasing with growing security needs in embedded & networking devices & cloud services

• A key driver is the Internet of Things (IoT) – everything is becoming a computer

• Multi-layered approach to security needed - establishing a trusted computing baseline that anchors trust in tamper-proof hardware

• A strong hardware security foundation essential for realising secure systems Vision for RISE RISE Research Challenges

Understanding • State-of-the-art HW security primitives: TRNGs, PUFs Technologies • Novel HW analysis toolsets & techniques Underpinning Hardware • Attack-resilient HW platforms, HW IP building blocks Security RISE Research Challenges

Maintaining Confidence in • Confidence in Developing Secure HW Devices Security • Supply Chain Confidence Throughout Product • Modelling of HW Security Lifecycle RISE Research Challenges

• Combining Hardware Roots Of Trust (e.g. TPM, Tees) With Advanced Cryptographic Novel HW Security Techniques (e.g. Identity- Or Attribute- Use Cases & Value based Encryption) To Offer Data-centric Propositions Security (e.g. Fido Alliance)

Development & Pull Through (Barriers to Adoption)

Ease of Development & Education of Potential ease of leveraging best User/Developer base security option Understanding Barriers to Adoption The RISE Projects DeepSecurity: Applying Deep Learning to Hardware Security • Global supply chains for electronic devices are now considered to be susceptible to a range of hardware-based threats • Hardware Trojans • Intellectual Property piracy • Integrated circuit (IC) overproduction • Side Channel attacks • Major security threats to military, medical, government, transportation etc. • The proposed project will apply a deep learning approach to investigate two of these threats namely the use of deep-learning in the context of side-channel attacks (SCA) and hardware Trojans (HT). • Utilisation of deep learning based verification processes in Electronic Design Automation tools to provide feedback to designers on security of designs. SCARV: A Side-Channel Hardened RISC-V Platform • RISC-V is an open source Instruction Set Architecture (ISA) design • a specification for the instructions any compatible processor implementation should be able to execute, and the resources those instructions can access - the interface between the processor implementation (HW) and programs that execute on it (SW) • Open source has resulted in rapid development of a rich support infrastructure including vibrant developer and user communities • The research goals capitalise on this openness • Since RISC-V can be implemented by anyone, it is possible to develop a core hardened against specific types of attack; the focus will be on the threat of SCAs. • Since RISC-V can be adapted by anyone, it is possible to develop various cryptography-specific extensions of the ISA that offer e.g. higher efficiency. • An open "lab free" (i.e., cloud-based) acquisition and analysis workflow enabling easy and efficient evaluation of side-channel security IOSEC: Protection and Memory Safety for Input/Output Security • Re-architect I/O systems with security as a primary design constraint. • Investigate the weaknesses of current I/O and propose safer alternatives • A survey of state-of-the-art access-control protections in current HW and SW designs • Assess utilisation of Input/Output Memory Management Units (IOMMUs) • Develop a corpus of vector-specific attack techniques which future defences must prevent or mitigate. • New techniques to restructure CPU-to-I/O interconnects to provide a message-based abstraction for untrustworthy devices • New distributed-memory protection, enabling greater control of device access to host memory while improving security-performance tradeoffs. • Hardware-software co-design methodology and FPGA prototyping • Evaluation of performance, complexity, compatibility, and security metrics User-Controlled HW Security Anchors: Evaluation & Designs • Many modern processors are equipped with hardware extensions that enable some kind of Trusted Execution Environment (TEE) • Primary objective is to promote and facilitate the adoption of TEE as the main trust anchor for security architectures. • Evaluation of the security features of different TEE implementations including assessment of cryptographic protocols, side-channel vulnerabilities, and implementation weaknesses. • Strong hardware-based security mechanisms to improve both the strength and usability of authentication. • Build an architecture for designing protocols and user experiences that leverage these hardware security primitives to enhance the security, manageability, and usability of user authentication • Demonstration on suitable platforms including secure hardware, smart devices and integration with authentication tokens. Supplementary Projects rFAS - Reconfigurable FPGA Accelerator Sandboxing • A security infrastructure that allows trustworthy integration and execution of partially reconfigurable FPGA hardware accelerators in a multi-tenant environment. • A secure and encapsulated FPGA run-time environment that prevents modules from leaking information from other parts of a system or compromising the integrity of a system. • This will be achieved through • traditional techniques such as memory protection mechanisms • a new configuration management unit that ensures encapsulation of partial modules into allocated resources as well as through • a bitstream analysis tool (similar to a virus scanner known from software systems) that detects malicious sections in FPGA configuration binaries to prevent configuration bitstreams of entering a system. TimeTrust: Robust Timing via Hardware Roots of Trust and Non-standard Hardware –with Application to EMV Contactless Payments

• Relay attacks are a vulnerability with the view to e.g. steal a car with passive keyless entries. • TimeTrust project views the protection of ubiquitous systems against strong forms of relay attacks and other proximity/timing-related attacks, via the use and extension of hardware roots of trust (HWRoT), such as, Trusted Platform Modules (TPM). • These usages/extensions of HWRoT view new combinations of timing capabilities with cryptographic primitives and trusted-computing mechanisms. • TimeTrust has a strong focus on cryptographic proofs and formal analysis. The main use-case of TimeTrust is contactless electronic payments. GUPT: A Hardware-Assisted Secure & Private Data Analytics Service

• We increasingly rely on cyber-physical systems and online services based on “data-driven intelligence" requiring four important design properties • Reliability • Real-time Performance • Scalability • Security & Privacy • These use adhoc practices currently which are problematic and un-manageable • Proposal is to build an end-to-end system supporting design – development – deployment of a wide range of data-driven intelligent applications (ML, data privacy & ethical experts) Safebet: Memory Capabilities to Safe, Aggressive Speculation in Processors

• We wish to explore the promising approach of capability-based protection on the micro-architectural speculation of complex out-of- order cores to mitigate new speculative side-channel attacks similar to Spectre. • We will establish a speciﬁcation framework to describe safe speculation in a microarchitecture, and a veriﬁcation framework to explore the speculative abilities of processor cores. Thank you www.ukrise.org | [email protected] | @UK_RISE