DOCSLIB.ORG

Runtime Detection of Hardware Trojan in Untrusted Network-On-Chip Mubashir Hussain

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Runtime Detection of Hardware Trojan in Untrusted Network-On-Chip Mubashir Hussain Runtime Detection of Hardware Trojan in Untrusted Network-on-Chip Mubashir Hussain A thesis in fulfillment of the requirements for the degree of Doctor of Philosophy School of Computer Science and Engineering Faculty of Engineering The University of New South Wales August 2018 THE UNIVERSITY OF NEW SOUTH WALES Thesis/Dissertation Sheet Surname or Family name: Hussain First name: Mubashir Other name/s: Abreviation for degree as given in the University calendar: PhD School: School of Computer Science and Engineering Faculty: Faculty of Engineering Title: Runtime Detection of Hardware Trojan in Untrusted Network-on-Chip Abstract 350 words maximum Traditionally, the computing system security has been tackled as a software-level problem. With the globalization of the modern semiconductor industry, the design of a system may involve different parties, especially for the design of system-on-chip (SoC) where the high complexity of the design has pushed designers towards using the third-party components that may have been modified with malicious additions without notice of the designer. Such a malicious modification (known as hardware Trojan) may be very small and can escape the scrutiny of the offline circuit-level testing and appear in the final product, which creates a new class of threats that have to be addressed at the hardware level and at the runtime. For SoCs, one of the most vulnerable components is the communication sub-system, called network- on-chip (NoC). NoC is able to access all components in the system and can be an easy target for varied attacks. This thesis aims at the hardware Trojan inside the router of a NoC. When activated, the Trojan can modify passing packets for two different purposes: 1) hijacking packets to harvest information carried by the packet; 2) manipulating the packet to alter the packet data. Both attacks can be tackled by the authentication. But unlike the software level authentication designs in the traditional networking system, the authen- tication in NoC has on-chip overhead issues. The thesis investigates three designs: one for packet hijacking attack detection, one for packet integrity attack detection, and one for Trojan location detection. Each design has a different dominant overhead issue. We, therefore, have a different optimization objective in the design. For the packet hijacking attack detection, we target the overhead on the chip cost and we present a customization design. For the packet data integrity authentication, the main concern is the bandwidth consumption caused by the large tag size and we introduce a progressive authentication scheme to reduce the bandwidth overhead. For the Trojan location detection, we propose a dynamic search algorithm to minimize the energy consumption. We have conducted a range of extensive experiments on each design, which demonstrate the effective- ness of our design approaches. Declaration relating to disposition of project thesis/dissertation I hereby grant to the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or in part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all property rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation. I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstracts International (this is applicable to doctoral theses only). Signature Witness Date The University recognises that there may be exceptional circumstances requiring restrictions on copying or conditions on use. Requests for restriction for a period of up to 2 years must be made in writing. Requests for a longer period of restriction may be considered in exceptional circumstances and require the approval of the Dean of Graduate Research. FOR OFFICE USE ONLY Date of completion of requirements for Award Originality Statement ‘I hereby declare that this submission is my own work and to the best of my knowl- edge it contains no materials previously published or written by another person, or substantial proportions of material which have been accepted for the award of any other degree or diploma at UNSW or any other educational institution, except where due acknowledgement is made in the thesis. Any contribution made to the research by others, with whom I have worked at UNSW or elsewhere, is explicitly acknowledged in the thesis. I also declare that the intellectual content of this thesis is the product of my own work, except to the extent that assistance from others in the project’s design and conception or in style, presentation and linguistic expression is acknowledged.’ Mubashir Hussain August 1, 2018 Copyright Statement ‘I hereby grant the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all proprietary rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation. I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstract International (this is applicable to doctoral theses only). I have either used no substantial portions of copyright material in my thesis or I have obtained permission to use copyright material; where permission has not been granted I have applied/will apply for a partial restriction of the digital copy of my thesis or dissertation.’ Mubashir Hussain August 1, 2018 Authenticity Statement ‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis. No emendation of content has occurred and if there are any minor variations in formatting, they are the result of the conversion to digital format.’ Mubashir Hussain August 1, 2018 Acknowledgements My PhD journey has been full of excitement, frustration, and satisfaction. I would like to take this opportunity to acknowledge all the people who guide, inspire and support me during every step of this journey. First and foremost, I would like to thank Almighty Allah for His endless blessings. It was through His kindness that I was able to overcome all the challenges that I faced during my research. Secondly, I would like to extend my sincere gratitude to my supervisor Dr Annie Hui Guo, for her invaluable guidance, support, and patience. She helped me to learn how to identify and solve research problems. Without her technical support, guidance and rigorous feedback this research work will never be possible. I will always be grateful for her kindness and encouragement. I also like to thank my co-supervisor Professor Sri Parameswaran for his valuable feedback on my research and constant encouragement to boost my confidence during stressful times. I acknowledge my research committee members Prof. Jingling Xue, Dr Eric Andre Martin, Dr Salil Kanhere for their valuable reviews that helped shape this dissertation. Furthermore, I gratefully acknowledge the financial support from School of Computer Science and Engineering UNSW, Faculty of Engineering UNSW and Graduate Research School UNSW to carry out this research. I would like to extend my special thanks to Dr Haseeb Bokhari for his valuable help and feedback on my research. I am very grateful to my friends and colleagues Umair, Hassaan, Wajid and Dimitris for their support and making my PhD journey so enjoyable. I am also thankful for the help provided by my colleagues Mahanama, Darshana, Amin and Sajid. I also like to extend my thanks to a friend and partner in a crime Sana. Her kind words always lifted my moral when I was down. She always cared more about my problems than her own. I am very grateful to her motivational talks and support. i Last but not least, my heartfelt gratitude goes to my loving family. Their uncondi- tional love, prayers, and faith gave me confidence in the most desperate times of my degree. Especially mom and dad, I will always be in debt to your kindness, support, and efforts to bring me to the place where I am today. I am also very thankful to my sisters Sundas, Iqra, and brother Muddasir for being there when I needed them the most. I am genuinely grateful to all the amazing people who believed in me and helped me on this exciting journey. This work is dedicated to all of you. ii List of Publications • Hussain, M. and Guo, H., 2017, March. “Packet Leak Detection on Hardware- Trojan Infected NoCs for MPSoC Systems”. In Proceedings of the 2017 In- ternational Conference on Cryptography, Security and Privacy (pp. 85 - 90). ACM. • Hussain, M., Guo, H. and Parameswaran, S., 2017. “A Customized Authen- tication Design for Traffic Hijacking Detection on Hardware-Trojan Infected NoCs”. Journal of Computer and Communications, 6(01), (pp. 135 - 152). • Hussain, M., Malekpour, A., Guo, H. and Parameswaran, S., 2018, March. “EETD: An Energy Efficient Design for Runtime Hardware Trojan Detection in Untrusted Network-on-Chip”. In VLSI (ISVLSI), 2018 IEEE Computer Society Annual Symposium on (pp. 345 - 350). IEEE. • Hussain, M. and Guo, H. “A Bandwidth-Aware Authentication Scheme for Packet-Integrity Attack Detection on Trojan Infected NoCs”. Accepted In Very Large Scale Integration (VLSI-SoC), 2018 IFIP/IEEE International Con- ference. IEEE. iii Abstract Traditionally, the security of the computing systems has been tackled as a software- level problem where attacks largely come from software and the counter-attack so- lutions are also software oriented. However, with the globalisation of the modern semiconductor industry, the design of a hardware system may involve many different parties, especially for the design of system-on-chip (SoC) where the increasingly high complexity of the design has pushed designers towards using the components from the third-party vendors.
Load more

Recommended publications
  • Detecting Hardware Trojans Inserted by Untrusted Foundry Using Physical Inspection and Advanced Image Processing
    Noname manuscript No. (will be inserted by the editor) Detecting Hardware Trojans Inserted by Untrusted Foundry using Physical Inspection and Advanced Image Processing Nidish Vashistha · M Tanjidur Rahman · Haoting Shen · Damon L Woodard · Navid Asadizanjani · Mark Tehranipoor Received: date / Accepted: date Abstract Hardware Trojans are malicious changes to Trojan. Here, we are only concerned with untrusted the design of integrated circuits (ICs) at different stages foundry problem, where it is assumed the end-user has of the design and fabrication process. Different approac- access to a golden layout/image of the IC. This is a hes have been developed to detect Trojans namely: non- common threat model for those organizations that fully destructive (electrical tests like run-time monitoring, design their IC but need access to untrusted foundry functional and structural tests) and destructive testing for fabrication. SEM image from a backside thinned (full chip reverse engineering). However, none of the golden IC is compared with a low-quality SEM image of previously developed methods can be used to detect all an IC under authentication (IUA). We perform image types of Trojans and they all suffer from a number of dis- processing to both golden IC & IUA images to remove advantages such as low speed of detection, low accuracy, noise. We develop a computer vision based algorithm low confidence level and poor coverage of Trojan types. to detect hardware Trojans based on their structural Based on our literature survey of Trojan benchmarks, similarity. The results demonstrate that our technique majority of the hardware Trojans implemented in an IC is quite effective at detecting Trojans and significantly will leave a footprint at the active layer.
    [Show full text]
  • Leveraging Logic Masking to Facilitate Hardware Trojan Detection Methods Arash Nejat
    Leveraging Logic Masking to Facilitate Hardware Trojan Detection Methods Arash Nejat To cite this version: Arash Nejat. Leveraging Logic Masking to Facilitate Hardware Trojan Detection Methods. Mi- cro and nanotechnologies/Microelectronics. Université Grenoble Alpes, 2019. English. NNT : 2019GREAT004. tel-03132626 HAL Id: tel-03132626 https://tel.archives-ouvertes.fr/tel-03132626 Submitted on 5 Feb 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE Pour obtenir le grade de DOCTEUR DE LA COMMUNAUTÉ UNIVERSITÉ GRENOBLE ALPES Spécialité : NANO ELECTRONIQUE ET NANO TECHNOLOGIES Arrêté ministériel : 25 mai 2016 Présentée par Arash NEJAT Thèse dirigée par Vincent BEROULLE , Enseignant-chercheur, Grenoble INP et codirigée par David HELY, Maitre de Conférence, Grenoble INP préparée au sein du Laboratoire Laboratoire de conception et d'intégration des systèmes dans l'École Doctorale Electronique, Electrotechnique, Automatique, Traitement du Signal (EEATS) Tirer parti du masquage logique pour faciliter les méthodes de détection des chevaux de Troie
    [Show full text]
  • Hardware Trojans – Prevention, Detection, Countermeasures (A Literature Review)
    UNCLASSIFIED Hardware Trojans – Prevention, Detection, Countermeasures (A Literature Review) Mark Beaumont, Bradley Hopkins and Tristan Newby Command, Control, Communications and Intelligence Division Defence Science and Technology Organisation DSTO–TN–1012 ABSTRACT A Hardware Trojan is a malicious, undesired, intentional modification of an electronic circuit or design, resulting in the incorrect behaviour of an electronic device when in operation – a back-door that can be inserted into hardware. A Hardware Trojan may be able to defeat any and all security mechanisms (software or hardware-based) and subvert or augment the normal operation of an infected device. This may result in modifications to the functionality or specification of the hardware, the leaking of sensitive information, or a Denial of Service (DoS) attack. Understanding Hardware Trojans is vital when developing next generation de- fensive mechanisms for the development and deployment of electronics in the presence of the Hardware Trojan threat. Research over the past five years has primarily focussed on detecting the presence of Hardware Trojans in infected devices. This report reviews the state-of-the-art in Hardware Trojans, from the threats they pose through to modern prevention, detection and countermeasure techniques. APPROVED FOR PUBLIC RELEASE UNCLASSIFIED DSTO–TN–1012 UNCLASSIFIED Published by DSTO Defence Science and Technology Organisation PO Box 1500 Edinburgh, South Australia 5111, Australia Telephone: (08) 7389 5555 Facsimile: (08) 7389 6567 c Commonwealth of Australia 2011 AR No. 015-008 July, 2011 APPROVED FOR PUBLIC RELEASE ii UNCLASSIFIED UNCLASSIFIED DSTO–TN–1012 Hardware Trojans – Prevention, Detection, Countermeasures (A Literature Review) Executive Summary Electronic systems have proliferated over the past few decades to the point that most aspects of daily life are aided or affected by the automation, control, monitoring, or com- putational power provided by Integrated Circuits (ICs).
    [Show full text]
  • Hardware Security and VLSI Design Optimization
    Wright State University CORE Scholar Browse all Theses and Dissertations Theses and Dissertations 2018 Hardware Security and VLSI Design Optimization Hao Xue Wright State University Follow this and additional works at: https://corescholar.libraries.wright.edu/etd_all Part of the Engineering Commons Repository Citation Xue, Hao, "Hardware Security and VLSI Design Optimization" (2018). Browse all Theses and Dissertations. 2206. https://corescholar.libraries.wright.edu/etd_all/2206 This Dissertation is brought to you for free and open access by the Theses and Dissertations at CORE Scholar. It has been accepted for inclusion in Browse all Theses and Dissertations by an authorized administrator of CORE Scholar. For more information, please contact [email protected]. HARDWARE SECURITY AND VLSI DESIGN OPTIMIZATION A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy By HAO XUE M.S.Eg., Wright State University, USA, 2013 B.S., Taiyuan University of Technology, China, 2010 2018 Wright State University WRIGHT STATE UNIVERSITY GRADUATE SCHOOL December 4, 2018 I HEREBY RECOMMEND THAT THE DISSERTATION PREPARED UNDER MY SUPERVISION BY Hao Xue ENTITLED Hardware Security and VLSI Design Optimization BE ACCEPTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF Doctor of Philosophy. ___________________________ Saiyu Ren, Ph.D. Dissertation Director ___________________________ Arnab K. Shaw, Ph.D. Director, Electrical Engineering Ph.D. Program ___________________________ Barry Milligan, Ph.D. Interim Dean of the Graduate School Committee on Final Examination ___________________________ Saiyu Ren, Ph.D. ___________________________ Ray Siferd, Ph.D. ___________________________ Marty Emmert, Ph.D. ___________________________ Marian Kazimierczuk, Ph.D. ___________________________ Yan Zhuang, Ph.D.
    [Show full text]
  • IEEE Paper Template in A4
    INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 06, JUNE 2020 ISSN 2277-8616 Reduction Of Hardware Trojan Effect Using Multipath Authentication P. Bosebabu, K. Siva Nagaraju, B. Chanikya, P. Ritish Kumar Abstract: with increase of Integrated Circuit (IC) manufacturing foundries and fabrication units, security of an IC gains its importance. The manufacturing of IC is having many stages like designing, assembling, packaging, etc. Hardware Trojans can be implantable at any of these stages by the foundries or third-party vendors. Hardware Trojan is a malicious, undesired, intentional, modification of an electronic circuit or design, resulting leakage of data or incorrect behaviour of an electronic device. The Cryptographic algorithms play an important role in information security and protection of data from unauthorised usage. The proposed AES crypto processor model is having a authentication monitoring which will detect hardware Trojan triggering, alerts the user and takes necessary actions for retrieving original data. With help of proposed system, the reduction of effect of hardware Trojan can be achievable. Keywords: Hardware Trojan, Cryptography, IC security, AES. ———————————————————— 1. INTRODUCTION 2. RELATED WORK In recent years, the usage of semiconductor devices has rapidly increased. Integrated Circuit (IC) has become the A. Hardware Trojan foremost part of every stream like military, government, Hardware Trojan consist of two parts, trigger and payload. commercialization, etc. Chip manufacturing cycle involves Trigger is an activation condition or event that triggers the Specification, Architectural design, Functional and Logical payload in active state. Payload is an activity that executed design, Circuit design, Physical design, Fabrication, Packaging whenever Trojan is activated or triggered.
    [Show full text]
  • Trojans in Early Design Steps—An Emerging Threat
    Trojans in Early Design Steps—An Emerging Threat Ilia Polian∗, Georg T. Beckery, and Francesco Regazzoniz ∗Universitat¨ Passau, Germany yHorst Gortz¨ Institute for IT Security, Ruhr-Universitat¨ Bochum, Germany zALARI, University of Lugano, Switzerland Abstract—Hardware Trojans inserted by malicious foundries II. BACKGROUND during integrated circuit manufacturing have received substantial attention in recent years. In this paper, we focus on a different The term “hardware Trojans” historically referred to threats type of hardware Trojan threats: attacks in the early steps of associated with outsourcing of advanced semiconductor man- design process. We show that third-party intellectual property ufacturing into potentially untrustworthy countries [1]. The cores and CAD tools constitute realistic attack surfaces and that foundry would receive circuit layout information (in GDS II even system specification can be targeted by adversaries. We or a similar format) and, possibly, further design data, in order discuss the devastating damage potential of such attacks, the to produce masks and manufacture the circuit. The alleged applicable countermeasures against them and their deficiencies. threat consists in an intentional—and malicious—modification I. INTRODUCTION of the circuit by the foundry before manufacturing, such that the fabricated chip has critical deviations from its layout as Historically, IT security concentrated on attack scenarios provided by its author. targeting software and communication networks, but more recently, the system hardware moved into the focus of attack- However, the modern understanding of hardware Trojans ers. Hardware-related threats are relevant even for extremely includes all malicious modifications of a circuit during its cre- software-dominated systems, which still contain some amount ation: by an untrusted foundry (as discussed above), but also by of hardware on which the software runs; compromising this rogue in-house designers, by third-party intellectual-property hardware makes the entire system vulnerable.
    [Show full text]
  • Design and Validation for Fpga Trust Under Hardware Trojan Attacks 3
    1 186 186 186 IEEEIEEE TRANSACTIONS TRANSACTIONS ON MULTI-SCALE ON MULTI-SCALEIEEE COMPUTING TRANSACTIONS COMPUTING SYSTEMS, SYSTEMS, ON MULTI-SCALE VOL. VOL. 2, NO. 2, COMPUTING 3,NO. JULY-SEPTEMBER 3, JULY-SEPTEMBER SYSTEMS, 2016 VOL. 2016 2, NO. 3, JULY-SEPTEMBER 2016 DesignDesign andDesign and ValidationDesign Validation and and Validation for for Validation FPGA FPGA for Trust Trust for FPGA FPGA Trust Trust under underunder Hardware HardwareunderHardware Trojan Trojan Hardware Attacks Attacks Trojan Trojan Attacks Attacks Sanchita Mal-Sarkar, Member, IEEE, Robert Karam, Student Member, IEEE, SanchitaSanchita Mal-Sarkar, Mal-Sarkar,Member,Member,SeetharamSanchita IEEE IEEE Mal-Sarkar,, Robert Narasimhan,, Robert Karam, Karam,Member,Member,StudentStudent IEEE IEEEMember,, RobertMember,, Anandaroop IEEE Karam, IEEE, ,Student Ghosh, Member, Aswin Krishna, IEEE, SeetharamSeetharam Narasimhan, Narasimhan,Member,SeetharamMember, IEEEand IEEE Narasimhan,, Swarup Anandaroop, Anandaroop Bhunia,Member, Ghosh, Ghosh,Senior IEEE Member,, Anandaroop IEEE Ghosh, AswinAswin Krishna, Krishna,StudentStudent Member,Aswin Member, Krishna, IEEE IEEE, and,Student and Swarup Swarup Member, Bhunia, Bhunia, IEEESeniorSenior, and Member, Member,Swarup IEEE Bhunia, IEEE Senior Member, IEEE Abstract—Field programmable gate arrays (FPGAs) are being increasingly used in a wide range of critical applications, including industrial, automotive, medical, and military systems. Since FPGA vendors are typically fabless, it is more economical to outsource Abstract—Abstract—FieldField programmable programmable gate gateAbstract— arrays arrays (FPGAs) (FPGAs)Field areprogrammable beingare being increasingly increasingly gate arrays used used (FPGAs) in a inwide a wide are range being range of critical increasingly of critical applications, applications, used in including a wide including range of critical applications, including device production to off-shore facilities.
    [Show full text]
  • TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits Tony F
    TCAD-2015-0006 1 TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits Tony F. Wu, Student Member, Karthik Ganesan, Student Member, Yunqing Alexander Hu, Student Member, H.-S. Philip Wong, Fellow, Simon Wong, Fellow, Subhasish Mitra, Fellow Abstract— There are increasing concerns about possible we stop a hardware Trojan from being inserted. Part of the malicious modifications of integrated circuits (ICs) used in challenge in detecting or preventing hardware Trojans arises critical applications. Such attacks are often referred to as from the fact that the methods for inserting Trojan attacks are hardware Trojans. While many techniques focus on hardware numerous (e.g., [2][5] for a comprehensive list). Trojan detection during IC testing, it is still possible for attacks out to go undetected. Using a combination of new design techniques a) c) Vdd Vdd and new memory technologies, we present a new approach that + in detects a wide variety of hardware Trojans during IC testing and out Vdd/2 b) D Q also during system operation in the field. Our approach can also in prevent a wide variety of attacks during synthesis, clk 0 Vdd/2 Vdd place-and-route, and fabrication of ICs. It can be applied to any Fig. 1. Examples of hardware Trojans. a) Modification of functional behavior digital system, and can be tuned for both traditional and through logic changes; b) Electrical changes such as changing timing split-manufacturing methods. We demonstrate its applicability characteristics; c) Reliability changes such as accelerating aging with NBTI. for both ASICs and FPGAs. Using fabricated test chips with Trojan emulation capabilities and also using simulations, we Trojan insertion methods include (but are not limited to): demonstrate: 1.
    [Show full text]
  • Hardware Trojan Detection Solutions and Design-For-Trust Challenges
    RESEARCH FEATURE Hardware Trojan Detection Solutions and Design-for-Trust Challenges Mohammad Tehranipoor, Hassan Salmani, Xuehui Zhang, and Xiaoxiao Wang University of Connecticut Ramesh Karri, Jeyavijayan Rajendran, and Kurt Rosenfeld Polytechnic Institute of New York University Globalization of the semiconductor industry and evolving fabrication processes have made integrated circuits increasingly vulnerable to Trojans. Researchers must expand efforts to verify trust in intellectual property cores and ICs. ulnerabilities in the current integrated circuit (IC) a trusted design center and foundry, it is expensive and development process have raised serious concerns economically infeasible given current trends in the glo- about possible threats from hardware Trojans balization of IC design and fabrication. On the other hand, to military, financial, transportation, and other verifying trustworthiness requires a postmanufacturing V 1-4 critical systems. An adversary can introduce a Trojan step to validate conformance of the fabricated IC to the through an IC that will disable or destroy a system at some original functional and performance specifications. specific future time. Alternatively, an attacker can design a wire or some other IC component to survive the testing HARDWARE TROJANS phase but fail before the expected lifetime. A hardware A system-on-chip (SoC) design can contain several lay- Trojan can also covertly cause a system to leak confiden- ered and interconnecting functional components, including tial information or secret keys.
    [Show full text]
  • Interdiction in Practice – Hardware Trojan Against a High-Security USB Flash Drive
    Interdiction in Practice { Hardware Trojan Against a High-Security USB Flash Drive Pawel Swierczynski1, Marc Fyrbiak1, Philipp Koppe1, Amir Moradi1, Christof Paar1,2 IEEE Fellow Abstract As part of the revelations about the NSA Keywords hardware Trojan, · real world attack, · activities, the notion of interdiction has become known FPGA security, · AES to the public: the interception of deliveries to manipu- late hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hard- 1 Introduction ware level. With respect to hardware, FPGAs are par- ticular interesting targets as they can be altered by In this section we provide an overview of our research manipulating the corresponding bitstream which con- and related previous works in the area of hardware Tro- figures the device. In this paper, we demonstrate the jans and Field Programmable Gate Array (FPGA) se- first successful real-world FPGA hardware Trojan in- curity. sertion into a commercial product. On the target de- vice, a FIPS-140-2 level 2 certified USB flash drive from Kingston, the user data is encrypted using AES-256 in 1.1 Motivation XTS mode, and the encryption/decryption is processed by an off-the-shelf SRAM-based FPGA. Our investiga- As a part of the revelations by Edward Snowden, it be- tion required two reverse-engineering steps, related to came known that the National Security Agency (NSA) the proprietary FPGA bitstream and to the firmware allegedly intercepts communication equipment during of the underlying ARM CPU. In our Trojan insertion shipment in order to install backdoors [28]. For instance, scenario the targeted USB flash drive is intercepted be- Glenn Greenwald claims that firmware modifications fore being delivered to the victim.
    [Show full text]
  • Hardware Security and Trust: a New Battlefield of Information
    Hardware Security and Trust: A New Battlefield of Information Gang Qu University of Maryland, College Park, MD 20742, USA [email protected] Abstract. Hardware security and trust has received a lot of attention in the past 25 years. The purpose of this paper is to introduce the fundamental problems related to hardware security and trust to audiences who do not necessarily have hardware design background. In order to do that, we first discuss the evolving roles of hardware in security from an enable to an enhancer and now an enforcer as it get involves more and more in system security. Then we review the following key problems in hardware security, physical attacks, side channel analysis, intellectual property protection, hardware Trojan, hardware security primitives, and applications in security and trust. We provide a novel view of these problems and the corresponding solutions from the perspective of information battle between the attackers and designers, where we consider three types of information: data collected, processed, and stored by the hardware; information hidden in the design as watermark, fingerprint, and Trojans; and the chip fabrication variations that can be extracted and utilized. It is interesting to see how the hardware security and trust problems can be unified under this framework of information battle (stealing and protection). Unfortunately, there are more unknowns and challenges than what we have discovered on this framework as we illustrated in the section of open problems. However, the emerging Internet of Things and cyber physical systems have provided a large application field for researchers and practitioners to work on hardware based lightweight security.
    [Show full text]
  • 6 Hardware Trojans: Lessons Learned After One Decade of Research
    Hardware Trojans: Lessons Learned after One Decade of Research K. XIAO, ECE Department, University of Connecticut D. FORTE, ECE Department, University of Florida Y. J I N , EECS Department, University of Central Florida R. KARRI, ECE Department, Polytechnic Institute of New York University S. BHUNIA and M. TEHRANIPOOR, ECE Department, University of Florida Given the increasing complexity of modern electronics and the cost of fabrication, entities from around the globe have become more heavily involved in all phases of the electronics supply chain. In this environment, hardware Trojans (i.e., malicious modifications or inclusions made by untrusted third parties) pose major security concerns, especially for those integrated circuits (ICs) and systems used in critical applications and cyber infrastructure. While hardware Trojans have been explored significantly in academia over the last decade, there remains room for improvement. In this article, we examine the research on hardware Trojans from the last decade and attempt to capture the lessons learned. A comprehensive adversarial model taxonomy is introduced and used to examine the current state of the art. Then the past countermeasures and publication trends are categorized based on the adversarial model and topic. Through this analysis, we identify what has been covered and the important problems that are underinvestigated. We also identify the most critical lessonsr for those new to the field and suggest a roadmap for future hardware Trojan research. CCS Concepts: Hardware → Safety critical systems Additional Key Words and Phrases: Hardware security and trust, hardware Trojan attacks, countermea- sures, attack model ACM Reference Format: K. Xiao, D. Forte, Y. Jin, R.
    [Show full text]