DOCSLIB.ORG

A Case Study in Hardware Trojan Design and Implementation

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Case Study in Hardware Trojan Design and Implementation Int. J. Inf. Secur. (2011) 10:1–14 DOI 10.1007/s10207-010-0115-0 REGULAR CONTRIBUTION A case study in hardware Trojan design and implementation Alex Baumgarten · Michael Steffen · Matthew Clausman · Joseph Zambreno Published online: 3 September 2010 © Springer-Verlag 2010 Abstract As integrated circuits (ICs) continue to have an functional requirements pass, can one be sure that there is no overwhelming presence in our digital information-dominated additional logic that is hidden from the tests? How much trust world, having trust in their manufacture and distribution is there in the design chain? What if something malicious has mechanisms is crucial. However, with ever-shrinking tran- been added? sistor technologies, the cost of new fabrication facilities is At the Embedded Systems Challenge, part of the 2008 becoming prohibitive, pushing industry to make greater use Computer Security Awareness Week (CSAW) [1] at the Poly- of potentially less reliable foreign sources for their IC sup- technic Institute of NYU, this exact scenario was proposed. ply. The 2008 Computer Security Awareness Week (CSAW) Several student-led teams from around the country assumed Embedded Systems Challenge at the Polytechnic Institute of the role of the hardware hackers that had been able to gain NYU highlighted some of the vulnerabilities of the IC sup- access to the HDL source code for the Alpha. With this ply chain in the form of a hardware hacking challenge. This source code in hand, each team had one month to imple- paper explores the design and implementation of our winning ment as many undetectable hardware Trojans as possible. A entry. hardware Trojan is a malicious modification to the circuitry that compromises the integrity of the original design, usu- Keywords Hardware hacking · Trojans · Security · FPGA ally to the attacker’s benefit. The Alpha device, augmented with Trojans, had to pass a set of functional tests, use the same reference power, maintain the configuration memory 1 Introduction usage, pass a brief code inspection and be undetectable by a general user. With these requirements in mind, our team Consider a hypothetical scenario1 in which a government from Iowa State University designed a wide set of applicable team is tasked with the design and test of a new crypto- Trojans and performed a proof-of-concept implementation graphic device, code-named Alpha. The Alpha device (which using a provided Field-Programmable Gate Array (FPGA) is expected to be in heavy use and hence is of high value to the board. This paper describes our winning efforts in detail. sponsoring government) allows soldiers to transmit messages securely to other soldiers and their command station. Alpha has returned from the fabrication facility and is waiting for 2 Competition details the team’s approval to ship. From a testing and verification perspective, when the highly sensitive nature of the device is The CSAW Embedded Systems Challenge began on Sep- considered, several complex questions arise. How much con- tember 2008, concluding a month later in New York. Each fidence does the team have that the Alpha is ready? Even if team received a BASYS development board [12] contain- ing a Xilinx Spartan FPGA along with basic peripheral I/O. Figure 1 shows a schematic and picture of our experimental A. Baumgarten · M. Steffen · M. Clausman · J. Zambreno (B) Electrical and Computer Engineering, Iowa State University, Ames, IA, USA 1 While seemingly far-fetched, this hypothetical mirrors real-world e-mail: [email protected] events, as is highlighted in Sect. 3. 123 2 A. Baumgarten et al. RS232 (a) (b) Expansion Headers JTAG PS/2 XILINX Spartan 3E VGA USB LEDs Power Seven Segment Display DIP Switches Push Buttons Fig. 1 a Diagram of components used from the BASYS board; b Experimental setup setup. The original design of the Alpha required a PS/2 key- specifications of the project. This description, typically in board connected to the board for input and a VGA monitor a form of a hardware description language (HDL), is the along with a serial connection for output. Four other buttons intellectual property (IP) of the designer. When the design changed the state of the system. Xilinx ISE 10.1 was used stage is complete, the RTL moves into the synthesis stage as the development environment for the mixed-mode HDL as it begins a series of electronic design automation (EDA) code as well as for the generation of the FPGA bitstream steps using software tools from companies such as Cadence, while Modelsim SE 6.3 was used for simulation. Addition- Mentor Graphics, and Synopsys in order to produce a final- ally, our team made use of an oscilloscope, power supply, ized layout schematic (i.e. netlist). These steps begin with multimeter, thermometer, HAM radio, and custom circuits logic synthesis which converts the RTL design into a directed to verify the functionality of each Trojan. acyclic graph (DAG) representation. Logic optimization uses In normal operation of the Alpha device, messages typed complex heuristics to search for graph transformations in in plaintext on the keyboard display on the VGA monitor. order to optimize for a particular metric. Next, mapping heu- Pressing the encrypt button on the board sends the message ristics convert the graph into primitive gate representations. through an AES-128 encryption block with the key selected Placing and routing give each gate a physical location on the by the 5 dip switches.2 Finally, the transmit button sends the IC and establishes their interconnections. After the synthe- encrypted message over the serial port. The message receiver sis is complete, the foundry receives the synthesized design, uses the correct key to decrypt the message. For the pur- a blueprint of the circuit. The foundry can then prepare the pose of this contest, the organizers provided a C program masks and tool the machinery. Finally, the completed ICs are called encVerifier to receive and decrypt the message. For distributed to the end users. scoring the designs, the judges evaluated the completeness In the past, each hardware company could use an in-house, and uniqueness of the Trojans along with their ability to be vertical process for both design and fabrication. However, undetectable to a set of functional tests, deviation in power as transistor feature sizes and time-to-market continued to consumption, deviation in bitstream size, and their ability to shrink, coupled with the demands for lower-power, high pass a brief code inspection. performance ICs, the cost to establish a full-scale foundry became prohibitive (upwards of $4Billion) for many compa- nies. Because of these factors, the IC supply chain flattened, 3 Background and motivation clarifying the roles of the various parties. Hardware IP ven- dors emerged who specialize in designing functional units, 3.1 IC supply chain overview memories, and bus controllers. These vendors license their technology to others for use in their own IC designs. The IC The integrated circuit (IC) supply chain is the process by design companies integrate third-party IP along with their which a conceptual idea transforms into an IC. The pro- own IP to create an IC design. Finally, contract foundries cess starts with the IC designer who creates the register harness economies of scale as they spread the large capital transfer level (RTL) description of the IC according to the required to build the foundry among their clients. The entire supply chain is vulnerable [25], but specific attention must be focused on the HDL and the foundries. 2 There is an obvious cryptographic limitation in using 5 dip switches to select unique 128-bit keys, but conceivably a more elegant model In the same way that software describes what the pro- could be used for obtaining the key in a production environment. gram should do and is vulnerable to malicious descriptions, 123 A case study in hardware Trojan design and implementation 3 the HDL describes the operation of the circuit and is vul- (DOS) where some subset of the functionality fails to nerable to the inclusion of malicious circuitry. An attacker work as intended. who is able to add circuitry to the design by means of the 2. Gaining extra knowledge: Leaking sensitive information HDL has limitless potential and flexibility. Since the attack not originally intended to be leaked from the device. This occurs very early in the process, discerning malicious intent includes allowing a malicious user to capture the plain- becomes very hard to detect. text messages, the key used to encrypt those messages or any other information that would allow that gives the 3.2 Supply chain vulnerabilities malicious user more knowledge about the system then originally intended. The concerns that arise from IC fabrication fit into three basic 3. Exercising additional functionality: Utilizing the device categories: Metering, Theft, and Trust. Each of these catego- for a function in which it is not intended to be utilized. ries broadly addresses the production of extra ICs beyond the In this attack, the device may function correctly, produce purchase order, unauthorized access to information including the correct outputs, and not leak information, but it still the IP, and the tampering of ICs received from the foundry. may be used in a manner not intended by the original The 2008 CSAW competition focused on the issue of trust, specifications. but a discussion of metering and theft rounds out the back- ground. 3.2.2 Metering The second category of concern, metering, deals with the 3.2.1 Trust number of ICs produced and for whom. The concept of water- marking has been applied to several technologies including As the trend of “fabless” semiconductor companies contin- hardware IP [24]. In this case, it is only a partial solution ues to increase, so does the trust placed in the hands of the that identifies the IP and not the IC.
Load more

Recommended publications
  • Detecting Hardware Trojans Inserted by Untrusted Foundry Using Physical Inspection and Advanced Image Processing
    Noname manuscript No. (will be inserted by the editor) Detecting Hardware Trojans Inserted by Untrusted Foundry using Physical Inspection and Advanced Image Processing Nidish Vashistha · M Tanjidur Rahman · Haoting Shen · Damon L Woodard · Navid Asadizanjani · Mark Tehranipoor Received: date / Accepted: date Abstract Hardware Trojans are malicious changes to Trojan. Here, we are only concerned with untrusted the design of integrated circuits (ICs) at different stages foundry problem, where it is assumed the end-user has of the design and fabrication process. Different approac- access to a golden layout/image of the IC. This is a hes have been developed to detect Trojans namely: non- common threat model for those organizations that fully destructive (electrical tests like run-time monitoring, design their IC but need access to untrusted foundry functional and structural tests) and destructive testing for fabrication. SEM image from a backside thinned (full chip reverse engineering). However, none of the golden IC is compared with a low-quality SEM image of previously developed methods can be used to detect all an IC under authentication (IUA). We perform image types of Trojans and they all suffer from a number of dis- processing to both golden IC & IUA images to remove advantages such as low speed of detection, low accuracy, noise. We develop a computer vision based algorithm low confidence level and poor coverage of Trojan types. to detect hardware Trojans based on their structural Based on our literature survey of Trojan benchmarks, similarity. The results demonstrate that our technique majority of the hardware Trojans implemented in an IC is quite effective at detecting Trojans and significantly will leave a footprint at the active layer.
    [Show full text]
  • Leveraging Logic Masking to Facilitate Hardware Trojan Detection Methods Arash Nejat
    Leveraging Logic Masking to Facilitate Hardware Trojan Detection Methods Arash Nejat To cite this version: Arash Nejat. Leveraging Logic Masking to Facilitate Hardware Trojan Detection Methods. Mi- cro and nanotechnologies/Microelectronics. Université Grenoble Alpes, 2019. English. NNT : 2019GREAT004. tel-03132626 HAL Id: tel-03132626 https://tel.archives-ouvertes.fr/tel-03132626 Submitted on 5 Feb 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE Pour obtenir le grade de DOCTEUR DE LA COMMUNAUTÉ UNIVERSITÉ GRENOBLE ALPES Spécialité : NANO ELECTRONIQUE ET NANO TECHNOLOGIES Arrêté ministériel : 25 mai 2016 Présentée par Arash NEJAT Thèse dirigée par Vincent BEROULLE , Enseignant-chercheur, Grenoble INP et codirigée par David HELY, Maitre de Conférence, Grenoble INP préparée au sein du Laboratoire Laboratoire de conception et d'intégration des systèmes dans l'École Doctorale Electronique, Electrotechnique, Automatique, Traitement du Signal (EEATS) Tirer parti du masquage logique pour faciliter les méthodes de détection des chevaux de Troie
    [Show full text]
  • Hardware Trojans – Prevention, Detection, Countermeasures (A Literature Review)
    UNCLASSIFIED Hardware Trojans – Prevention, Detection, Countermeasures (A Literature Review) Mark Beaumont, Bradley Hopkins and Tristan Newby Command, Control, Communications and Intelligence Division Defence Science and Technology Organisation DSTO–TN–1012 ABSTRACT A Hardware Trojan is a malicious, undesired, intentional modification of an electronic circuit or design, resulting in the incorrect behaviour of an electronic device when in operation – a back-door that can be inserted into hardware. A Hardware Trojan may be able to defeat any and all security mechanisms (software or hardware-based) and subvert or augment the normal operation of an infected device. This may result in modifications to the functionality or specification of the hardware, the leaking of sensitive information, or a Denial of Service (DoS) attack. Understanding Hardware Trojans is vital when developing next generation de- fensive mechanisms for the development and deployment of electronics in the presence of the Hardware Trojan threat. Research over the past five years has primarily focussed on detecting the presence of Hardware Trojans in infected devices. This report reviews the state-of-the-art in Hardware Trojans, from the threats they pose through to modern prevention, detection and countermeasure techniques. APPROVED FOR PUBLIC RELEASE UNCLASSIFIED DSTO–TN–1012 UNCLASSIFIED Published by DSTO Defence Science and Technology Organisation PO Box 1500 Edinburgh, South Australia 5111, Australia Telephone: (08) 7389 5555 Facsimile: (08) 7389 6567 c Commonwealth of Australia 2011 AR No. 015-008 July, 2011 APPROVED FOR PUBLIC RELEASE ii UNCLASSIFIED UNCLASSIFIED DSTO–TN–1012 Hardware Trojans – Prevention, Detection, Countermeasures (A Literature Review) Executive Summary Electronic systems have proliferated over the past few decades to the point that most aspects of daily life are aided or affected by the automation, control, monitoring, or com- putational power provided by Integrated Circuits (ICs).
    [Show full text]
  • Hardware Security and VLSI Design Optimization
    Wright State University CORE Scholar Browse all Theses and Dissertations Theses and Dissertations 2018 Hardware Security and VLSI Design Optimization Hao Xue Wright State University Follow this and additional works at: https://corescholar.libraries.wright.edu/etd_all Part of the Engineering Commons Repository Citation Xue, Hao, "Hardware Security and VLSI Design Optimization" (2018). Browse all Theses and Dissertations. 2206. https://corescholar.libraries.wright.edu/etd_all/2206 This Dissertation is brought to you for free and open access by the Theses and Dissertations at CORE Scholar. It has been accepted for inclusion in Browse all Theses and Dissertations by an authorized administrator of CORE Scholar. For more information, please contact [email protected]. HARDWARE SECURITY AND VLSI DESIGN OPTIMIZATION A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy By HAO XUE M.S.Eg., Wright State University, USA, 2013 B.S., Taiyuan University of Technology, China, 2010 2018 Wright State University WRIGHT STATE UNIVERSITY GRADUATE SCHOOL December 4, 2018 I HEREBY RECOMMEND THAT THE DISSERTATION PREPARED UNDER MY SUPERVISION BY Hao Xue ENTITLED Hardware Security and VLSI Design Optimization BE ACCEPTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF Doctor of Philosophy. ___________________________ Saiyu Ren, Ph.D. Dissertation Director ___________________________ Arnab K. Shaw, Ph.D. Director, Electrical Engineering Ph.D. Program ___________________________ Barry Milligan, Ph.D. Interim Dean of the Graduate School Committee on Final Examination ___________________________ Saiyu Ren, Ph.D. ___________________________ Ray Siferd, Ph.D. ___________________________ Marty Emmert, Ph.D. ___________________________ Marian Kazimierczuk, Ph.D. ___________________________ Yan Zhuang, Ph.D.
    [Show full text]
  • IEEE Paper Template in A4
    INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 06, JUNE 2020 ISSN 2277-8616 Reduction Of Hardware Trojan Effect Using Multipath Authentication P. Bosebabu, K. Siva Nagaraju, B. Chanikya, P. Ritish Kumar Abstract: with increase of Integrated Circuit (IC) manufacturing foundries and fabrication units, security of an IC gains its importance. The manufacturing of IC is having many stages like designing, assembling, packaging, etc. Hardware Trojans can be implantable at any of these stages by the foundries or third-party vendors. Hardware Trojan is a malicious, undesired, intentional, modification of an electronic circuit or design, resulting leakage of data or incorrect behaviour of an electronic device. The Cryptographic algorithms play an important role in information security and protection of data from unauthorised usage. The proposed AES crypto processor model is having a authentication monitoring which will detect hardware Trojan triggering, alerts the user and takes necessary actions for retrieving original data. With help of proposed system, the reduction of effect of hardware Trojan can be achievable. Keywords: Hardware Trojan, Cryptography, IC security, AES. ———————————————————— 1. INTRODUCTION 2. RELATED WORK In recent years, the usage of semiconductor devices has rapidly increased. Integrated Circuit (IC) has become the A. Hardware Trojan foremost part of every stream like military, government, Hardware Trojan consist of two parts, trigger and payload. commercialization, etc. Chip manufacturing cycle involves Trigger is an activation condition or event that triggers the Specification, Architectural design, Functional and Logical payload in active state. Payload is an activity that executed design, Circuit design, Physical design, Fabrication, Packaging whenever Trojan is activated or triggered.
    [Show full text]
  • Trojans in Early Design Steps—An Emerging Threat
    Trojans in Early Design Steps—An Emerging Threat Ilia Polian∗, Georg T. Beckery, and Francesco Regazzoniz ∗Universitat¨ Passau, Germany yHorst Gortz¨ Institute for IT Security, Ruhr-Universitat¨ Bochum, Germany zALARI, University of Lugano, Switzerland Abstract—Hardware Trojans inserted by malicious foundries II. BACKGROUND during integrated circuit manufacturing have received substantial attention in recent years. In this paper, we focus on a different The term “hardware Trojans” historically referred to threats type of hardware Trojan threats: attacks in the early steps of associated with outsourcing of advanced semiconductor man- design process. We show that third-party intellectual property ufacturing into potentially untrustworthy countries [1]. The cores and CAD tools constitute realistic attack surfaces and that foundry would receive circuit layout information (in GDS II even system specification can be targeted by adversaries. We or a similar format) and, possibly, further design data, in order discuss the devastating damage potential of such attacks, the to produce masks and manufacture the circuit. The alleged applicable countermeasures against them and their deficiencies. threat consists in an intentional—and malicious—modification I. INTRODUCTION of the circuit by the foundry before manufacturing, such that the fabricated chip has critical deviations from its layout as Historically, IT security concentrated on attack scenarios provided by its author. targeting software and communication networks, but more recently, the system hardware moved into the focus of attack- However, the modern understanding of hardware Trojans ers. Hardware-related threats are relevant even for extremely includes all malicious modifications of a circuit during its cre- software-dominated systems, which still contain some amount ation: by an untrusted foundry (as discussed above), but also by of hardware on which the software runs; compromising this rogue in-house designers, by third-party intellectual-property hardware makes the entire system vulnerable.
    [Show full text]
  • Design and Validation for Fpga Trust Under Hardware Trojan Attacks 3
    1 186 186 186 IEEEIEEE TRANSACTIONS TRANSACTIONS ON MULTI-SCALE ON MULTI-SCALEIEEE COMPUTING TRANSACTIONS COMPUTING SYSTEMS, SYSTEMS, ON MULTI-SCALE VOL. VOL. 2, NO. 2, COMPUTING 3,NO. JULY-SEPTEMBER 3, JULY-SEPTEMBER SYSTEMS, 2016 VOL. 2016 2, NO. 3, JULY-SEPTEMBER 2016 DesignDesign andDesign and ValidationDesign Validation and and Validation for for Validation FPGA FPGA for Trust Trust for FPGA FPGA Trust Trust under underunder Hardware HardwareunderHardware Trojan Trojan Hardware Attacks Attacks Trojan Trojan Attacks Attacks Sanchita Mal-Sarkar, Member, IEEE, Robert Karam, Student Member, IEEE, SanchitaSanchita Mal-Sarkar, Mal-Sarkar,Member,Member,SeetharamSanchita IEEE IEEE Mal-Sarkar,, Robert Narasimhan,, Robert Karam, Karam,Member,Member,StudentStudent IEEE IEEEMember,, RobertMember,, Anandaroop IEEE Karam, IEEE, ,Student Ghosh, Member, Aswin Krishna, IEEE, SeetharamSeetharam Narasimhan, Narasimhan,Member,SeetharamMember, IEEEand IEEE Narasimhan,, Swarup Anandaroop, Anandaroop Bhunia,Member, Ghosh, Ghosh,Senior IEEE Member,, Anandaroop IEEE Ghosh, AswinAswin Krishna, Krishna,StudentStudent Member,Aswin Member, Krishna, IEEE IEEE, and,Student and Swarup Swarup Member, Bhunia, Bhunia, IEEESeniorSenior, and Member, Member,Swarup IEEE Bhunia, IEEE Senior Member, IEEE Abstract—Field programmable gate arrays (FPGAs) are being increasingly used in a wide range of critical applications, including industrial, automotive, medical, and military systems. Since FPGA vendors are typically fabless, it is more economical to outsource Abstract—Abstract—FieldField programmable programmable gate gateAbstract— arrays arrays (FPGAs) (FPGAs)Field areprogrammable beingare being increasingly increasingly gate arrays used used (FPGAs) in a inwide a wide are range being range of critical increasingly of critical applications, applications, used in including a wide including range of critical applications, including device production to off-shore facilities.
    [Show full text]
  • TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits Tony F
    TCAD-2015-0006 1 TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits Tony F. Wu, Student Member, Karthik Ganesan, Student Member, Yunqing Alexander Hu, Student Member, H.-S. Philip Wong, Fellow, Simon Wong, Fellow, Subhasish Mitra, Fellow Abstract— There are increasing concerns about possible we stop a hardware Trojan from being inserted. Part of the malicious modifications of integrated circuits (ICs) used in challenge in detecting or preventing hardware Trojans arises critical applications. Such attacks are often referred to as from the fact that the methods for inserting Trojan attacks are hardware Trojans. While many techniques focus on hardware numerous (e.g., [2][5] for a comprehensive list). Trojan detection during IC testing, it is still possible for attacks out to go undetected. Using a combination of new design techniques a) c) Vdd Vdd and new memory technologies, we present a new approach that + in detects a wide variety of hardware Trojans during IC testing and out Vdd/2 b) D Q also during system operation in the field. Our approach can also in prevent a wide variety of attacks during synthesis, clk 0 Vdd/2 Vdd place-and-route, and fabrication of ICs. It can be applied to any Fig. 1. Examples of hardware Trojans. a) Modification of functional behavior digital system, and can be tuned for both traditional and through logic changes; b) Electrical changes such as changing timing split-manufacturing methods. We demonstrate its applicability characteristics; c) Reliability changes such as accelerating aging with NBTI. for both ASICs and FPGAs. Using fabricated test chips with Trojan emulation capabilities and also using simulations, we Trojan insertion methods include (but are not limited to): demonstrate: 1.
    [Show full text]
  • Hardware Trojan Detection Solutions and Design-For-Trust Challenges
    RESEARCH FEATURE Hardware Trojan Detection Solutions and Design-for-Trust Challenges Mohammad Tehranipoor, Hassan Salmani, Xuehui Zhang, and Xiaoxiao Wang University of Connecticut Ramesh Karri, Jeyavijayan Rajendran, and Kurt Rosenfeld Polytechnic Institute of New York University Globalization of the semiconductor industry and evolving fabrication processes have made integrated circuits increasingly vulnerable to Trojans. Researchers must expand efforts to verify trust in intellectual property cores and ICs. ulnerabilities in the current integrated circuit (IC) a trusted design center and foundry, it is expensive and development process have raised serious concerns economically infeasible given current trends in the glo- about possible threats from hardware Trojans balization of IC design and fabrication. On the other hand, to military, financial, transportation, and other verifying trustworthiness requires a postmanufacturing V 1-4 critical systems. An adversary can introduce a Trojan step to validate conformance of the fabricated IC to the through an IC that will disable or destroy a system at some original functional and performance specifications. specific future time. Alternatively, an attacker can design a wire or some other IC component to survive the testing HARDWARE TROJANS phase but fail before the expected lifetime. A hardware A system-on-chip (SoC) design can contain several lay- Trojan can also covertly cause a system to leak confiden- ered and interconnecting functional components, including tial information or secret keys.
    [Show full text]
  • Interdiction in Practice – Hardware Trojan Against a High-Security USB Flash Drive
    Interdiction in Practice { Hardware Trojan Against a High-Security USB Flash Drive Pawel Swierczynski1, Marc Fyrbiak1, Philipp Koppe1, Amir Moradi1, Christof Paar1,2 IEEE Fellow Abstract As part of the revelations about the NSA Keywords hardware Trojan, · real world attack, · activities, the notion of interdiction has become known FPGA security, · AES to the public: the interception of deliveries to manipu- late hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hard- 1 Introduction ware level. With respect to hardware, FPGAs are par- ticular interesting targets as they can be altered by In this section we provide an overview of our research manipulating the corresponding bitstream which con- and related previous works in the area of hardware Tro- figures the device. In this paper, we demonstrate the jans and Field Programmable Gate Array (FPGA) se- first successful real-world FPGA hardware Trojan in- curity. sertion into a commercial product. On the target de- vice, a FIPS-140-2 level 2 certified USB flash drive from Kingston, the user data is encrypted using AES-256 in 1.1 Motivation XTS mode, and the encryption/decryption is processed by an off-the-shelf SRAM-based FPGA. Our investiga- As a part of the revelations by Edward Snowden, it be- tion required two reverse-engineering steps, related to came known that the National Security Agency (NSA) the proprietary FPGA bitstream and to the firmware allegedly intercepts communication equipment during of the underlying ARM CPU. In our Trojan insertion shipment in order to install backdoors [28]. For instance, scenario the targeted USB flash drive is intercepted be- Glenn Greenwald claims that firmware modifications fore being delivered to the victim.
    [Show full text]
  • Hardware Security and Trust: a New Battlefield of Information
    Hardware Security and Trust: A New Battlefield of Information Gang Qu University of Maryland, College Park, MD 20742, USA [email protected] Abstract. Hardware security and trust has received a lot of attention in the past 25 years. The purpose of this paper is to introduce the fundamental problems related to hardware security and trust to audiences who do not necessarily have hardware design background. In order to do that, we first discuss the evolving roles of hardware in security from an enable to an enhancer and now an enforcer as it get involves more and more in system security. Then we review the following key problems in hardware security, physical attacks, side channel analysis, intellectual property protection, hardware Trojan, hardware security primitives, and applications in security and trust. We provide a novel view of these problems and the corresponding solutions from the perspective of information battle between the attackers and designers, where we consider three types of information: data collected, processed, and stored by the hardware; information hidden in the design as watermark, fingerprint, and Trojans; and the chip fabrication variations that can be extracted and utilized. It is interesting to see how the hardware security and trust problems can be unified under this framework of information battle (stealing and protection). Unfortunately, there are more unknowns and challenges than what we have discovered on this framework as we illustrated in the section of open problems. However, the emerging Internet of Things and cyber physical systems have provided a large application field for researchers and practitioners to work on hardware based lightweight security.
    [Show full text]
  • 6 Hardware Trojans: Lessons Learned After One Decade of Research
    Hardware Trojans: Lessons Learned after One Decade of Research K. XIAO, ECE Department, University of Connecticut D. FORTE, ECE Department, University of Florida Y. J I N , EECS Department, University of Central Florida R. KARRI, ECE Department, Polytechnic Institute of New York University S. BHUNIA and M. TEHRANIPOOR, ECE Department, University of Florida Given the increasing complexity of modern electronics and the cost of fabrication, entities from around the globe have become more heavily involved in all phases of the electronics supply chain. In this environment, hardware Trojans (i.e., malicious modifications or inclusions made by untrusted third parties) pose major security concerns, especially for those integrated circuits (ICs) and systems used in critical applications and cyber infrastructure. While hardware Trojans have been explored significantly in academia over the last decade, there remains room for improvement. In this article, we examine the research on hardware Trojans from the last decade and attempt to capture the lessons learned. A comprehensive adversarial model taxonomy is introduced and used to examine the current state of the art. Then the past countermeasures and publication trends are categorized based on the adversarial model and topic. Through this analysis, we identify what has been covered and the important problems that are underinvestigated. We also identify the most critical lessonsr for those new to the field and suggest a roadmap for future hardware Trojan research. CCS Concepts: Hardware → Safety critical systems Additional Key Words and Phrases: Hardware security and trust, hardware Trojan attacks, countermea- sures, attack model ACM Reference Format: K. Xiao, D. Forte, Y. Jin, R.
    [Show full text]