1 / 40

Securing the core root of trust ( research in secure hardware design and test )

Securing the core root of trust ( research in secure hardware design and test ). Who can attack your system?. Hobby (class I) Obsession (class II) Job (class III). D. Abraham, G. Dolan, G. Double, and J. Stevens. Transaction Security System. IBM Systems Journal 30(2): 206-229, 1991.

noah
Télécharger la présentation

Securing the core root of trust ( research in secure hardware design and test )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing the core root of trust(research in secure hardware design and test)

  2. Who can attack your system? • Hobby (class I) • Obsession (class II) • Job (class III) D. Abraham, G. Dolan, G. Double, and J. Stevens. Transaction Security System. IBM Systems Journal 30(2): 206-229, 1991.

  3. How can your system be compromised? • Application software • Protocols • Operating system software

  4. Is the problem worth my time? Source: http://www.uscc.gov/annual_report/2008/annual_report_full_09.pdf, , page 168 US-China economic and security review commission hearing on China's proliferation practices and the development of its cyber and space warfare capabilities, testimony of Col. Gary McAlum.

  5. How can your system be protected? • Fix applications • Fix protocols • Fix operating systems

  6. This assumes that… “the core root of trust” is secure

  7. But… “the core root of trust” is secure

  8. Outline • threat models • defenses • conclusions

  9. Threat models for hardware • Sidechannels • Power dissipation • Timing variation • Test infrastructure • Faults • interactions between side channels • Cloning • Overbuilding • Reverse Engineering • Trojans

  10. An example: test infrastructure side channel

  11. Data Encryption Standard (DES) Round Key Ki Ri Li r Expansion + a b S-box S-box c Permutation d + Ri+1 Li+1

  12. DES layout

  13. test infrastructure • scan chain • test data input, TDI • test data output, TDO • test clock, TCK • test mode select, TMS • test reset chain all flip flops in a design

  14. attack step 1 identify critical registers

  15. attack step 2 apply selected inputs • 3 plain texts • 2 clock cycles in normal mode (plaintext reaches R,L) • 198 clock cycles in test mode (R0, L0 scanned out) • 1 clock cycle in normal mode (plaintext reaches R, L) • 198 clock cycles in test mode (R1, L1 scanned out) • 399×3=1197 clock cycles

  16. Can leak secrets from DES, AES etc • >80 % of all ASICs use scan chains for test/debug • Readback/test infrastructure in FPGAs • Load configuration stream • Read-out bitstream for debug

  17. A fix: secure scan Power off Secure normal Insecure test normal

  18. Secure scan Power off Secure normal Insecure test normal Standards compliant 3rd Prize, 2008-2009 IEEE TTTC PhD dissertation contest

  19. Hardware threat models • Sidechannels • Power dissipation • Timing variation • Test infrastructure • Faults • interactions between side channels • Cloning • Overbuilding • Reverse Engineering • Trojans

  20. Background: IC design process U U D D F U T D: Design, F: Fabrication T: Test, U: User

  21. Reverse engineering Rev. engineering U U D D F U T D: Design, F: Fabrication T: Test, U: User

  22. 3500 counterfeit Cisco networking components recovered • estimated retail value ~ $3.5 million

  23. Cloning U U D D F U cloning T D: Design, F: Fabrication T: Test, U: User

  24. Hardware Trojans Trojans U U D D F U T D: Design, F: Fabrication T: Test, U: User

  25. The kill switch ? IEEE Spectrum, 2008

  26. Only 2% of ~$3.5 billion of DoD ICs manufactured in trusted foundries !!!

  27. Taxonomy of trojans

  28. Trojan challenge Leak AES key 40 registrations, 10 finalists, 3 winners, 2 honorable mentions http://isis.poly.edu/csaw/embedded

  29. Trojans in the development cycle

  30. Trojans at different abstractions

  31. Location of the inserted trojans

  32. Where are the trojans inserted? 2 1 3 4

  33. Next steps • develop defenses • investigate effectiveness • developing benchmarks • metrics?

  34. Physically unclonable functions Uses physical structure of a device to give a unique response Used as device IDs The ring oscillator frequency varies with process variations.

  35. A trojan defense

  36. PUF gives unique ID to hardware Can we give a unique ID to a design?

  37. A preliminary defense

  38. Next steps • develop defenses • investigate effectiveness • developing benchmarks • metrics?

  39. Questions? rkarri@duke.poly.edu, 917 363 9703

More Related