Introduction To The Hardware Trojan Problem
2y ago
76 Views
1 Downloads
1.38 MB
33 Pages
Report/dmca
Download PDF

Transcription

Introduction to the Hardware TrojanProblem

Globalization Companies worldwidedevelop ICs Designed, Fabricated, andAssembled separatelyo More companies, morevulnerabilitieso Fab-less Designers

Globalization IP Coreso Reusable moduleso Licensed to designerso Present at eachabstraction level SoC Designs Too costly to reverseglobalization

HW ThreatsIP VendorSystemIntegratorManufactureAny of these steps can be untrusted4

HW ThreatsIP VendorIP TrustSystemIntegratorManufactureUntrusted5IC Trust

Issues with Third IP DesignCompany XSystem-on-chip (SoC)Company YCompany ZCompany V6Company W

Issues with Third IP DesignCompany XSystem-on-chip (SoC)Company ZThese companies are located acrossthe worldThere is no control on the designprocessCompany V7Company WCompany Y

HW ThreatsIP VendorSystemIntegratorIP PiracySystem TrustManufactureUntrusted8IC Trust

HW ThreatsIP ed FoundryIC TrustIC Piracy (Counterfeiting)Secure Manufacturing Test

IC/IP Trust ProblemChip design and fabrication is becoming increasinglyvulnerable to malicious activities and alterations withglobalizationDesign and Foundry:A designer/foundry can add functionality to the designAn adversary can introduce:A Trojan designed to disable and/or destroy a system at somefuture timeA Trojan that may serve to leak confidential information covertlyto the adversary10

IC/IP Trust ProblemU.S.Senate,2003 is becomingChip designandfabricationincreasinglyvulnerableto maliciousactivitiesDefenseScienceBoard, and2005alterations withglobalizationSemiconductor Equipment andDesign and Foundry:Materials Industry (SEMI), 2008A designer/foundry can add functionality to the designIEEEcanSpectrum,2008An adversaryintroduce:IEEESymposiumHardwareA Trojandesignedto disableonand/ordestroy a system at somefuture timeOriented Security and Trust (HOST)A Trojan that may serve to leak confidential information covertlyMore articles have addressed this issueto the adversarywithin the last few years11

ASIC Design Process – Untrusted FoundryCAD gTest ProcessTrustedEitherUntrusted12STD CellsModelsDesignSpecificationDesignFab InterfaceWafer ProbeMaskDice & PackageIC Authentication:Trojan Detectionand IsolationFabPackage TestDeploy andMonitor

Untrusted Designer and FoundryCAD ToolsIPSTD est cationMaskFabDesignFab InterfaceWafer ProbeDice & PackageIC Authentication:Trojan Detectionand IsolationPackage TestDeploy and Monitor

Applications and ThreatsThousands ofchips are beingfabricated inuntrustedfoundries14

Hardware Trojan – Back Door Adversary can send andreceive secret informationAntennaUntrusted Hardware Adversary can place an Antenna on thefabricated chip Such Trojan cannot be detected since itdoes not change the functionality of thecircuit.15 Adversary can disable thechip, blowup the chip,send wrong processingdata, impact circuitinformation etc.

Time BombCounterFinite state machine (FSM)Comparator to monitor key dataWires/transistors that violate design rulesUntrusted Hardware Such Trojan cannot be detectedsince it does not change thefunctionality of the circuit. In some cases, adversary haslittle control on the exact time ofTrojan action Cause reliability issue16

Defining the ProblemPhoto Credit: Meter Mulligan. 2007. Under the Creative Commons license.

Hardware vs. Software TrojansHardware TrojansA Trojan is inserted into an ICOnce inserted, the Trojan behavior cannot changeAn IC is very much like a black box, a Trojan cannot be observedSoftware TrojansA Trojan is part of the code in softwareA Trojan behavior can changeA Trojan can be added to a software via networkOnce identified, it can be removed and added to a database to look forit in the future18

TaxonomyKarri, R.; Rajendran, J.; Rosenfeld, K.; Tehranipoor, M.; ,"Trustworthy Hardware: Identifying and Classifying HardwareTrojans," Computer , vol.43, no.10, pp.39-46, Oct. 2010

Taxonomy: Insertion Phase

Taxonomy: Abstraction Level

Case Study: RTL Trojan Code segment of 8051microprocessor in VHDL Trojan changes programcounter behavioro Increment maps toaccumulator jumpo Behaves normally whileinactive Cannot directly controlnumber of gates used

Case Study: Gate Level Trojan Gate Level Trojan toattack cryptographichardwareo Trigger seeks"10100011"o On trigger, encryptionis skipped Particular gates used canbe controlledo Location cannot Practical GL Trojans arein netlist form

Taxonomy: Activation Mechanism Also called the "trigger" A rare trigger makes aTrojan stealthiero not always possible Adversary goal:o Adversary can predictor induce triggeringo User / chip testercannot

Internal vs. External Externally Triggeredo Depends directly onexternal inputso Can be both user andcomponent driveno e.g. transmitter Internalo Can also includeinternal signals

Case Study: Physical Condition

Case Study: Time Bomb Trigger Subclass of time-basedo Called "time bomb" Weaknesseso What if chip testerwaits long enough?o Increasing timeincreases area O(log2(n))Example:1GHz * 1 day 8 x 1013log2(8 x 1013) 47 bits

Case Study: Time based trigger

Taxonomy: Effects For triggered Trojans alsocalled the "payload" Functional Changes mustbe triggeredo Otherwise they are notstealthy Information leakageassociated withcryptography Is it possible to make atriggered performancealtering Trojan?

Case Study: Triggered PerformanceDegradation RO activates frequentlyburning the chip. Requires long triggerpulsewidtho Activation probabilityshould still be lowo Can use latch

Case Study: Key Leaking Trojan MOVX A ATDPTRimplies the key is beingmoved from the acc. Requires just two 2:1multiplexiers to Is this the activation rareenough?o Opcodes are easilymanipulatedo 232 4.3 x 109o x 100MHz 50so Assume instructionsare 1-9 cyclesIn FSM Controller:In Memory Controller:

Taxonomy: Location Location refers to the partof the systemo It does not refer tophysical placement Not all Trojans will have asingle or any location Location likely impliesimplies eithero Activation mechanismo Effect

Taxonomy: Physical Characteristics Distribution: is the Trojanspread out?o distributed Trojans willimpact uniformly Structureo If the layout changes,detection is trivial Trojans have anarea constrainto Detection schemesassume unchanged

An IC is very much like a black box, a Trojan cannot be observed Software Trojans A Trojan is part of the code in software A Trojan behavior can change A Trojan can be added to a software via network Once identified, it can be removed and added to a database to look for it in the future . Taxonomy Karri, R.; Rajendran, J.; Rosenfeld, K.; Tehranipoor, M.; , "Trustworthy Hardware: Identifying .

Related Books

Hardware Trojan Detection through Information Flow .

Hardware Trojan Detection through Information Flow .

Supplier of Quality Window Hardware Hardware Catalog

Supplier of Quality Window Hardware Hardware Catalog

DeepInspect: A Black-box Trojan Detection and Mitigation .

DeepInspect: A Black-box Trojan Detection and Mitigation .

USC Trojan Care EPO Plan

USC Trojan Care EPO Plan

ITT 270 Introduction to Computer Hardware

ITT 270 Introduction to Computer Hardware

B B - Formetco Hardware

B B - Formetco Hardware

Epicor ERP 10 Hardware Sizing Guide

Epicor ERP 10 Hardware Sizing Guide

DDS EX9188END Series Hardware & Software Manual

DDS EX9188END Series Hardware & Software Manual

Hardware Recommendations for SOLIDWORKS 2016

Hardware Recommendations for SOLIDWORKS 2016

INFRASTRUCTURE: HARDWARE, NETWORKING, SOFTWARE, AND .

INFRASTRUCTURE: HARDWARE, NETWORKING, SOFTWARE, AND .

COMPUTER HARDWARE REPAIRS AND MAINTENANCE

COMPUTER HARDWARE REPAIRS AND MAINTENANCE

Complete A Guide to IT Hardware and Software

Complete A Guide to IT Hardware and Software

PopularTags

Recent Views