Securing the core root of trust research in secure hardware design and test
Download
1 / 40

Securing the core root of trust ( research in secure hardware design and test ) - PowerPoint PPT Presentation


  • 79 Views
  • Uploaded on

Securing the core root of trust ( research in secure hardware design and test ). Who can attack your system?. Hobby (class I) Obsession (class II) Job (class III). D. Abraham, G. Dolan, G. Double, and J. Stevens. Transaction Security System. IBM Systems Journal 30(2): 206-229, 1991.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Securing the core root of trust ( research in secure hardware design and test ) ' - noah


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Securing the core root of trust research in secure hardware design and test

Securing the core root of trust(research in secure hardware design and test)


Who can attack your system?

  • Hobby (class I)

  • Obsession (class II)

  • Job (class III)

D. Abraham, G. Dolan, G. Double, and J. Stevens. Transaction Security System. IBM Systems Journal 30(2): 206-229, 1991.


How can your system be compromised?

  • Application software

  • Protocols

  • Operating system software


Is the problem worth my time?

Source: http://www.uscc.gov/annual_report/2008/annual_report_full_09.pdf, , page 168

US-China economic and security review commission hearing on China's proliferation practices and the development of its cyber and space warfare capabilities, testimony of Col. Gary McAlum.


How can your system be protected?

  • Fix applications

  • Fix protocols

  • Fix operating systems


This assumes that…

“the core root of trust” is secure


But…

“the core root of trust” is secure


Outline

  • threat models

  • defenses

  • conclusions


Threat models for hardware

  • Sidechannels

    • Power dissipation

    • Timing variation

    • Test infrastructure

    • Faults

    • interactions between side channels

  • Cloning

  • Overbuilding

  • Reverse Engineering

  • Trojans



Data Encryption Standard (DES)

Round Key Ki

Ri

Li

r

Expansion

+

a

b

S-box

S-box

c

Permutation

d

+

Ri+1

Li+1



test infrastructure

  • scan chain

  • test data input, TDI

  • test data output, TDO

  • test clock, TCK

  • test mode select, TMS

  • test reset

chain all flip flops in a design


Attack step 1
attack step 1

identify critical registers


attack step 2

apply selected inputs

  • 3 plain texts

    • 2 clock cycles in normal mode (plaintext reaches R,L)

    • 198 clock cycles in test mode (R0, L0 scanned out)

    • 1 clock cycle in normal mode (plaintext reaches R, L)

    • 198 clock cycles in test mode (R1, L1 scanned out)

  • 399×3=1197 clock cycles



A fix: secure scan

Power off

Secure

normal

Insecure

test

normal


Secure scan

Power off

Secure

normal

Insecure

test

normal

Standards compliant

3rd Prize, 2008-2009 IEEE TTTC PhD dissertation contest


Hardware threat models

  • Sidechannels

    • Power dissipation

    • Timing variation

    • Test infrastructure

    • Faults

    • interactions between side channels

  • Cloning

  • Overbuilding

  • Reverse Engineering

  • Trojans


Background: IC design process

U

U

D

D

F

U

T

D: Design, F: Fabrication

T: Test, U: User


Reverse engineering

Rev. engineering

U

U

D

D

F

U

T

D: Design, F: Fabrication

T: Test, U: User



Cloning

U

U

D

D

F

U

cloning

T

D: Design, F: Fabrication

T: Test, U: User


Hardware Trojans

Trojans

U

U

D

D

F

U

T

D: Design, F: Fabrication

T: Test, U: User


The kill switch ?

IEEE Spectrum, 2008


Only 2% of ~$3.5 billion of DoD ICs manufactured in

trusted foundries !!!



Trojan challenge

Leak AES key

40 registrations, 10 finalists, 3 winners, 2 honorable mentions

http://isis.poly.edu/csaw/embedded





Where are the trojans inserted?

2 1 3 4


Next steps

  • develop defenses

    • investigate effectiveness

    • developing benchmarks

    • metrics?


Physically unclonable functions
Physically unclonable functions

Uses physical structure of a device to give a unique response

Used as device IDs

The ring oscillator frequency varies with process variations.



PUF gives unique ID to hardware

Can we give a unique ID to a design?



Next steps

  • develop defenses

    • investigate effectiveness

    • developing benchmarks

    • metrics?



ad