A2:$Analog$Malicious$Hardware$ - PowerPoint PPT Presentation

A2:$Analog$Malicious$Hardware$ Kaiyuan$Yang,$Ma8hew$Hicks,$Qing$Dong,$Todd$Aus>n,$and$Dennis$ Sylvester$ $ University$of$Michigan$

Founda>ons$are$important$ 2$

Applica5ons) Opera5ng)System) Weakened$hardware$ Hypervisor) weakens$the$en>re$ system$ Firmware) Untrusted) Hardware) 3$

SoIware$security$success$forces$a8ackers$to$ lower$layers$ 4$

SoIware$security$success$forces$a8ackers$to$ lower$layers$ rootkits malicious hypervisors bootkits malicious hardware 5$

Visual)Inspec5on) Dynamic)+)Sta5c) Analysis) Side)Channels) ) ) ) ) catches$a8acks$that$are$small$ catches$a8acks$that$are$large$ because$they$are$always$on$ because$they$use$addi>onal$ logic$to$hide$from$dynamic$ ) analysis$ 6$

Challenge: $construct$an$a8ack$that$is$stealthy$ and$small$$ 7$

Challenge: $construct$an$a8ack$that$is$stealthy$ and$small$$ 8$

Two$threats,$we$focus$on$the$stage$that$restricts$ the$a8acker$the$most$ BackTend$house$ Foundry$ netlist$ GDSII$ 9$

We$leverage$analog$behavior$to$construct$an$ a8ack$that$is$stealthy$and$small$$ on_every(RBACE)/do/ ///if(count/==/12345)/then/ //////do_attack()/ ///else/ //////count/=/count/+/1/ done/ RBACE $=$rare,$but$a8acker$controllable$event$ 10$

We$leverage$analog$behavior$to$construct$an$ a8ack$that$is$stealthy$and$small$$ RBACE)=)vic5m)wire $ on_every(RBACE)/do/ ///if(count/==/12345)/then/ //////do_attack()/ ///else/ //////count/=/count/+/1/ done/ RBACE $=$rare,$but$a8acker$controllable$event$ 11$

An$ideal$analog$trigger$ 12$

An$ideal$analog$trigger$ 13$

An$ideal$analog$trigger$ 14$

An$ideal$analog$trigger$ 15$

Challenge: $small$capacitors$charge$quickly,$ large$capacitors$induce$current$spikes$ current$ value$ current$ charge$ 16$

Challenge: $small$capacitors$charge$quickly,$ large$capacitors$induce$current$spikes$ current$ value$ current$ charge$ 17$

Challenge: $small$capacitors$charge$quickly,$ large$capacitors$induce$current$spikes$ current$ value$ current$ charge$ 18$

Solu5on: $charge$sharing$ 19$

Crea>ng$an$analog$trigger$using$gated$charge$ sharing$ Victim VDD 1 Wire 0 Victim Victim VDD Wire Cap* Wire Cunit Voltages Cmain Cunit Cmain Time 20$

Crea>ng$an$analog$trigger$using$gated$charge$ sharing$ Victim VDD 1 Wire 0 Victim Cunit Victim VDD Wire Cap. Wire Voltages Cunit Cmain Cmain Time 21$

Crea>ng$an$analog$trigger$using$gated$charge$ sharing$ Victim VDD 1 Wire 0 Victim Victim VDD Wire Cap. Wire Cunit Voltages Cmain Cunit Cmain Time 22$

Crea>ng$an$analog$trigger$using$gated$charge$ sharing$ Victim 1 Wire 0 VDD Cunit Cap* Voltages Cmain Time 23$

Crea>ng$a$privilege$escala>on$a8ack$ *Our$analog$trigger$is$a8ack$agnos>c$ Inverted)reset) Posi5ve)reset) 24$

A2 ) Vic5m)Wire $ A2)Trigger $ 25$

Implan>ng$A2$into$an$exis>ng$chip$layout$ 20%$to$30%$ of$chip$area$ A2 is$ unused) Trigger 26$

Other$challenges$in$the$paper$ • Analog$circuit$design$process$ • Finding$a$suitable$vic>m$wire$ • Finding$the$flipTflop$to$a8ack$ • Building$mul>Tstage$a8acks$ • Wri>ng$trigger$ac>va>on$code$ • Covertly$tes>ng$for$a8ack$success$ 27$

We$had$to$build$A2$to$know$it$worked$ Via Metal 3 Main Memory Metal 2 128KB SRAM 1.5 mm Scan A2 Trigger OR1200 chain I$ CLK Testing Core Structure 2 µm IO Drivers and Pads 1.4 mm 6.4 µm 28$

We$ac>vate$A2$in$real$hardware$using$only$ user$mode$code$ 29$

A2$is$hidden$from$postTfab$tes>ng$ .0002$for$divisionT heavy$benchmark$ 30$

A8ackers$can$reliably$model$their$a8acks$ Where$is$this$in$real$hardware?$ Every$chip$is$different!$ 31$

A8ackers$can$reliably$model$their$a8acks$ The$a8ack$is$not$well$hidden$ from$dynamic$analysis$(tes>ng)$ 32$

A8ackers$can$reliably$model$their$a8acks$ The$a8ack$is$impossible$to$trigger$ 33$

A8ackers$can$reliably$model$their$a8acks$ 34$

More$experiments$in$the$paper$ • Comparison$of$different$standard$cell$sizes$and$out$a8ack$ • Distribu>on$of$trigger$>mes$ • Distribu>on$of$reten>on$>mes$ • Effect$of$voltage$on$cycles$to$trigger$ • Effect$of$temperature$on$cycles$to$trigger$ • Effect$of$temperature$on$reten>on$>me$ • Power$of$benchmarks$and$a8ack$programs$ 35$

CrossTdomain$a8acks$are$stealthy$and$ controllable$ • A2$spans$the$analog$and$digital$domains$ • A2$is$controllable$ • A2$is$stealthy$ – complex$and$unlikely$trigger$sequence$ – a$single$cell$ • Currently,$only$detectable$postTfabrica>on$ 36$

We$need$to$try$something$ different: ) detec5on ) plus $ protec5on $ 37$

Research)ar5facts: $github.com/impedimentToProgress/A2 $ Me: $ImpedimentToProgress.com$ $ Fabricator) Popular$offshore$corp.$$ Interface) GDSII$ Turnaround)5me) 3$months$ Added)5me)to)project) 1$year$ Area) 1.5mm$x$1.5mm$ Core) 330um$x$550um$ Memory) 1145um$x$765um$ Process) 65nm$ Number)of)chips) 100$ Cost) $5k$to$$10k$per$1mm 2$ Other)costs) packaging$ 38$