how to attack the iot with hardware trojans
play

How to Attack the IoT with Hardware Trojans Janet Lackey under CC - PowerPoint PPT Presentation

Jun 17, 2023 •205 likes •616 views

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag, September 22, 2017 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker Pawel

  1. How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag, September 22, 2017 Christof Paar Ruhr Universität Bochum & University of Massachusetts Amherst

  2. Acknowledgement • Georg Becker • Pawel Swierczynski • Marc Fyrbiak

  3. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  4. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  5. Hardware Trojans Malicious change or addition to an IC that adds or remove functionality, or reduces reliability Many rather unpleasant “applications”

  6. Hardware Trojans & the Scientific Community Publications w/ „Hardware Trojans“ or „malicious Hardware“ (Google Scholar, Aug 2013) 250 only title 200 199 in paper 167 150 133 100 68 50 47 34 32 18 17 15 15 0 0 2007 2008 2009 2010 2011 2012

  7. Trojan Injection & Adversaries Scenarios DoD scenario 2005  Manufacturing Malicious factory, esp. off ‐ shore (foreign Government)  Design Manipulation 3 rd party IP ‐ cores   malicious employee not ‐ so ‐ unlikely 2013  During shipment cf. NSA’s interdiction  Built ‐ in backdoors etc.

  8. Where are we with “real” HW Trojans?  No true hardware Trojan observed in the wild  All examples from academia  Vast majority of publications focus on detection

  9. Our Thoughts 1. Designing Trojan could be fun too 2. Especially those that go undetected

  10. Simple Example: Inverter Trojan Let’s modify an inverter so that it always outputs “1” (VDD) without visible changes . A Y VDD VDD 0 1 1 0 A Y A Y GND GND

  11. PMOS Transistor Trojan Gate Gate Drain Drain Source Source (the output) (the output) (connected to VDD) (connected to VDD) P ‐ dopant P ‐ dopant N ‐ dopant N ‐ dopant N ‐ well N ‐ well (connected to VDD) (connected to VDD) Unmodified PMOS transistor Trojan trans. w/ constant VDD output

  12. “Always One” Trojan Inverter A Y VDD VDD PMOS transistor 0 1 permanent closed 1 0 A Y A Y = 1 NMOS transistor permanent open GND GND Q1: Can the manipulation be detected? Q2: How to build a useful Trojan from here?

  13. Detection: layout view of Trojan inverter Which one has the Trojan? Original Inverter “Always One” Trojan Unchanged: All metal layers • • Polysilicon layer Active area • • Wells  Dopant changes (very ?) difficult to detect using optical inspection!

  14. “Small” remaining question • Unfortunately, circuits will not function correctly with this simple stuck ‐ at fault … • … functional testing (after manufacturing) will detect fault right away Q2: Can we build a meaningful Trojan using dopant modifications that passes functional testing?

  15. A Real ‐ World True Random Number Generator dopant Trojan TRNG … random numbers generate cryptographic keys for • secure web browsing • email encryption • document certification • …

  16. 2 Modules form Random Number Generator entropy source 011001011110 … 128 digital post Crypto Key processing

  17. Inside the Random Number Generator entropy source 011001011110 … State register k … 0 0 1 1 0 1 0 1 1 1 0 128 State register c 128 128 … 1 0 0 1 0 0 0 1 1 0 1 AES Crypto Key +1 testing all keys: lifetime of the universe 256 random bits • 1,000,000,000,000,000,000,000,000,000,000,000,000,000 possible crypto keys

  18. Trojan Random Number Generator 224 Trojan bits (fixed by attacker!) … 0 1 1 0 1 1 0 1 0 1 1 128 128 128 … … c 1 c 2 c 32 0 0 1 0 AES Crypto key 128 +1 only 32 random bits Testing all keys: few seconds • 1,000,000,000,000,000,000,000,000,000,000,000,000,000 • 1,000,000,000 possible crypto keys possible crypto keys ... but circuit would still be tested as “faulty” during manufacturing…

  19. Built ‐ in self test prevents detection of fault known input Test Mode 256 bit state 32 bits 512 bits ? Reference CRC Rate Matcher Checksum Checksum (Based on AES) Due to clever choosing = ≠ of the Trojan bits known input TROJAN 256 bit state 32 bits 512 bits CRC ? Reference Rate Matcher Checksum Checksum (Based on AES)

  20. Conclusion  Meaningful hardware Trojans are possible without extra logic  Many detection techniques don’t guarantee a Trojan free design!  Built ‐ in self tests can be dangerous  More details: Becker, Regazzoni, P, Burleson, Stealthy Dopant ‐ Level Hardware Trojans. CHES 2013 … but the scientific community functions as it is supposed to do:  Trojan detection is possible w/ scanning electron microscope Sugawara et al., Reversing Stealthy Dopant ‐ Level Circuits. CHES 2014

  21. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  22. FPGAs = Reconfigurable Hardware … are widely used world market: ≈ 5b devices

  23. Configuration during power ‐ up Can an we build hardware Trojans by manipulating the bitstream? power ‐ up Configuration file “bitstream”

  24. Principle of FPGA ‐ based Trojans small look ‐ up tables realize logic T Manipulate Bits configure Source Graphics: SimpleIcon, Xilinx

  25. The Mechanics of FPGAs 10 3 … 10 6 logic cells FPGA fabric bitstream is complex and proprietary Two challenges 1. find AES in unknown design 2. meaningful manipulation

  26. Finding AES: Luckily, crypto has very specific components • S ‐ boxes are realized as 6x1 look ‐ up tables (LUTs) LUT locations can be found in bitstream • • S ‐ box contents is very specific (luckily)

  27. AES detection in practice 8 different real ‐ world AES implementations

  28. Algorithm substitution attack and its implications 2. Trojan AES is configured T cute work … but not interoperable with regular AES 1. Inject weak S ‐ boxes in bitstream PT CT = AEST ( k, PT ) “Useful“ attacks are still possible! 1. Storage encryption – Plaintext recovery • Attacker can recover plaintext without access to k 2. Temporary device access – Key extraction • switch S ‐ box and recover k from CT configure orginal S ‐ box •

  29. Conclusion  New attack vector against FPGAs!  Reconfigurability allows “hardware” Trojans designed in the lab  Bitstream protection is crucial! (but not easy, cf. our work at CCS 2011 & FPGA 2013)  Details at: Swierczynski, Fyrbiak, Koppe, P, FPGA Trojans through Detecting and Weakening of Cryptographic Primitives . IEEE TCAD 2015.

  30. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  31. What else can we do with bitstream manipulations? Hmm, are their simpler ways to extract keys through bitstreams without Trojans?

  32. Set ‐ Up non ‐ classical set ‐ up: alteration of bitstream configure Can bitstream manipulation of Can bitstream manipulation of unknown design lead to key leakage? unknown design lead to key leakage? k CT = AES ( k, PT ) PT ?? classical known ‐ plaintext set ‐ up

  33. Bitstream Fault Injections (BiFI) configure k 10 ‐ 30k LUTs per FPGA … CT = AES ( k, PT ) PT (surprising) attack strategy 1. manipulate 1st LUT table (e.g., all ‐ zero) 2. configure FPGA 3. send PT 4. check: Does CT contain k? if not: GOTO 1 and manipulate next LUT

  34. How exactly does the key leak ?? configure k … CT = AES ( k, PT ) PT Many LUT manipulations possible Many leakage hypotheses all ‐ zero • • CT = roundkey • all ‐ one CT = inverted roundkey • • invert • CT = PT xor roundkey • upper half of LUT all ‐ zero • … … •

  35. Results for Bitstream Fault Injections (BiFI) k Real world attack • 16 unknown AES designs (Internet) • 16 different manipulation rules • ≈ 20k LUTs 3.3 sec for configuring and checking one alterations • Results • successful key extraction for every design! • on average ≈ 2000 configurations ( ≈ 2h) • works even for encrypted bitstream (w/o MAC)

  36. Conclusion  Bitstream Fault Injections (BiFI) is a new family of fault attacks  Malleability of bitstream is major weakness for FPGAs!  Are there more bitstream ‐ based attacks ?  Details at: Swierczynski, Becker, Moradi, P: Bitstream Fault Injections (BiFI) – Automated Fault Attacks against SRAM ‐ based FPGAs. IEEE Transactions on Computers, to appear.

  37. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  38. Related Workshops CHES – Cryptographic Hardware & Embedded Systems 25. ‐ 28. September 2017, Taiwan escarEurope – Embedded Security in Cars Berlin, November 2017

  39. Easy ‐ to ‐ understand book for applied cryptography Introduction to Cryptography by Christof Paar 24 video lectures

  40. Thank you very much for your attention! Christof Paar Ruhr ‐ Universität Bochum

Recommend

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate and malicious change to an IC that adds or removes functionality or reduces reliability The modifications may be designed to leak sensitive

394 views • 23 slides
How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference

16.05.2017 How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference Darmstadt, May 16, 2017 Christof Paar Ruhr Universitt Bochum Acknowledgement Georg Becker Pawel Swierczynski Marc Fyrbiak 1

593 views • 20 slides
Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD 2015 Hardware Security and Hardware Trojans User apps Each layer trusts all layers below it Kernel Hypervisor More privilege Widely

706 views • 49 slides
Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com Cassidian CyberSecurity 2013, July the 8th Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust

1.57k views • 74 slides
Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research Institute 2018 EPFL, June 18, 2018 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker

449 views • 40 slides
s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space:

s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space:

s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space: time vs distance Remote key brute software protocol force relay attack side Fast Slow mitm channel Hardware attacks require: Hardware

360 views • 24 slides
Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

ACM/IEEE CODES + ISSS 2017, Seoul, South Korea Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L. Piccolboni 1,2 , A. Menon 2 , and G. Pravadelli 2 1 Columbia University, New York, NY, USA 2 University of

840 views • 60 slides
HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan Detection using IC Fingerprinting, Symposium on Security and Privacy, 2007, pp. 296 - 310 They use noise

543 views • 37 slides
Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

UNCLASSIFIED Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North Redefining R&D Needs for Australian Cyber Security UNSW ACCS at ADFA, November 16 th 2015 1 UNCLASSIFIED The Australian

411 views • 9 slides
Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
s c a l e Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance

s c a l e Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance

When Hardware Attacks s c a l e Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance Remote key brute software protocol force relay attack side Fast Slow mitm channel Hardware attacks require:

688 views • 25 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay CRYPTO August 2012 BLUF (Bottom Line Up

602 views • 19 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J. Kai-Tsay CRYPTO August 2012 BLUF (Bottom Line Up

584 views • 42 slides
CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security Introduction Meltdown Papers Spectre Attacks: Exploiting Speculative Execution, IEEE Security and Privacy (S&P), 2019 (Dustin)

726 views • 44 slides
DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements Youngjune Gwon, H. T. Kung, and Dario Vlah Harvard University August 9, 2011 Understanding

415 views • 17 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Malware Reading Material Ken Thompson and Trojans

Malware Reading Material Ken Thompson and Trojans

Malware Reading Material Ken Thompson and Trojans h6p://www.ece.cmu.edu/~ganger/712.fall02/ papers/p761-thompson.pdf Worm Anatomy and Model

1.65k views • 130 slides
AES & RSA Side Channel Attack with ChipWhisperer Cleveland State University EEC-581

AES & RSA Side Channel Attack with ChipWhisperer Cleveland State University EEC-581

AES & RSA Side Channel Attack with ChipWhisperer Cleveland State University EEC-581 Computer Architecture Andriy Kucher ChipWhisperer Open-source toolchain for hardware security research. Xilinx S6LX9 FPGA XMEGA MCU Target

105 views • 9 slides
Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on

Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on

SMT Attack : Next Generation Attack on Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on Cryptographic Hardware and Embedded Systems 2019 ( CHES 2019 ) Kimia Zamiri Azar , Hadi Mardani Kamali, Houman

701 views • 69 slides
Experimentally Verifying a Complex Algebraic Attack on the Grain-128 Cipher Using Dedicated

Experimentally Verifying a Complex Algebraic Attack on the Grain-128 Cipher Using Dedicated

Experimentally Verifying a Complex Algebraic Attack on the Grain-128 Cipher Using Dedicated Reconfigurable Hardware SHARCS 2012 Washington D.C. Itai Dinur 1 , Tim Gneysu 2 , Christof Paar 2 , Adi Shamir 1 , and Ralf Zimmermann 2 1

754 views • 58 slides
We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud Siegfried Rasthofer (TU Darmstadt / CASED) Eric Bodden (TU Darmstadt / Fraunhofer SIT) Carlos Castillo (Intel Security) Alex Hinchliffe (Intel

510 views • 39 slides
VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

The Business of Making Strategies for Success from Startup to Exit Hardware and Robotic Startup Accelerator what hardware used to be . VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to Entry Open

604 views • 32 slides
Rootkits and Trojans on your SAP Landscape Ertunga Arsal Chaos Communication Congress 2010 1

Rootkits and Trojans on your SAP Landscape Ertunga Arsal Chaos Communication Congress 2010 1

Rootkits and Trojans on your SAP Landscape Ertunga Arsal Chaos Communication Congress 2010 1 Agenda Introduc.on to Enterprise Security SAP * Applica.ons in General BASIS (SAP infrastructure)

1.69k views • 43 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides

More recommend