SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1
Announcements: Journal / Conferences Journal of Hardware and Systems Security EICs: S. Bhunia; M.M. Tehranipoor ISSN: 2509-3428 (print version) ISSN: 2509-3436 (electronic version) Journal no. 41635 ▶ Highlights new and ground-breaking developments in the field of electronic hardware and systems security ▶ Covers the interaction of hardware and systems, and between hardware and firmware/software, in the context of security and trust ▶ Encompasses security of processor, System-on- Chip (SoC), Field Programmable Gate Arrays (FPGA), analog/mixed-signal electronics and Printed Circuit Board (PCB) ▶ Publishes archival research results focusing on the security of hardware and system security at all levels of abstraction and the supply chain including track and trace technologies across a variety of industries IEEE Intl. IEEE Intl. Symp Symp. . on on Hardware Hardware Oriented Oriented Security and Trust (HOST) Security and Trust (HOS T) May 1-5, 2017 The Ritz-Carlton McLean, VA, USA AsianHOST AsianHOST • REGISTRATION OF TITLE + Conference Conference, , Dec 19 Dec 19-20 20 ABSTRACT:November 1, 2016 2016, Taipei, T 2016, Taipei, Taiwan aiwan • SUBMISSION OF PAPER: November 8, 2016
Changing Computing Landscape… “An embedded system is a combination of hardware and “An embedded system is an electronic system that uses a software, and perhaps additional electrical or mechanical parts, computer chip but is not a desktop, laptop, or server” intended to provide a dedicated function” ― PC Magazine, 2012 ― Michael Barr, Programming Embedded Systems , 1999 Customized design Unique use-case constraints Tight HW/SW integration Complex, optimized architecture General-purpose systems Versatility and programmability How can we protect highly complex modern Complex, optimized architecture Diverse use-case scenarios computing systems against malicious attacks? Versatility and programmability Embedded systems Diverse use-case scenarios Customized design Unique use-case constraints Tight HW/SW integration
… Computing In Everyone’s “Hands”… How can we protect diverse , highly complex computing systems in the hands of possibly naïve users ?
….In a Highly Connected World…. Things “City of Hamburg and CISCO launch plan for smart city of the future” BBC World News, May 1 2014 Network Services How can we protect diverse, highly complex Cloud computing systems in hands of possibly naïve users, Applications operating in an environment of billions of complex, error-prone, possibly malicious communicating devices ? 5 Slide courtesy: Dr. Sandip Ray
…Built on Aggressive Schedules 3-4 years < 1 year Exploration Planning Development Production Product Timeline How can we protect highly complex computing systems operating in an environment of billions of complex, error-prone, possibly malicious communicating devices, built under extremely aggressive time-to-market requirements?
Unique to Internet of Things (IOT) Long, complex life cycle Mass produced in same configuration Devices never intended to be connected Machine-to-machine Requires holistic view of device to cloud and the comm. between them IoT security needs significant re-thinking!
Security Design & Validation: Today 1 st Tape - Silicon out Exploratn Planning Development Productn. . Post Pre-silicon silicon Security Security Security Security Security Validation Validation Validation Assessment Architecture Threat modeling Fuzzing, Code review Security Test plans Penetration RTL Testing Architectural FV Testing, RTL FV Hack-a-thon SPACE | Dec 2016 8
Att ttacks on Har acks on Hardw dwar are: e: From om IC IC t to o IO IOT T Ar Are e We Parano anoid id En Enough? ough? SPACE | Dec 2016 9
What is Hardware? SOC • Different levels of abstraction • System Hardware – acts as the “root -of- trust” : PCB → IC ( SoC | µP) SPACE | Dec 2016 10
Electronic H/W Design & Test Flow Design IC Design Spec. House Wafer test Fab Customer PCB & Sys. Int. Pkg. Test Assembly Firmware SPACE | Dec 2016 11
Threats Design /Test Solutions SoC Life-Cycle Trojan-res. design; Insert h/w Trojan; IP Vendor Spans all stages in IC life cycle improve. detectability; hidden backdoor trust validation IP piracy (e.g. cloning) SoC Design Hardware Trojan in design House Obfuscation; Protect (e.g. by tools) IP Eval. Copy, PUF, Low-cost Implant Trojan authentication Foundry Overproduction & cloning SCA resistant Design; Prevent Leak secret info. Deployment scan-based attack; RE and cloning variable ECC DFT 2012, Tcomp 2012, CHES 2009, D&T, 2012, CHES 2011; ASP-DAC 2013, DAC 2013, VTS 2007, DAC 2013, ICCAD 2008, DAC 2014, DAC 2015, TCAD 2009, VTS 2014, VTS 2015, PIEEE 2014, CCS 2016 SPACE | Dec 2016 12
Hardware Trojan Attacks: “ A Problem from Hell * ” * Michael Hayden Bhunia et al. PIEEE, 2014 SPACE | Dec 2016 13
HW Trojan Examples / Models Seq Trojan Example Comb Trojan Example MOLES * : Info Leakage Trojan Comb Trojan model Seq. Trojan Model *Lin et al, ICCAD 2009 SPACE | Dec 2016 14
Bugs vs. Malicious Changes Functional Trust Verification Verification Malicious Bugs change (Unintentional) (Intentional) Unwanted Bounded by functionality Spec (Unbounded) Trojan Attac ojan Attacks ks → Requir equires es HW tr HW trust ust verifica erification! tion! SPACE | Dec 2016 15
Post-Si Trust Validation • Taxonomy of Existing Trojan Detection Approaches Side-channel approaches do not require triggering the Trojan to observe its impact at primary input nodes. SPACE | Dec 2016 16
Side-Channel Approach • Multiple-parameter Trojan Detection – Due to process variations, Trojan detection by F max or I DDT alone is challenging! – Consider the intrinsic relationship between I DDT and F max Golden chip required! HOST 2010 | CCS 2016 SPACE | Dec 2016 17
Self-similarity in Space & Time – for Trust Verification Narasimhan et al. HOST 2011 Image courtesy: Intel • Uncorrelated switching in time due to a seq. Trojan! Zheng et al, DAC 2014, • Simultaneously detects TCAD 2015 Trojan & aged/recycled ICs! ALU ALU No golden chip required!!! SPACE | Dec 2016 18
Trust Issues at PCB Level PSX DIY Guide Modchip attack Modchip for XBOX Playstation modchip wiring Remote HW authentication can help detect in-field tampering! SPACE | Dec 2016 19
PCB Integrity Validation JTAG based authen. • Authenticate PCBs w/ unique signature from each board • Key ideas: ─ Exploit path delay variations in PCB! ─ Leverage boundary scan (JTAG) ─ Suitable for remote monitoring & Cloud Server Owner Ci, Ri attestation Ci, Ri C1 R1 C1 R1 C5 R5 C2 R2 R6 C6 C3 R3 C4 R4 C4 R4 C1, C2, C3, C4 C1, C2, C3, C4 C1, C5, C6, C4 C1, C5, C6, C4 t = 0 t = T Promising results w/ Time R1, R2, R3, R4 R1, R5, R6, R4 Used for commercial PCBs PC authen. B IoT Device C1 R1 C1 R1 C2 R2 C2 R2 Cn Rn Cn Rn PCB PCB Can serve as backbone for IoT authentication! Trace based authen. SPACE | Dec 2016 20
Gl Glim impse int pse into t o the he Futur uture SPACE | Dec 2016 21
Era of “Smartness”? “with motion & climate sensors …automatically adjust as you come and go, or as the temp. rises .” CNET 4-in- 1 Smart Connect™ Cradle ’n Swing - Techno Gray ™ www.fisher-price.com/ “… Baby, that’s genius.” SMART makeup mirror Automatically turns on and off when you come in and out of the frame* Smart Iron ($1400) www.implehuman.com www.fisher-price.com/ “… provides real - time guidance.” Smartness Smar tness at od t odds ds with with test test & sec & security! urity! SPACE | Dec 2016 22
Cryptography will play an increasingly Important Role … • Crypto principles see growing usage in HW protection – e.g. FPGA bitstream • Promising use of crypto in HW • HW obfuscation • On-chip asset protection • Remote upgrade S 1 P 1 S 2 S 0 K 1 Hardware Obfuscation, Chakraborty P 3 P 2 K 3 & Bhunia, ICCAD 2008 K 2 S 3 S 4 Crypto HW/SW needs strong security validation! SPACE | Dec 2016 23
Integrative Measures … Design for Security → Trust Validation → Security Monitoring SM Processor Secure by design, pre-si / post-si / run-time validation! Bhunia et al., PIEEE 2014 SPACE | Dec 2016 24
Har Hardw dwar are E e Enabl nabled ed Sec Security of F urity of Food ood & & Me Medic dicine ine How to verify food / medicine you’re taking are authentic? SPACE | Dec 2016 25
Recommend
More recommend