why we should be worried about hardware trojans
play

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC - PowerPoint PPT Presentation

Jan 19, 2024 •49 likes •449 views

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research Institute 2018 EPFL, June 18, 2018 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker

  1. Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research Institute 2018 EPFL, June 18, 2018 Christof Paar Ruhr Universität Bochum & University of Massachusetts Amherst

  2. Acknowledgement • Georg Becker • Pawel Swierczynski • Marc Fyrbiak

  3. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  4. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  5. Hardware Trojans Malicious change or addition to an IC that adds or remove functionality, or reduces reliability Many rather unpleasant “applications”

  6. Hardware Trojans & the Scientific Community Publications w/ „Hardware Trojans“ or „malicious Hardware“ (Google Scholar, Oct 2017) 700 600 585 577 only title 500 480 in paper 415 400 310 300 227 200 199 152 100 93 110 83 102 66 101 66 37 36 23 20 19 17 0 0 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017

  7. Trojan Injection & Adversaries Scenarios DoD scenario 2005  Manufacturing Malicious factory, esp. off ‐ shore (foreign Government)  Design Manipulation 3 rd party IP ‐ cores   malicious employee not ‐ so ‐ unlikely 2013  During shipment Source: Wikipedia NSA’s interdiction  Built ‐ in backdoors etc.

  8. Where are we with “real” HW Trojans?  No true hardware Trojan observed in the wild  All examples from academia  Vast majority of publications focus on detection

  9. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  10. Our Thoughts 1. Designing Trojan could be fun too 2. Especially those that go undetected

  11. Simple Example: Inverter Trojan Let’s modify an inverter so that it always outputs “1” (VDD) without visible changes . A Y VDD VDD 0 1 1 0 A Y A Y GND GND

  12. PMOS Transistor Trojan Gate Drain Source (the output) (connected to VDD) 22nm P ‐ dopant P ‐ dopant N ‐ dopant N ‐ dopant N ‐ well N ‐ well (connected to VDD) (connected to VDD) Unmodified PMOS transistor Trojan trans. w/ constant VDD output

  13. “Always One” Trojan Inverter A Y VDD VDD PMOS transistor 0 1 permanent closed 1 0 A Y A Y = 1 NMOS transistor permanent open GND GND Q1: Can the manipulation be detected? Q2: How to build a useful Trojan from here?

  14. Detection: layout view of Trojan inverter Which one has the Trojan? Original Inverter “Always One” Trojan Unchanged: All metal layers • • Polysilicon layer Active area • • Wells  Dopant changes (very ?) difficult to detect using optical inspection!

  15. “Small” remaining question • Unfortunately, we merely introduce a stuck ‐ at fault … • … functional testing (after manufacturing) will detect fault right away Q2: Can we build a meaningful Trojan using dopant modifications that passes functional testing?

  16. A Real ‐ World True Random Number Generator dopant Trojan TRNG … random numbers generate cryptographic keys for • secure web browsing • email encryption • document certification • …

  17. 2 Modules form Random Number Generator entropy source 011001011110 … 128 digital post Crypto Key processing

  18. Inside the Random Number Generator entropy source 011001011110 … State register k … 0 0 1 1 0 1 0 1 1 1 0 128 State register c 128 128 … 1 0 0 1 0 0 0 1 1 0 1 AES Crypto Key +1 testing all keys: lifetime of the universe 256 random bits • 1,000,000,000,000,000,000,000,000,000,000,000,000,000 possible crypto keys

  19. Trojan Random Number Generator 224 Trojan bits (fixed by attacker!) … 0 1 1 0 1 1 0 1 0 1 1 128 128 128 … … c 1 c 2 c 32 0 0 1 0 AES Crypto key 128 +1 only 32 random bits Testing all keys: few seconds • 1,000,000,000,000,000,000,000,000,000,000,000,000,000 • 1,000,000,000 possible crypto keys possible crypto keys ... but circuit would still be tested as “faulty” during manufacturing…

  20. Built ‐ in self test prevents detection of fault known input Test Mode 256 bit state 32 bits 512 bits ? Reference CRC Digital Post Checksum Checksum Processing (AES) Due to clever choosing = ≠ of the Trojan bits known input TROJAN 256 bit state 32 bits 512 bits CRC ? Reference Digital Post Checksum Checksum Processing (AES)

  21. Conclusion  Meaningful hardware Trojans are possible without extra logic  Many detection techniques don’t guarantee a Trojan free design!  Built ‐ in self tests can be dangerous  More details: Becker, Regazzoni, P, Burleson, Stealthy Dopant ‐ Level Hardware Trojans. CHES 2013 … but the scientific community functions as it is supposed to do:  Trojan detection is possible w/ scanning electron microscope Sugawara et al., Reversing Stealthy Dopant ‐ Level Circuits. CHES 2014

  22. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  23. FPGAs = Reconfigurable Hardware … are widely used world market: ≈ 5b devices

  24. Configuration during power ‐ up Can an we build hardware Trojans by manipulating the bitstream? power ‐ up Configuration file “bitstream”

  25. Principle of FPGA ‐ based Trojans T Manipulate Bits configure Source Graphics: SimpleIcon, Xilinx

  26. The Mechanics of FPGAs 10 3 … 10 6 logic cells FPGA fabric bitstream is complex and proprietary Two challenges 1. find AES in unknown design 2. meaningful manipulation

  27. Finding AES: Luckily, crypto has very specific components • S ‐ boxes are realized as 6x1 look ‐ up tables (LUTs) LUT locations can be „easily“ found in bitstream • • S ‐ box contents is very specific (luckily)

  28. AES detection in practice 8 different real ‐ world AES implementations

  29. Algorithm substitution attack and its implications 2. Trojan AES is configured T cute work … but not interoperable with regular AES 1. Inject weak S ‐ boxes in bitstream PT CT = AEST ( k, PT ) “Useful“ attacks are still possible! 1. Storage encryption – Plaintext recovery • Attacker can recover plaintext without access to k 2. Temporary device access – Key extraction • switch S ‐ box and recover k from CT configure orginal S ‐ box •

  30. Conclusion  New attack vector against FPGAs!  Reconfigurability allows “hardware” Trojans designed in the lab  Bitstream protection is crucial! (but not easy, cf. our work at CCS 2011 & FPGA 2013)  Details at: Swierczynski, Fyrbiak, Koppe, P, FPGA Trojans through Detecting and Weakening of Cryptographic Primitives . IEEE TCAD 2015.

  31. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  32. What else can we do with bitstream manipulations? Hmm, are their simpler ways to extract keys from FPGAs without Trojans?

  33. Set ‐ Up non ‐ classical set ‐ up: alteration of algorithm (via bitstream) configure Can bitstream manipulation of Can bitstream manipulation of unknown design lead to key leakage? unknown design lead to key leakage? k CT = AES ( k, PT ) PT ?? classical known ‐ plaintext set ‐ up

  34. Bitstream Fault Injections (BiFI) configure k 10 ‐ 30k LUTs per FPGA … CT = AES ( k, PT ) PT (surprising) attack strategy 1. manipulate 1st LUT table (e.g., all ‐ zero) 2. configure FPGA 3. send PT 4. check: Does CT contain k? if not: GOTO 1 and manipulate next LUT

  35. How exactly does the key leak ??? configure k … CT = AES ( k, PT ) PT Different leakage types Many LUT manipulations possible (key hypotheses) • all ‐ zero CT = roundkey • • all ‐ one • CT = inverted roundkey invert • • CT = PT xor roundkey • upper half of LUT all ‐ zero • … • …

  36. Results for Bitstream Fault Injections (BiFI) k Real world attack • 16 unknown AES designs (Internet) • 16 different manipulation rules • ≈ 20k LUTs 3.3 sec for configuring and checking one manipulation • Results • successful key extraction for every design! • on average ≈ 2000 configurations ( ≈ 2h) works even for encrypted bitstream (w/o MAC) •

  37. Conclusion  Bitstream Fault Injections (BiFI) is a new family of fault attacks  Malleability of bitstream is major weakness for FPGAs!  Are there more bitstream ‐ based attacks ?  Details at: Swierczynski, Becker, Moradi, P: Bitstream Fault Injections (BiFI) – Automated Fault Attacks against SRAM ‐ based FPGAs. IEEE Transactions on Computers, March 2018.

  38. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff

  39. Relevant Conferences CHES – Cryptographic Hardware & Embedded Systems Amsterdam, September 9 ‐ 12, 2018 escar – Embedded Security in Cars Brussels, November 13 ‐ 14, 2018

  40. Thank you very much for your attention! Christof Paar

Recommend

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate and malicious change to an IC that adds or removes functionality or reduces reliability The modifications may be designed to leak sensitive

394 views • 23 slides
Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD 2015 Hardware Security and Hardware Trojans User apps Each layer trusts all layers below it Kernel Hypervisor More privilege Widely

706 views • 49 slides
Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com Cassidian CyberSecurity 2013, July the 8th Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust

1.57k views • 74 slides
How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag, September 22, 2017 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker Pawel

616 views • 40 slides
How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference

16.05.2017 How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference Darmstadt, May 16, 2017 Christof Paar Ruhr Universitt Bochum Acknowledgement Georg Becker Pawel Swierczynski Marc Fyrbiak 1

593 views • 20 slides
Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

ACM/IEEE CODES + ISSS 2017, Seoul, South Korea Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L. Piccolboni 1,2 , A. Menon 2 , and G. Pravadelli 2 1 Columbia University, New York, NY, USA 2 University of

840 views • 60 slides
HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan Detection using IC Fingerprinting, Symposium on Security and Privacy, 2007, pp. 296 - 310 They use noise

543 views • 37 slides
Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

UNCLASSIFIED Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North Redefining R&D Needs for Australian Cyber Security UNSW ACCS at ADFA, November 16 th 2015 1 UNCLASSIFIED The Australian

411 views • 9 slides
DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements Youngjune Gwon, H. T. Kung, and Dario Vlah Harvard University August 9, 2011 Understanding

415 views • 17 slides
Reporting medicines side effects The Yellow Card Scheme Worried about side effects? If you are

Reporting medicines side effects The Yellow Card Scheme Worried about side effects? If you are

Reporting medicines side effects The Yellow Card Scheme Worried about side effects? If you are worried about a symptom you think may be a side effect: 1. Check the leaflet supplied with the medicine. It lists known side effects and advises you

592 views • 11 slides
Malware Reading Material Ken Thompson and Trojans

Malware Reading Material Ken Thompson and Trojans

Malware Reading Material Ken Thompson and Trojans h6p://www.ece.cmu.edu/~ganger/712.fall02/ papers/p761-thompson.pdf Worm Anatomy and Model

1.65k views • 130 slides
Worried about plastic? As you may know, there has been a lot of discussion recently about the

Worried about plastic? As you may know, there has been a lot of discussion recently about the

Worried about plastic? As you may know, there has been a lot of discussion recently about the effects on the environment of plastic packaging, plastic bags, and other disposable objects which cannot be recycled. How concerned if at all would you

381 views • 5 slides
#Our Yes. Youre absolutely right to be worried about its future. 11 February 2019 NHS

#Our Yes. Youre absolutely right to be worried about its future. 11 February 2019 NHS

#Our Yes. Youre absolutely right to be worried about its future. 11 February 2019 NHS (England) in crisis A&E its an emergency Mental health catastrophe Hospital bed shortage beds slashed 50% in 30 years,

481 views • 22 slides
We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud

We know what you did this summer Android Banking Trojans Exposing Its Sins in The Cloud Siegfried Rasthofer (TU Darmstadt / CASED) Eric Bodden (TU Darmstadt / Fraunhofer SIT) Carlos Castillo (Intel Security) Alex Hinchliffe (Intel

510 views • 39 slides
VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

The Business of Making Strategies for Success from Startup to Exit Hardware and Robotic Startup Accelerator what hardware used to be . VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to Entry Open

604 views • 32 slides
Rootkits and Trojans on your SAP Landscape Ertunga Arsal Chaos Communication Congress 2010 1

Rootkits and Trojans on your SAP Landscape Ertunga Arsal Chaos Communication Congress 2010 1

Rootkits and Trojans on your SAP Landscape Ertunga Arsal Chaos Communication Congress 2010 1 Agenda Introduc.on to Enterprise Security SAP * Applica.ons in General BASIS (SAP infrastructure)

1.69k views • 43 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Law Firm Leader Receives Lifetime Service Award By Adair Law them worried because there had been

Law Firm Leader Receives Lifetime Service Award By Adair Law them worried because there had been

T HE U.S. D ISTRICT C OURT OF O REGON H ISTORICAL S OCIETY N EWSLETTER Norman J. Wiener Law Firm Leader Receives Lifetime Service Award By Adair Law them worried because there had been violence in the The United States District Court Historical

229 views • 8 slides
Trojans Modifying Soft-Processor Instruction Sequences Embedded in FPGA Bitstreams Ismail

Trojans Modifying Soft-Processor Instruction Sequences Embedded in FPGA Bitstreams Ismail

Trojans Modifying Soft-Processor Instruction Sequences Embedded in FPGA Bitstreams Ismail San, Nicole Fern, C etin Kaya Ko c and Kwang-Ting (Tim) Cheng University of California Santa Barbara Anadolu University FPL 2016 August 31,

72 views • 6 slides
Sources in Solar System Sources: The Moon The Sun (quiet and/or flaring) The Earth

Sources in Solar System Sources: The Moon The Sun (quiet and/or flaring) The Earth

Sources in Solar System Sources: The Moon The Sun (quiet and/or flaring) The Earth Potential Sources Asteroids in different populations: Main Asteroid Belt (MBAs) Jovian and Neptunian Trojans (Trojans) Kuiper Belt

229 views • 12 slides
LIFE IN AMERICA AFTER WORLD WAR II Some experts worried that the postwar drop in industrial needs

LIFE IN AMERICA AFTER WORLD WAR II Some experts worried that the postwar drop in industrial needs

LIFE IN AMERICA AFTER WORLD WAR II Some experts worried that the postwar drop in industrial needs would hurt the economy. The nearly 12 million men and women who had been serving in the armed forces were returning to civilian life and would need

544 views • 30 slides
CSE 120 Hardware How hardware works Operating Systems Layer What the kernel does API

CSE 120 Hardware How hardware works Operating Systems Layer What the kernel does API

Overview CSE 120 Hardware How hardware works Operating Systems Layer What the kernel does API What the programmer does July 27, 2006 Day 8 Input/Output Instructor: Neil Rhodes 2 Hardware Hardware Kinds Bus : a set of wires

613 views • 6 slides
software and hardware for the Internet of Things. Choose hardware Design hardware Design

software and hardware for the Internet of Things. Choose hardware Design hardware Design

Zeidman Technologies has created a fundamentally new way to develop embedded software and hardware for the Internet of Things. Choose hardware Design hardware Design software Initial hardware choices determine Integrate functionality and

185 views • 15 slides
Registry What is there to be worried about? Stephen Deerhake AS Domain Registry ccNSO Members

Registry What is there to be worried about? Stephen Deerhake AS Domain Registry ccNSO Members

GDPR and .AS Domain Registry What is there to be worried about? Stephen Deerhake AS Domain Registry ccNSO Members meeting Who we are US Territory (Like Puerto Rico!) Located at 14d 1954 S / 170d 4241W 16,111 km from

250 views • 8 slides

More recommend