104 research outputs found
Recommended from our members
Producing Trustworthy Hardware Using Untrusted Components, Personnel and Resources
Computer security is a full-system property, and attackers will always
go after the weakest link in a system. In modern computer systems,
the hardware supply chain is an obvious and vulnerable point of
attack. The ever-increasing complexity of hardware systems, along with
the globalization of the hardware supply chain, has made it unreasonable
to trust hardware. Hardware-based attacks, known as backdoors, are easy
to implement and can undermine the security of systems built on top of
compromised hardware. Operating systems and other software can only be
secure if they can trust the underlying hardware systems.
The full supply chain for creating hardware includes multiple processes,
which are often addressed in disparate threads of research, but which we
consider as one unified process. On the front-end side, there is the soft
design of hardware, along with validation and synthesis, to ultimately
create a netlist, the document that defines the physical layout of
hardware. On the back-end side, there is a physical fabrication process,
where a chip is produced at a foundry from a supplied netlist, followed
in some cases by post-fabrication testing. Producing a trustworthy chip
means securing the process from the early design stages through to the
post-fabrication tests.
We propose, implement and analyze a series of methods for making
the hardware supply chain resilient against a wide array of known and
possible attacks. These methods allow for the design and fabrication of
hardware using untrustworthy personnel, designs, tools and resources,
while protecting the final product from large classes of attacks, some
known previously and some discovered and taxonomized in this work.
The overarching idea in this work is to take a full-process view of
the hardware supply chain. We begin by securing the hardware design and
synthesis processes uses a defense-in-depth approach. We combine this
work with foundry-side techniques to prevent malicious modifications
and counterfeiting, and finally apply novel attestation techniques to
ensure that hardware is trustworthy when it reaches users.
For our design-side security approach, we use defense-in-depth
because in practice, any security method can potentially subverted, and
defense-in-depth is the best way to handle that assumption. Our approach
involves three independent steps. The first is a functional analysis
tool (called FANCI), applied statically to designs during the coding and
validation stages to remove any malicious circuits. The second step is
to include physical security circuits that operate at runtime. These
circuits, which we call trigger obfuscation circuits, scramble data at
the microarchitectural level so that any hardware backdoors remaining in
the design cannot be triggered at runtime. The third and final step is to
include a runtime monitoring system that detects any backdoor payloads
that might have been achieved despite the previous two steps. We design
two different versions of this monitoring system. The first, TrustNet, is
extremely lightweight and protects against an important class of attacks
called emitter backdoors. The second, DataWatch, is slightly more heavyweight
(though still efficient and low overhead) that can catch a wider variety
of attacks and can be adapted to protect against nearly any type of
digital payload. We taxonomize the types of attacks that are possible
against each of the three steps of our defense-in-depth system and show
that each defense provides strong coverage with low (or negligible)
overheads to performance, area and power consumption.
For our foundry-side security approach, we develop the first foundry-side
defense system that is aware of design-side security. We create a
power-based side-channel, called a beacon. This beacon is essentially a
benign backdoor. It can be turned on by a special key (not provided to
the foundry), allowing for security attestation during post-fabrication
testing. By designing this beacon into the design itself, the beacon
requires neither keys nor storage, and as such exists in the final chip
purely by virtue of existing in the netlist. We further obfuscate the
netlist itself, rendering the task of reverse engineering the beacon
(for a foundry-side adversary) intractable. Both the inclusion of the
beacon and the obfuscation process add little to area and power costs
and have no impact on performance.
All together, these methods provide a foundation on which hardware
security can be developed and enhanced. They are low overhead and
practical, making them suitable for inclusion in next generation
hardware. Moving forward, the criticality of having trustworthy hardware
can only increase. Ensuring that the hardware supply chain can be trusted
in the face of sophisticated adversaries is vital. Both hardware design
and hardware fabrication are increasingly international processes, and
we believe continuing with this unified approach is the correct path
for future research. In order for companies and governments to place
trust in mission-critical hardware, it is necessary for hardware to be
certified as secure and trustworthy. The methods we propose can be the
first steps toward making this certification a reality
Exploiting loop transformations for the protection of software
Il software conserva la maggior parte del know-how che occorre per svilupparlo. Poich\ue9 oggigiorno il software pu\uf2 essere facilmente duplicato e ridistribuito ovunque, il rischio che la propriet\ue0 intellettuale venga violata su scala globale \ue8 elevato. Una delle pi\uf9 interessanti soluzioni a questo problema \ue8 dotare il software di un watermark. Ai watermark si richiede non solo di certificare in modo univoco il proprietario del software, ma anche di essere resistenti e pervasivi. In questa tesi riformuliamo i concetti di robustezza e pervasivit\ue0 a partire dalla semantica delle tracce. Evidenziamo i cicli quali costrutti di programmazione pervasivi e introduciamo le trasformazioni di ciclo come mattone di costruzione per schemi di watermarking pervasivo. Passiamo in rassegna alcune fra tali trasformazioni, studiando i loro principi di base. Infine, sfruttiamo tali principi per costruire una tecnica di watermarking pervasivo. La robustezza rimane una difficile, quanto affascinante, questione ancora da risolvere.Software retains most of the know-how required fot its development. Because nowadays software can be easily cloned and spread worldwide, the risk of intellectual property infringement on a global scale is high. One of the most viable solutions to this problem is to endow software with a watermark. Good watermarks are required not only to state unambiguously the owner of software, but also to be resilient and pervasive. In this thesis we base resiliency and pervasiveness on trace semantics. We point out loops as pervasive programming constructs and we introduce loop transformations as the basic block of pervasive watermarking schemes. We survey several loop transformations, outlining their underlying principles. Then we exploit these principles to build some pervasive watermarking techniques. Resiliency still remains a big and challenging open issue
Secure execution environments through reconfigurable lightweight cryptographic components
Software protection is one of the most important problems in the area of computing as it affects a multitude of players like software vendors, digital content providers, users, and government agencies. There are multiple dimensions to this broad problem of software protection. The most important ones are: (1) protecting software from reverse engineering. (2) protecting software from tamper (or modification). (3) preventing software piracy. (4) verification of integrity of the software;In this thesis we focus on these areas of software protection. The basic requirement to achieve these goals is to provide a secure execution environment, which ensures that the programs behave in the same way as it was designed, and the execution platforms respect certain types of wishes specified by the program;We take the approach of providing secure execution environment through architecture support. We exploit the power of reconfigurable components in achieving this. The first problem we consider is to provide architecture support for obfuscation. This also achieves the goals of tamper resistance, copy protection, and IP protection indirectly. Our approach is based on the intuition that the software is a sequence of instructions (and data) and if the sequence as well the contents are obfuscated then all the required goals can be achieved;The second problem we solve is integrity verification of the software particularly in embedded devices. Our solution is based on the intuition that an obfuscated (permuted) binary image without any dynamic traces reveals very little information about the IP of the program. Moreover, if this obfuscation function becomes a shared secret between the verifier and the embedded device then verification can be performed in a trustworthy manner;Cryptographic components form the underlying building blocks/primitives of any secure execution environment. Our use of reconfigurable components to provide software protection in both Arc 3 D and TIVA led us to an interesting observation about the power of reconfigurable components. Reconfigurable components provide the ability to use the secret (or key) in a much stronger way than the conventional cryptographic designs. This opened up an opportunity for us to explore the use of reconfigurable gates to build cryptographic functions
Novel Computational Methods for Integrated Circuit Reverse Engineering
Production of Integrated Circuits (ICs) has been largely strengthened by globalization. System-on-chip providers are capable of utilizing many different providers which can be responsible for a single task. This horizontal structure drastically improves to time-to-market and reduces manufacturing cost. However, untrust of oversea foundries threatens to dismantle the complex economic model currently in place. Many Intellectual Property (IP) consumers become concerned over what potentially malicious or unspecified logic might reside within their application. This logic which is inserted with the intention of causing harm to a consumer has been referred to as a Hardware Trojan (HT). To help IP consumers, researchers have looked into methods for finding HTs. Such methods tend to rely on high-level information relating to the circuit, which might not be accessible. There is a high possibility that IP is delivered in the gate or layout level. Some services and image processing methods can be leveraged to convert layout level information to gate-level, but such formats are incompatible with detection schemes that require hardware description language. By leveraging standard graph and dynamic programming algorithms a set of tools is developed that can help bridge the gap between gate-level netlist access and HT detection. To help in this endeavor this dissertation focuses on several problems associated with reverse engineering ICs. Logic signal identification is used to find malicious signals, and logic desynthesis is used to extract high level details. Each of the proposed method have their results analyzed for accuracy and runtime. It is found that method for finding logic tends to be the most difficult task, in part due to the degree of heuristic\u27s inaccuracy. With minor improvements moderate sized ICs could have their high-level function recovered within minutes, which would allow for a trained eye or automated methods to more easily detect discrepancies within a circuit\u27s design
Security of Electrical, Optical and Wireless On-Chip Interconnects: A Survey
The advancement of manufacturing technologies has enabled the integration of
more intellectual property (IP) cores on the same system-on-chip (SoC).
Scalable and high throughput on-chip communication architecture has become a
vital component in today's SoCs. Diverse technologies such as electrical,
wireless, optical, and hybrid are available for on-chip communication with
different architectures supporting them. Security of the on-chip communication
is crucial because exploiting any vulnerability would be a goldmine for an
attacker. In this survey, we provide a comprehensive review of threat models,
attacks, and countermeasures over diverse on-chip communication technologies as
well as sophisticated architectures.Comment: 41 pages, 24 figures, 4 table
Adversarial Deep Learning and Security with a Hardware Perspective
Adversarial deep learning is the field of study which analyzes deep learning in the presence of adversarial entities. This entails understanding the capabilities, objectives, and attack scenarios available to the adversary to develop defensive mechanisms and avenues of robustness available to the benign parties. Understanding this facet of deep learning helps us improve the safety of the deep learning systems against external threats from adversaries. However, of equal importance, this perspective also helps the industry understand and respond to critical failures in the technology. The expectation of future success has driven significant interest in developing this technology broadly. Adversarial deep learning stands as a balancing force to ensure these developments remain grounded in the real-world and proceed along a responsible trajectory. Recently, the growth of deep learning has begun intersecting with the computer hardware domain to improve performance and efficiency for resource constrained application domains. The works investigated in this dissertation constitute our pioneering efforts in migrating adversarial deep learning into the hardware domain alongside its parent field of research
- …