1,085 research outputs found
DeMiST: Detection and Mitigation of Stealthy Analog Hardware Trojans
The global semiconductor supply chain involves design and fabrication at
various locations, which leads to multiple security vulnerabilities, e.g.,
Hardware Trojan (HT) insertion. Although most HTs target digital circuits, HTs
can be inserted in analog circuits. Therefore, several techniques have been
developed for HT insertions in analog circuits. Capacitance-based Analog
Hardware Trojan (AHT) is one of the stealthiest HT that can bypass most
existing HT detection techniques because it uses negligible charge accumulation
in the capacitor to generate stealthy triggers. To address the charge sharing
and accumulation issues, we propose a novel way to detect such
capacitance-based AHT in this paper. Secondly, we critically analyzed existing
AHTs to highlight their respective limitations. We proposed a stealthier
capacitor-based AHT (fortified AHT) that can bypass our novel AHT detection
technique by addressing these limitations. Finally, by critically analyzing the
proposed fortified AHT and existing AHTs, we developed a robust two-phase
framework (DeMiST) in which a synchronous system can mitigate the effects of
capacitance-based stealthy AHTs by turning off the triggering capability of
AHT. In the first phase, we demonstrate how the synchronous system can avoid
the AHT during run-time by controlling the supply voltage of the intermediate
combinational circuits. In the second phase, we proposed a supply voltage duty
cycle-based validation technique to detect capacitance-based AHTs. Furthermore,
DeMiST amplified the switching activity for charge accumulation to such a
degree that it can be easily detectable using existing switching activity-based
HT detection techniques.Comment: Accepted at ACM Hardware and Architectural Support for Security and
Privacy (HASP) 202
A Framework for Evaluating Security in the Presence of Signal Injection Attacks
Sensors are embedded in security-critical applications from medical devices
to nuclear power plants, but their outputs can be spoofed through
electromagnetic and other types of signals transmitted by attackers at a
distance. To address the lack of a unifying framework for evaluating the
effects of such transmissions, we introduce a system and threat model for
signal injection attacks. We further define the concepts of existential,
selective, and universal security, which address attacker goals from mere
disruptions of the sensor readings to precise waveform injections. Moreover, we
introduce an algorithm which allows circuit designers to concretely calculate
the security level of real systems. Finally, we apply our definitions and
algorithm in practice using measurements of injections against a smartphone
microphone, and analyze the demodulation characteristics of commercial
Analog-to-Digital Converters (ADCs). Overall, our work highlights the
importance of evaluating the susceptibility of systems against signal injection
attacks, and introduces both the terminology and the methodology to do so.Comment: This article is the extended technical report version of the paper
presented at ESORICS 2019, 24th European Symposium on Research in Computer
Security (ESORICS), Luxembourg, Luxembourg, September 201
Low-power emerging memristive designs towards secure hardware systems for applications in internet of things
Emerging memristive devices offer enormous advantages for applications such as non-volatile memories and in-memory computing (IMC), but there is a rising interest in using memristive technologies for security applications in the era of internet of things (IoT). In this review article, for achieving secure hardware systems in IoT, low-power design techniques based on emerging memristive technology for hardware security primitives/systems are presented. By reviewing the state-of-the-art in three highlighted memristive application areas, i.e. memristive non-volatile memory, memristive reconfigurable logic computing and memristive artificial intelligent computing, their application-level impacts on the novel implementations of secret key generation, crypto functions and machine learning attacks are explored, respectively. For the low-power security applications in IoT, it is essential to understand how to best realize cryptographic circuitry using memristive circuitries, and to assess the implications of memristive crypto implementations on security and to develop novel computing paradigms that will enhance their security. This review article aims to help researchers to explore security solutions, to analyze new possible threats and to develop corresponding protections for the secure hardware systems based on low-cost memristive circuit designs
On Ladder Logic Bombs in Industrial Control Systems
In industrial control systems, devices such as Programmable Logic Controllers
(PLCs) are commonly used to directly interact with sensors and actuators, and
perform local automatic control. PLCs run software on two different layers: a)
firmware (i.e. the OS) and b) control logic (processing sensor readings to
determine control actions). In this work, we discuss ladder logic bombs, i.e.
malware written in ladder logic (or one of the other IEC 61131-3-compatible
languages). Such malware would be inserted by an attacker into existing control
logic on a PLC, and either persistently change the behavior, or wait for
specific trigger signals to activate malicious behaviour. For example, the LLB
could replace legitimate sensor readings with manipulated values. We see the
concept of LLBs as a generalization of attacks such as the Stuxnet attack. We
introduce LLBs on an abstract level, and then demonstrate several designs based
on real PLC devices in our lab. In particular, we also focus on stealthy LLBs,
i.e. LLBs that are hard to detect by human operators manually validating the
program running in PLCs. In addition to introducing vulnerabilities on the
logic layer, we also discuss countermeasures and we propose two detection
techniques.Comment: 11 pages, 14 figures, 2 tables, 1 algorith
Design and Validation for FPGA Trust under Hardware Trojan Attacks
Field programmable gate arrays (FPGAs) are being increasingly used in a wide range of critical applications, including industrial, automotive, medical, and military systems. Since FPGA vendors are typically fabless, it is more economical to outsource device production to off-shore facilities. This introduces many opportunities for the insertion of malicious alterations of FPGA devices in the foundry, referred to as hardware Trojan attacks, that can cause logical and physical malfunctions during field operation. The vulnerability of these devices to hardware attacks raises serious security concerns regarding hardware and design assurance. In this paper, we present a taxonomy of FPGA-specific hardware Trojan attacks based on activation and payload characteristics along with Trojan models that can be inserted by an attacker. We also present an efficient Trojan detection method for FPGA based on a combined approach of logic-testing and side-channel analysis. Finally, we propose a novel design approach, referred to as Adapted Triple Modular Redundancy (ATMR), to reliably protect against Trojan circuits of varying forms in FPGA devices. We compare ATMR with the conventional TMR approach. The results demonstrate the advantages of ATMR over TMR with respect to power overhead, while maintaining the same or higher level of security and performances as TMR. Further improvement in overhead associated with ATMR is achieved by exploiting reconfiguration and time-sharing of resources
- …