Trojans in Early Design Steps—An Emerging Threat

Hardware Trojans inserted by malicious foundries during integrated circuit manufacturing have received substantial attention in recent years. In this paper, we focus on a different type of hardware Trojan threats: attacks in the early steps of design process. We show that third-party intellectual property cores and CAD tools constitute realistic attack surfaces and that even system specification can be targeted by adversaries. We discuss the devastating damage potential of such attacks, the applicable countermeasures against them and their deficiencies

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added

Assessing Hardware Security Threats Posed by Hardware Trojans in Power Electronics

This study investigates the threat of hardware Trojans (HTs) in power electronics applications, a rising concern due to the growing demand for cost-effective embedded solutions in power systems. With the supply chain for electronic hardware devices expanding globally, particularly to low-cost foundries in foreign locations, there is an increasing risk of HT attacks. While there has been extensive research on HTs in computer applications, little consideration has been given to their threat in power electronics. This study demonstrates the effectiveness of a power electronics HT by implementing a novel HT design into a gate drive circuit. Additionally, the research proposes several HT designs that exploit factors unique to power circuits, such as high power delivery and analog circuitry in order to illustrate the distinct attack space. The research highlights the need for enhanced detection, protection, and prevention methods in power electronics applications and offers a roadmap for future studies to develop more effective countermeasures and algorithms to mitigate the risks of HT attacks in power electronics

Malicious Hardware & Its Effects on Industry

In recent years advancements have been made in computer hardware security to circumnavigate the threat of malicious hardware. Threats come in several forms during the development and overall life cycle of computer hardware and I aim to highlight those key points. I will illustrate the various ways in which attackers exploit flaws in a chip design, or how malicious parties take advantage of the many steps required to design and fabricate hardware. Due to these exploits, the industry and consumers have suffered damages in the form of financial loss, physical harm, breaches of personal data, and a multitude of other problems. Many are under the impression that such damages and attacks are only carried out at a software level. Because of this, flaws in chip design, fabrication, and the large scale of transistors on chips have often been overlooked as a means of exploitation. However, as is the trend in cyberattacks when one door is locked attackers look to gain an entrance with any possible means. Fortunately, strides have been made in closing those doors, however now that malicious attackers have been made aware of these openings the aim is to mitigate or even abolish the damage that has been dealt

Prevention of Drone Jamming Using Hardware Sandboxing

In this thesis, we concern ourselves with the security of drone systems under jamming-based attacks. We explore a relatively new concept we previously devised, known as hardware sandboxing, to provide runtime monitoring of boundary signals and isolation through resource virtualization for non-trusted system-on-chip (SoC) components. The focus of this thesis is the synthesis of this design and structure with the anti-jamming, security needs of drone systems. We utilize Field Programmable Gate Array (FPGA) based development and target embedded Linux for our hardware sandbox and drone hardware/software system. We design and implement our working concept on the Digilent Zybo FPGA, which uses the Xilinx Zynq System. Our design is validated via simulation-based tests to mimic jamming attacks and standalone, stationary tests with commercial transmitter and receiver equipment. In both cases, we are successful in detecting and isolating unwanted behavior. This thesis presents the current work performed, observations, and the future potential of hardware sandboxing in drone systems

HARDWARE ATTACK DETECTION AND PREVENTION FOR CHIP SECURITY

Hardware security is a serious emerging concern in chip designs and applications. Due to the globalization of the semiconductor design and fabrication process, integrated circuits (ICs, a.k.a. chips) are becoming increasingly vulnerable to passive and active hardware attacks. Passive attacks on chips result in secret information leaking while active attacks cause IC malfunction and catastrophic system failures. This thesis focuses on detection and prevention methods against active attacks, in particular, hardware Trojan (HT). Existing HT detection methods have limited capability to detect small-scale HTs and are further challenged by the increased process variation. We propose to use differential Cascade Voltage Switch Logic (DCVSL) method to detect small HTs and achieve a success rate of 66% to 98%. This work also presents different fault tolerant methods to handle the active attacks on symmetric-key cipher SIMON, which is a recent lightweight cipher. Simulation results show that our Even Parity Code SIMON consumes less area and power than double modular redundancy SIMON and Reversed-SIMON, but yields a higher fault -detection-failure rate as the number of concurrent faults increases. In addition, the emerging technology, memristor, is explored to protect SIMON from passive attacks. Simulation results indicate that the memristor-based SIMON has a unique power characteristic that adds new challenges on secrete key extraction

A taxonomy of malicious traffic for intrusion detection systems

With the increasing number of network threats it is essential to have a knowledge of existing and new network threats to design better intrusion detection systems. In this paper we propose a taxonomy for classifying network attacks in a consistent way, allowing security researchers to focus their efforts on creating accurate intrusion detection systems and targeted datasets

Secure Network-on-Chip Against Black Hole and Tampering Attacks

The Network-on-Chip (NoC) has become the communication heart of Multiprocessors-System-on-Chip (MPSoC). Therefore, it has been subject to a plethora of security threats to degrade the system performance or steal sensitive information. Due to the globalization of the modern semiconductor industry, many different parties take part in the hardware design of the system. As a result, the NoC could be infected with a malicious circuit, known as a Hardware Trojan (HT), to leave a back door for security breach purposes. HTs are smartly designed to be too small to be uncovered by offline circuit-level testing, so the system requires an online monitoring to detect and prevent the HT in runtime. This dissertation focuses on HTs inside the router of a NoC designed by a third party. It explores two HT-based threat models for the MPSoC, where the NoC experiences packet-loss and packet-tampering once the HT in the infected router is activated and is in the attacking state. Extensive experiments for each proposed architecture were conducted using a cycle-accurate simulator to demonstrate its effectiveness on the performance of the NoC-based system. The first threat model is the Black Hole Router (BHR) attack, where it silently discards the packets that are passing through without further announcement. The effect of the BHR is presented and analyzed to show the potency of the attack on a NoC-based system. A countermeasure protocol is proposed to detect the BHR at runtime and counteract the deliberate packet-dropping attack with a 26.9% area overhead, an average 21.31% performance overhead and a 22% energy consumption overhead. The protocol is extended to provide an efficient and power-gated scheme to enhance the NoC throughput and reduce the energy consumption by using end-to-end (e2e) approach. The power-gated e2e technique locates the BHR and avoids it with a 1% performance overhead and a 2% energy consumption overhead. The second threat model is a packet-integrity attack, where the HT tampers with the packet to apply a denial-of-service attack, steal sensitive information, gain unauthorized access, or misroute the packet to an unintended node. An authentic and secure NoC platform is proposed to detect and countermeasure the packet-tampering attack to maintain data-integrity and authenticity while keeping its secrecy with a 24.21% area overhead. The proposed NoC architecture is not only able to detect the attack, but also locates the infected router and isolates it from the network