15 research outputs found
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
The First Thorough Side-Channel Hardware Trojan
Hardware Trojans have gained high attention in academia, industry and by government agencies. The effective detection mechanisms and countermeasures against such malicious designs are only possible when there is a deep understanding of how hardware Trojans can be built in practice. In this work, we present a mechanism which shows how easily a stealthy hardware Trojan can be inserted in a provably-secure side-channel analysis protected implementation. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage leading to successful key recovery attacks. Such a Trojan does not add or remove any logic (even a single gate) to the design which makes it very hard to detect. In ASIC platforms, it is indeed inserted by subtle manipulations at the sub-transistor level to modify the parameters of a few transistors. The same is applicable on FPGA applications by changing the routing of particular signals, leading to null resource utilization overhead. The underlying concept is based on a secure masked hardware implementation which does not exhibit any detectable leakage. However, by running the device at a particular clock frequency one of the requirements of the underlying masking scheme is not fulfilled anymore, i.e., the Trojan is triggered, and the device\u27s side-channel leakage can be exploited.
Although as a case study we show an application of our designed Trojan on an FPGA-based threshold implementation of the PRESENT cipher, our methodology is a general approach and can be applied on any similar
circuit
A Design Methodology for Stealthy Parametric Trojans and Its Application to Bug Attacks
Over the last decade, hardware Trojans have gained increasing
attention in academia, industry and by government agencies. In
order to design reliable countermeasures, it is crucial to understand how
hardware Trojans can be built in practice. This is an area that has received
relatively scant treatment in the literature. In this contribution,
we examine how particularly stealthy Trojans can be introduced to a
given target circuit. The Trojans are triggered by violating the delays of
very rare combinational logic paths. These are parametric Trojans, i.e.,
they do not require any additional logic and are purely based on subtle
manipulations on the sub-transistor level to modify the parameters of the
transistors. The Trojan insertion is based on a two-phase approach. In
the rst phase, a SAT-based algorithm identies rarely sensitized paths in
a combinational circuit. In the second phase, a genetic algorithm smartly
distributes delays for each gate to minimize the number of faults caused
by random vectors.
As a case study, we apply our method to a 32-bit multiplier circuit
resulting in a stealthy Trojan multiplier. This Trojan multiplier only
computes faulty outputs if specic combinations of input pairs are applied
to the circuit. The multiplier can be used to realize bug attacks, introduced by Biham et al. In addition to the bug attacks proposed previously, we extend this concept for the specic fault model of the path delay Trojan multiplier and show how it can be used to attack ECDH key agreement protocols.
Our method is a general approach to path delay faults. It is a versatile
tool for designing stealthy Trojans for a given circuit and is not restricted to multipliers and the bug attack
Parametric Trojans for Fault-Injection Attacks on Cryptographic Hardware
We propose two extremely stealthy hardware Trojans that facilitate
fault-injection attacks in cryptographic blocks. The Trojans are carefully
inserted to modify the electrical characteristics of predetermined transistors
in a circuit by altering parameters such as doping concentration and dopant
area. These Trojans are activated with very low probability under the presence
of a slightly reduced supply voltage (0.001 for 20\% reduction). We
demonstrate the effectiveness of the Trojans by utilizing them to inject faults
into an ASIC implementation of the recently introduced lightweight cipher %ip
PRINCE. Full circuit-level simulation followed by differential cryptanalysis
demonstrate that the secret key can be reconstructed after around 5
fault-injections