22 research outputs found
Hardware trojan enabled denial of service attack on CAN bus
The trend of technological advances in the vehicle industry illustrates that future cars would have added functionalities with smart features, better connectivity and autonomous behaviour. These naturally involve a higher number of Electronic Control Units (ECUs) being connected using existing conventional in-vehicle network protocols such as Controller Area Network (CAN). In this context, security of systems is now becoming a major concern while industry’s primary interest in the manufacturing of cars is reliability and safety. It is now in daily news that smart cars are being hacked due to weaknesses in their embedded electronics that provides ways of hardware attacks [1] [2].
Hardware Trojan (HT) is the threat that has been recently recognised as one of the primary sources of backdoor access that enables hackers to attack systems. As trouble, HT remains silent until a rare function/event triggers it for activation. This paper contributes to the challenge of demonstration of disruption in CAN buses raised from hidden Hardware Trojan. In this regard, it is presented how just a small size Hardware Trojan disrupts the CAN bus communication without an adversary having physical access to the bus. The attack is neither detectable via frame analysis, nor can be prevented via network segmentation; additionally, a rare triggering mechanism activates HT to process untraceable faults
Logic Locking based Trojans: A Friend Turns Foe
Logic locking and hardware Trojans are two fields in hardware security that
have been mostly developed independently from each other. In this paper, we
identify the relationship between these two fields. We find that a common
structure that exists in many logic locking techniques has desirable properties
of hardware Trojans (HWT). We then construct a novel type of HWT, called
Trojans based on Logic Locking (TroLL), in a way that can evade
state-of-the-art ATPG-based HWT detection techniques. In an effort to detect
TroLL, we propose customization of existing state-of-the-art ATPG-based HWT
detection approaches as well as adapting the SAT-based attacks on logic locking
to HWT detection. In our experiments, we use random sampling as reference. It
is shown that the customized ATPG-based approaches are the best performing but
only offer limited improvement over random sampling. Moreover, their efficacy
also diminishes as TroLL's triggers become longer, i.e., have more bits
specified). We thereby highlight the need to find a scalable HWT detection
approach for TroLL.Comment: 9 pages, double column, 8 figures, IEEE forma
Emerging Security Threats in Modern Digital Computing Systems: A Power Management Perspective
Design of computing systems — from pocket-sized smart phones to massive cloud based data-centers — have one common daunting challenge : minimizing the power consumption. In this effort, power management sector is undergoing a rapid and profound transformation to promote clean and energy proportional computing. At the hardware end of system design, there is proliferation of specialized, feature rich and complex power management hardware components. Similarly, in the software design layer complex power management suites are growing rapidly. Concurrent to this development, there has been an upsurge in the integration of third-party components to counter the pressures of shorter time-to-market. These trends collectively raise serious concerns about trust and security of power management solutions.
In recent times, problems such as overheating, performance degradation and poor battery life, have dogged the mobile devices market, including the infamous recall of Samsung Note 7. Power outage in the data-center of a major airline left innumerable passengers stranded, with thousands of canceled flights costing over 100 million dollars. This research examines whether such events of unintentional reliability failure, can be replicated using targeted attacks by exploiting the security loopholes in the complex power management infrastructure of a computing system.
At its core, this research answers an imminent research question: How can system designers ensure secure and reliable operation of third-party power management units? Specifically, this work investigates possible attack vectors, and novel non-invasive detection and defense mechanisms to safeguard system against malicious power attacks. By a joint exploration of the threat model and techniques to seamlessly detect and protect against power attacks, this project can have a lasting impact, by enabling the design of secure and cost-effective next generation hardware platforms
Recommended from our members
Producing Trustworthy Hardware Using Untrusted Components, Personnel and Resources
Computer security is a full-system property, and attackers will always
go after the weakest link in a system. In modern computer systems,
the hardware supply chain is an obvious and vulnerable point of
attack. The ever-increasing complexity of hardware systems, along with
the globalization of the hardware supply chain, has made it unreasonable
to trust hardware. Hardware-based attacks, known as backdoors, are easy
to implement and can undermine the security of systems built on top of
compromised hardware. Operating systems and other software can only be
secure if they can trust the underlying hardware systems.
The full supply chain for creating hardware includes multiple processes,
which are often addressed in disparate threads of research, but which we
consider as one unified process. On the front-end side, there is the soft
design of hardware, along with validation and synthesis, to ultimately
create a netlist, the document that defines the physical layout of
hardware. On the back-end side, there is a physical fabrication process,
where a chip is produced at a foundry from a supplied netlist, followed
in some cases by post-fabrication testing. Producing a trustworthy chip
means securing the process from the early design stages through to the
post-fabrication tests.
We propose, implement and analyze a series of methods for making
the hardware supply chain resilient against a wide array of known and
possible attacks. These methods allow for the design and fabrication of
hardware using untrustworthy personnel, designs, tools and resources,
while protecting the final product from large classes of attacks, some
known previously and some discovered and taxonomized in this work.
The overarching idea in this work is to take a full-process view of
the hardware supply chain. We begin by securing the hardware design and
synthesis processes uses a defense-in-depth approach. We combine this
work with foundry-side techniques to prevent malicious modifications
and counterfeiting, and finally apply novel attestation techniques to
ensure that hardware is trustworthy when it reaches users.
For our design-side security approach, we use defense-in-depth
because in practice, any security method can potentially subverted, and
defense-in-depth is the best way to handle that assumption. Our approach
involves three independent steps. The first is a functional analysis
tool (called FANCI), applied statically to designs during the coding and
validation stages to remove any malicious circuits. The second step is
to include physical security circuits that operate at runtime. These
circuits, which we call trigger obfuscation circuits, scramble data at
the microarchitectural level so that any hardware backdoors remaining in
the design cannot be triggered at runtime. The third and final step is to
include a runtime monitoring system that detects any backdoor payloads
that might have been achieved despite the previous two steps. We design
two different versions of this monitoring system. The first, TrustNet, is
extremely lightweight and protects against an important class of attacks
called emitter backdoors. The second, DataWatch, is slightly more heavyweight
(though still efficient and low overhead) that can catch a wider variety
of attacks and can be adapted to protect against nearly any type of
digital payload. We taxonomize the types of attacks that are possible
against each of the three steps of our defense-in-depth system and show
that each defense provides strong coverage with low (or negligible)
overheads to performance, area and power consumption.
For our foundry-side security approach, we develop the first foundry-side
defense system that is aware of design-side security. We create a
power-based side-channel, called a beacon. This beacon is essentially a
benign backdoor. It can be turned on by a special key (not provided to
the foundry), allowing for security attestation during post-fabrication
testing. By designing this beacon into the design itself, the beacon
requires neither keys nor storage, and as such exists in the final chip
purely by virtue of existing in the netlist. We further obfuscate the
netlist itself, rendering the task of reverse engineering the beacon
(for a foundry-side adversary) intractable. Both the inclusion of the
beacon and the obfuscation process add little to area and power costs
and have no impact on performance.
All together, these methods provide a foundation on which hardware
security can be developed and enhanced. They are low overhead and
practical, making them suitable for inclusion in next generation
hardware. Moving forward, the criticality of having trustworthy hardware
can only increase. Ensuring that the hardware supply chain can be trusted
in the face of sophisticated adversaries is vital. Both hardware design
and hardware fabrication are increasingly international processes, and
we believe continuing with this unified approach is the correct path
for future research. In order for companies and governments to place
trust in mission-critical hardware, it is necessary for hardware to be
certified as secure and trustworthy. The methods we propose can be the
first steps toward making this certification a reality
Towards trustworthy computing on untrustworthy hardware
Historically, hardware was thought to be inherently secure and trusted due to its
obscurity and the isolated nature of its design and manufacturing. In the last two
decades, however, hardware trust and security have emerged as pressing issues.
Modern day hardware is surrounded by threats manifested mainly in undesired
modifications by untrusted parties in its supply chain, unauthorized and pirated
selling, injected faults, and system and microarchitectural level attacks. These threats,
if realized, are expected to push hardware to abnormal and unexpected behaviour
causing real-life damage and significantly undermining our trust in the electronic and
computing systems we use in our daily lives and in safety critical applications. A
large number of detective and preventive countermeasures have been proposed in
literature. It is a fact, however, that our knowledge of potential consequences to
real-life threats to hardware trust is lacking given the limited number of real-life
reports and the plethora of ways in which hardware trust could be undermined. With
this in mind, run-time monitoring of hardware combined with active mitigation of
attacks, referred to as trustworthy computing on untrustworthy hardware, is proposed
as the last line of defence. This last line of defence allows us to face the issue of live
hardware mistrust rather than turning a blind eye to it or being helpless once it occurs.
This thesis proposes three different frameworks towards trustworthy computing
on untrustworthy hardware. The presented frameworks are adaptable to different
applications, independent of the design of the monitored elements, based on
autonomous security elements, and are computationally lightweight. The first
framework is concerned with explicit violations and breaches of trust at run-time,
with an untrustworthy on-chip communication interconnect presented as a potential
offender. The framework is based on the guiding principles of component guarding,
data tagging, and event verification. The second framework targets hardware elements
with inherently variable and unpredictable operational latency and proposes a
machine-learning based characterization of these latencies to infer undesired latency
extensions or denial of service attacks. The framework is implemented on a DDR3
DRAM after showing its vulnerability to obscured latency extension attacks. The
third framework studies the possibility of the deployment of untrustworthy hardware
elements in the analog front end, and the consequent integrity issues that might arise
at the analog-digital boundary of system on chips. The framework uses machine
learning methods and the unique temporal and arithmetic features of signals at this
boundary to monitor their integrity and assess their trust level
Fine-grained reasoning about the security and usability trade-off in modern security tools
Defense techniques detect or prevent attacks based on their ability to model the attacks. A balance between security and usability should always be established in any kind of defense technique. Attacks that exploit the weak points in security tools are very powerful and thus can go undetected. One source of those weak points in security tools comes when security is compromised for usability reasons, where if a security tool completely secures a system against attacks the whole system will not be usable because of the large false alarms or the very restricted policies it will create, or if the security tool decides not to secure a system against certain attacks, those attacks will simply and easily succeed. The key contribution of this dissertation is that it digs deeply into modern security tools and reasons about the inherent security and usability trade-offs based on identifying the low-level, contributing factors to known issues. This is accomplished by implementing full systems and then testing those systems in realistic scenarios. The thesis that this dissertation tests is that we can reason about security and usability trade-offs in fine-grained ways by building and testing full systems. Furthermore, this dissertation provides practical solutions and suggestions to reach a good balance between security and usability. We study two modern security tools, Dynamic Information Flow Tracking (DIFT) and Antivirus (AV) software, for their importance and wide usage. DIFT is a powerful technique that is used in various aspects of security systems. It works by tagging certain inputs and propagating the tags along with the inputs in the target system. However, current DIFT systems do not track implicit information flow because if all DIFT propagation rules are directly applied in a conservative way, the target system will be full of tagged data (a problem called overtagging) and thus useless because the tags tell us very little about the actual information flow of the system. So, current DIFT systems drop some security for usability. In this dissertation, we reason about the sources of the overtagging problem and provide practical ways to deal with it, while previous approaches have focused on abstract descriptions of the main causes of the problem based on limited experiments. The second security tool we consider in this dissertation is antivirus (AV) software. AV is a very important tool that protects systems against worms and viruses by scanning data against a database of signatures. Despite its importance and wide usage, AV has received little attention from the security research community. In this dissertation, we examine the AV internals and reason about the possibility of creating timing channel attacks against AV software. The attacker could infer information about the AV based only on the scanning time the AV spends to scan benign inputs. The other aspect of AV this dissertation explores is the low-level AV performance impact on systems. Even though the performance overhead of AV is a well known issue, the exact reasons behind this overhead are not well-studied. In this dissertation, we design a methodology that utilizes Event Tracing for Windows technology (ETW), a technology that accounts for all OS events, to reason about AV performance impact from the OS point of view. We show that the main performance impact of the AV on a task is the longer waiting time the task spends waiting on events
Toward Reliable, Secure, and Energy-Efficient Multi-Core System Design
Computer hardware researchers have perennially focussed on improving the performance of computers while stipulating the energy consumption under a strict budget. While several innovations over the years have led to high performance and energy efficient computers, more challenges have also emerged as a fallout. For example, smaller transistor devices in modern multi-core systems are afflicted with several reliability and security concerns, which were inconceivable even a decade ago. Tackling these bottlenecks happens to negatively impact the power and performance of the computers. This dissertation explores novel techniques to gracefully solve some of the pressing challenges of the modern computer design. Specifically, the proposed techniques improve the reliability of on-chip communication fabric under a high power supply noise, increase the energy-efficiency of low-power graphics processing units, and demonstrate an unprecedented security loophole of the low-power computing paradigm through rigorous hardware-based experiments
Uniquely Identifiable Tamper-Evident Device Using Coupling between Subwavelength Gratings
Reliability and sensitive information protection are critical aspects of integrated circuits. A novel technique using near-field evanescent wave coupling from two subwavelength gratings (SWGs), with the input laser source delivered through an optical fiber is presented for tamper evidence of electronic components. The first grating of the pair of coupled subwavelength gratings (CSWGs) was milled directly on the output facet of the silica fiber using focused ion beam (FIB) etching. The second grating was patterned using e-beam lithography and etched into a glass substrate using reactive ion etching (RIE). The slightest intrusion attempt would separate the CSWGs and eliminate near-field coupling between the gratings. Tampering, therefore, would become evident.
Computer simulations guided the design for optimal operation of the security solution. The physical dimensions of the SWGs, i.e. period and thickness, were optimized, for a 650 nm illuminating wavelength. The optimal dimensions resulted in a 560 nm grating period for the first grating etched in the silica optical fiber and 420 nm for the second grating etched in borosilicate glass. The incident light beam had a half-width at half-maximum (HWHM) of at least 7 µm to allow discernible higher transmission orders, and a HWHM of 28 µm for minimum noise. The minimum number of individual grating lines present on the optical fiber facet was identified as 15 lines. Grating rotation due to the cylindrical geometry of the fiber resulted in a rotation of the far-field pattern, corresponding to the rotation angle of moiré fringes. With the goal of later adding authentication to tamper evidence, the concept of CSWGs signature was also modeled by introducing random and planned variations in the glass grating.
The fiber was placed on a stage supported by a nanomanipulator, which permitted three-dimensional displacement while maintaining the fiber tip normal to the surface of the glass substrate. A 650 nm diode laser was fixed to a translation mount that transmitted the light source through the optical fiber, and the output intensity was measured using a silicon photodiode. The evanescent wave coupling output results for the CSWGs were measured and compared to the simulation results
An architecture framework for enhanced wireless sensor network security
This thesis develops an architectural framework to enhance the security of Wireless Sensor Networks (WSNs) and provides the implementation proof through different security countermeasures, which can be used to establish secure WSNs, in a distributed and self-healing manner. Wireless Sensors are used to monitor and control environmental properties such as sound, acceleration, vibration, air pollutants, and temperature. Due to their limited resources in computation capability, memory and energy, their security schemes are susceptible to many kinds of security vulnerabilities. This thesis investigated all possible network attacks on WSNs and at the time of writing, 19 different types of attacks were identified, all of which are discussed including exposures to the attacks, and the impact of those attacks. The author then utilises this work to examine the ZigBee series, which are the new generation of wireless sensor network products with built-in layered security achieved by secure messaging using symmetric cryptography. However, the author was able to uniquely identify several security weaknesses in ZigBee by examining its protocol and launching the possible attacks. It was found that ZigBee is vulnerable to the following attacks, namely: eavesdropping, replay attack, physical tampering and Denial of Services (DoS). The author then provides solutions to improve the ZigBee security through its security schema, including an end-to-end WSN security framework, architecture design and sensor configuration, that can withstand all types of attacks on the WSN and mitigate ZigBee’s WSN security vulnerabilities