A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added

Runtime Detection of a Bandwidth Denial Attack from a Rogue Network-on-Chip

Chips with high computational power are the crux of today’s pervasive complex digital systems. Microprocessor circuits are evolving towards many core designs with the integration of hundreds of processing cores, memory elements and other devices on a single chip to sustain high performance computing while maintaining low design costs. Two decisive paradigm shifts in the semiconductor industry have made this evolution possible: (a) architectural and (b) organizational. At the heart of the architectural innovation is a scalable high speed data communication structure, the network-on-chip (NoC). NoC is an interconnect network for the glueless integration of on-chip components in the modern complex communication centric designs. In the recent days, NoC has replaced the traditional bus based architecture owing to its structured and modular design, scalability and low design cost. The organizational revolution has resulted in a globalized and collaborative supply chain with pervasive use of third party intellectual properties to reduce the time-to-market and overall design costs. Despite the advantages of these paradigm shifts, modern system-on-chips pose a plethora of security vulnerabilities. This work explores a threat model arising from a malicious NoC IP embedded with a hardware trojan affecting the resource availability of on-chip components. A rigorous simulation infrastructure is established to evaluate the feasibility and potency of such an attack. Further, a non-invasive runtime monitoring technique is proposed and thoroughly investigated to ensure the trustworthiness of a third party NoC IP with low overheads

Analog hardware security and hardware authentication

Hardware security and hardware authentication have become more and more important concerns in the manufacture of trusted integrated circuits. In this dissertation, a detailed study of hardware Trojans in analog circuits characterized by the presence of extra operating points or modes is presented. In a related study, a counterfeit countermeasure method based upon PUF authentication circuits is proposed for addressing the growing proliferation of counterfeit integrated circuits in the supply chain. Most concerns about hardware Trojans in semiconductor devices are based upon an implicit assumption that attackers will focus on embedding Trojans in digital hardware by making malicious modifications to the Boolean operation of a circuit. In stark contrast, hardware Trojans can be easily embedded in some of the most basic analog circuits. In this work, a particularly insidious class of analog hardware Trojans that require no architectural modifications, no area or power overhead, and prior to triggering, that leave no signatures in any power domains or delay paths is introduced. The Power/Architecture/Area/Signature Transparent (PAAST) characteristics help the Trojan “hide” and make them very difficult to detect with existing hardware Trojan detection methods. Cleverly hidden PAAST Trojans are nearly impossible to detect with the best simulation and verification tools, even if a full and accurate disclosure of the circuit schematic and layout is available. Aside from the work of the author of this dissertation and her classmates, the literature is void of discussions of PAAST analog hardware Trojans. In this work, examples of circuits showing the existence of PAAST analog hardware Trojans are given, the PAAST characteristics of these types of hardware Trojans are discussed, and heuristic detection methods that can help to detect these analog hardware Trojans are proposed. Another major and growing problem in the modern IC supply chain is the proliferation of counterfeit chips that are often characterized by different or inferior performance characteristics and reduced reliability when compared with authentic parts. A counterfeit countermeasure method is proposed that should lower the entry barrier for major suppliers of commercial off the shelf (COTS) parts to offer authenticated components to the military and other customers that have high component reliability requirements. The countermeasure is based upon a PUF authentication circuit that requires no area, pin, or power overhead, and causes no degradation of performance of existing and future COTS components

Unsupervised Learning Trojan

This work presents a proof of concept of an Unsupervised Learning Trojan. The Unsupervised Learning Trojan presents new challenges over previous work on the Neural network Trojan, since the attacker does not control most of the environment. The current work will presented an analysis of how the attack can be successful by proposing new assumptions under which the attack can become a viable one. A general analysis of how the compromise can be theoretically supported is presented, providing enough background for practical implementation development. The analysis was carried out using 3 selected algorithms that can cover a wide variety of circumstances of unsupervised learning. A selection of 4 encoding schemes on 4 datasets were chosen to represent actual scenarios under which the Trojan compromise might be targeted. A detailed procedure is presented to demonstrate the attack\u27s viability under assumed circumstances. Two tests of hypothesis concerning the experimental setup were carried out which yielded acceptance of the null hypothesis. Further discussion is contemplated on various aspects of actual implementation issues and real world scenarios where this attack might be contemplated