hardware trojans a threat for cybersecurity
play

Hardware Trojans: A Threat for CyberSecurity Julien Francq - PowerPoint PPT Presentation

Aug 13, 2023 •819 likes •1.57k views

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com Cassidian CyberSecurity 2013, July the 8th Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust

  1. Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com Cassidian CyberSecurity 2013, July the 8th

  2. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Outline Introduction to Hardware Trojans 1 Hardware Trojan Taxonomy 2 HT Detection Methods 3 Design for Hardware Trust 4 HOMERE Project : First Results 5 2

  3. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Introduction to Hardware Trojans 1 Hardware Trojan Taxonomy 2 HT Detection Methods 3 Overview Logic Testing : Challenges & Solutions Side-Channels : Challenges & Solutions Some Subtleties Summary Design for Hardware Trust 4 HOMERE Project : First Results 5 3

  4. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Hardware Trojan (HT) Malicious modifications of an Integrated Circuit (IC) during its design flow 4

  5. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Context Outsourcing of the fabrication of the ICs Difficult to ensure the trust in all the steps of the design flow Trusted Idea Malicious IP-Cores Intentional mistakes Specification Malicous Design Design (HDL) IP Tampering Files Cores Synthesis Manipulated Mapping Tools Place & Route FPGA ASIC Tampering Files Tampering Files Config Hardware Layout File Manipulation While Loading Manipulate Design Production Loader Process Backdoors Attack IC FPGA ASIC Malicious External Board Components IC 5

  6. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Hardware Trojans in Practice 2005 : US Department of Defense 2007 : DARPA “Trust in IC Program” 2007 : Isra¨ el vs . Syria 2009 : “Hot Topic” of CHES conference After 2009 : other conferences (DATE, HOST, CARDIS, ReConFig, etc .) [Skorobogatov et al . : “Breaktrough Silicon Scanning Discovers Backdoor in Military Chip”, CHES 2012] ⇒ HTs : real and emerging threat 6

  7. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Quantification of Risks Overproduction Software HTs cloning Attackers Fab Competitors Terrorists Goal Feed the Grey IP Theft Denial of Service, Market Data Theft, Sabotage Impact Economical Economical Risks on Security, Economy, Infrastructures (Society) Risks +++ ++ + Impact × Risks too important to be neglicted 7

  8. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Possible Payloads Kill switch Fighters Dysfonctional circuit Satellite which works only 6 months Secret information leakage Ciphered communications Help a malware by providing a backdoor Privilege escalation, automatic login, password theft Prevent from going to sleep mode Autonomy etc . 8

  9. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Introduction to Hardware Trojans 1 Hardware Trojan Taxonomy 2 HT Detection Methods 3 Overview Logic Testing : Challenges & Solutions Side-Channels : Challenges & Solutions Some Subtleties Summary Design for Hardware Trust 4 HOMERE Project : First Results 5 9

  10. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Hardware Trojan Taxonomy Taxonomy : tree where each branch defines a different property In the ideal case, a specific HT must be on only one leaf of the tree Benefits of the taxonomy Systematic study of their characteristics Specific detection methods for each HT class Benchmark circuits for each class Best existing taxonomy : Trust-Hub 10

  11. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Trust-Hub Taxonomy 11

  12. Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust HOMERE Project : First Results Conclusion Factoring the Taxonomy 4 (effects) × 5 (locations) × 5 (insertion phases) × 6 (abstraction levels) × 5 (activation mechanisms) = 3000 different HTs ! Very rich taxonomy ! Impossible to implement them all, and then detect them ⇒ Factoring this taxonomy Total : ∼ 100 HTs 12

  13. Introduction to Hardware Trojans Overview Hardware Trojan Taxonomy Logic Testing : Challenges & Solutions HT Detection Methods Side-Channels : Challenges & Solutions Design for Hardware Trust Some Subtleties HOMERE Project : First Results Summary Conclusion Introduction to Hardware Trojans 1 Hardware Trojan Taxonomy 2 HT Detection Methods 3 Overview Logic Testing : Challenges & Solutions Side-Channels : Challenges & Solutions Some Subtleties Summary Design for Hardware Trust 4 HOMERE Project : First Results 5 13

  14. Introduction to Hardware Trojans Overview Hardware Trojan Taxonomy Logic Testing : Challenges & Solutions HT Detection Methods Side-Channels : Challenges & Solutions Design for Hardware Trust Some Subtleties HOMERE Project : First Results Summary Conclusion Introduction to Hardware Trojans 1 Hardware Trojan Taxonomy 2 HT Detection Methods 3 Overview Logic Testing : Challenges & Solutions Side-Channels : Challenges & Solutions Some Subtleties Summary Design for Hardware Trust 4 HOMERE Project : First Results 5 14

  15. Introduction to Hardware Trojans Overview Hardware Trojan Taxonomy Logic Testing : Challenges & Solutions HT Detection Methods Side-Channels : Challenges & Solutions Design for Hardware Trust Some Subtleties HOMERE Project : First Results Summary Conclusion HT Detection Methods Overview HT Protection Post Production Prevention Detection Supportive Destructive Non-Destructive Secure Trusted Design Design Production Optical Run-Time Test-Time Side Channel Analysis Logic Testing No method is 100% successfull ! 15

  16. Introduction to Hardware Trojans Overview Hardware Trojan Taxonomy Logic Testing : Challenges & Solutions HT Detection Methods Side-Channels : Challenges & Solutions Design for Hardware Trust Some Subtleties HOMERE Project : First Results Summary Conclusion Detect HTs ? Not so easy... Systems on Chip are more and more complex, and detecting a small 1 malicious modification is difficult Reverse-engineering inspection is costly and difficult 2 No guarantee that the remaining ICs are HT-free By nature, HTs are designed to be stealthy 3 Not easily detectable with conventional logic testing By nature, HTs are small to be not easily detected by optical 4 analysis Difficult to detect them with side-channel (power consumption, electromagnetic radiations, etc. ) analysis 16

  17. Introduction to Hardware Trojans Overview Hardware Trojan Taxonomy Logic Testing : Challenges & Solutions HT Detection Methods Side-Channels : Challenges & Solutions Design for Hardware Trust Some Subtleties HOMERE Project : First Results Summary Conclusion Introduction to Hardware Trojans 1 Hardware Trojan Taxonomy 2 HT Detection Methods 3 Overview Logic Testing : Challenges & Solutions Side-Channels : Challenges & Solutions Some Subtleties Summary Design for Hardware Trust 4 HOMERE Project : First Results 5 17

  18. Introduction to Hardware Trojans Overview Hardware Trojan Taxonomy Logic Testing : Challenges & Solutions HT Detection Methods Side-Channels : Challenges & Solutions Design for Hardware Trust Some Subtleties HOMERE Project : First Results Summary Conclusion Test Generation (1/2) Conventional logic testing cannot be used to reliably detect HT Manufacturing defects (stuck-at-faults) � = HT effects Difficult to trigger a HT Time-bombs Some HTs have no impact on functional outputs ( Trojan Side-Channels ) Vast spectrum of possible HTs 18

  19. Introduction to Hardware Trojans Overview Hardware Trojan Taxonomy Logic Testing : Challenges & Solutions HT Detection Methods Side-Channels : Challenges & Solutions Design for Hardware Trust Some Subtleties HOMERE Project : First Results Summary Conclusion Test Generation (2/2) HTs are on low controllability and observability nodes for a rare triggering Extremely challenging to exhaustively generate test vectors for triggering a HT 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate and malicious change to an IC that adds or removes functionality or reduces reliability The modifications may be designed to leak sensitive

394 views • 23 slides
Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

UNCLASSIFIED Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North Redefining R&D Needs for Australian Cyber Security UNSW ACCS at ADFA, November 16 th 2015 1 UNCLASSIFIED The Australian

411 views • 9 slides
Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD 2015 Hardware Security and Hardware Trojans User apps Each layer trusts all layers below it Kernel Hypervisor More privilege Widely

706 views • 49 slides
How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag, September 22, 2017 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker Pawel

616 views • 40 slides
Implementing Consequence-Driven Cybersecurity with Continuous ICS Monitoring & Threat Modeling

Implementing Consequence-Driven Cybersecurity with Continuous ICS Monitoring & Threat Modeling

Implementing Consequence-Driven Cybersecurity with Continuous ICS Monitoring & Threat Modeling Phil Neray, VP of Industrial Cybersecurity Agenda NotPetya: How a Single Piece of Code Crashed the World (Wired) VPNFilter Update

610 views • 24 slides
Cybersecurity: Governance and Best Practices in a Shifting Threat Landscape Presenter: Aravind

Cybersecurity: Governance and Best Practices in a Shifting Threat Landscape Presenter: Aravind

Cybersecurity: Governance and Best Practices in a Shifting Threat Landscape Presenter: Aravind Swaminathan Board of Administration Educational Day J ANUARY 2020 Global Cybersecurity Risk Last year also provided further evidence that cyber

231 views • 7 slides
Healthcare: Is the Cyber Threat Real? President Obama has identified cybersecurity as one of the

Healthcare: Is the Cyber Threat Real? President Obama has identified cybersecurity as one of the

Healthcare: Is the Cyber Threat Real? President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation..!Whitehouse.gov Dr. Emma Garrison-Alexander Vice Dean, Cybersecurity

355 views • 8 slides
Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research Institute 2018 EPFL, June 18, 2018 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker

449 views • 40 slides
How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference

16.05.2017 How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference Darmstadt, May 16, 2017 Christof Paar Ruhr Universitt Bochum Acknowledgement Georg Becker Pawel Swierczynski Marc Fyrbiak 1

593 views • 20 slides
Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

ACM/IEEE CODES + ISSS 2017, Seoul, South Korea Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L. Piccolboni 1,2 , A. Menon 2 , and G. Pravadelli 2 1 Columbia University, New York, NY, USA 2 University of

840 views • 60 slides
HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan Detection using IC Fingerprinting, Symposium on Security and Privacy, 2007, pp. 296 - 310 They use noise

543 views • 37 slides
Cyber Threat Brief March 2020 Ilene Klein, CISSP, CISM, CIPP/US Arizona Cybersecurity Program

Cyber Threat Brief March 2020 Ilene Klein, CISSP, CISM, CIPP/US Arizona Cybersecurity Program

Cyber Threat Brief March 2020 Ilene Klein, CISSP, CISM, CIPP/US Arizona Cybersecurity Program Coordinator UNCLASSIFIED / TLP:WHITE Why Cybersecurity Matters in the Time of Pandemic A heightened dependency on digital infrastructure raises

760 views • 61 slides
Identifying Changes in the Cybersecurity Threat Landscape using the LDA-Web Topic Modelling Data

Identifying Changes in the Cybersecurity Threat Landscape using the LDA-Web Topic Modelling Data

Identifying Changes in the Cybersecurity Threat Landscape using the LDA-Web Topic Modelling Data Search Engine Thursday 13 th July 2017 Multidisciplinary approaches to Cloud Crime HCII 2017, Vancouver Canada Noura Al Moubayed, David Wall, and

544 views • 9 slides
Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical Facilities Local Government Schools Law Enforcement Media Outlets The threat and how to think about it Ransomware has rapidly emerged as the most

398 views • 15 slides
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention Timely exposure of

325 views • 15 slides
Maritime Cybersecurity: Anticipating, Kate B. Belmont preventing and mitigating a growing threat

Maritime Cybersecurity: Anticipating, Kate B. Belmont preventing and mitigating a growing threat

December 10, 2015 Maritime Cybersecurity: Anticipating, Kate B. Belmont preventing and mitigating a growing threat Blank Rome LLP The Chrysler Building NY, NY 10174 (212) 885-5075 KBelmont@BlankRome.com DISCLAIMER The information

672 views • 38 slides
Scientific Program Committee Andreas Kronfeld SPC Chair Outline Committee membership

Scientific Program Committee Andreas Kronfeld SPC Chair Outline Committee membership

Report from the Scientific Program Committee Andreas Kronfeld SPC Chair Outline Committee membership Reallocation: kaon and 7n Thoughts on collaboration & Collaboration Leadership-class computing & INCITE All

462 views • 32 slides
STM32 Ecosystem workshop T.O.M.A.S Team 2 Now it is a right time for some slides We will

STM32 Ecosystem workshop T.O.M.A.S Team 2 Now it is a right time for some slides We will

STM32 Ecosystem workshop T.O.M.A.S Team 2 Now it is a right time for some slides We will present briefly what is STM32CubeMX and the structure of the Cube library What it is STM32CubeMX ? STM32CubeMX application 5 STM32CubeMx do

367 views • 24 slides
interface for an embedded system on a FPGA with Altera tools suite (note: a similar way is

interface for an embedded system on a FPGA with Altera tools suite (note: a similar way is

Embedded Systems "System On Programmable Chip" Design Methodology using QuartusII and SOPC Builder tools Ren Beuchat LAP - EPFL rene.beuchat@epfl.ch 3 Tools suite Goals : to be able to design a programmable interface for an

784 views • 74 slides
Outline OS protection and isolation (contd) CSci 5271 OS security: authentication

Outline OS protection and isolation (contd) CSci 5271 OS security: authentication

Outline OS protection and isolation (contd) CSci 5271 OS security: authentication Introduction to Computer Security Basics of access control OS authentication and access control (combined lecture) Announcements, Ex. 1 debrief Stephen

440 views • 11 slides
CPSC 121: Models of Computation 2017S Building & Designing Sequential Circuits Meghan

CPSC 121: Models of Computation 2017S Building & Designing Sequential Circuits Meghan

CPSC 121: Models of Computation 2017S Building & Designing Sequential Circuits Meghan Allen, based on notes by Steve Wolfman, Patrice Belleville and others 1 This work is licensed under a Creative Commons Attribution 3.0 Unported License.

1.24k views • 84 slides
EHDL Easy Hardware Description Language COMS 4115: Programming Languages and Translators, Fall

EHDL Easy Hardware Description Language COMS 4115: Programming Languages and Translators, Fall

EHDL Easy Hardware Description Language COMS 4115: Programming Languages and Translators, Fall 2011 Paolo Mantovani ( pm2613 ) Mashooq Muhaimen ( mm3858 ) Neil Deshpande ( nad2135 ) Kaushik Kaul ( kk2746 ) Overview & Motivation Why

233 views • 10 slides
Safety to the Weak! Security Through Feebleness: An Unorthodox Manifesto Rick McGeer, US Ignite

Safety to the Weak! Security Through Feebleness: An Unorthodox Manifesto Rick McGeer, US Ignite

Safety to the Weak! Security Through Feebleness: An Unorthodox Manifesto Rick McGeer, US Ignite Outline What does malware exploit? Why cant we find bugs? The Turing Hierarchy and the Verification Hierarchy Language

208 views • 19 slides
Large Scale Data Engineering Cloud Computing event.cwi.nl/lsde Cloud computing What?

Large Scale Data Engineering Cloud Computing event.cwi.nl/lsde Cloud computing What?

Large Scale Data Engineering Cloud Computing event.cwi.nl/lsde Cloud computing What? Computing resources as a metered service (pay as you go) Ability to dynamically provision virtual machines Why? Cost: capital vs.

830 views • 38 slides

More recommend