how to attack the iot with hardware trojans
play

How to Attack the IoT with Hardware Trojans Janet Lackey under CC - PDF document

Sep 07, 2023 •386 likes •593 views

16.05.2017 How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference Darmstadt, May 16, 2017 Christof Paar Ruhr Universitt Bochum Acknowledgement Georg Becker Pawel Swierczynski Marc Fyrbiak 1

  1. 16.05.2017 How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference Darmstadt, May 16, 2017 Christof Paar Ruhr Universität Bochum Acknowledgement • Georg Becker • Pawel Swierczynski • Marc Fyrbiak 1

  2. 16.05.2017 Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff 2

  3. 16.05.2017 Hardware Trojans Malicious change or addition to an IC that adds or remove functionality, or reduces reliability Many rather unpleasant “applications” Hardware Trojans & the Scientific Community Publications w/ „Hardware Trojans“ or „malicious Hardware“ (Google Scholar, Aug 2013) 250 only title 200 199 in paper 167 150 133 100 68 50 47 34 32 17 18 15 15 0 0 2007 2008 2009 2010 2011 2012 3

  4. 16.05.2017 Trojan Injection & Adversaries Scenarios DoD scenario 2005  Manufacturing Malicious factory, esp. off ‐ shore (foreign Government)  Design Manipulation 3 rd party IP ‐ cores   malicious employee not ‐ so ‐ unlikely 2013  During shipment cf. NSA’s interdiction  Built ‐ in backdoors etc. Where are we with “real” HW Trojans?  No true hardware Trojan observed in the wild  All examples from academia  Vast majority of publications focus on detection 4

  5. 16.05.2017 Our Thoughts ca. 2012 1. Designing Trojan could be fun too 2. Especially those that go undetected Simple Example: Inverter Trojan Let’s modify an inverter so that it always outputs “1” (VDD) without visible changes . A Y VDD VDD 0 1 1 0 A Y A Y GND GND 5

  6. 16.05.2017 PMOS Transistor Trojan Gate Gate Drain Drain Source Source (the output) (the output) (connected to VDD) (connected to VDD) P ‐ dopant P ‐ dopant N ‐ dopant N ‐ dopant N ‐ well N ‐ well (connected to VDD) (connected to VDD) Unmodified PMOS transistor Trojan trans. w/ constant VDD output “Always One” Trojan Inverter A Y VDD VDD PMOS transistor 0 1 permanent closed 1 0 A Y A Y = 1 NMOS transistor permanent open GND GND Q1: Can the manipulation be detected? Q2: How to build a useful Trojan from here? 6

  7. 16.05.2017 Detection: layout view of Trojan inverter Which one has the Trojan? Original Inverter “Always One” Trojan Unchanged: All metal layers • • Polysilicon layer • Active area • Wells  Dopant changes (very ?) difficult to detect using optical inspection! “Small” remaining question • Unfortunately, circuits will not function correctly with this simple stuck ‐ at fault … • … functional testing (after manufacturing) will detect fault right away Q2: Can we build a meaningful Trojan using dopant modifications that passes functional testing? 7

  8. 16.05.2017 A Real ‐ World True Random Number Generator Dopant Trojan … random numbers generate cryptographic keys for • secure web browsing • email encryption • document certification • … Inside the Random Number Generator entropy source 011001011110 … State register k … 0 0 1 1 0 1 0 1 1 1 0 128 State register c 128 128 … 1 0 0 1 0 0 0 1 1 0 AES Crypto Key 1 +1 testing all keys: 256 random bits lifetime of the universe • 1,000,000,000,000,000,000,000,000,000,000,000,000,000 possible crypto keys 8

  9. 16.05.2017 Trojan Random Number Generator 224 Trojan bits (fixed by attacker!) … 0 1 1 0 1 1 0 1 0 1 1 128 128 128 … … c 1 c 2 c 32 0 0 1 0 AES Crypto key 128 +1 only 32 random bits Testing all keys: few seconds • 1,000,000,000,000,000,000,000,000,000,000,000,000,000 • 1,000,000,000 possible crypto keys possible crypto keys ... but circuit would still be tested as “faulty” during manufacturing… Detection prevention through built ‐ in self test known input Test Mode 256 bit state 512 bits 32 bits ? CRC Reference Rate Matcher Checksum Checksum (Based on AES) Due to clever choosing = ≠ of the Trojan bits known input 256 bit state TROJAN 32 bits 512 bits CRC ? Reference Rate Matcher Checksum Checksum (Based on AES) 9

  10. 16.05.2017 Conclusion  Meaningful hardware Trojans are possible without extra logic  Many detection techniques don’t guarantee a Trojan free design!  Built ‐ in self tests can be dangerous  More details: Becker, Regazzoni, P, Burleson, Stealthy Dopant ‐ Level Hardware Trojans. CHES 2013 … but the scientific community functions as it is supposed to do:  Trojan detection is possible w/ scanning electron microscope Sugawara et al., Reversing Stealthy Dopant ‐ Level Circuits. CHES 2014 Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff 10

  11. 16.05.2017 FPGAs = Reconfigurable Hardware … are widely used world market: ≈ 5b devices Configuration during power ‐ up Can an we build hardware Trojans by manipulating the bitstream? power ‐ up Configuration file “bitstream” 11

  12. 16.05.2017 Principle of FPGA ‐ based Trojans small look ‐ up tables realize logic T Manipulate Bits configure Source Graphics: SimpleIcon, Xilinx The Mechanics of FPGAs 10 3 … 10 6 logic cells FPGA fabric bitstream is complex and proprietary Two challenges 1. find AES in unknown design 2. meaningful manipulation 12

  13. 16.05.2017 Finding AES: Luckily, crypto has very specific components • S ‐ boxes are realized as 6x1 look ‐ up tables (LUTs) LUT locations can be found in bitstream • • S ‐ box contents is very specific (luckily) AES detection in practice 8 different real ‐ world AES implementations 13

  14. 16.05.2017 Algorithm substitution attack and its implications 2. Trojan AES is configured T cute work … but not interoperable 1. Inject weak S ‐ boxes in with regular AES bitstream PT CT = AEST ( k, PT ) “Useful“ attacks are still possible! 1. Storage encryption – Plaintext recovery • Attacker can recover plaintext without access to k 2. Temporary device access – Key extraction • switch S ‐ box and recover k from CT • configure orginal S ‐ box Conclusion  New attack vector against FPGAs!  Reconfigurability allows “hardware” Trojans designed in the lab  Bitstream protection is crucial! (but not easy, cf. our work at CCS 2011 & FPGA 2013)  Details at: Swierczynski, Fyrbiak, Koppe, P, FPGA Trojans through Detecting and Weakening of Cryptographic Primitives . IEEE TCAD 2015. 14

  15. 16.05.2017 Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff What else can we do with bitstreams? So, bitstream manipulation allows Trojan insertion ... Hmm, are their other/simpler ways to extract keys through bitstreams? 15

  16. 16.05.2017 Set ‐ Up non ‐ classical set ‐ up: Alteration of bitstream configure Can bitstream manipulation of Can bitstream manipulation of unknown design lead to key leakage? unknown design lead to key leakage? k CT = AES ( k, PT ) PT classical known ‐ plaintext set ‐ up Bitstream Fault Injections (BiFI) configure k 10 ‐ 30k LUTs per FPGA … CT = AES ( k, PT ) PT (surprising) attack strategy 1. manipulate 1st LUT table (e.g., all ‐ zero) 2. configure FPGA 3. send PT 4. check: Does CT contain k? if not: GOTO 1 and manipulate next LUT 16

  17. 16.05.2017 How exactly does the key leak ?? configure k … CT = AES ( k, PT ) PT Many LUT manipulations possible Many leakage hypotheses • all ‐ zero • CT = roundkey • all ‐ one CT = inverted roundkey • • invert • CT = PT xor roundkey • upper half of LUT all ‐ zero • … • … Results for Bitstream Fault Injections (BiFI) k Real world attack • 16 unknown AES designs (Internet) • 16 different manipulation rules • ≈ 20k LUTs • 3.3 sec for configuring and checking one alterations Results successful key extraction for every design! • • on average ≈ 2000 configurations ( ≈ 2h) • works even for encrypted bitstream (w/o MAC) 17

  18. 16.05.2017 Conclusion  Bitstream Fault Injections (BiFI) is a new family of fault attacks  Malleability of bitstream is major weakness for FPGAs!  Are there more bitstream ‐ based attacks ?  Details at: Swierczynski, Becker, Moradi, P: Bitstream Fault Injections (BiFI) – Automated Fault Attacks against SRAM ‐ based FPGAs. IEEE Transactions on Computers, to appear. Agenda  Introduction to Hardware Trojans  Sub ‐ Transistor ASIC Trojans  FPGA Trojan  Key extraction attack  Auxiliary Stuff 18

  19. 16.05.2017 Related Workshops CHES – Cryptographic Hardware & Embedded Systems 25. ‐ 28. September 2017, Taiwan escarUSA – Embedded Security in Cars Ann Arbor, June 2017 escarEurope – Embedded Security in Cars Berlin, November 2017 Easy ‐ to ‐ understand book for applied cryptography Introduction to Cryptography by Christof Paar 24 video lectures 19

  20. 16.05.2017 Thank you very much for your attention! Christof Paar Ruhr ‐ Universität Bochum 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate and malicious change to an IC that adds or removes functionality or reduces reliability The modifications may be designed to leak sensitive

394 views • 23 slides
How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag, September 22, 2017 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker Pawel

616 views • 40 slides
Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD 2015 Hardware Security and Hardware Trojans User apps Each layer trusts all layers below it Kernel Hypervisor More privilege Widely

706 views • 49 slides
Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com Cassidian CyberSecurity 2013, July the 8th Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust

1.57k views • 74 slides
Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research Institute 2018 EPFL, June 18, 2018 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker

449 views • 40 slides
s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space:

s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space:

s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space: time vs distance Remote key brute software protocol force relay attack side Fast Slow mitm channel Hardware attacks require: Hardware

360 views • 24 slides
Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

ACM/IEEE CODES + ISSS 2017, Seoul, South Korea Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L. Piccolboni 1,2 , A. Menon 2 , and G. Pravadelli 2 1 Columbia University, New York, NY, USA 2 University of

840 views • 60 slides
HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan Detection using IC Fingerprinting, Symposium on Security and Privacy, 2007, pp. 296 - 310 They use noise

543 views • 37 slides
Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

UNCLASSIFIED Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North Redefining R&D Needs for Australian Cyber Security UNSW ACCS at ADFA, November 16 th 2015 1 UNCLASSIFIED The Australian

411 views • 9 slides
Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
s c a l e Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance

s c a l e Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance

When Hardware Attacks s c a l e Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance Remote key brute software protocol force relay attack side Fast Slow mitm channel Hardware attacks require:

688 views • 25 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay CRYPTO August 2012 BLUF (Bottom Line Up

602 views • 19 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J. Kai-Tsay CRYPTO August 2012 BLUF (Bottom Line Up

584 views • 42 slides
CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security Introduction Meltdown Papers Spectre Attacks: Exploiting Speculative Execution, IEEE Security and Privacy (S&P), 2019 (Dustin)

726 views • 44 slides
DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements Youngjune Gwon, H. T. Kung, and Dario Vlah Harvard University August 9, 2011 Understanding

415 views • 17 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
On convergence of Approximate Message Passing Francesco Caltagirone (1) , Florent Krzakala (2) and

On convergence of Approximate Message Passing Francesco Caltagirone (1) , Florent Krzakala (2) and

On convergence of Approximate Message Passing Francesco Caltagirone (1) , Florent Krzakala (2) and Lenka Zdeborova (1) (1) Institut de Physique Thorique, CEA Saclay (2) LPS, Ecole Normale Suprieure, Paris Compressed Sensing the signal is an N

493 views • 25 slides
Electrical Systems 2 Basilio Bona DAUIN Politecnico di Torino Semester 1, 2014-15 B. Bona

Electrical Systems 2 Basilio Bona DAUIN Politecnico di Torino Semester 1, 2014-15 B. Bona

Electrical Systems 2 Basilio Bona DAUIN Politecnico di Torino Semester 1, 2014-15 B. Bona (DAUIN) Electrical Systems 2 Semester 1, 2014-15 1 / 36 Active Components The power in electrical circuits is supplied by active components they

567 views • 36 slides
Basic Elec. Engr Basic Elec. Engr. Lab . Lab ECS 204 ECS 204 Asst. Prof. Dr. Prapun Suksompong

Basic Elec. Engr Basic Elec. Engr. Lab . Lab ECS 204 ECS 204 Asst. Prof. Dr. Prapun Suksompong

Basic Elec. Engr Basic Elec. Engr. Lab . Lab ECS 204 ECS 204 Asst. Prof. Dr. Prapun Suksompong prapun@siit.tu.ac.th Operational amplifier Lab 7 Inverting amplifier Summing Amplifier 1 Op-Amp 741 OP erational AMP lifier

256 views • 13 slides
for Scientific Computing Anargyros Papageorgiou Department of Computer Science Columbia

for Scientific Computing Anargyros Papageorgiou Department of Computer Science Columbia

Quantum Algorithms & Circuits for Scientific Computing Anargyros Papageorgiou Department of Computer Science Columbia University Joint work with: M. Bhaskar, S. Hadfield and I. Petras Overview Why quantum algorithms for scientific

489 views • 19 slides
Experiments with a double solenoid system: Measurements of the 6 He+p Resonant Scattering Rub

Experiments with a double solenoid system: Measurements of the 6 He+p Resonant Scattering Rub

Introduction Setup Analysis Summary Experiments with a double solenoid system: Measurements of the 6 He+p Resonant Scattering Rub en Pampa Condori Institute of Physics - USP 2015 53. International Winter Meeting on Nuclear Physics 26-30

601 views • 26 slides
Sarawut Sujitjorn Synchrotron Light Research Institute Thailand on Prospective of Thailand

Sarawut Sujitjorn Synchrotron Light Research Institute Thailand on Prospective of Thailand

ICRI - 4 th International Conference on Research Infrastructures Vienna, Austria Sarawut Sujitjorn Synchrotron Light Research Institute Thailand on Prospective of Thailand Synchrotron Facility Past how do Thailand achieve Present (moving toward)

372 views • 16 slides
A Theoretical Studies on the Methylsulfenylchloride Addition to the Propene Ausra Vektariene*,

A Theoretical Studies on the Methylsulfenylchloride Addition to the Propene Ausra Vektariene*,

[G011] A Theoretical Studies on the Methylsulfenylchloride Addition to the Propene Ausra Vektariene*, Gytis Vektaris Vilnius University Institute of Theoretical Physics and Astronomy, A. Gostauto 12, LT-01108 Vilnius, Lithuania avekt@itpa.lt

608 views • 18 slides
Dynamics of the strongly coupled Polaron Simone Rademacher joint work with Nikolai Leopold,

Dynamics of the strongly coupled Polaron Simone Rademacher joint work with Nikolai Leopold,

Dynamics of the strongly coupled Polaron Simone Rademacher joint work with Nikolai Leopold, Benjamin Schlein and Robert Seiringer CIRM, October 21, 2019. Polaron 1 / 5 Polaron Electron moving in an ionic crystal 1 / 5 Polaron

420 views • 13 slides

More recommend