Hardware
Trojan horses (HTHs) are the malicious altering of hardware specification or
implementation in such a way that its functionality is altered under a set of
conditions defined by the attacker. There are numerous HTHs sources including
non-trusted foundries, synthesis tools and libraries, testing and verification tools,
and configuration scripts. HTH attacks can greatly comprise security and
privacy of hardware users either directly or through interaction with pertinent
systems and application software or with data. However, while there has been a
huge research and development effort for detecting software Trojan horses, surprisingly,
HTHs are rarely addressed. HTH detection is a particularly difficult task in
modern and pending deep submicron technologies due to intrinsic manufacturing
variability.
Since
semiconductor manufacturing demands a large capital investment, the role of contract
foundries has dramatically grown, increasing exposure to theft of masks,
attacks by insertion of malicious circuitry, and unauthorized excess
fabrication. The development of hardware security techniques is exceptionally difficult
due to reasons that include limited controllability and observability, large
size and complexity (the latest Intel processor has 2.06 billion transistors),
variety of components, unavoidable design bugs, possibility of attacks by
non-physically connected circuitry, many potential attack sources (e.g.
hardware IP providers, CAD tools, and foundries), potentially sophisticated and
well-funded attackers (foundries and foreign governments), and manufacturing variability
that makes each Integrated Circuit coming from the same design unique.
There
are several broad types of malicious hardware attacks that we consider. The
first is gate resizing, where the attacker intentionally changes the sizing
factors of one or more gates in such a way that the circuit passes all standard
timing test, but its timing for a certain inputs is incorrect or its switching
or leakage power are globally or locally increased drastically. Note that many
other gate sizing attacks can be envisioned, including one where the sizes of
the gates are altered in such a way that the calculation of internal signals is
facilitated through altered timing or switching power. In the second type of
attack, the adversary adds one or more gates so that the functionality of the
design is altered. It is important to observe that the gates can be added so that
no timing path between primary inputs and flip-flops (FFs) and primary outputs
and FFs is altered. However, leakage power is always altered because even if
the attacker gates the added circuitry, the gating requires an additional gate.
Our HTH detection approach is generic in a sense that it can easily be retargeted
to other circuit components, such as interconnect by considering more comprehensive
timing and/or power models.
Here
we present specific HTH, in an attempt to describe the nature of HTH attacks in
general. A simple, yet powerful HTH attack is presented in Figure 1, which
shows how ghost circuitry can be activated in a cell phone when specific inputs
or data are detected at specific memory locations. The unshaded portion of the
circuit represents the HTH circuitry when it is activated by a HTH caller ID
number. Upon activation, the attacker bitstream (ABS) is activated and the
initial cell phone design is corrupted. In this example, HTHs will either cause
the cell phones to malfunction or cause confidential information to be leaked. Important
information can be disclosed after activation of the HTH. The exploited phone
can automatically dial a hidden spy third party when certain numbers are
dialed. Ghost circuitry (HTH) may be difficult to identify by traditional
timing/power analysis techniques. To avoid timing analysis-based detection, an attacker
only needs to ensure that no path delays between the inputs to flip-flops (FFs)
or between the outputs to FFs are increased. Also, the switching power can
remain stable until the trigger of the attacker’s caller ID activates the HTH.
 |
| Figure 1. Example of a cell phone HTH |
No comments:
Post a Comment