ABSTRACT
For the past decade, security experts have warned that malicious engineers could modify hardware designs to include hardware back-doors (trojans), which, in turn, could grant attackers full control over a system. Proposed defenses to detect these attacks have been outpaced by the development of increasingly small, but equally dangerous, trojans. To thwart trojan-based attacks, we propose a novel architecture that maps the security-critical portions of a processor design to a one-time programmable, LUT-free fabric. The programmable fabric is automatically generated by analyzing the HDL of targeted modules. We present our tools to generate the fabric and map functionally equivalent designs onto the fabric. By having a trusted party randomly select a mapping and configure each chip, we prevent an attacker from knowing the physical location of targeted signals at manufacturing time. In addition, we provide decoy options (canaries) for the mapping of security-critical signals, such that hardware trojans hitting a decoy are thwarted and exposed. Using this defense approach, any trojan capable of analyzing the entire configurable fabric must employ complex logic functions with a large silicon footprint, thus exposing it to detection by inspection. We evaluated our solution on a RISC-V BOOM processor and demonstrated that, by providing the ability to map each critical signal to 6 distinct locations on the chip, we can reduce the chance of attack success by an undetectable trojan by 99%, incurring only a 27% area overhead.
- [1]. . A2: Analog malicious hardware. In S&P, 2016.Google Scholar
- [2]. . Stealthy dopant-level hardware trojans. In CHES, 2013.Google Scholar
- [3]. . Hybrid STT-CMOS designs for reverse-engineering prevention. In DATE, 2016.Google Scholar
- [4]. . Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks. In DATE, 2014.Google Scholar
- [5]. . On-demand transparency for improving hardware trojan detectability. In HOST, 2008.Google Scholar
- [6]. Detecting hardware trojans using backside optical imaging of embedded watermarks. In DAC, 2015.Google Scholar
- [7]. Rapid mapping of digital integrated circuit logic gates via multispectral backside imaging. arXiv: 1605.09306, 2016.Google Scholar
- [8]. . The Berkeley Out-of-Order Machine (BOOM): An Industry-Competitive, Synthesizable, Parameterized RISC-V Processor. Tech. Rep. UCB/EECS-2015-167, EECS Department, UC Berkeley, 2015.Google Scholar
- [9]. . Grami: Frequent subgraph and pattern mining in a single large graph. PVLDB, 2014.Google Scholar
- [10]. . Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In USENIX, 1998.Google Scholar
- [11]. . Cacti 6.0: A tool to model large caches. In MICRO, 2007.Google Scholar
- [12]. . TeSR: A robust temporal self-referencing approach for hardware trojan detection. In HOST, 2011.Google Scholar
- [13]. . Security checkers: Detecting processor malicious inclusions at runtime. In HOST, 2011.Google Scholar
- [14]. . Run-time detection of hardware trojans: The processor protection unit. In ETS, 2013.Google Scholar
Index Terms
- SWAN: Mitigating Hardware Trojans with Design Ambiguity
Recommendations
Hardware Trojans: Lessons Learned after One Decade of Research
Given the increasing complexity of modern electronics and the cost of fabrication, entities from around the globe have become more heavily involved in all phases of the electronics supply chain. In this environment, hardware Trojans (i.e., malicious ...
Stealthy Dopant-Level Hardware Trojans
Cryptographic Hardware and Embedded Systems - CHES 2013AbstractIn recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be ...
How to Build Hardware Trojans
TrustED '14: Proceedings of the 4th International Workshop on Trustworthy Embedded DevicesCountless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCADA ...
Comments