Hardware Support for Trustworthy Systems

Ted HuffmireACACES 2012Fiuggi, Italy

Disclaimer

• The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.

Lecture 4 Overview

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Trustworthy System Development

• Maximize Performance• Minimize Cost• Integrate security mechanisms

Example Systems

• Tagged Architectures• Banking• Smart Phones• Embedded Systems– Medical Devices– Cars

Example Systems

• Discussion Points– What is the threat model for an ATM?– What is the threat model for a phone?– What is the threat model for a pacemaker?– What is the threat model for a car?

CAD Tools and IP Cords

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Trustworthy Tools and IP

• Stripped-down alternative design flow

Trustworthy Tools and IP

• Discussion Points:– Can we trust the output of CAD tools?– Can we trust the function of IP cores?– How can we improve the CAD tools?– How can we improve the IP cores?– Is it feasible to develop from scratch?– What about the software?

Security Usability

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Security Usability

• Design tools and techniques• Technicians• End users• Manage Complexity

– Trigger1{M1,w,R1};– Trigger2{M1,w,R2};– Access0{M1,r,R1} |{M1,r,R2}|{M2,rw,R1}|{M2,rw,R2};– Access1{M1,rw,R1} |{M1,r,R2}|{M2,w,R1}|{M2,rw,R2};– Access12{M1,rw,R1}|{M1,rw,R2}|{M2,w,R1}|{M2,w,R2};– Access2{M1,r,R1}|{M1,rw,R2}|{M2,w,R1}|{M2,w,R2};– Access21{M1,rw,R1}|{M1,rw,R2}|{M2,w,R1}|{M2,w,R2};– Path1 (|Trigger1 Access1* ( |Trigger2 Access12*));– Path2 (|Trigger2 Access2* ( |Trigger1 Access21*));– PolicyAccess0* (|Path1|Path2);

Security Usability

• Discussion Points– What do we expect from engineers?– What do we expect from technicians?– What do we expect from end users?– How does that guide our efforts?

Hardware Trust of FPGA Fabric

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Hardware Trust

• Compromise of FPGA fabric

SDRAM (off-chip)

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

FPGA chip

μP

μP

μP

μPSR

AM B

lock

BRAM

BRAM

BRAM

BRAM

BRAM

BRAM

BRAM

BRAM

FPGA Fabric

Hardware Trust

• Discussion Points– Is it viable to attack the fabric itself?– Can a compromise be detected?– Can we use a compromised FPGA fabric?– What about radiation?

Languages

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Languages

• Enhancements to HDLs– case({module_id,op,r1,r2})

• 9’b011110: //Module1,rw,Range1

– state=s0;• 9’b101101: //Module2,rw,Range2

– state=s0;• default:

– state=s1; //reject– endcase

Languages

• Discussion Points– Are HDL security enhancements useful?– What is the impact on the designer?– Does it slow down the compiler?– Does it slow down the design itself?

Configuration Management

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Configuration Management

• Tools• IP Cores

Crypto Core

CPU Core

AES

μP

Configuration Management

• Discussion Points– Is it useful to put CAD tools under CM?– Is it useful to put IP cores under CM?– What about licenses, patches, etc.?

Securing the Supply Chain

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Securing the Supply Chain

• Trusted Packaging, Assembly, and Delivery• Testing

Securing the Supply Chain

• Discussion Points– Is malicious packaging useful to attacker?– Do we need trusted assembly facilities?– What about bad capacitors and resistors?– Can tests detect compromised parts?– Are tests destructive? What is the cost?– What tests need to be developed?

Physical Attacks on FPGAs

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Physical Attacks on FPGAs

• Design theft and bitstream decryption• Analysis of failure modes• Antenna attack

Physical Attacks on FPGAs

• Discussion Points– How to protect bitstream from DPA?– Does an FPGA fail secure?– Is a configurable antenna useful?– How to detect a short-circuit?

Dynamic Security

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Dynamic Security

• Partial reconfiguration

Dynamic Security

• Discussion Points– Can you change the policy?– How often does the policy change?– Who changes the policy?– Can you return to an earlier policy?– Can you change to a less restrictive policy?– Are policies static or generated dynamically?– How many policies are there?

Split Manufacturing

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Split Manufacturing

• 2-D• 3-D

Split Manufacturing

• Discussion Points– Can we trust the result of split manufacturing?– Could this approach harm security?– What are the challenges of 2D?– What are the challenges of 3D?– Is it worth it? When is it worth it?– Why not use trusted foundry always?– Can we do everything from scratch?

Concluding Remarks

• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing

• Concluding Remarks

Concluding Remarks

• Security as High Priority in Design Practices• Tools and Cores• Attacks• Protection Mechanisms• Analysis of Cores, Tools, and Mechanisms• Electronic System Level (ESL) Design• Holistic View of Entire System & Lifecycle• Abstractions to Manage Complexity• Multiple Complementary Techniques• Multi-Core Systems

Lecture 4 Reading

• Tagged Architectures– Secure Program Execution via Dynamic Information

Flow Tracking• http://portal.acm.org/citation.cfm?id=1024404

– Complete Information Flow Tracking from the Gates Up• http://dl.acm.org/citation.cfm?id=1508258

– Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security• http://dl.acm.org/citation.cfm?id=2000087

Lecture 4 Reading

• Banking– The Code Book: The Science of Secrecy from

Ancient Egypt to Quantum Cryptography• http://simonsingh.net/books/the-code-book/

– Why Cryptosystems Fail• http://www.cl.cam.ac.uk/~rja14/Papers/wcf.pdf

– Chip and PIN is Broken• http://www.cl.cam.ac.uk/~sjm217/papers/

oakland10chipbroken.pdf

Lecture 4 Reading

• Embedded Systems Security– Security in Embedded Systems: Design Challenges

• http://dl.acm.org/citation.cfm?id=1015049

– Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses• http://www.secure-medicine.org/icd-study/icd-study.pdf

– Experimental Security Analysis of a Modern Automobile• http://www.autosec.org/pubs/cars-oakland2010.pdf

– TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones• http://www.usenix.org/event/osdi10/tech/full_papers/Enck.pdf

Lecture 4 Reading

• Cryptography and Security: From Theory to Applications– http://springer.com/978-3-642-14451-6