HOST

HOST Overview Hardware-Oriented Security and Trust (HOST)

ECE 525

Instructor: Prof. Jim Plusquellic Text: No Text is available. We will read papers from the Symposium on Hardware-Oriented Security and Trust (I am a co-founder: http://www.hostsymposium.org/), Transactions on Information Forensics and Security (TIFS), and will draw material from cryptography (http://cseweb.ucsd.edu/users/mihir/cse207/classnotes.html) and other sources, e.g., http://www.trust-hub.org/ where appropriate. Supplementary texts: TBD Web: http://www.ece.unm.edu/~jimp/HOST

ECE UNM

(5/30/12)

HOST

HOST Overview

ECE 525

Course Goals To investigate traditional and emerging security and trust issues in all types of hardware systems at the chip- (ASICs, COTs and FPGAs), board- and system-level Our trek through hardware-oriented security and trust (HOST) will include Learning established cryptographic hardware algorithms and their implementation details Learning about existing security primitives for systems such as smart-cards, electronic voting machines, communications systems, etc. and the types of attacks that adversaries engage in to break them Exploring the recent research activity in areas such as hardware Trojans, physical unclonable functions (PUFs), IP security, IC metering, board-level security and hardware support of OS implemented security Investigating security and trust concerns in FPGAs and their applications With the objective to make you aware of hardware system vulnerabilities and to get you to think about ways to incorporate HOST primitives into designs, as opposed to adding them as afterthoughts

ECE UNM

(5/30/12)

HOST

HOST Overview

ECE 525

Important Domain Knowledge It is impossible to study hardware security and trust in isolation In order to obtain a broad knowledge of HOST issues and proposed solutions, we will cover material in the following areas: Cryptography Methods designed to enable privacy and authenticity in the transmissions between communicating entities FPGA & VLSI Design Tools and Flows Tools to enable designers to build chips and program FPGAs VLSI Testing Algorithms and techniques to develop tests for ICs to ensure they are defect-free and meet performance constraints Misc Hardware platforms security & trust paradigms (TPM) and OS support, Formal verication and analysis methods, Probability and statistics ECE UNM 3 (5/30/12)

HOST

HOST Overview

ECE 525

HOST Threats The number of HOST threats continues to expand: Secret key security for hardware implemented cryptography algorithms and other applications that require authentication and privacy There are many types of attacks that have been applied to steal keys including simple power analysis, differential power analysis, fault injection, etc. Trust in integrated circuits and FPGAs Threat is the insertion of additional functionality (hardware Trojans) in chips fabricated in untrusted foundries FPGA fabrics and bitstreams are vulnerable to malicious modications IP piracy Challenge is preventing adversaries from stealing and re-using intellectual property (soft-IP) IC piracy Threat is the production of extra copies of ICs by an (untrusted) foundry for sale on the black market ECE UNM 4 (5/30/12)

HOST

HOST Overview

ECE 525

Published HOST-related Articles "The Hunt for the Kill Switch", IEEE Spectrum, May 2008 Hardware Trojan threat Anecdotal evidence: Compromised microprocessors in Syrian radar system enabled Israeli jets to bomb suspected nuclear installation unhampered Inserted kill switch in a microprocessor used by French defense contractor enables French to disable military equipment that falls into enemy hands "Counterfeit Chips Raise Big Hacking, Terror Threats, Experts Say", Glenn Derene and Joe Pappalardo, Popular Mechanics, April 2008 Off-shore migration of fabrication facilities makes chip subversion more likely "Fairy Dust, Secrets, and the Real World", S.W. Smith, Security and Privacy Cryptography depends on the ability to hide secrets in hardware "Princeton Professor Finds No Hardware Security In E-Voting Machine", Antone Gonsalves, InformationWeek, Feb. 2007 Chip swapping is easy in electronic voting machines ECE UNM 5 (5/30/12)

HOST

HOST Overview

ECE 525

HOST Research Areas Techniques are evolving to deal with these threats Trojan detection and localization methods in IP and ICs Physical unclonable functions (PUFs) derived from the random manufacturing variations in an IC to produce an exponential number of unique IDs for the IC Remote chip activation protocols to eliminate IC piracy Design obfuscation methods to increase the difculty of reverse engineering Insertion of hidden state machines into IC designs using CAD tools to enable remote activation and watermarking of IP CAD tools to enable designers to evaluate their designs for security and trust Trusted companion chips that monitor system states of other ICs on the board to detect excursions from activated Trojans IC design techniques to defeat differential power analysis Scan-chain encryption to eliminate reverse engineering of hardware ICs FPGAs bitstream encryption/decryption schemes to prevent Trojans and IP stealing Board-level anti-tamper methods to detect chip swapping Hardware security modules to prevent cable TV theft and fraud in electronic voting machines, to implement digital rights management for protecting music/video media, to implement user authentication (RFID) in smart cards, etc. ECE UNM 6 (5/30/12)