Securing the core root of trust (research in secure hardware design and test) Ramesh Karri ECE Department.

Slides:

Advertisements

Similar presentations

Advertisements

Copyright 2001, Agrawal & BushnellVLSI Test: Lecture 31/22alt1 Lecture 31 System Test (Lecture 22alt in the Alternative Sequence) n Definition n Functional.

FPGA Configuration. Introduction What is configuration? – Process for loading data into the FPGA Configuration Data Source Configuration Data Source FPGA.

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.

Apr. 20, 2001VLSI Test: Bushnell-Agrawal/Lecture 311 Lecture 31 System Test n Definition n Functional test n Diagnostic test  Fault dictionary  Diagnostic.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Lecture 28 IEEE JTAG Boundary Scan Standard

CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.

Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Design for Testability

Real-Time Systems Design JTAG – testing and programming.

Spring 07, Jan 25 ELEC 7770: Advanced VLSI Design (Agrawal) 1 ELEC 7770 Advanced VLSI Design Spring 2007 VLSI System DFT Vishwani D. Agrawal James J. Danaher.

Encryption Transaction with 3DES Team W2 Yervant Dermenjian (W21) Taewan Kim (W22) Evan Mengstab(W23) Xiaochun Zhu(W24) Objective: To implement a secure.

Secure Systems Design Ramesh Karri Office Hours: Tues/Wed/Thurs: 12:00- 1:30 in LC 001

TAP (Test Access Port) JTAG course June 2006 Avraham Pinto.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

Lecture 23 Symmetric Encryption

Configuration. Mirjana Stojanovic Process of loading bitstream of a design into the configuration memory. Bitstream is the transmission.

Scan Based Attack on Dedicated Hardware Implementation of Data Encryption Standard Bo Yang ECE Dept Polytechnic Univ Kaijie Wu ECE Dept Univ of Illinois.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

1 EE 587 SoC Design & Test Partha Pande School of EECS Washington State University

Security Design for IEEE P1687

Circuit CAD Tools as a Security Threat University of Michigan † and Rice University ‡ June 9, 2008 Jarrod A. Roy †, Farinaz Koushanfar ‡ and Igor L. Markov.

® ChipScope ILA TM Xilinx and Agilent Technologies.

The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.

A Compact and Efficient FPGA Implementation of DES Algorithm Saqib, N.A et al. In:International Conference on Reconfigurable Computing and FPGAs, Sept.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Introduction to CMOS VLSI Design Test. CMOS VLSI DesignTestSlide 2 Outline  Testing –Logic Verification –Silicon Debug –Manufacturing Test  Fault Models.

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

Chapter 20 Symmetric Encryption and Message Confidentiality.

1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

Threats and Challenges in FPGA Security Ted Huffmire Naval Postgraduate School December 10, 2008.

TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.

Chapter 20 Symmetric Encryption and Message Confidentiality.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Cracking DES Cryptosystem A cryptosystem is made of these parts: Two parties who want to communicate over an insecure channel An encryption algorithm that.

1 Lect. 7 : Data Encryption Standard. 2 Data Encryption Standard (DES)  DES - History 1976 – adopted as a federal standard 1977 – official publication.

Network Security David Lazăr.

Data Encryption Standard (DES) © 2000 Gregory Kesden.

Reducing Test Application Time Through Test Data Mutation Encoding Sherief Reda and Alex Orailoglu Computer Science Engineering Dept. University of California,

Dr. Fei Hu { Department of Electrical and Computer Engineering University of Alabama Tuscaloosa, Alabama Introduction to.

TE/CS 536 Network Security Spring 2005 – Lecture 8 Security of symmetric algorithms.

ECE 553: TESTING AND TESTABLE DESIGN OF DIGITAL SYSTEMS Boundary Scan.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

April 20, 2001VLSI Test: Bushnell-Agrawal/Lecture 281 Lecture 28 IEEE JTAG Boundary Scan Standard n Motivation n Bed-of-nails tester n System view.

Introduction to Information Security Lect. 6: Block Ciphers.

Cracking the DES Encryption

Chapter 2 Symmetric Encryption.

© Information Security Group, ICU1 Block Cipher- introduction  DES Description: Feistel, S-box Exhaustive Search, DC and LC Modes of Operation  AES Description:

Computer Security Innovation IMHO Presented for your consideration by: Fred Seigneur.

1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.

Modeling security 1. Models - encryption r Alice and Bob have the same key k r Alice and Bob exchange encrypted messages r Eve wants to get the plaintext.

@Yuan Xue Announcement Project Release Team forming Homework 1 will be released next Tuesday.

Overview on Hardware Security

New Cache Designs for Thwarting Cache-based Side Channel Attacks

4. NCdisk SP-based SoC Architecture 5. NCdisk Security Protocol

ASAP The 28th Annual IEEE International Conference on Application-specific Systems, Architectures and Processors July 10th-12th 2017, Seattle, WA,

CPE/EE 428/528 VLSI Design II – Intro to Testing (Part 2)

CPE/EE 428/528 VLSI Design II – Intro to Testing (Part 3)

Hardware Trojans: The Hidden Malicious Insider

UCLA Electrical Engineering Department

Protect Your Hardware from Hacking and Theft

UCLA Electrical Engineering Department

Presentation transcript:

Securing the core root of trust (research in secure hardware design and test) Ramesh Karri ECE Department

Who can attack your system?  Hobby (class I)  Obsession (class II)  Job (class III) D. Abraham, G. Dolan, G. Double, and J. Stevens. Transaction Security System. IBM Systems Journal 30(2): , 1991.

How can your system be compromised?  Application software  Protocols  Operating system software

Is the problem worth my time? Source: page 168http:// US-China economic and security review commission hearing on China's proliferation practices and the development of its cyber and space warfare capabilities, testimony of Col. Gary McAlum.

How can your system be protected?  Fix applications  Fix protocols  Fix operating systems

“the core root of trust” is secure This assumes that…

“the core root of trust” is secure But…

Outline 1.threat models 2.defenses 3.conclusions

Threat models for hardware  Side channels  Power dissipation  Timing variation  Test infrastructure  Faults  interactions between side channels  Cloning  Overbuilding  Reverse Engineering  Trojans

An example: test infrastructure side channel

Data Encryption Standard (DES) LiLi RiRi Round Key K i + L i+1 R i+1 r Expansion + S-box Permutation a b c d

DES layout

 scan chain  test data input, TDI  test data output, TDO  test clock, TCK  test mode select, TMS  test reset chain all flip flops in a design test infrastructure

identify critical registers attack step 1

apply selected inputs attack step 2  3 plain texts  2 clock cycles in normal mode (plaintext reaches R,L)  198 clock cycles in test mode (R0, L0 scanned out)  1 clock cycle in normal mode (plaintext reaches R, L)  198 clock cycles in test mode (R1, L1 scanned out)  399×3=1197 clock cycles

Can leak secrets from DES, AES etc >80 % of all ASICs use scan chains for test/debug Readback/test infrastructure in FPGAs Load configuration stream Read-out bitstream for debug

test normal Secure normal Insecure Power off A fix: secure scan

test normal Secure normal Insecure Power off Secure scan Standards compliant 3 rd Prize, IEEE TTTC PhD dissertation contest

Hardware threat models  Side channels  Power dissipation  Timing variation  Test infrastructure  Faults  interactions between side channels  Cloning  Overbuilding  Reverse Engineering  Trojans

T D D F U U U Background: IC design process D: Design, F: Fabrication T: Test, U: User

Rev. engineering T D D F U U U Reverse engineering D: Design, F: Fabrication T: Test, U: User

3500 counterfeit Cisco networking components recovered estimated retail value ~ $3.5 million

cloning T D D F U U U Cloning D: Design, F: Fabrication T: Test, U: User

Trojans T D D F U U U Hardware Trojans D: Design, F: Fabrication T: Test, U: User

The kill switch ? IEEE Spectrum, 2008

Only 2% of ~$3.5 billion of DoD ICs manufactured in trusted foundries !!!

Taxonomy of trojans

Leak AES key 40 registrations, 10 finalists, 3 winners, 2 honorable mentions Trojan challenge

Trojans in the development cycle

Trojans at different abstractions

Location of the inserted trojans

Where are the trojans inserted?

Next steps  develop defenses  investigate effectiveness  developing benchmarks  metrics?

Physically unclonable functions Uses physical structure of a device to give a unique response Used as device IDs The ring oscillator frequency varies with process variations.

A trojan defense

PUF gives unique ID to hardware Can we give a unique ID to a design?

A preliminary defense

Next steps  develop defenses  investigate effectiveness  developing benchmarks  metrics?

Questions?