Hardware Security and Trust.

 

Since more and more researchers related to Hardware Security research domains, the Hardware Security area has become a hot topic recently. However, the understanding of hardware security is often mixed with cyber security and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has not clearly defined. When we consider the hardware security, hardware has long been viewed as a trusted party supporting the whole computer system and is often treated as an abstract layer running instructions passed from the software layer. Therefore, hardware related security is often referred to hardware implementations of cryptographic algorithms where hardware is used to improve the calculation performance and efficiency for cryptographic applications.
Hardware security and trust now play critical roles as computing is intimately integrated into many infrastructures that we depend on. When it is Hardware security it means dealing with (secret) data in hardware devices and when it comes to hardware trust it is dealing with the design and manufacturing of devices.
Through this paper it is try to address some important areas of hardware security such as why it is important for trusted computing, the perspective of the economics and safety, and various significant attacks types and countermeasures for them and regarding the trust of hardware security it discussed how to deal with hardware devices an infrastructures in secure way.

1. INTRODUCTION

Security of electronic and electrical system, such as ATM, mobile devices, smart card and so on, is very important. If private information is revealed by any adversary, different kind of damages may be caused. The data should be encrypted by cryptographic algorithms like AES or RSA to protect valuable data against attacks. Those algorithms are theoretically much enough to resist cryptanalysis attacks but implementation of cryptosystem can support the opportunity for the adversary to make cryptosystem useless. For an example, side channel attacks are the method which uses leakage power or electromagnetic radiation to reveal secret key. It is based on the fact that power consumption depends on input data of the cryptosystem.
Hardware copyright protections are also categorized as hardware related security research where watermarking is widely used to solve the copyright issues. The heavy reliance on third-party resources/services also cause for security concerns and invalidates the illusion that attackers cannot easily access the isolated integrated circuit (IC) supply chain. For example, a malicious workplace may insert hardware Trojans into fabricated chips, so that the delivered IP cores may contain malicious logic/design flaws which could be exploited by attackers after the IP cores are integrated into platforms. The evolution of hardware security recently moved away from the hardware Trojan detection and now leans towards trustworthy hardware development for the construction of the trust. Here is the place where it comes the Hardware security trust. Another trend in the hardware security area is the development of security enhanced hardware infrastructure for device protection.
When it is implementing cryptographic Hardware security implementations, cost, power consumption, performance, and reliability are considered as main thoughts and security is an afterthought because if the implementation solution will reduce the expected task of the basic module, it is not a good practice of implementation. Within this context, it is explain the knowledge for a number of important contemporary problems in hardware security and trust. It classifies hardware-based threats, defenses, to evaluate the effectiveness of the developed defenses.

2. DISCUSSION

2.1 Is Hardware Security and trust an Important Design Objective?

The simplest answer for this is “Yes!”
For an example today, all most all the organizations use hardware security modules (HSMs) to achieve Security, though by very different means. As their name implies, HSMs are physical computing devices that attach directly to computers or servers to protect cryptographic keys both at rest and in use in accordance with strict design standards. For further studding about HSM it is good to refer the hardware security and trust course available [4]. Hardware security module provide secure, external platforms for managing cryptographic keys and their use over the life cycle of both the cryptographic material and its associated data, a function that is proving increasingly vital in today’s era of BYOD, mobile payments, electronic medical records and the IoT. By implementing hardware security and trust design objectives those sensitive data could be secured.

1

  • Figure 1: Security Approach.

In “Figure 1” it shows that Hardware security and trust is the foundation of the basic security concept and since it is the base and other security implementation depend on that it is needed to have a strength foundation.

2.2 Why Hardware Security and trust important in,

The Economics Perspective.

When implementing hardware security controls it is needed to spend some money for that, some solutions take much. But it is necessary to spend that amount of money to implement those security solutions since if it is not it will have to spend lot more money when it is affected with an attack.

In other words, the management of information security is a much deeper and more considerable problem than is usually realized, solutions are likely to be subtle and partial, while many simplistic and economically law technical approaches are bound to fail. There for by implementation correct HMS will help to prevent large economical lost and also the risk.

Security and Safety Perspective

In Hardware security module (HSM) encryption is main safety perspective (there are several more mechanisms and some of them are describe below) in information by making it unreadable to those without the passphrase or digital key to decode or unlock it. Figure 2 illustrate security and safety process briefly. While the process of encrypting information is nothing new, encryption technologies are a hot topic in HSM with good reason. It is use these kind of mechanisms as it is important in security and safety perspective.

2

  • Figure 2: Security and Safety in HSM

2.3 Various Attacks and Countermeasures.

Side Channel Analysis

Side channel attacks exploit the leakage of secret information through a physical modality when an application is being executed on a system. Side channel attacks are powerful and have been able to break most existing important cryptographic algorithms. Power consumption, electromagnetic (EM) emanations, photonic emissions, and acoustic noise of the system are all correlated with the exponent, and can be used to extract the secret. Simply Side channel attack is “read hidden signals, why to retrieve secret.”

Attack channels.
 Time
 Power Consumption
 Electro Magnetic radiation
 Light emission
 Sound
Countermeasures.
 Use constant exponentiation time
 Add random delays
 Blinding
 Masking/Hiding
 Decrease leakage
 Increase noise
 Change the protocol and etc.
Figure 3 explain the breaking relation between algorithmic value and processed value.

3

  • Figure 3: Masking/hiding

 

Reverse Engineering

Reverse engineering involves identifying the device technology used in it, extracting its gate-level netlist and inferring its functionality. Reverse engineering can be misused to steal and/or pirate a design, identify the device technology, or illegally fabricate the target.
The objective of the attacker is to successfully reverse engineer a design to its target abstraction level. The target level can vary depending on the objective of the attacker. If the objective is to pirate the design, the target abstraction level can be either the physical design level, the gate level, or the root level.

IP Piracy, Chip Overbuilding and Malicious Modifications

An attacker with access to an IP can steal and claim ownership and/or can overbuild and sell them illegally.

Countermeasures.
** Obfuscation: This hides the functionality and implementation of a design by inserting additional gates into it. For an instance xor/xnor gates can be named, and also memory elements are added. The obfuscated design will function correctly only on applying the correct value to these gates and memory elements.
** Watermarking: A designer’s signature is embedded into the design product. The designer can later reveal the watermark and claim ownership of the product. Watermarks may include addition of black hole states to the finite state machine (FSM), addition of secret constraints during high level, logic and physical synthesis too.
** Fingerprinting: track the source of piracy by embedding the signature of the buyer (for example, his public key) along with the watermark of the designer. When challenged, the designer can reveal the watermark to claim the ownership and the buyer’s signature to reveal the source of piracy. For example, the power, timing, or thermal fingerprint of an IC is revealed on applying a set of input vectors.
** Metering: a set of tools, methodologies, and protocols used to track a manufactured product. In passive metering, part of an IC’s functionality is used for metering. The identified ICs are matched against their record in a database. This will reveal unregistered ICs or overbuilt ICs. When it comes to active metering, parts of the IC’s functionality can be only accessed, locked, or unlocked by the designer and/or IP rights owners. The metering uses a unique unlock key while obfuscation just locks the device.
** Split manufacturing: The layout of the design is split into the front-end-of-line (FEOL) layers and back-end-of-line (BEOL) layers. They are then fabricated separately in different foundries. This is practical [7]. Ideally, an attacker should not be able to retrieve the missing BEOL connections by knowing the FEOL layers. Figure 4 shows the flow of split manufacturing process.

4

  • Figure 4: split manufacturing flow.

 

Counterfeiting

A counterfeit semiconductor component is an illegal forgery or imitation of the original component. This is normally done by the new product vendors or secondary IC vendors in one of the many entities. Poor performance, lower quality or older generations of the original product and also harms the reputation of the authentic provider are some of the causes because of this.

Countermeasures.
1  Hardware Metering and Auditing: this is a set of tools, methodologies, and protocols that enable post fabrication tracking of the manufactured ICs. Hardware metering may be passive, or active.
2  IC Fingerprints
3  Device Aging Models/Sensors: devices lifetime is influenced by a variety of facts such as negative temperature bias instability (NBTI), hot carrier injection, and electromagnetic migration. By measuring those facts devices’ life time can be count that prevents from selling used devices.
4  IP Watermarking

Hardware Trojans and Backdoors:

This is a malicious modification to a circuit. This may control, modify, disable, or monitor the contents and communications of the underlying computing device [8]. A hardware Trojan detection is difficult for multiple reasons. There is not a standard procedure to design hardware Trojans, as its design is reliant upon the attackers’ goals and available resources. In the figure 5 it is explain the general structure of a Trojan attack. Hardware Trojans are divided into implicit payload and explicit payload based on the Trojan’s activities when triggered.
5

  • Figure 5: Hardware Trojan Taxonomy: Chakraborty, Narasimhan & Bhunia (2010)

Main prevention methods that proposed.

1   Enhanced functional testing.
2   Side-channel fingerprinting.
3   Trojan prevention.
4  Circuit hardening.

Several techniques combining invasive and noninvasive detection techniques also have been proposed. They attempt to change the structure of the IC by invasively testing a few, and then use the models in combination with noninvasive tests to detect Trojans.

6

  • Figure 6: General structure of a hardware Trojan Attack.

2.4 Emerging Hardware Security.

The rapid development of mobile computing devices, removable storage media, hardware tokens, and Internet of Things (IoT) hardware has multiplied the available options for cyber-attackers to attempt to gain access to user credentials, personally identifiable information (PII), intellectual property, and other valuable data. A technological response to this challenge comes in the form of hardware authentication, whereby unique identifiers may be coded into the hardware itself.
Flowing methods can be listed as the growing hardware security mechanism. For more details regarding flowing refer.

⇒⇒   3D IC-based Split Fabrication
⇒⇒   Modular 3D Integration for Security
⇒⇒   Shielding Side Channels with 3D Stacking
⇒⇒   Cost-aware Hardware Security Using Active Interposers
⇒⇒   Efficient Camouflage IC with Monolithic 3D Technologies
⇒⇒   Mitigating Security Overhead with 3D PIM Architecture

3. CONCLUSION

Through this assignment, it is described in details what is the hardware security and have been discussed in detail. The current research efforts were also elaborated on as well as little bit of the future trends in this emerging area of Hardware Security and Trust. And also in this report, it is surveyed existing hardware attacks too. Also, the existing countermeasure for any type attack mentioned is described. But these countermeasures are not perfect against all appeared hardware attacks. New technique for attack is making by adversary and the new powerful adversary will maybe attack hardware security and trust tomorrow. Even if it is difficult to predict which attack will appear, we should be ready to defend new attacks always.

 

 

 

 

S.H.M Lahiru Prabath Balasuriya.

 

 

 

 

 

 

 

 

 

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s