An Attack and a Defence in the Context of Hardware Security

Abstract

The security of digital Integrated Circuits (ICs) is essential to the security of a computer system that comprises them. We present an improved attack on computer hardware that avoids known defence mechanisms and as such raises awareness for the need of new and improved defence mechanisms. We also present a new defence method for securing computer hardware against modifications from untrusted manufacturing facilities, which is of concern since manufacturing is increasingly outsourced. We improve upon time triggered based backdoors, inserted maliciously in hardware. Prior work has addressed deterministic timer-based triggers — those that are designed to trigger at a specific time with probability 1. We address open questions related to the feasibility of realizing non-deterministic timer-based triggers in hardware — those that are designed with a random component. We show that such timers can be realized in hardware in a manner that is impractical to detect or disable using existing countermeasures of which we are aware. We discuss our design, implementation and analysis of such a timer. We show that the attacker can have surprisingly fine-grained control over the time-window within which the timer triggers. From the attacker’s standpoint our non-deterministic timer has key advantages over traditional timer designs. For example the hardware footprint is smaller which increases the chances of avoiding detection. Also our timer has a much smaller time-window for which a volatile state needs to be maintained which in turn makes the power reset defence mechanisms less effective. Our proposed defence mechanism addresses the threat of a malicious agent at the IC foundry who has information of the circuit and inserts covert, malicious circuitry. The use of 3D IC technology has been suggested as a possible technique to counter this threat. However, to our knowledge, there is no prior work on how such technology can be used effectively. We propose a way to use 3D IC technology for security in this context. Specifically, we obfuscate the circuit by lifting wires to a trusted tier, which is fabricated separately. We provide a precise notion of security that we call k-security and point out that it has interesting similarities and important differences from k-anonymity. We also give a precise specification of the underlying computational problems and their complexity and discuss a comprehensive empirical assessment with benchmark circuits that highlight the security versus cost trade-offs introduced by 3D IC based circuit obfuscation.