140 likes | 342 Views
Experiences in Hardware Trojan Design and Implementation. Implementation Environment. Embedded Systems Challenge competition in 2008, hosted by Polytechnic Institute of NYU Cryptographic device code-named Alpha Select the private key : “Key Select” slide switches INI System button
E N D
Implementation Environment • Embedded Systems Challenge competition in 2008, hosted by Polytechnic Institute of NYU • Cryptographic device code-named Alpha • Select the private key : “Key Select” slide switches • INI System button • Input plaintext • Encrypt : “Start Encryption” button • Send contents of the buffer out of the RS232Out : “Transmit” button Xilinx ISE Webpack 10.1 XC3S150e-4tq 144 on Diligent Basys development board
Payload • Broadcast to the attacker some internal signals, which are often sensitive data • Compromise the function of the circuits • Destroy the chip
Triggers • The attacker can physically access the device and can give special input to the Trojan directly • The Trojan is triggered internally • No trigger, the Trojan is always activated
Trojan Targets • Unoptimized HDL codes • Significant amounts of redundant logic • Rewrite the HDL code in a more compact way • The on-chip resources saved by this optimization can then be allocated to a Trojan • IP Cores • Not all of the generic functions will be used
Classification Payload Trigger
Implementations : Trojan type1 • By Whom : Attacker with access to input and output device • How : Input “New Heaven” • How : First block of ciphertext replaced by key • Leaking Channel : RS-232 TxD • Area Overhead : +0.8% flip-flops, +6.8% 4-input LUTs • Test Detection : Functional-Unlikely, Power-Likely
Implementations : Trojan type2 • By Whom : Attacker with access to input device • How : Press “F12” key • How : The chip stops working • Leaking Channel : -- • Area Overhead : -9.4% flip-flops, +0.024% 4-input LUTs • Test Detection : Functional-Unlikely, Power-Unlikely
Implementations : Trojan type3 • By Whom : Legitimate user • How : Input “Moscow” • How : “Moscow” is replaced by “Boston” in the output • Leaking Channel : RS-232 TxD • Area Overhead : +3.3% flip-flops, +2.4% 4-input LUTs • Test Detection : Functional-Unlikely, Power-Likely
Implementations : Trojan type4 • By Whom : Legitimate user • How : Input > 1KB data • How : Last block of ciphertext is replaced by key • Leaking Channel : RS-232 TxD • Area Overhead : +0.068% flip-flops, 1.8% 4-input LUTs • Test Detection : Functional-Unlikely, Power-Likely
Implementations : Trojan type5 • By Whom : Legitimate user • How : When key index is changed • How : New key is hidden in the output • Leaking Channel : RS-232 TxD • Area Overhead : +0.75% flip-flops, +1.4% 4-input LUTs • Test Detection : Functional-Nearly Impossible, Power-Unlikely
Implementations : Trojan type6 • By Whom : Legitimate user • How : Transmit > N • How : The chip stops working • Leaking Channel : -- • Area Overhead : +0.34% flip-flops, +0.17% 4-input LUTs • Test Detection : Functional-Nearly Impossible, Power-Unlikely
Implementations : Trojan type7 Trojanabtri Trojancdtri Encrypted Encryption Key Trojan Key Plaintext ------- ------- ------- Ciphertext ------- ------- ------- Encryption Key • By Whom : Attacker (using the Rxd port) • How : Control w/RxD port • How : The chip is controlled by the attacker • Leaking Channel : RS-232-TxD • Area Overhead : -4.4% flip-flops, +4.9% 4-input LUTs • Test Detection : Functional-Nearly Impossible, Power-Unlikely
Implementations : Trojan type8 • By Whom : Attacker with access to the input (without access to the communication channel) • How : Press ‘Caps Lock’ key • How : The ‘Caps Lock’ LED reveals the key • Leaking Channel : Keyboard • Area Overhead : -5.3% flip-flops, +2.6% 4-input LUTs • Test Detection : Functional-Nearly Impossible, Power-Unlikely