370 likes | 488 Views
F ANCI : Identifying Malicious Ci r cuits. Presented by: Jayce Gaines Slides adapted from: Adam W a k sman M a tth e w Suoz z o Simha Sethumadh a v an Compute r A rc hitectu r e & Security T e c hnologies L a b D e pa r tment of Compute r Science Columbi a Uni v e r sity. 1.
E N D
FANCI:IdentifyingMaliciousCircuits Presented by: Jayce Gaines Slides adapted from: AdamWaksmanMatthewSuozzo SimhaSethumadhavan ComputerArchitecture&SecurityTechnologiesLab DepartmentofComputerScienceColumbiaUniversity 1
How Much DoYouTrustHardware? These are all actual headlines from 2012 and ’13: [1] [2] [3] [4] 1)TheGuardian2012,2)NewYorkTimes2012,3)TheRegister2013,4)TechReview2013
TheProblemofThird-PartyIP 190 16 (InternationalBusinessStrategies, 2012)
TheProblemofThird-PartyIP • Why is this a problem? • Can you trust the third party? • Will they add malicious back doors to your proprietary work? • Can you be assured to find backdoors if they exist?
OurSolution • Automaticallyidentifymaliciouscircuits inthird-partyhardwaredesignIP . . . assignbus_x87_i=arg0&arg1; always@(posedgeclk)begin if(rst)data_store_reg7<=16’b0; elsebegin if(argcarry_i37==16’hbacd0013)begin data_store_reg7<=16’d7777; end elsedata_store_reg7<=data_value7; end end assignbus_x88_i=arg2^arg3; assignbus_x89_i=arg4 | arg6norarg5; . . .
OurSolution • Automaticallyidentifymaliciouscircuits inthird-partyhardwaredesignIP • Engineersreadfewlinesinsteadofthousandsormillions • . • . • . • assignbus_x87_i=arg0&arg1; always@(posedgeclk)begin • if(rst)data_store_reg7<=16’b0; • elsebegin if(argcarry_i37==16’hbacd0013)begin data_store_reg7<=16’d7777; end elsedata_store_reg7<=data_value7; end end assignbus_x88_i=arg2^arg3; assignbus_x89_i=arg4 | arg6norarg5; . . .
Overview • Motivation • Hardwarecanbeevil,don’tliveindenial • Evilhardware isstealthy • Algorithm • Rankbydegreeofstealth • Results • Nofalsenegatives,pragmaticandeffective • TheFutureofFANCI • HowwouldweattackFANCI? • Conclusions • Canwereallyusethistooltoday?
What is FANCI? FANCI – Functional Analysis for Nearly-unused Circuit Identification - In the simplest form FANCI analyzes hardware designs and determines if there are any possible backdoors hidden in the design. - The goal is to prevent these backdoors from making it past the first stages of hardware design, at which point it would be extremely costly and time consuming to fix. - FANCI is show to do this automatically with great success.
Backdoors:Fact#1 Backdoor=Trigger+Payload Ex: AESKeyStealingCiphertextKeyExfiltration Instead of generating Ciphertext… 0xba5eba11 d(0xba5eba11)
Backdoors:Fact#1 Backdoor=Trigger+Payload Ex: AESKeyStealingCiphertextKeyExfiltration …a backdoor can give access to the key! 0xba5eba11 key
Backdoors:Fact#2 Stealth = Power It’s easy to overlook well hidden or subtle backdoors. Especially ones that aren’t active!
Backdoors:Fact#3 Validation!=Security With so much code it is not only possible, but likely that stealthy portions of code are not tested properly!
WhatFANCIDoes • Weneedtocatchstealthycircuits thatvalidationisnotabletocatch. • The goal is to take the burden off of validators and make an automatic tool that is able to easily find hidden code. • We want to be able to do this with as little error as possible, avoiding false positives and negatives, and allowing for easy verification.
WhatFANCIDoes It’s obvious that by design malicious code wants to be well concealed and buried in benign code to avoid detection.
IdentifyingStealthyCode • FANCI offersanewquantitativemeasureofstealth • Werankwiresinacircuitbystealthvalue. • Anywireisconnectedtomanyotherwires • Stealthvalueiscomputedfromthecontrolvaluesofallthe wiresitsconnectedto.
DefiningControl Howoftendoesaninputmatter? C OUT Out=f(A,B,C) A B 1 1 0 0 1 1 1 0 1 0 0 0 1 0 1 0
Howoftendoesaninputmatter? C OUT CMatters? A B Take C. We can see that in about 2 of 4 cases, it will impact the outcome. 1 1 YES 0 0 1 1 NO 1 0 1 0 NO 0 0 1 0 YES 1 0
Howoftendoesaninputmatter? Control=#Observed/Total=2/4=0.5 C OUT CMatters? A B 1 1 YES 0 0 1 1 NO So, theeffectofC onOUTis0.5 1 0 1 0 NO 0 0 1 0 YES 1 0
LargerCircuits Control=#Observed/Total=2/16=0.125 E OUT EMatters? However, with a larger set and more input values we get a much lower impact ratio. 1 1 YES 0 0 1 1 NO 1 0 32Rows 16Pairs 1 0 YES 1 0
LargerCircuits • So what does this mean? • With Larger sets of input it is easier to hide impact. • A low chance of affecting output lends itself to stealthiness and makes it easier to hide malicious code. Thus it is given a higher stealth value. • FANCI uses this stealth value to determine potential for maliciousness.
Example:4-to-1Mux • Considerarealcircuit(4-to-1multiplexer) • Howcanwemeasurecontrol?
Example:4-to-1Mux • When does the output M depend on the value of A? • WhenS1andS2=0(onefourthofcases) • The totaleffectwill be0.25 • 0.25 • 0.25 • 0.25 • 0.25
Example:4-to-1Mux • MisdependentonS1andsometimesaffected • WhenAisdifferentfromC(andS2=0) • WhenBisdifferentfromD(andS2=1) • Onehalfofcases(totaleffect=0.5) • 0.25 • 0.25 • 0.25 • 0.25 0.5 0.5
DoesThisLookSuspicious? A C S1 B D S2 M 0.25 0.25 0.25 0.25 0.5 0.5
DoesThisLookSuspicious? No. Because all control values are high and around the same range, it is unlikely that malicious code would be hidden here. A C S1 B D S2 M 0.25 0.25 0.25 0.25 0.5 0.5
DoesThisLookSuspicious? A C E S1 B D S2 {S3-66} M Consider this Multiplexer. We now have 5 inputs and the range 3-66 for S, with values shown in the vector. 0.25 0.25 0.25 0.25 E 2-65 6 {S} 2-630.50.5
DoesThisLookSuspicious? A C E S1 B D S2 {S3-66} Definitelyyes. The control values of E and the range are suspicious due to how rarely they will change the value of M. Perfect for disguising malicious back-doors. M 0.25 0.25 0.25 0.25 E 2-65 6 {S} 2-630.50.5
DoesThisLookSuspicious? A C E S1 B D S2 {S3-66} Definitelyyes. The control values of E and the range are suspicious due to how rarely they will change the value of M. Perfect for disguising malicious back-doors. M 0.25 0.25 0.25 0.25 E 2-65 Justcheckingtheminvalue isoftennotenough. Betterheuristicsareneededtoevaluatethevector. 6 {S} 2-630.50.5
ComputingStealthFromControl A C S1 B D S2 M We use three different heuristics for evaluation. Mean, Median and Triviality. 0.25 Mean(M)=(2.0/6)=0.33 Median(M)=0.25 Triviality(M)=0.50 0.25 0.25 0.25 -The Median in the context of backdoor triggers is often close to zero when low or unaffecting wires are present. -The Mean is sensitive to outliers. If there are few dependencies, and one of them is unaffecting, it is likely to get noticed, when compared to the control value. -Triviality is a weighted average of the values in the vector. Weighted by how often they are the only value affecting the output. If it is 0 or 1 it is trivial. 0.5 0.5
ComputingStealthFromControl A C E S1 B D S2 {S3-66} M 0.25 Mean(M)=(2.0/71)=0.03 Median(M)=2-63 0.25 Triviality(M)=0.50 0.25 0.25 2-65 E 6 {S} 2-630.50.5
ComputingStealthFromControl A C E S1 B D S2 {S3-66} Here we can see that the mean and median are affected greatly by potential payloads in the wires. M 0.25 Mean(M)=(2.0/71)=0.03 Median(M)=2-63 Triviality(M)=0.50 0.25 0.25 0.25 2-65 E Trivialitydetectsmoretriggers. Mean/mediandetectmorepayloads. 6 {S} 2-630.50.5
Results • Stealthmetricsareeffectiveforexistingbenchmarks • NofalsenegativesforTrustHubbenchmarks • TrustHub is a hardware backdoor benchmark used for testing detection applications such as FANCI. • Effectiveevenonlargedesigns • Abletoprocessfull(academic)microprocessorcores • Efficientenoughformoderndesigns • About1daytoprocessanaveragesizedmodule • Cancatchwell-hiddenbackdoors • 100%coverageagainst“stealthy,maliciousbackdoors”(SSP2011)
EffectivenessOnTrustHub False positive rates for the four different metrics and for TrustHub benchmarks. The RS232 group — which is the smallest — has about 8% false positives. The others have much lower rates (less than 1%).
HowWouldWeAttackFANCI? • Frequent-ActionBackdoor • Nostealth,requiresincompetent/non-existentvalidationengineers • FalsePositiveFlooding • Contriveddesign,requiresnaïveintegrationengineer • PathologicalPipeline(StateExplosion)Backdoor • Contriveddesign,requiresnaïveintegrationengineer • Foundry(Physical/Parametric)Backdoor • Maliciousdevicefrombenigndesign,requiresmaliciousfoundry
SecurityAssurances • Zerofalsenegativessofar • Mathematicalconnectionexistsbetweenstealthandvalidation • FANCIflagswiresifandonlyiftheyarestealthy • Staticandnotprobabilisticordynamic • Canoperateondigital,synchronousdesignIP • Sourcecodeorgatelists • Canachievedesign-sidesecuritywithminimalvalidation • Workswellwithcurrentstateofpractice
TheBigPicture:HardwareSecurity FANCI is designed to stop possible backdoors that cannot be detected by validation alone during early stages of device/hardware design. (Register Transfer Level Code, Design Synthesis, Physical Synthesis) This can allow us to fix the issue or get a new third party to take over the IP design before the backdoor gets permanently integrated.
Conclusions • Hardwarebackdoors:Aserious,immediatethreat • Currentlynowaytocertifytrustworthiness • Causestech.localization(increasedcosts) • FANCI:Staticanalysistoidentifysuspiciouscircuits • Zerofalsenegativessofar • Minimalrelianceonvalidationpersonnel • CurrentStatus • Practical,readyformoderndesigns(e.g.,AFRL,CSAW) • FirsthardwarecertificationtoolfortrustworthyIP