a testing methodology for hardwarejbalasch/slides/trudevice15_slides.p… · 2 o hint = holistic...
TRANSCRIPT
-
1
A Testing Methodology for Hardware Trojan Detection
Driss Aboulkassimi[2], Josep Balasch[1], David Cambon, [2] Florentin Demetrescu[3], Jacques J.A. Fournier[2], Julien Francq[3], Benedikt Gierlichs[1], Dave Singelée[1] and Ingrid Verbauwhede[1]
[1] KU Leuven ESAT/COSIC (BE) [2] CEA Tech Region, DPACA/LSAS (FR) [3] Airbus Defence & Space CyberSecurity (FR)
TRUDEVICE 2015, 13 March 2015
Grenoble (France)
Holistic Approaches for Integrity of ICT-systems
-
2
o HINT = Holistic Approaches for Integrity of ICT-Systems
o Project Number: 317930
o Project Website: www.hint-project.eu
o Project start: October 1, 2012
o Project duration: 3 years
o Total Costs: € 5.103.893
o EC-Contribution: € 3.350.000
o Project is co-financed by the European Commission under Seventh Framework Programme
HINT Project – Overview (I)
13 March 2015 TRUDEVICE 2015
http://www.hint-project.eu/http://www.hint-project.eu/http://www.hint-project.eu/
-
3
o Motivation: ensure authenticity and integrity of hardware components in modern ICT systems
HINT Project – Overview (II)
13 March 2015 TRUDEVICE 2015
Integrity Test
Side Channel Measurements
01000111…
PUF
Counterfeit ?
Trojan ?
Certified
-
4
HINT Project – Overview (III)
13 March 2015 TRUDEVICE 2015
WP4 –
Integration,
Prototyping,
Validation
WP5 – Security
Evaluation
WP1 – User
Requirements
and System
Architecture
WP2 – Robust
Energy-Optimized
Nano Structures for
Integrity-Anchors
WP3 – Holistic
Integrity Checking
for Components in
ICT Systems
WP6 – Project Management and Dissemination
-
5
o Hardware Trojan (HT): Malicious modification of an Integrated Circuit during design flow
o Issue first raised by US Department of Defense
Outsourcing of IC fabrication questions trust in the final chip
o Very rich HT taxonomy
Insertion phase, infection level, effect, activation, location, ...
Hardware Trojans – What, How and Why ?
13 March 2015 TRUDEVICE 2015
Trigger
Payload
activation
“sensing circuitry”
internal
external
“malicious activity”
information leaks
DoS
...
-
6
o Fingerprinting side-channel characteristics
Learning phase: characterization of Golden circuit
Matching phase: comparison with Device under Test
o Realistic measurement scenario, no simulations
Target platform: FPGA Xilinx Spartan-6 LX75 (Sakura-G)
Side-channel: power consumption
o Golden circuit
AES-128 implementation
o HT Infected circuit
Many variants tested
This presentation: externally triggered, no payload !
Our HT Detection Approach
13 March 2015 TRUDEVICE 2015
-
7
o Insertion after PAR
Xilinx Native Circuit Description
o Externally triggered
16-bit activation sequence
Only 2 slices
Close to occupied slices
HT Infected Circuit
13 March 2015 TRUDEVICE 2015
Golden circuit Infected circuit (slices)
Infected circuit (slices - zoom)
-
8
Golden circuit: signal routings
13 March 2015 TRUDEVICE 2015
-
9
HT Infected circuit: signal routings
13 March 2015 TRUDEVICE 2015
HT slices
-
10
o Welch’s two tailed T-test Test the null hypothesis that the means of 2 populations are equal
Robust, reliable, and with low computation effort
Quantify confidence in the result
o In our particular test scenario Populations are sets of power measurements
• set0 (Golden model), set1 (DuT)
Main idea:
• DuT = Golden model, populations should have same means
• DuT ≠ Golden model, populations should have different means
T-test Distinguisher
13 March 2015 TRUDEVICE 2015
with µ: sample mean of the population
σ: sample variance of the population
N: elements in the population
-
11
Single board / Single Measurement Setup
10,000 measurements per design
3 MHz clock, 1.25 GS/s
20,000 samples/ measurement
Population of power traces with random inputs
Experimental Results (I)
13 March 2015 TRUDEVICE 2015
CONTROL FPGA
CRYPTO FPGA (AES)
SAKURA-G PC OSCILLOSCOPE
30 dB Amp. 48 MHz LPF
measurement
point J3
-
12
How does a measurement look like?
13 March 2015 TRUDEVICE 2015
input key
input_pt
output_ct
quantized
power
measurement
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
50
100
150
200
250
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
0
50
100
150
200
250
-
13
o Perfectly contained within ± 4.5 99.999% confidence
Golden vs. Golden
13 March 2015 TRUDEVICE 2015
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
50
100
150
200
250
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
-10
-5
0
5
10
-
14
o Environmental variations result in offset
Golden vs. Golden’
13 March 2015 TRUDEVICE 2015
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
50
100
150
200
250
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
-10
-5
0
5
10
-
15
o HT activity visible during transmission of input operands
Golden vs. HT Infected
13 March 2015 TRUDEVICE 2015
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
50
100
150
200
250
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
-30
-20
-10
0
10
20
30
-
16
Golden vs. Other HT infected
13 March 2015 TRUDEVICE 2015
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
50
100
150
200
250
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
-10
-5
0
5
10
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
50
100
150
200
250
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
-150
-100
-50
0
50
100
150
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
50
100
150
200
250
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x 104
-10
-5
0
5
10
-
17
o First results towards evaluating the suitability of t-test for HT detection
o Real measurements, not simulations
o Ideal measurement conditions (1 board, 1 setup):
Good, stable results
But need to deal with environmental variations
o Non-ideal conditions (more boards, more setups):
Need to re-define decision thresholds
Currently under investigation in HINT
Conclusions
13 March 2015 TRUDEVICE 2015
-
18
Questions ?
Thanks for your attention !
13 March 2015 TRUDEVICE 2015