Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
-
Upload
kory-charles -
Category
Documents
-
view
214 -
download
0
Transcript of Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
![Page 1: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/1.jpg)
Hardware Support for Trustworthy Systems
Ted HuffmireACACES 2012Fiuggi, Italy
![Page 2: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/2.jpg)
Disclaimer
• The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.
![Page 3: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/3.jpg)
Lecture 4 Overview
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 4: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/4.jpg)
Trustworthy System Development
• Maximize Performance• Minimize Cost• Integrate security mechanisms
![Page 5: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/5.jpg)
Example Systems
• Tagged Architectures• Banking• Smart Phones• Embedded Systems– Medical Devices– Cars
![Page 6: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/6.jpg)
Example Systems
• Discussion Points– What is the threat model for an ATM?– What is the threat model for a phone?– What is the threat model for a pacemaker?– What is the threat model for a car?
![Page 7: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/7.jpg)
CAD Tools and IP Cords
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 8: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/8.jpg)
Trustworthy Tools and IP
• Stripped-down alternative design flow
![Page 9: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/9.jpg)
Trustworthy Tools and IP
• Discussion Points:– Can we trust the output of CAD tools?– Can we trust the function of IP cores?– How can we improve the CAD tools?– How can we improve the IP cores?– Is it feasible to develop from scratch?– What about the software?
![Page 10: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/10.jpg)
Security Usability
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 11: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/11.jpg)
Security Usability
• Design tools and techniques• Technicians• End users• Manage Complexity
– Trigger1{M1,w,R1};– Trigger2{M1,w,R2};– Access0{M1,r,R1} |{M1,r,R2}|{M2,rw,R1}|{M2,rw,R2};– Access1{M1,rw,R1} |{M1,r,R2}|{M2,w,R1}|{M2,rw,R2};– Access12{M1,rw,R1}|{M1,rw,R2}|{M2,w,R1}|{M2,w,R2};– Access2{M1,r,R1}|{M1,rw,R2}|{M2,w,R1}|{M2,w,R2};– Access21{M1,rw,R1}|{M1,rw,R2}|{M2,w,R1}|{M2,w,R2};– Path1 (|Trigger1 Access1* ( |Trigger2 Access12*));– Path2 (|Trigger2 Access2* ( |Trigger1 Access21*));– PolicyAccess0* (|Path1|Path2);
![Page 12: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/12.jpg)
Security Usability
• Discussion Points– What do we expect from engineers?– What do we expect from technicians?– What do we expect from end users?– How does that guide our efforts?
![Page 13: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/13.jpg)
Hardware Trust of FPGA Fabric
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 14: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/14.jpg)
Hardware Trust
• Compromise of FPGA fabric
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
FPGA chip
μP
μP
μP
μPSR
AM B
lock
BRAM
BRAM
BRAM
BRAM
BRAM
BRAM
BRAM
BRAM
FPGA Fabric
![Page 15: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/15.jpg)
Hardware Trust
• Discussion Points– Is it viable to attack the fabric itself?– Can a compromise be detected?– Can we use a compromised FPGA fabric?– What about radiation?
![Page 16: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/16.jpg)
Languages
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 17: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/17.jpg)
Languages
• Enhancements to HDLs– case({module_id,op,r1,r2})
• 9’b011110: //Module1,rw,Range1
– state=s0;• 9’b101101: //Module2,rw,Range2
– state=s0;• default:
– state=s1; //reject– endcase
![Page 18: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/18.jpg)
Languages
• Discussion Points– Are HDL security enhancements useful?– What is the impact on the designer?– Does it slow down the compiler?– Does it slow down the design itself?
![Page 19: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/19.jpg)
Configuration Management
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 20: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/20.jpg)
Configuration Management
• Tools• IP Cores
Crypto Core
CPU Core
AES
μP
![Page 21: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/21.jpg)
Configuration Management
• Discussion Points– Is it useful to put CAD tools under CM?– Is it useful to put IP cores under CM?– What about licenses, patches, etc.?
![Page 22: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/22.jpg)
Securing the Supply Chain
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 23: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/23.jpg)
Securing the Supply Chain
• Trusted Packaging, Assembly, and Delivery• Testing
![Page 24: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/24.jpg)
Securing the Supply Chain
• Discussion Points– Is malicious packaging useful to attacker?– Do we need trusted assembly facilities?– What about bad capacitors and resistors?– Can tests detect compromised parts?– Are tests destructive? What is the cost?– What tests need to be developed?
![Page 25: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/25.jpg)
Physical Attacks on FPGAs
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 26: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/26.jpg)
Physical Attacks on FPGAs
• Design theft and bitstream decryption• Analysis of failure modes• Antenna attack
![Page 27: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/27.jpg)
Physical Attacks on FPGAs
• Discussion Points– How to protect bitstream from DPA?– Does an FPGA fail secure?– Is a configurable antenna useful?– How to detect a short-circuit?
![Page 28: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/28.jpg)
Dynamic Security
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 29: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/29.jpg)
Dynamic Security
• Partial reconfiguration
![Page 30: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/30.jpg)
Dynamic Security
• Discussion Points– Can you change the policy?– How often does the policy change?– Who changes the policy?– Can you return to an earlier policy?– Can you change to a less restrictive policy?– Are policies static or generated dynamically?– How many policies are there?
![Page 31: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/31.jpg)
Split Manufacturing
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 32: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/32.jpg)
Split Manufacturing
• 2-D• 3-D
![Page 33: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/33.jpg)
Split Manufacturing
• Discussion Points– Can we trust the result of split manufacturing?– Could this approach harm security?– What are the challenges of 2D?– What are the challenges of 3D?– Is it worth it? When is it worth it?– Why not use trusted foundry always?– Can we do everything from scratch?
![Page 34: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/34.jpg)
Concluding Remarks
• Forward-Looking Problems– CAD Tools and IP Cores– Security Usability– Hardware Trust of FPGA Fabric– Languages– Configuration Management– Securing the Supply Chain– Physical Attacks on FPGAs– Dynamic Security– Split Manufacturing
• Concluding Remarks
![Page 35: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/35.jpg)
Concluding Remarks
• Security as High Priority in Design Practices• Tools and Cores• Attacks• Protection Mechanisms• Analysis of Cores, Tools, and Mechanisms• Electronic System Level (ESL) Design• Holistic View of Entire System & Lifecycle• Abstractions to Manage Complexity• Multiple Complementary Techniques• Multi-Core Systems
![Page 36: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/36.jpg)
Lecture 4 Reading
• Tagged Architectures– Secure Program Execution via Dynamic Information
Flow Tracking• http://portal.acm.org/citation.cfm?id=1024404
– Complete Information Flow Tracking from the Gates Up• http://dl.acm.org/citation.cfm?id=1508258
– Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security• http://dl.acm.org/citation.cfm?id=2000087
![Page 37: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/37.jpg)
Lecture 4 Reading
• Banking– The Code Book: The Science of Secrecy from
Ancient Egypt to Quantum Cryptography• http://simonsingh.net/books/the-code-book/
– Why Cryptosystems Fail• http://www.cl.cam.ac.uk/~rja14/Papers/wcf.pdf
– Chip and PIN is Broken• http://www.cl.cam.ac.uk/~sjm217/papers/
oakland10chipbroken.pdf
![Page 38: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/38.jpg)
Lecture 4 Reading
• Embedded Systems Security– Security in Embedded Systems: Design Challenges
• http://dl.acm.org/citation.cfm?id=1015049
– Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses• http://www.secure-medicine.org/icd-study/icd-study.pdf
– Experimental Security Analysis of a Modern Automobile• http://www.autosec.org/pubs/cars-oakland2010.pdf
– TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones• http://www.usenix.org/event/osdi10/tech/full_papers/Enck.pdf
![Page 39: Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.](https://reader035.fdocuments.net/reader035/viewer/2022062714/56649d145503460f949e846d/html5/thumbnails/39.jpg)
Lecture 4 Reading
• Cryptography and Security: From Theory to Applications– http://springer.com/978-3-642-14451-6