-
I see an IC: A Mixed-Methods Approach to Study Human Problem-Solving Processes in Hardware Reverse Engineering
Authors:
René Walendy,
Markus Weber,
Jingjie Li,
Steffen Becker,
Carina Wiesen,
Malte Elson,
Younghyun Kim,
Kassem Fawaz,
Nikol Rummel,
Christof Paar
Abstract:
Trust in digital systems depends on secure hardware, often assured through Hardware Reverse Engineering (HRE). This work develops methods for investigating human problem-solving processes in HRE, an underexplored yet critical aspect. Since reverse engineers rely heavily on visual information, eye tracking holds promise for studying their cognitive processes. To gain further insights, we additional…
▽ More
Trust in digital systems depends on secure hardware, often assured through Hardware Reverse Engineering (HRE). This work develops methods for investigating human problem-solving processes in HRE, an underexplored yet critical aspect. Since reverse engineers rely heavily on visual information, eye tracking holds promise for studying their cognitive processes. To gain further insights, we additionally employ verbal thought protocols during and immediately after HRE tasks: Concurrent and Retrospective Think Aloud. We evaluate the combination of eye tracking and Think Aloud with 41 participants in an HRE simulation. Eye tracking accurately identifies fixations on individual circuit elements and highlights critical components. Based on two use cases, we demonstrate that eye tracking and Think Aloud can complement each other to improve data quality. Our methodological insights can inform future studies in HRE, a specific setting of human-computer interaction, and in other problem-solving settings involving misleading or missing information.
△ Less
Submitted 23 February, 2024;
originally announced February 2024.
-
Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces
Authors:
Philipp Mackensen,
Paul Staat,
Stefan Roth,
Aydin Sezgin,
Christof Paar,
Veelasha Moonsamy
Abstract:
Wireless communication infrastructure is a cornerstone of modern digital society, yet it remains vulnerable to the persistent threat of wireless jamming. Attackers can easily create radio interference to overshadow legitimate signals, leading to denial of service. The broadcast nature of radio signal propagation makes such attacks possible in the first place, but at the same time poses a challenge…
▽ More
Wireless communication infrastructure is a cornerstone of modern digital society, yet it remains vulnerable to the persistent threat of wireless jamming. Attackers can easily create radio interference to overshadow legitimate signals, leading to denial of service. The broadcast nature of radio signal propagation makes such attacks possible in the first place, but at the same time poses a challenge for the attacker: The jamming signal does not only reach the victim device but also other neighboring devices, preventing precise attack targeting.
In this work, we solve this challenge by leveraging the emerging RIS technology, for the first time, for precise delivery of jamming signals. In particular, we propose a novel approach that allows for environment-adaptive spatial control of wireless jamming signals, granting a new degree of freedom to perform jamming attacks. We explore this novel method with extensive experimentation and demonstrate that our approach can disable the wireless communication of one or multiple victim devices while leaving neighboring devices unaffected. Notably, our method extends to challenging scenarios where wireless devices are very close to each other: We demonstrate complete denial-of-service of a Wi-Fi device while a second device located at a distance as close as 5 mm remains unaffected, sustaining wireless communication at a data rate of 25 Mbit/s. Lastly, we conclude by proposing potential countermeasures to thwart RIS-based spatial domain wireless jamming attacks.
△ Less
Submitted 13 July, 2024; v1 submitted 21 February, 2024;
originally announced February 2024.
-
JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing
Authors:
Maik Ender,
Felix Hahn,
Marc Fyrbiak,
Amir Moradi,
Christof Paar
Abstract:
Fuzzing is a well-established technique in the software domain to uncover bugs and vulnerabilities. Yet, applications of fuzzing for security vulnerabilities in hardware systems are scarce, as principal reasons are requirements for design information access (HDL source code). Moreover, observation of internal hardware state during runtime is typically an ineffective information source, as its docu…
▽ More
Fuzzing is a well-established technique in the software domain to uncover bugs and vulnerabilities. Yet, applications of fuzzing for security vulnerabilities in hardware systems are scarce, as principal reasons are requirements for design information access (HDL source code). Moreover, observation of internal hardware state during runtime is typically an ineffective information source, as its documentation is often not publicly available. In addition, such observation during runtime is also inefficient due to bandwidth-limited analysis interfaces (JTAG, and minimal introspection of internal modules). In this work, we investigate fuzzing for 7-Series and UltraScale(+) FPGA configuration engines, the control plane governing the (secure) bitstream configuration within the FPGA. Our goal is to examine the effectiveness of fuzzing to analyze and document the opaque inner workings of FPGA configuration engines, with a primary emphasis on identifying security vulnerabilities. Using only the publicly available chip and dispersed documentation, we first design and implement ConFuzz, an advanced FPGA configuration engine fuzzing and rapid prototyping framework. Based on our detailed understanding of the bitstream file format, we then systematically define 3 novel key fuzzing strategies for Xilinx configuration engines. Moreover, our strategies are executed through mutational structure-aware fuzzers and incorporate various novel custom-tailored, FPGA-specific optimizations. Our evaluation reveals previously undocumented behavior within the configuration engine, including critical findings such as system crashes leading to unresponsive states of the FPGA. In addition, our investigations not only lead to the rediscovery of the starbleed attack but also uncover JustSTART (CVE-2023-20570), capable of circumventing RSA authentication for Xilinx UltraScale(+). Note that we also discuss countermeasures.
△ Less
Submitted 15 February, 2024;
originally announced February 2024.
-
Stealing Maggie's Secrets -- On the Challenges of IP Theft Through FPGA Reverse Engineering
Authors:
Simon Klix,
Nils Albartus,
Julian Speith,
Paul Staat,
Alice Verstege,
Annika Wilde,
Daniel Lammers,
Jörn Langheinrich,
Christian Kison,
Sebastian Sester-Wehle,
Daniel Holcomb,
Christof Paar
Abstract:
Intellectual Property (IP) theft is a cause of major financial and reputational damage, reportedly in the range of hundreds of billions of dollars annually in the U.S. alone. Field Programmable Gate Arrays (FPGAs) are particularly exposed to IP theft, because their configuration file contains the IP in a proprietary format that can be mapped to a gate-level netlist with moderate effort. Despite th…
▽ More
Intellectual Property (IP) theft is a cause of major financial and reputational damage, reportedly in the range of hundreds of billions of dollars annually in the U.S. alone. Field Programmable Gate Arrays (FPGAs) are particularly exposed to IP theft, because their configuration file contains the IP in a proprietary format that can be mapped to a gate-level netlist with moderate effort. Despite this threat, the scientific understanding of this issue lacks behind reality, thereby preventing an in-depth assessment of IP theft from FPGAs in academia. We address this discrepancy through a real-world case study on a Lattice iCE40 FPGA found inside iPhone 7. Apple refers to this FPGA as Maggie. By reverse engineering the proprietary signal-processing algorithm implemented on Maggie, we generate novel insights into the actual efforts required to commit FPGA IP theft and the challenges an attacker faces on the way. Informed by our case study, we then introduce generalized netlist reverse engineering techniques that drastically reduce the required manual effort and are applicable across a diverse spectrum of FPGA implementations and architectures. We evaluate these techniques on six benchmarks that are representative of different FPGA applications and have been synthesized for Xilinx and Lattice FPGAs, as well as in an end-to-end white-box case study. Finally, we provide a comprehensive open-source tool suite of netlist reverse engineering techniques to foster future research, enable the community to perform realistic threat assessments, and facilitate the evaluation of novel countermeasures.
△ Less
Submitted 1 July, 2024; v1 submitted 11 December, 2023;
originally announced December 2023.
-
REVERSIM: A Game-Based Environment to Study Human Aspects in Hardware Reverse Engineering
Authors:
Steffen Becker,
René Walendy,
Markus Weber,
Carina Wiesen,
Nikol Rummel,
Christof Paar
Abstract:
Hardware Reverse Engineering (HRE) is a technique for analyzing Integrated Circuits (ICs). Experts employ HRE for security-critical tasks, such as detecting Trojans or intellectual property violations. They rely not only on their experience and customized tools but also on their cognitive abilities. Conducting controlled experiments to assess the cognitive processes involved in HRE can open new av…
▽ More
Hardware Reverse Engineering (HRE) is a technique for analyzing Integrated Circuits (ICs). Experts employ HRE for security-critical tasks, such as detecting Trojans or intellectual property violations. They rely not only on their experience and customized tools but also on their cognitive abilities. Conducting controlled experiments to assess the cognitive processes involved in HRE can open new avenues for hardware protection. However, HRE experts are largely unavailable for empirical research in real-world settings. To address this challenge, we have developed REVERSIM, a game-based environment that mimics realistic HRE subprocesses and can integrate standardized cognitive tests. REVERSIM enables quantitative studies with easier-to-recruit non-experts to uncover cognitive factors relevant to HRE, which can subsequently be validated with small expert samples. To evaluate the design of REVERSIM, the minimum requirements for successful participation, and its measurement capabilities, we conducted two studies: First, we performed semi-structured interviews with 14 professionals and researchers from the HRE domain, who attested to the comparability of REVERSIM to real-world HRE problems. Second, we conducted an online user study with 109 participants, demonstrating that they could engage in REVERSIM with low domain-specific prior knowledge. We provide refined screening criteria, derive fine-grained performance metrics, and successfully perform a cognitive test for mental speed in REVERSIM, thus contributing an important piece of the puzzle for the development of innovative hardware protection mechanisms.
△ Less
Submitted 24 March, 2024; v1 submitted 11 September, 2023;
originally announced September 2023.
-
Evil from Within: Machine Learning Backdoors through Hardware Trojans
Authors:
Alexander Warnecke,
Julian Speith,
Jan-Niklas Möller,
Konrad Rieck,
Christof Paar
Abstract:
Backdoors pose a serious threat to machine learning, as they can compromise the integrity of security-critical systems, such as self-driving cars. While different defenses have been proposed to address this threat, they all rely on the assumption that the hardware on which the learning models are executed during inference is trusted. In this paper, we challenge this assumption and introduce a back…
▽ More
Backdoors pose a serious threat to machine learning, as they can compromise the integrity of security-critical systems, such as self-driving cars. While different defenses have been proposed to address this threat, they all rely on the assumption that the hardware on which the learning models are executed during inference is trusted. In this paper, we challenge this assumption and introduce a backdoor attack that completely resides within a common hardware accelerator for machine learning. Outside of the accelerator, neither the learning model nor the software is manipulated, so that current defenses fail. To make this attack practical, we overcome two challenges: First, as memory on a hardware accelerator is severely limited, we introduce the concept of a minimal backdoor that deviates as little as possible from the original model and is activated by replacing a few model parameters only. Second, we develop a configurable hardware trojan that can be provisioned with the backdoor and performs a replacement only when the specific target model is processed. We demonstrate the practical feasibility of our attack by implanting our hardware trojan into the Xilinx Vitis AI DPU, a commercial machine-learning accelerator. We configure the trojan with a minimal backdoor for a traffic-sign recognition system. The backdoor replaces only 30 (0.069%) model parameters, yet it reliably manipulates the recognition once the input contains a backdoor trigger. Our attack expands the hardware circuit of the accelerator by 0.24% and induces no run-time overhead, rendering a detection hardly possible. Given the complex and highly distributed manufacturing process of current hardware, our work points to a new threat in machine learning that is inaccessible to current security mechanisms and calls for hardware to be manufactured only in fully trusted environments.
△ Less
Submitted 18 April, 2023; v1 submitted 17 April, 2023;
originally announced April 2023.
-
RIS-Jamming: Breaking Key Consistency in Channel Reciprocity-based Key Generation
Authors:
Guyue Li,
Paul Staat,
Haoyu Li,
Markus Heinrichs,
Christian Zenger,
Rainer Kronberger,
Harald Elders-Boll,
Christof Paar,
Aiqun Hu
Abstract:
Channel Reciprocity-based Key Generation (CRKG) exploits reciprocal channel randomness to establish shared secret keys between wireless terminals. This new security technique is expected to complement existing cryptographic techniques for secret key distribution of future wireless networks. In this paper, we present a new attack, reconfigurable intelligent surface (RIS) jamming, and show that an a…
▽ More
Channel Reciprocity-based Key Generation (CRKG) exploits reciprocal channel randomness to establish shared secret keys between wireless terminals. This new security technique is expected to complement existing cryptographic techniques for secret key distribution of future wireless networks. In this paper, we present a new attack, reconfigurable intelligent surface (RIS) jamming, and show that an attacker can prevent legitimate users from agreeing on the same key by deploying a malicious RIS to break channel reciprocity. Specifically, we elaborate on three examples to implement the RIS jamming attack: Using active nonreciprocal circuits, performing time-varying controls, and reducing the signal-to-noise ratio. The attack effect is then studied by formulating the secret key rate with a relationship to the deployment of RIS. To resist such RIS jamming attacks, we propose a countermeasure that exploits wideband signals for multipath separation. The malicious RIS path is distinguished from all separated channel paths, and thus the countermeasure is referred to as contaminated path removal-based CRKG(CRP-CRKG). We present simulation results, showing that legitimate users under RIS jamming are still able to generate secret keys from the remaining paths. We also experimentally demonstrate the RIS jamming attack by using commodity Wi-Fi devices in conjunction with a fabricated RIS prototype. In our experiments, we were able to increase the average bit disagreement ratio (BDR) of raw secret keys by 20%. Further, we successfully demonstrate the proposed CRP-CRKG countermeasure to tackle RIS jamming in wideband systems as long as the source of randomness and the RIS propagation paths are separable.
△ Less
Submitted 10 April, 2024; v1 submitted 13 March, 2023;
originally announced March 2023.
-
Explainability as a Requirement for Hardware: Introducing Explainable Hardware (XHW)
Authors:
Timo Speith,
Julian Speith,
Steffen Becker,
Yixin Zou,
Asia Biega,
Christof Paar
Abstract:
In today's age of digital technology, ethical concerns regarding computing systems are increasing. While the focus of such concerns currently is on requirements for software, this article spotlights the hardware domain, specifically microchips. For example, the opaqueness of modern microchips raises security issues, as malicious actors can manipulate them, jeopardizing system integrity. As a conse…
▽ More
In today's age of digital technology, ethical concerns regarding computing systems are increasing. While the focus of such concerns currently is on requirements for software, this article spotlights the hardware domain, specifically microchips. For example, the opaqueness of modern microchips raises security issues, as malicious actors can manipulate them, jeopardizing system integrity. As a consequence, governments invest substantially to facilitate a secure microchip supply chain. To combat the opaqueness of hardware, this article introduces the concept of Explainable Hardware (XHW). Inspired by and building on previous work on Explainable AI (XAI) and explainable software systems, we develop a framework for achieving XHW comprising relevant stakeholders, requirements they might have concerning hardware, and possible explainability approaches to meet these requirements. Through an exploratory survey among 18 hardware experts, we showcase applications of the framework and discover potential research gaps. Our work lays the foundation for future work and structured debates on XHW.
△ Less
Submitted 25 April, 2024; v1 submitted 28 February, 2023;
originally announced February 2023.
-
Analog Physical-Layer Relay Attacks with Application to Bluetooth and Phase-Based Ranging
Authors:
Paul Staat,
Kai Jansen,
Christian Zenger,
Harald Elders-Boll,
Christof Paar
Abstract:
Today, we use smartphones as multi-purpose devices that communicate with their environment to implement context-aware services, including asset tracking, indoor localization, contact tracing, or access control. As a de-facto standard, Bluetooth is available in virtually every smartphone to provide short-range wireless communication. Importantly, many Bluetooth-driven applications such as Phone as…
▽ More
Today, we use smartphones as multi-purpose devices that communicate with their environment to implement context-aware services, including asset tracking, indoor localization, contact tracing, or access control. As a de-facto standard, Bluetooth is available in virtually every smartphone to provide short-range wireless communication. Importantly, many Bluetooth-driven applications such as Phone as a Key (PaaK) for vehicles and buildings require proximity of legitimate devices, which must be protected against unauthorized access. In earlier access control systems, attackers were able to violate proximity-verification through relay station attacks. However, the vulnerability of Bluetooth against such attacks was yet unclear as existing relay attack strategies are not applicable or can be defeated through wireless distance measurement. In this paper, we design and implement an analog physical-layer relay attack based on low-cost off-the-shelf radio hardware to simultaneously increase the wireless communication range and manipulate distance measurements. Using our setup, we successfully demonstrate relay attacks against Bluetooth-based access control of a car and a smart lock. Further, we show that our attack can arbitrarily manipulate Multi-Carrier Phase-based Ranging (MCPR) while relaying signals over 90 m.
△ Less
Submitted 4 April, 2022; v1 submitted 14 February, 2022;
originally announced February 2022.
-
Reconfigurable Intelligent Surface for Physical Layer Key Generation: Constructive or Destructive?
Authors:
Guyue Li,
Lei Hu,
Paul Staat,
Harald Elders-Boll,
Christian Zenger,
Christof Paar,
Aiqun Hu
Abstract:
Physical layer key generation (PKG) is a promising means to provide on-the-fly shared secret keys by exploiting the intrinsic randomness of the radio channel. However, the performance of PKG is highly dependent on the propagation environments. Due to its feature of controlling the wireless environment, reconfigurable intelligent surface~(RIS) is appealing to be applied in PKG. In this paper, in co…
▽ More
Physical layer key generation (PKG) is a promising means to provide on-the-fly shared secret keys by exploiting the intrinsic randomness of the radio channel. However, the performance of PKG is highly dependent on the propagation environments. Due to its feature of controlling the wireless environment, reconfigurable intelligent surface~(RIS) is appealing to be applied in PKG. In this paper, in contrast to the existing literature, we investigate both the constructive and destructive effects of RIS on the PKG scheme. For the constructive aspect, we have identified static and wave-blockage environments as two RIS-empowered-PKG applications in future wireless systems. In particular, our experimental results in a static environment showed that RIS can enhance the entropy of the secret key, achieving a key generation rate (KGR) of 97.39 bit/s with a bit disagreement rate (BDR) of 0.083. In multi-user systems where some remote users are in worse channel conditions, the proposed RIS-assisted PKG algorithm improves the sum secret key rate by more than 2 dB, compared to the literature. Furthermore, we point out that RIS could be utilized by an attacker to perform new jamming and leakage attacks and give countermeasures, respectively. Finally, we outline future research directions for PKG systems in light of the RIS.
△ Less
Submitted 7 April, 2022; v1 submitted 18 December, 2021;
originally announced December 2021.
-
Anti-Tamper Radio: System-Level Tamper Detection for Computing Systems
Authors:
Paul Staat,
Johannes Tobisch,
Christian Zenger,
Christof Paar
Abstract:
A whole range of attacks becomes possible when adversaries gain physical access to computing systems that process or contain sensitive data. Examples include side-channel analysis, bus probing, device cloning, or implanting hardware Trojans. Defending against these kinds of attacks is considered a challenging endeavor, requiring anti-tamper solutions to monitor the physical environment of the syst…
▽ More
A whole range of attacks becomes possible when adversaries gain physical access to computing systems that process or contain sensitive data. Examples include side-channel analysis, bus probing, device cloning, or implanting hardware Trojans. Defending against these kinds of attacks is considered a challenging endeavor, requiring anti-tamper solutions to monitor the physical environment of the system. Current solutions range from simple switches, which detect if a case is opened, to meshes of conducting material that provide more fine-grained detection of integrity violations. However, these solutions suffer from an intricate trade-off between physical security on the one side and reliability, cost, and difficulty to manufacture on the other. In this work, we demonstrate that radio wave propagation in an enclosed system of complex geometry is sensitive against adversarial physical manipulation. We present an anti-tamper radio (ATR) solution as a method for tamper detection, which combines high detection sensitivity and reliability with ease-of-use. ATR constantly monitors the wireless signal propagation behavior within the boundaries of a metal case. Tamper attempts such as insertion of foreign objects, will alter the observed radio signal response, subsequently raising an alarm. The ATR principle is applicable in many computing systems that require physical security such as servers, ATMs, and smart meters. As a case study, we use 19" servers and thoroughly investigate capabilities and limits of the ATR. Using a custom-built automated probing station, we simulate probing attacks by inserting needles with high precision into protected environments. Our experimental results show that our ATR implementation can detect 16 mm insertions of needles of diameter as low as 0.1 mm under ideal conditions. In the more realistic environment of a running 19" server, we demonstrate reliable [...]
△ Less
Submitted 16 December, 2021;
originally announced December 2021.
-
How Not to Protect Your IP -- An Industry-Wide Break of IEEE 1735 Implementations
Authors:
Julian Speith,
Florian Schweins,
Maik Ender,
Marc Fyrbiak,
Alexander May,
Christof Paar
Abstract:
Modern hardware systems are composed of a variety of third-party Intellectual Property (IP) cores to implement their overall functionality. Since hardware design is a globalized process involving various (untrusted) stakeholders, a secure management of the valuable IP between authors and users is inevitable to protect them from unauthorized access and modification. To this end, the widely adopted…
▽ More
Modern hardware systems are composed of a variety of third-party Intellectual Property (IP) cores to implement their overall functionality. Since hardware design is a globalized process involving various (untrusted) stakeholders, a secure management of the valuable IP between authors and users is inevitable to protect them from unauthorized access and modification. To this end, the widely adopted IEEE standard 1735-2014 was created to ensure confidentiality and integrity.
In this paper, we outline structural weaknesses in IEEE 1735 that cannot be fixed with cryptographic solutions (given the contemporary hardware design process) and thus render the standard inherently insecure. We practically demonstrate the weaknesses by recovering the private keys of IEEE 1735 implementations from major Electronic Design Automation (EDA) tool vendors, namely Intel, Xilinx, Cadence, Siemens, Microsemi, and Lattice, while results on a seventh case study are withheld. As a consequence, we can decrypt, modify, and re-encrypt all allegedly protected IP cores designed for the respective tools, thus leading to an industry-wide break. As part of this analysis, we are the first to publicly disclose three RSA-based white-box schemes that are used in real-world products and present cryptanalytical attacks for all of them, finally resulting in key recovery.
△ Less
Submitted 9 December, 2021;
originally announced December 2021.
-
IRShield: A Countermeasure Against Adversarial Physical-Layer Wireless Sensing
Authors:
Paul Staat,
Simon Mulzer,
Stefan Roth,
Veelasha Moonsamy,
Markus Heinrichs,
Rainer Kronberger,
Aydin Sezgin,
Christof Paar
Abstract:
Wireless radio channels are known to contain information about the surrounding propagation environment, which can be extracted using established wireless sensing methods. Thus, today's ubiquitous wireless devices are attractive targets for passive eavesdroppers to launch reconnaissance attacks. In particular, by overhearing standard communication signals, eavesdroppers obtain estimations of wirele…
▽ More
Wireless radio channels are known to contain information about the surrounding propagation environment, which can be extracted using established wireless sensing methods. Thus, today's ubiquitous wireless devices are attractive targets for passive eavesdroppers to launch reconnaissance attacks. In particular, by overhearing standard communication signals, eavesdroppers obtain estimations of wireless channels which can give away sensitive information about indoor environments. For instance, by applying simple statistical methods, adversaries can infer human motion from wireless channel observations, allowing to remotely monitor premises of victims. In this work, building on the advent of intelligent reflecting surfaces (IRSs), we propose IRShield as a novel countermeasure against adversarial wireless sensing. IRShield is designed as a plug-and-play privacy-preserving extension to existing wireless networks. At the core of IRShield, we design an IRS configuration algorithm to obfuscate wireless channels. We validate the effectiveness with extensive experimental evaluations. In a state-of-the-art human motion detection attack using off-the-shelf Wi-Fi devices, IRShield lowered detection rates to 5% or less.
△ Less
Submitted 7 April, 2022; v1 submitted 3 December, 2021;
originally announced December 2021.
-
Mirror Mirror on the Wall: Wireless Environment Reconfiguration Attacks Based on Fast Software-Controlled Surfaces
Authors:
Paul Staat,
Harald Elders-Boll,
Markus Heinrichs,
Christian Zenger,
Christof Paar
Abstract:
The intelligent reflecting surface (IRS) is a promising new paradigm in wireless communications for meeting the growing connectivity demands in next-generation mobile networks. IRS, also known as software-controlled metasurfaces, consist of an array of adjustable radio wave reflectors, enabling smart radio environments, e.g., for enhancing the signal-to-noise ratio (SNR) and spatial diversity of w…
▽ More
The intelligent reflecting surface (IRS) is a promising new paradigm in wireless communications for meeting the growing connectivity demands in next-generation mobile networks. IRS, also known as software-controlled metasurfaces, consist of an array of adjustable radio wave reflectors, enabling smart radio environments, e.g., for enhancing the signal-to-noise ratio (SNR) and spatial diversity of wireless channels. Research on IRS to date has been largely focused on constructive applications. In this work, we demonstrate for the first time that the IRS provides a practical low-cost toolkit for attackers to easily perform complex signal manipulation attacks on the physical layer in real time. We introduce the environment reconfiguration attack (ERA) as a novel class of jamming attacks in wireless radio networks. Here, an adversary leverages the IRS to rapidly vary the electromagnetic propagation environment to disturb legitimate receivers. The IRS gives the adversary a key advantage over traditional jamming: It no longer has to actively emit jamming signals, instead the IRS reflects existing legitimate signals. In addition, the adversary doesn't need any knowledge about the legitimate channel. We thoroughly investigate the ERA in wireless systems based on the widely employed orthogonal frequency division multiplexing (OFDM) modulation. We present insights into the attack through analytical analysis, simulations, as well as experiments. Our results show that the ERA allows to severely degrade the available data rates even with reasonably small IRS sizes. Finally, we implement an attacker setup and demonstrate a practical ERA to slow down an entire Wi-Fi network.
△ Less
Submitted 3 August, 2021; v1 submitted 4 July, 2021;
originally announced July 2021.
-
An Exploratory Study of Hardware Reverse Engineering Technical and Cognitive Processes
Authors:
Steffen Becker,
Carina Wiesen,
Nils Albartus,
Nikol Rummel,
Christof Paar
Abstract:
Understanding the internals of Integrated Circuits (ICs), referred to as Hardware Reverse Engineering (HRE), is of interest to both legitimate and malicious parties. HRE is a complex process in which semi-automated steps are interwoven with human sense-making processes. Currently, little is known about the technical and cognitive processes which determine the success of HRE.
This paper performs…
▽ More
Understanding the internals of Integrated Circuits (ICs), referred to as Hardware Reverse Engineering (HRE), is of interest to both legitimate and malicious parties. HRE is a complex process in which semi-automated steps are interwoven with human sense-making processes. Currently, little is known about the technical and cognitive processes which determine the success of HRE.
This paper performs an initial investigation on how reverse engineers solve problems, how manual and automated analysis methods interact, and which cognitive factors play a role. We present the results of an exploratory behavioral study with eight participants that was conducted after they had completed a 14-week training. We explored the validity of our findings by comparing them with the behavior (strategies applied and solution time) of an HRE expert. The participants were observed while solving a realistic HRE task. We tested cognitive abilities of our participants and collected large sets of behavioral data from log files. By comparing the least and most efficient reverse engineers, we were able to observe successful strategies. Moreover, our analyses suggest a phase model for reverse engineering, consisting of three phases. Our descriptive results further indicate that the cognitive factor Working Memory (WM) might play a role in efficiently solving HRE problems. Our exploratory study builds the foundation for future research in this topic and outlines ideas for designing cognitively difficult countermeasures ("cognitive obfuscation") against HRE.
△ Less
Submitted 31 May, 2021;
originally announced May 2021.
-
ARMORY: Fully Automated and Exhaustive Fault Simulation on ARM-M Binaries
Authors:
Max Hoffmann,
Falk Schellenberg,
Christof Paar
Abstract:
Embedded systems are ubiquitous. However, physical access of users and likewise attackers makes them often threatened by fault attacks: a single fault during the computation of a cryptographic primitive can lead to a total loss of system security. This can have serious consequences, e.g., in safetycritical systems, including bodily harm and catastrophic technical failures. However, countermeasures…
▽ More
Embedded systems are ubiquitous. However, physical access of users and likewise attackers makes them often threatened by fault attacks: a single fault during the computation of a cryptographic primitive can lead to a total loss of system security. This can have serious consequences, e.g., in safetycritical systems, including bodily harm and catastrophic technical failures. However, countermeasures often focus on isolated fault models and high layers of abstraction. This leads to a dangerous sense of security, because exploitable faults that are only visible at machine code level might not be covered by countermeasures. In this work we present ARMORY, a fully automated open source framework for exhaustive fault simulation on binaries of the ubiquitous ARM-M class. It allows engineers and analysts to efficiently scan a binary for potential weaknesses against arbitrary combinations of multi-variate fault injections under a large variety of fault models. Using ARMORY, we demonstrate the power of fully automated fault analysis and the dangerous implications of applying countermeasures without knowledge of physical addresses and offsets. We exemplarily analyze two case studies, which are highly relevant for practice: a DFA on AES (cryptographic) and a secure bootloader (non-cryptographic). Our results show that indeed numerous exploitable faults found by ARMORY which occur in the actual implementations are easily missed in manual inspection. Crucially, most faults are only visible when taking machine code information, i.e., addresses and offsets, into account. Surprisingly, we show that a countermeasure that protects against one type of fault can actually largely increase the vulnerability to other fault models. Our work demonstrates the need for countermeasures that, at least in their evaluation, are not restricted to isolated fault models and consider low-level information [...].
△ Less
Submitted 28 May, 2021;
originally announced May 2021.
-
The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs
Authors:
Maik Ender,
Amir Moradi,
Christof Paar
Abstract:
The security of FPGAs is a crucial topic, as any vulnerability within the hardware can have severe consequences, if they are used in a secure design. Since FPGA designs are encoded in a bitstream, securing the bitstream is of the utmost importance. Adversaries have many motivations to recover and manipulate the bitstream, including design cloning, IP theft, manipulation of the design, or design su…
▽ More
The security of FPGAs is a crucial topic, as any vulnerability within the hardware can have severe consequences, if they are used in a secure design. Since FPGA designs are encoded in a bitstream, securing the bitstream is of the utmost importance. Adversaries have many motivations to recover and manipulate the bitstream, including design cloning, IP theft, manipulation of the design, or design subversions e.g., through hardware Trojans. Given that FPGAs are often part of cyber-physical systems e.g., in aviation, medical, or industrial devices, this can even lead to physical harm. Consequently, vendors have introduced bitstream encryption, offering authenticity and confidentiality. Even though attacks against bitstream encryption have been proposed in the past, e.g., side-channel analysis and probing, these attacks require sophisticated equipment and considerable technical expertise. In this paper, we introduce novel low-cost attacks against the Xilinx 7-Series (and Virtex-6) bitstream encryption, resulting in the total loss of authenticity and confidentiality. We exploit a design flaw which piecewise leaks the decrypted bitstream. In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely. In addition to the attacks, we discuss several countermeasures.
△ Less
Submitted 28 May, 2021;
originally announced May 2021.
-
Promoting the Acquisition of Hardware Reverse Engineering Skills
Authors:
Carina Wiesen,
Steffen Becker,
Nils Albartus Christof Paar,
Nikol Rummel
Abstract:
This full research paper focuses on skill acquisition in Hardware Reverse Engineering (HRE) - an important field of cyber security. HRE is a prevalent technique routinely employed by security engineers (i) to detect malicious hardware manipulations, (ii) to conduct VLSI failure analysis, (iii) to identify IP infringements, and (iv) to perform competitive analyses. Even though the scientific commun…
▽ More
This full research paper focuses on skill acquisition in Hardware Reverse Engineering (HRE) - an important field of cyber security. HRE is a prevalent technique routinely employed by security engineers (i) to detect malicious hardware manipulations, (ii) to conduct VLSI failure analysis, (iii) to identify IP infringements, and (iv) to perform competitive analyses. Even though the scientific community and industry have a high demand for HRE experts, there is a lack of educational courses. We developed a university-level HRE course based on general cognitive psychological research on skill acquisition, as research on the acquisition of HRE skills is lacking thus far. To investigate how novices acquire HRE skills in our course, we conducted two studies with students on different levels of prior knowledge. Our results show that cognitive factors (e.g., working memory), and prior experiences (e.g., in symmetric cryptography) influence the acquisition of HRE skills. We conclude by discussing implications for future HRE courses and by outlining ideas for future research that would lead to a more comprehensive understanding of skill acquisition in this important field of cyber security.
△ Less
Submitted 28 May, 2021;
originally announced May 2021.
-
SPFA: SFA on Multiple Persistent Faults
Authors:
Susanne Engels,
Falk Schellenberg,
Christof Paar
Abstract:
For classical fault analysis, a transient fault is required to be injected during runtime, e.g., only at a specific round. Instead, Persistent Fault Analysis (PFA) introduces a powerful class of fault attacks that allows for a fault to be present throughout the whole execution. One limitation of original PFA as introduced by Zhang et al. at CHES'18 is that the faulty values need to be known to the…
▽ More
For classical fault analysis, a transient fault is required to be injected during runtime, e.g., only at a specific round. Instead, Persistent Fault Analysis (PFA) introduces a powerful class of fault attacks that allows for a fault to be present throughout the whole execution. One limitation of original PFA as introduced by Zhang et al. at CHES'18 is that the faulty values need to be known to the adversary. While this was addressed at a follow-up work at CHES'20, the solution is only applicable to a single faulty value. Instead, we use the potency of Statistical Fault Analysis (SFA) in the persistent fault setting, presenting Statistical Persistent Fault Analysis (SPFA) as a more general approach of PFA. As a result, any or even a multitude of unknown faults that cause an exploitable bias in the targeted round can be used to recover the cipher's secret key. Indeed, the undesired faults in the other rounds that occur due the persistent nature of the attack converge to a uniform distribution as required by SFA. We verify the effectiveness of our attack against LED and AES.
△ Less
Submitted 28 May, 2021;
originally announced May 2021.
-
Keys from the Sky: A First Exploration of Physical-Layer Security Using Satellite Links
Authors:
Pascal Zimmer,
Roland Weinreich,
Christian T. Zenger,
Aydin Sezgin,
Christof Paar
Abstract:
In this paper, we investigate physical-layer security (PLS) methods for proximity-based group-key establishment and proof of location. Fields of application include secure car-to-car communication, privacy-preserving and secure distance evidence for healthcare or location-based feature activation. Existing technologies do not solve the problem satisfactorily, due to communication restrictions, e.g…
▽ More
In this paper, we investigate physical-layer security (PLS) methods for proximity-based group-key establishment and proof of location. Fields of application include secure car-to-car communication, privacy-preserving and secure distance evidence for healthcare or location-based feature activation. Existing technologies do not solve the problem satisfactorily, due to communication restrictions, e.g., ultra-wide band (UWB) based time of flight measurements, or trusted hardware, e.g., using global navigation satellite system (GNSS) positioning data.
We introduce PLS as a solution candidate. It is information theoretically secure, which also means post-quantum resistant, and has the potential to run on resource constrained devices with low latency. Furthermore, we use wireless channel properties of satellite-to-Earth links, demonstrate the first feasibility study using off-the-shelf hardware testbeds and present first evaluation results and future directions for research.
△ Less
Submitted 28 September, 2021; v1 submitted 14 October, 2020;
originally announced October 2020.
-
Intelligent Reflecting Surface-Assisted Wireless Key Generation for Low-Entropy Environments
Authors:
Paul Staat,
Harald Elders-Boll,
Markus Heinrichs,
Rainer Kronberger,
Christian Zenger,
Christof Paar
Abstract:
Physical layer key generation is a promising candidate for cryptographic key establishment between two wireless communication parties. It offers information-theoretic security and is an attractive alternative to public-key techniques. Here, the inherent randomness of wireless radio channels is used as a shared entropy source to generate cryptographic key material. However, practical implementation…
▽ More
Physical layer key generation is a promising candidate for cryptographic key establishment between two wireless communication parties. It offers information-theoretic security and is an attractive alternative to public-key techniques. Here, the inherent randomness of wireless radio channels is used as a shared entropy source to generate cryptographic key material. However, practical implementations often suffer from static channel conditions which exhibit a limited amount of randomness. In the past, considerable research efforts have been made to address this fundamental limitation. However, current solutions are not generic or require dedicated hardware extensions such as reconfigurable antennas. In this paper, we propose a novel wireless key generation architecture based on randomized channel responses from an intelligent reflecting surface (IRS). Due to its passive nature, a cooperative IRS is well-suited to provide randomness for conventional resource-constrained radios. We conduct the first practical studies to successfully demonstrate IRS-based physical-layer key generation with an OFDM system. In a static environment, using a single subcarrier only, our IRS-assisted prototype system achieves a key generation rate (KGR) of 97.39 bps with 6.5% key disagreement rate (KDR) after quantization, while passing standard randomness tests.
△ Less
Submitted 6 March, 2021; v1 submitted 13 October, 2020;
originally announced October 2020.
-
An Exploratory Analysis of Microcode as a Building Block for System Defenses
Authors:
Benjamin Kollenda,
Philipp Koppe,
Marc Fyrbiak,
Christian Kison,
Christof Paar,
Thorsten Holz
Abstract:
Microcode is an abstraction layer used by modern x86 processors that interprets user-visible CISC instructions to hardware-internal RISC instructions. The capability to update x86 microcode enables a vendor to modify CPU behavior in-field, and thus patch erroneous microarchitectural processes or even implement new features. Most prominently, the recent Spectre and Meltdown vulnerabilities were mit…
▽ More
Microcode is an abstraction layer used by modern x86 processors that interprets user-visible CISC instructions to hardware-internal RISC instructions. The capability to update x86 microcode enables a vendor to modify CPU behavior in-field, and thus patch erroneous microarchitectural processes or even implement new features. Most prominently, the recent Spectre and Meltdown vulnerabilities were mitigated by Intel via microcode updates. Unfortunately, microcode is proprietary and closed source, and there is little publicly available information on its inner workings.
In this paper, we present new reverse engineering results that extend and complement the public knowledge of proprietary microcode. Based on these novel insights, we show how modern system defenses and tools can be realized in microcode on a commercial, off-the-shelf AMD x86 CPU. We demonstrate how well-established system security defenses such as timing attack mitigations, hardware-assisted address sanitization, and instruction set randomization can be realized in microcode. We also present a proof-of-concept implementation of a microcode-assisted instrumentation framework. Finally, we show how a secure microcode update mechanism and enclave functionality can be implemented in microcode to realize a small trusted execution environment. All microcode programs and the whole infrastructure needed to reproduce and extend our results are publicly available.
△ Less
Submitted 6 July, 2020;
originally announced July 2020.
-
A Look at the Dark Side of Hardware Reverse Engineering -- A Case Study
Authors:
Sebastian Wallat,
Marc Fyrbiak,
Moritz Schlögel,
Christof Paar
Abstract:
A massive threat to the modern and complex IC production chain is the use of untrusted off-shore foundries which are able to infringe valuable hardware design IP or to inject hardware Trojans causing severe loss of safety and security. Similarly, market dominating SRAM-based FPGAs are vulnerable to both attacks since the crucial gate-level netlist can be retrieved even in field for the majority of…
▽ More
A massive threat to the modern and complex IC production chain is the use of untrusted off-shore foundries which are able to infringe valuable hardware design IP or to inject hardware Trojans causing severe loss of safety and security. Similarly, market dominating SRAM-based FPGAs are vulnerable to both attacks since the crucial gate-level netlist can be retrieved even in field for the majority of deployed device series. In order to perform IP infringement or Trojan injection, reverse engineering (parts of) the hardware design is necessary to understand its internal workings. Even though IP protection and obfuscation techniques exist to hinder both attacks, the security of most techniques is doubtful since realistic capabilities of reverse engineering are often neglected. The contribution of our work is twofold: first, we carefully review an IP watermarking scheme tailored to FPGAs and improve its security by using opaque predicates. In addition, we show novel reverse engineering strategies on proposed opaque predicate implementations that again enables to automatically detect and alter watermarks. Second, we demonstrate automatic injection of hardware Trojans specifically tailored for third-party cryptographic IP gate-level netlists. More precisely, we extend our understanding of adversary's capabilities by presenting how block and stream cipher implementations can be surreptitiously weakened.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
Hardware Reverse Engineering: Overview and Open Challenges
Authors:
Marc Fyrbiak,
Sebastian Strauß,
Christian Kison,
Sebastian Wallat,
Malte Elson,
Nikol Rummel,
Christof Paar
Abstract:
Hardware reverse engineering is a universal tool for both legitimate and illegitimate purposes. On the one hand, it supports confirmation of IP infringement and detection of circuit malicious manipulations, on the other hand it provides adversaries with crucial information to plagiarize designs, infringe on IP, or implant hardware Trojans into a target circuit. Although reverse engineering is comm…
▽ More
Hardware reverse engineering is a universal tool for both legitimate and illegitimate purposes. On the one hand, it supports confirmation of IP infringement and detection of circuit malicious manipulations, on the other hand it provides adversaries with crucial information to plagiarize designs, infringe on IP, or implant hardware Trojans into a target circuit. Although reverse engineering is commonplace in practice, the quantification of its complexity is an unsolved problem to date since both technical and human factors have to be accounted for. A sophisticated understanding of this complexity is crucial in order to provide a reasonable threat estimation and to develop sound countermeasures, i.e. obfuscation transformations of the target circuit, to mitigate risks for the modern IC landscape. The contribution of our work is threefold: first, we systematically study the current research branches related to hardware reverse engineering ranging from decapsulation to gate-level netlist analysis. Based on our overview, we formulate several open research questions to scientifically quantify reverse engineering, including technical and human factors. Second, we survey research on problem solving and on the acquisition of expertise and discuss its potential to quantify human factors in reverse engineering. Third, we propose novel directions for future interdisciplinary research encompassing both technical and psychological perspectives that hold the promise to holistically capture the complexity of hardware reverse engineering.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
Insights into the Mind of a Trojan Designer: The Challenge to Integrate a Trojan into the Bitstream
Authors:
Maik Ender,
Pawel Swierczynski,
Sebastian Wallat,
Matthias Wilhelm,
Paul Martin Knopp,
Christof Paar
Abstract:
The threat of inserting hardware Trojans during the design, production, or in-field poses a danger for integrated circuits in real-world applications. A particular critical case of hardware Trojans is the malicious manipulation of third-party FPGA configurations. In addition to attack vectors during the design process, FPGAs can be infiltrated in a non-invasive manner after shipment through altera…
▽ More
The threat of inserting hardware Trojans during the design, production, or in-field poses a danger for integrated circuits in real-world applications. A particular critical case of hardware Trojans is the malicious manipulation of third-party FPGA configurations. In addition to attack vectors during the design process, FPGAs can be infiltrated in a non-invasive manner after shipment through alterations of the bitstream. First, we present an improved methodology for bitstream file format reversing. Second, we introduce a novel idea for Trojan insertion.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
Physical Design Obfuscation of Hardware: A Comprehensive Investigation of Device- and Logic-Level Techniques
Authors:
Arunkumar Vijayakumar,
Vinay C. Patil,
Daniel E. Holcomb,
Christof Paar,
Sandip Kundu
Abstract:
The threat of hardware reverse engineering is a growing concern for a large number of applications. A main defense strategy against reverse engineering is hardware obfuscation. In this paper, we investigate physical obfuscation techniques, which perform alterations of circuit elements that are difficult or impossible for an adversary to observe. The examples of such stealthy manipulations are chan…
▽ More
The threat of hardware reverse engineering is a growing concern for a large number of applications. A main defense strategy against reverse engineering is hardware obfuscation. In this paper, we investigate physical obfuscation techniques, which perform alterations of circuit elements that are difficult or impossible for an adversary to observe. The examples of such stealthy manipulations are changes in the doping concentrations or dielectric manipulations. An attacker will, thus, extract a netlist, which does not correspond to the logic function of the device-under-attack. This approach of camouflaging has garnered recent attention in the literature. In this paper, we expound on this promising direction to conduct a systematic end-to-end study of the VLSI design process to find multiple ways to obfuscate a circuit for hardware security. This paper makes three major contributions. First, we provide a categorization of the available physical obfuscation techniques as it pertains to various design stages. There is a large and multidimensional design space for introducing obfuscated elements and mechanisms, and the proposed taxonomy is helpful for a systematic treatment. Second, we provide a review of the methods that have been proposed or in use. Third, we present recent and new device and logic-level techniques for design obfuscation. For each technique considered, we discuss feasibility of the approach and assess likelihood of its detection. Then we turn our focus to open research questions, and conclude with suggestions for future research directions.
△ Less
Submitted 2 October, 2019;
originally announced October 2019.
-
Stealthy Opaque Predicates in Hardware -- Obfuscating Constant Expressions at Negligible Overhead
Authors:
Max Hoffmann,
Christof Paar
Abstract:
Opaque predicates are a well-established fundamental building block for software obfuscation. Simplified, an opaque predicate implements an expression that provides constant Boolean output, but appears to have dynamic behavior for static analysis. Even though there has been extensive research regarding opaque predicates in software, techniques for opaque predicates in hardware are barely explored.…
▽ More
Opaque predicates are a well-established fundamental building block for software obfuscation. Simplified, an opaque predicate implements an expression that provides constant Boolean output, but appears to have dynamic behavior for static analysis. Even though there has been extensive research regarding opaque predicates in software, techniques for opaque predicates in hardware are barely explored. In this work, we propose a novel technique to instantiate opaque predicates in hardware, such that they (1) are resource-efficient, and (2) are challenging to reverse engineer even with dynamic analysis capabilities. We demonstrate the applicability of opaque predicates in hardware for both, protection of intellectual property and obfuscation of cryptographic hardware Trojans. Our results show that we are able to implement stealthy opaque predicates in hardware with minimal overhead in area and no impact on latency.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
Reverse Engineering x86 Processor Microcode
Authors:
Philipp Koppe,
Benjamin Kollenda,
Marc Fyrbiak,
Christian Kison,
Robert Gawlik,
Christof Paar,
Thorsten Holz
Abstract:
Microcode is an abstraction layer on top of the physical components of a CPU and present in most general-purpose CPUs today. In addition to facilitate complex and vast instruction sets, it also provides an update mechanism that allows CPUs to be patched in-place without requiring any special hardware. While it is well-known that CPUs are regularly updated with this mechanism, very little is known…
▽ More
Microcode is an abstraction layer on top of the physical components of a CPU and present in most general-purpose CPUs today. In addition to facilitate complex and vast instruction sets, it also provides an update mechanism that allows CPUs to be patched in-place without requiring any special hardware. While it is well-known that CPUs are regularly updated with this mechanism, very little is known about its inner workings given that microcode and the update mechanism are proprietary and have not been throughly analyzed yet.
In this paper, we reverse engineer the microcode semantics and inner workings of its update mechanism of conventional COTS CPUs on the example of AMD's K8 and K10 microarchitectures. Furthermore, we demonstrate how to develop custom microcode updates. We describe the microcode semantics and additionally present a set of microprograms that demonstrate the possibilities offered by this technology. To this end, our microprograms range from CPU-assisted instrumentation to microcoded Trojans that can even be reached from within a web browser and enable remote code execution and cryptographic implementation attacks.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
Interdiction in Practice -- Hardware Trojan Against a High-Security USB Flash Drive
Authors:
Pawel Swierczynski,
Marc Fyrbiak,
Philipp Koppe,
Amir Moradi,
Christof Paar
Abstract:
As part of the revelations about the NSA activities, the notion of interdiction has become known to the public: the interception of deliveries to manipulate hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hardware level. With respect to hardware, FPGAs are particular interesting targets as they can be altered by manipulating the corresponding bitstrea…
▽ More
As part of the revelations about the NSA activities, the notion of interdiction has become known to the public: the interception of deliveries to manipulate hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hardware level. With respect to hardware, FPGAs are particular interesting targets as they can be altered by manipulating the corresponding bitstream which configures the device. In this paper, we demonstrate the first successful real-world FPGA hardware Trojan insertion into a commercial product. On the target device, a FIPS-140-2 level 2 certified USB flash drive from Kingston, the user data are encrypted using AES-256 in XTS mode, and the encryption/decryption is processed by an off-the-shelf SRAM-based FPGA. Our investigation required two reverse-engineering steps, related to the proprietary FPGA bitstream and to the firmware of the underlying ARM CPU. In our Trojan insertion scenario, the targeted USB flash drive is intercepted before being delivered to the victim. The physical Trojan insertion requires the manipulation of the SPI flash memory content, which contains the FPGA bitstream as well as the ARM CPU code. The FPGA bitstream manipulation alters the exploited AES-256 algorithm in a way that it turns into a linear function which can be broken with 32 known plaintext-ciphertext pairs. After the manipulated USB flash drive has been used by the victim, the attacker is able to obtain all user data from the ciphertexts. Our work indeed highlights the security risks and especially the practical relevance of bitstream modification attacks that became realistic due to FPGA bitstream manipulations.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
Side-Channel Hardware Trojan for Provably-Secure SCA-Protected Implementations
Authors:
Samaneh Ghandali,
Thorben Moos,
Amir Moradi,
Christof Paar
Abstract:
Hardware Trojans have drawn the attention of academia, industry and government agencies. Effective detection mechanisms and countermeasures against such malicious designs can only be developed when there is a deep understanding of how hardware Trojans can be built in practice, in particular Trojans specifically designed to avoid detection. In this work, we present a mechanism to introduce an extre…
▽ More
Hardware Trojans have drawn the attention of academia, industry and government agencies. Effective detection mechanisms and countermeasures against such malicious designs can only be developed when there is a deep understanding of how hardware Trojans can be built in practice, in particular Trojans specifically designed to avoid detection. In this work, we present a mechanism to introduce an extremely stealthy hardware Trojan into cryptographic primitives equipped with provably-secure first-order side-channel countermeasures. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage, leading to successful key recovery attacks. Generally, such a Trojan requires neither addition nor removal of any logic which makes it extremely hard to detect. On ASICs, it can be inserted by subtle manipulations at the sub-transistor level and on FPGAs by changing the routing of particular signals, leading to \textbf{zero} logic overhead. The underlying concept is based on modifying a securely-masked hardware implementation in such a way that running the device at a particular clock frequency violates one of its essential properties, leading to exploitable leakage. We apply our technique to a Threshold Implementation of the PRESENT block cipher realized in two different CMOS technologies, and show that triggering the Trojan makes the ASIC prototypes vulnerable.
△ Less
Submitted 22 September, 2019;
originally announced October 2019.
-
Temperature-Based Hardware Trojan For Ring-Oscillator-Based TRNGs
Authors:
Samaneh Ghandali,
Daniel Holcomb,
Christof Paar
Abstract:
True random number generators (TRNGs) are essential components of cryptographic designs, which are used to generate private keys for encryption and authentication, and are used in masking countermeasures. In this work, we present a mechanism to design a stealthy parametric hardware Trojan for a ring oscillator based TRNG architecture proposed by Yang et al. at ISSCC 2014. Once the Trojan is trigge…
▽ More
True random number generators (TRNGs) are essential components of cryptographic designs, which are used to generate private keys for encryption and authentication, and are used in masking countermeasures. In this work, we present a mechanism to design a stealthy parametric hardware Trojan for a ring oscillator based TRNG architecture proposed by Yang et al. at ISSCC 2014. Once the Trojan is triggered the malicious TRNG generates predictable non-random outputs. Such a Trojan does not require any additional logic (even a single gate) and is purely based on subtle manipulations on the sub-transistor level. The underlying concept is to disable the entropy source at high temperature to trigger the Trojan, while ensuring that Trojan-infected TRNG works correctly under normal conditions. We show how an attack can be performed with the Trojan-infected TRNG design in which the attacker uses a stochastic Markov Chain model to predict its reduced-entropy outputs.
△ Less
Submitted 22 September, 2019;
originally announced October 2019.
-
Highway to HAL: Open-Sourcing the First Extendable Gate-Level Netlist Reverse Engineering Framework
Authors:
Sebastian Wallat,
Nils Albartus,
Steffen Becker,
Max Hoffmann,
Maik Ender,
Marc Fyrbiak,
Adrian Drees,
Sebastian Maaßen,
Christof Paar
Abstract:
Since hardware oftentimes serves as the root of trust in our modern interconnected world, malicious hardware manipulations constitute a ubiquitous threat in the context of the Internet of Things (IoT). Hardware reverse engineering is a prevalent technique to detect such manipulations.
Over the last years, an active research community has significantly advanced the field of hardware reverse engin…
▽ More
Since hardware oftentimes serves as the root of trust in our modern interconnected world, malicious hardware manipulations constitute a ubiquitous threat in the context of the Internet of Things (IoT). Hardware reverse engineering is a prevalent technique to detect such manipulations.
Over the last years, an active research community has significantly advanced the field of hardware reverse engineering. Notably, many open research questions regarding the extraction of functionally correct netlists from Field Programmable Gate Arrays (FPGAs) or Application Specific Integrated Circuits (ASICs) have been tackled. In order to facilitate further analysis of recovered netlists, a software framework is required, serving as the foundation for specialized algorithms. Currently, no such framework is publicly available.
Therefore, we provide the first open-source gate-library agnostic framework for gate-level netlist analysis. In this positional paper, we demonstrate the workflow of our modular framework HAL on the basis of two case studies and provide profound insights on its technical foundations.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
Towards Cognitive Obfuscation: Impeding Hardware Reverse Engineering Based on Psychological Insights
Authors:
Carina Wiesen,
Nils Albartus,
Max Hoffmann,
Steffen Becker,
Sebastian Wallat,
Marc Fyrbiak,
Nikol Rummel,
Christof Paar
Abstract:
In contrast to software reverse engineering, there are hardly any tools available that support hardware reversing. Therefore, the reversing process is conducted by human analysts combining several complex semi-automated steps. However, countermeasures against reversing are evaluated solely against mathematical models. Our research goal is the establishment of cognitive obfuscation based on the exp…
▽ More
In contrast to software reverse engineering, there are hardly any tools available that support hardware reversing. Therefore, the reversing process is conducted by human analysts combining several complex semi-automated steps. However, countermeasures against reversing are evaluated solely against mathematical models. Our research goal is the establishment of cognitive obfuscation based on the exploration of underlying psychological processes. We aim to identify problems which are hard to solve for human analysts and derive novel quantification metrics, thus enabling stronger obfuscation techniques.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
Teaching Hardware Reverse Engineering: Educational Guidelines and Practical Insights
Authors:
Carina Wiesen,
Steffen Becker,
Marc Fyrbiak,
Nils Albartus,
Malte Elson,
Nikol Rummel,
Christof Paar
Abstract:
Since underlying hardware components form the basis of trust in virtually any computing system, security failures in hardware pose a devastating threat to our daily lives. Hardware reverse engineering is commonly employed by security engineers in order to identify security vulnerabilities, to detect IP violations, or to conduct very-large-scale integration (VLSI) failure analysis. Even though indu…
▽ More
Since underlying hardware components form the basis of trust in virtually any computing system, security failures in hardware pose a devastating threat to our daily lives. Hardware reverse engineering is commonly employed by security engineers in order to identify security vulnerabilities, to detect IP violations, or to conduct very-large-scale integration (VLSI) failure analysis. Even though industry and the scientific community demand experts with expertise in hardware reverse engineering, there is a lack of educational offerings, and existing training is almost entirely unstructured and on the job. To the best of our knowledge, we have developed the first course to systematically teach students hardware reverse engineering based on insights from the fields of educational research, cognitive science, and hardware security. The contribution of our work is threefold: (1) we propose underlying educational guidelines for practice-oriented courses which teach hardware reverse engineering; (2) we develop such a lab course with a special focus on gate-level netlist reverse engineering and provide the required tools to support it; (3) we conduct an educational evaluation of our pilot course. Based on our results, we provide valuable insights on the structure and content necessary to design and teach future courses on hardware reverse engineering.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
SAT-based Reverse Engineering of Gate-Level Schematics using Fault Injection and Probing
Authors:
Shahrzad Keshavarz,
Falk Schellenberg,
Bastian Richter,
Christof Paar,
Daniel Holcomb
Abstract:
Gate camouflaging is a known security enhancement technique that tries to thwart reverse engineering by hiding the functions of gates or the connections between them. A number of works on SAT-based attacks have shown that it is often possible to reverse engineer a circuit function by combining a camouflaged circuit model and the ability to have oracle access to the obfuscated combinational circuit…
▽ More
Gate camouflaging is a known security enhancement technique that tries to thwart reverse engineering by hiding the functions of gates or the connections between them. A number of works on SAT-based attacks have shown that it is often possible to reverse engineer a circuit function by combining a camouflaged circuit model and the ability to have oracle access to the obfuscated combinational circuit. Especially in small circuits it is easy to reverse engineer the circuit function in this way, but SAT-based reverse engineering techniques provide no guarantees of recovering a circuit that is gate-by-gate equivalent to the original design. In this work we show that an attacker who does not know gate functions or connections of an aggressively camouflaged circuit cannot learn the correct gate-level schematic even if able to control inputs and probe all combinational nodes of the circuit. We then present a stronger attack that extends SAT-based reverse engineering with fault analysis to allow an attacker to recover the correct gate-level schematic. We analyze our reverse engineering approach on an S-Box circuit.
△ Less
Submitted 24 February, 2018;
originally announced February 2018.
-
Design Automation for Obfuscated Circuits with Multiple Viable Functions
Authors:
Shahrzad Keshavarz,
Christof Paar,
Daniel Holcomb
Abstract:
Gate camouflaging is a technique for obfuscating the function of a circuit against reverse engineering attacks. However, if an adversary has pre-existing knowledge about the set of functions that are viable for an application, random camouflaging of gates will not obfuscate the function well. In this case, the adversary can target their search, and only needs to decide whether each of the viable f…
▽ More
Gate camouflaging is a technique for obfuscating the function of a circuit against reverse engineering attacks. However, if an adversary has pre-existing knowledge about the set of functions that are viable for an application, random camouflaging of gates will not obfuscate the function well. In this case, the adversary can target their search, and only needs to decide whether each of the viable functions could be implemented by the circuit.
In this work, we propose a method for using camouflaged cells to obfuscate a design that has a known set of viable functions. The circuit produced by this method ensures that an adversary will not be able to rule out any viable functions unless she is able to uncover the gate functions of the camouflaged cells. Our method comprises iterated synthesis within an overall optimization loop to combine the viable functions, followed by technology mapping to deploy camouflaged cells while maintaining the plausibility of all viable functions. We evaluate our technique on cryptographic S-box functions and show that, relative to a baseline approach, it achieves up to 38\% area reduction in PRESENT-style S-Boxes and 48\% in DES S-boxes.
△ Less
Submitted 1 March, 2017;
originally announced March 2017.
-
The Passive Eavesdropper Affects my Channel: Secret-Key Rates under Real-World Conditions (Extended Version)
Authors:
Christan Zenger,
Hendrik Vogt,
Jan Zimmer,
Aydin Sezgin,
Christof Paar
Abstract:
Channel-reciprocity based key generation (CRKG) has gained significant importance as it has recently been proposed as a potential lightweight security solution for IoT devices. However, the impact of the attacker's position in close range has only rarely been evaluated in practice, posing an open research problem about the security of real-world realizations. Furthermore, this would further bridge…
▽ More
Channel-reciprocity based key generation (CRKG) has gained significant importance as it has recently been proposed as a potential lightweight security solution for IoT devices. However, the impact of the attacker's position in close range has only rarely been evaluated in practice, posing an open research problem about the security of real-world realizations. Furthermore, this would further bridge the gap between theoretical channel models and their practice-oriented realizations. For security metrics, we utilize cross-correlation, mutual information, and a lower bound on secret-key capacity. We design a practical setup of three parties such that the channel statistics, although based on joint randomness, are always reproducible. We run experiments to obtain channel states and evaluate the aforementioned metrics for the impact of an attacker depending on his position. It turns out the attacker himself affects the outcome, which has not been adequately regarded yet in standard channel models.
△ Less
Submitted 14 January, 2017;
originally announced January 2017.