TC: Small: Minimalist Hardware Trojans through Malicious Side-Channels

TC：小型：通过恶意侧通道的极简硬件木马

• 批准号: 0916854
• 负责人: Christof Paar
• 金额: $ 35.07万
• 依托单位: University of Massachusetts Amherst
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-15 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0916854&HistoricalAwards=false
• 关键词: TC; Small; Minimalist; Hardware; Trojans

In order to provide system security, hardware modules which function as trust anchors are used in an ever increasing number of devices. The majority of laptops and PCs are now equipped with Trusted Platform Modules (TPMs), and a large number of pervasive computing systems such as smart cards, electronic passports or high-speed routers make use of hardware for cryptographic algorithms and key storage. In almost all such applications the security of the entire system hinges on the assumption that the hardware modules are trustworthy. Recently, due to the increasing use of potentially untrusted semiconductor foundries, the threat of maliciously manipulated hardware has been raised, Since hardware manipulations, including hardware Trojans, are difficult to detect and, perhaps more importantly, even harder to repair, they form a very serious threat to system security for today's and future applications.The standard approach to Trojan hardware consists in adding extra logic to a given IC design which weakens the system. The main drawback of this approach, from an attacker's perspective, is that extra function blocks can potentially be detected through a host of techniques, including, e.g., optical inspections at different layers of the design, or power and EM fingerprinting. Our malicious circuit manipulations are orders of magnitude more subtle than previously known Trojans, but can nevertheless totally compromise secure hardware blocks by leaking cryptographic keys. The core idea is to create malicious side-channels, in particular power supply channels, through small modifications of circuit elements, e.g., at the transistor level. We will refer to these covert channels as Trojan side channels (TSC). The core parts of the research are modeling of the assumptions, development of channels and modulations schemes, their realization on the circuit level, and proof-of-concept implementations.In addition to posing a threat to system security, Trojan side-channels can also be used constructively. For instance, they have applications in anti-counterfeiting: illegal copies of ICs with the same functional behavior will not leak the same side-channel ID and can thus easily be detected. Also, TSC could be used for conveying internal status information about a circuit, increasing the testability of a circuits. Moreover, because TSC can be viewed as a form of physically encryption one can imagine other cryptographic protocols and applications using TSC as primitives.

为了提供系统安全性，越来越多的设备中使用充当信任锚的硬件模块。 大多数笔记本电脑和个人电脑现在都配备了可信平台模块（TPM），大量普及计算系统（例如智能卡、电子护照或高速路由器）利用硬件进行加密算法和密钥存储。在几乎所有此类应用中，整个系统的安全性都取决于硬件模块值得信赖的假设。 最近，由于越来越多地使用潜在不受信任的半导体代工厂，恶意操纵硬件的威胁已经增加。由于硬件操纵（包括硬件木马）难以检测，也许更重要的是，甚至更难以修复，因此它们形成了一种非常严重的威胁。对当今和未来应用的系统安全构成严重威胁。特洛伊木马硬件的标准方法包括向给定的 IC 设计添加额外的逻辑，从而削弱系统。从攻击者的角度来看，这种方法的主要缺点是，额外的功能块可能会通过多种技术被检测到，包括例如设计不同层的光学检查，或功率和电磁指纹识别。 我们的恶意电路操作比以前已知的特洛伊木马要微妙几个数量级，但仍然可以通过泄露加密密钥来完全破坏安全硬件块。其核心思想是通过对电路元件（例如在晶体管级别）进行小的修改来创建恶意侧通道，特别是电源通道。我们将这些隐蔽通道称为特洛伊木马侧通道 (TSC)。研究的核心部分是假设的建模、通道和调制方案的开发、电路级的实现以及概念验证的实现。除了对系统安全构成威胁外，木马侧通道还可以建设性地使用。例如，它们在防伪方面有应用：具有相同功能行为的 IC 的非法复制品不会泄露相同的侧通道 ID，因此很容易被检测到。此外，TSC 可用于传送有关电路的内部状态信息，从而提高电路的可测试性。此外，由于 TSC 可以被视为物理加密的一种形式，因此我们可以想象使用 TSC 作为原语的其他加密协议和应用程序。