Architectural Enhancements to Increase Trust in Cyber-Physical Systems Containing Untrusted Software and Hardware

Farag, Mohammed Morsy Naeem

25 October 2012

Embedded electronics are widely employed in cyber-physical systems (CPSes), which tightly integrate and coordinate computational and physical elements. CPSes are extensively deployed in security-critical applications and nationwide infrastructure. Perimeter security approaches to preventing malware infiltration of CPSes are challenged by the complexity of modern embedded systems incorporating numerous heterogeneous and updatable components. Global supply chains and third-party hardware components, tools, and software limit the reach of design verification techniques and introduce security concerns about deliberate Trojan inclusions. As a consequence, skilled attacks against CPSes have demonstrated that these systems can be surreptitiously compromised. Existing run-time security approaches are not adequate to counter such threats because of either the impact on performance and cost, lack of scalability and generality, trust needed in global third parties, or significant changes required to the design flow. We present a protection scheme called Run-time Enhancement of Trusted Computing (RETC) to enhance trust in CPSes containing untrusted software and hardware. RETC is complementary to design-time verification approaches and serves as a last line of defense against the rising number of inexorable threats against CPSes. We target systems built using reconfigurable hardware to meet the flexibility and high-performance requirements of modern security protections. Security policies are derived from the system physical characteristics and component operational specifications and translated into synthesizable hardware integrated into specific interfaces on a per-module or per-function basis. The policy-based approach addresses many security challenges by decoupling policies from system-specific implementations and optimizations, and minimizes changes required to the design flow. Interface guards enable in-line monitoring and enforcement of critical system computations at run-time. Trust is only required in a small set of simple, self-contained, and verifiable guard components. Hardware trust anchors simultaneously addresses the performance, flexibility, developer productivity, and security requirements of contemporary CPSes. We apply RETC to several CPSes having common security challenges including: secure reconfiguration control in reconfigurable cognitive radio platforms, tolerating hardware Trojan threats in third-party IP cores, and preserving stability in process control systems. High-level architectures demonstrated with prototypes are presented for the selected applications. Implementation results illustrate the RETC efficiency in terms of the performance and overheads of the hardware trust anchors. Testbenches associated with the addressed threat models are generated and experimentally validated on reconfigurable platform to establish the protection scheme efficacy in thwarting the selected threats. This new approach significantly enhances trust in CPSes containing untrusted components without sacrificing cost and performance. / Ph. D.

Hardware Trojans

Reconfigurable Hardware

Embedded Systems Security

Cognitive radio networks

Trusted Computing

Cyber-Physical Systems

Process Control Systems

Enhancing Trust in Reconfigurable Hardware Systems

Venugopalan, Vivek

01 March 2017

A Cyber-Physical System (CPS) is a large-scale, distributed, embedded system, consisting of various components that are glued together to realize control, computation and communication functions. Although these systems are complex, they are ubiquitous in the Internet of Things (IoT) era of autonomous vehicles/drones, smart homes, smart grids, etc. where everything is connected. These systems are vulnerable to unauthorized penetration due to the absence of proper security features and safeguards to protect important information. Examples such as the typewriter hack involving subversive chips resulting in leakage of keystroke data and hardware backdoors crippling anti-aircraft guns during an attack demonstrate the need to protect all system functions. With more focus on securing a system, trust in untrusted components at the integration stage is of a higher priority. This work builds on a red-black security system, where an architecture testbed is developed with critical and non-critical IP cores and subjected to a variety of Hardware Trojan Threats (HTTs). These attacks defeat the classic trusted hardware model assumptions and demonstrate the ability of Trojans to evade detection methods based on physical characteristics. A novel metric is defined for hardware Trojan detection, termed as HTT Detectability Metric (HDM) that leverages a weighted combination of normalized physical parameters. Security analysis results show that using HDM, 86% of the implemented Trojans were detected as compared to using power consumption, timing variation and resource utilization alone. This led to the formulation of the security requirements for the development of a novel, distributed and secure methodology for enhancing trust in systems developed under untrusted environments called FIDelity Enhancing Security (FIDES). FIDES employs a decentralized information flow control (DIFC) model that enables safe and distributed information flows between various elements of the system such as IP cores, physical memory and registers. The DIFC approach annotates/tags each data item with its sensitivity level and the identity of the participating entities during the communication. Trust enhanced FIDES (TE-FIDES) is proposed to address the vulnerabilities arising from the declassification process during communication between third-party soft IP cores. TE-FIDES employs a secure enclave approach for preserving the confidentiality of the sensitive information in the system. TE-FIDES is evaluated by targeting an IoT-based smart grid CPS application, where malicious third-party soft IP cores are prevented from causing a system blackout. The resulting hardware implementation using TE-FIDES is found to be resilient to multiple hardware Trojan attacks. / Ph. D. / The Internet-of-Things (IoT) has emerged as one of the most innovative multidisciplinary paradigms combining heterogeneous sensors, software architectures, embedded hardware systems, and data analytics. With the growth in deployment of IoT systems, security of the sensors and trustworthiness of the data exchanged is of paramount significance. IoT security approaches are derived from the vulnerabilities existing in cyber-physical systems (CPS) and the countermeasures designed against them. An unauthorized penetration due to the absence of safeguards can cripple the system and leak sensitive data. This dissertation studies the vulnerabilities posed due to the presence of hardware Trojans in such IoT-based CPS. FIDelity Enhancing Security (FIDES), named after the Greek Goddess of Trust, is a novel, distributed and secure methodology proposed to address the security requirements and enhance trust of systems developed in untrusted environments. FIDES utilizes a distributed scheme that monitors the communication between the Intellectual Property (IP) cores using tags. Trust Enhanced FIDES (TE-FIDES) is proposed to reduce the vulnerabilities arising from the declassification process of the third-party soft IP cores. TE-FIDES employs a secure enclave approach for preserving the integrity of the sensitive information in the system. In addition, TE-FIDES also uses a trust metric to record snapshots of each IP core’s state during the declassification process. TE-FIDES is evaluated by mapping an IoT-based CPS application and subjecting it to a variety of hardware Trojan attacks. The performance costs for resilient and trustworthy operation of the TE-FIDES implementation are evaluated and TE-FIDES proves to be resilient to the attacks with acceptable cyber costs.

Secure Computing

Trusted Computing

Resilient Computing

Root of Trust

Hardware Trojans

Cyber Physical System Security

Embedded Systems

Reconfigurable Hardware

Skadlig kod och sårbarheter i Windows : En studie i virusens historia och nutidens olika säkerhetsrisker

Lejdemalm, Roger, Andreasson, Daniel

January 2008

I dag kan man oftast läsa om olika säkerhetshot och risker en datoranvändare måste tänka på för att inte ge någon utomstående möjlighet att komma åt känslig och/eller privat information. Här talas det om nya virus och nya typer av trojaner som sprids som epidemier över Internet, och i bland handlar det om ett spionprogram som följer med en nedladdad fil. Det är svårt att hålla reda på alla typer av skadlig kod som nämns fast med ökad förståelse ökar också chanserna för att klara sig från smitta. Det har visat sig att utvecklingen av skadlig kod är lika stark som den inom kommersiella mjukvaror. Från persondatorns uppkomst i början av 80-talet och fram till i dag, har utveckling skett i alla områden av den skadliga kod det handlar om strategi, syfte och framförallt ren kodkomplexitet. Dagens ledande leverantör av operativsystem och webbläsare, Microsoft, lovar allt mer sofistikerade säkerhetslösningar varje gång en ny version av ett program släpps. Framförallt nämndes det i samband med lanseringen av Windows Vista att säkerheten var det som stod högst på listan. Vi har tillsammans med WM-data i Stockholm tagit fram en programvara för fjärradministration av Windows. Huvudmålet var att med hjälp av våra baskunskaper i programmering skapa ett program för Windows XP och Windows Vista där en rad funktioner skulle kunna fjärrstyras utan att en användare vid den drabbade datorn upptäckte intrånget. I denna rapport beskrivs utvecklingen av programvaran och de tester som gjorts på de båda operativsystemen. Vidare delas begreppet ”skadlig kod” upp i kategorierna virus, maskar, trojaner samt rootkits och förklaras mer ingående tillsammans med en historisk bild över hur utvecklingen av skadlig kod har sett ut. / In media today, you often read about different security threats and risks that one has to be aware of. Many things must be taken into consideration in order to maintain your integrity and information secrecy. It might be new virus outbreak, a new trojan or some kind of spy ware that undetected finds the way to your computer. It’s hard to keep track of all terms and types of malicious code, and with greater understanding, the risk of infection decreases. The development when it comes to malicious code is as strong as the one in commercial software development. From the 80’s until present day, every area in the development of malicious code has evolved, from strategy and purpose to the pure complexity of the code. Microsoft, the worlds leading supplier of operating systems and web browsers, ensure us with every new release, that measures has been taken in order to enhance the security features. As the new operating system Windows Vista was released, spokesmen said that the security was now the highest priority. We have, together with WM-data in Stockholm, developed software for remote administration of Windows. The objectives where by using our limited programming skills only, to come up with a program for Windows XP and Windows Vista, where a number of functions could be remotely executed without alerting a user at the infected computer. This report describes the development of the software together with test results of execution on both operating systems. Further on, the report discusses different types of malicious code, such as viruses, worms, Trojans and root kits, together with a historical study of the development of malicious code.

Virus history

trojans

root kits

security mechanisms

Windows Vista UAC

developing malicious code

Windows built-in security features

Computer Sciences

Datavetenskap (datalogi)

Rétro-conception matérielle partielle appliquée à l'injection ciblée de fautes laser et à la détection efficace de Chevaux de Troie Matériels / Partial hardware reverse engineering applied to fine grained laser fault injection and efficient hardware trojans detection

Courbon, Franck

03 September 2015

Le travail décrit dans cette thèse porte sur une nouvelle méthodologie de caractérisation des circuits sécurisés basée sur une rétro-conception matérielle partielle : d’une part afin d’améliorer l’injection de fautes laser, d’autre part afin de détecter la présence de Chevaux de Troie Matériels (CTMs). Notre approche est dite partielle car elle est basée sur une seule couche matérielle du composant et car elle ne vise pas à recréer une description schématique ou fonctionnelle de l’ensemble du circuit.Une méthodologie invasive de rétro-conception partielle bas coût, rapide et efficace est proposée. Elle permet d’obtenir une image globale du circuit où seule l’implémentation des caissons des transistors est visible. La mise en œuvre de cette méthodologie est appliquée sur différents circuits sécurisés. L’image obtenue selon la méthodologie déclinée précédemment est traitée afin de localiser spatialement les portes sensibles, voire critiques en matière de sécurité. Une fois ces portes sensibles identifiées, nous caractérisons l’effet du laser sur différentes parties de ces cellules de bases et nous montrons qu’il est possible de contrôler à l’aide d’injections de fautes laser la valeur contenue dans ces portes. Cette technique est inédite car elle valide le modèle de fautes sur une porte complexe en technologie 90 nm. Pour finir une méthode de détection de CTMs est proposée avec le traitement de l’image issue de la rétro-conception partielle. Nous mettons en évidence l’ajout de portes non répertoriées avec l’application sur un couple de circuits. La méthode permet donc de détecter, à moindre coût, de manière rapide et efficace la présence de CTMs. / The work described in this thesis covers an integrated circuit characterization methodology based on a partial hardware reverse engineering. On one hand in order to improve integrated circuit security characterization, on the other hand in order to detect the presence of Hardware Trojans. Our approach is said partial as it is only based on a single hardware layer of the component and also because it does not aim to recreate a schematic or functional description of the whole circuit. A low cost, fast and efficient reverse engineering methodology is proposed. The latter enables to get a global image of the circuit where only transistor's active regions are visible. It thus allows localizing every standard cell. The implementation of this methodology is applied over different secure devices. The obtained image according to the methodology declined earlier is processed in order to spatially localize sensible standard cells, nay critical in terms of security. Once these cells identified, we characterize the laser effect over different location of these standard cells and we show the possibility with the help of laser fault injection the value they contain. The technique is novel as it validates the fault model over a complex gate in 90nm technology node.Finally, a Hardware Trojan detection method is proposed using the partial reverse engineering output. We highlight the addition of few non listed cells with the application on a couple of circuits. The method implementation therefore permits to detect, without full reverse-engineering (and so cheaply), quickly and efficiently the presence of Hardware Trojans.

Sécurité Matérielle

Rétro-conception partielle

Localisation de portes

Injection laser

Modèles de fautes

Chevaux de troie matériels

Hardware security

Partial reverse engineering

Cells localization

Laser injection

Fault model

Hardware Trojans

Image Stitching and Matching Tool in the Automated Iterative Reverse Engineer (AIRE) Integrated Circuit Analysis Suite

Bowman, David C.

24 August 2018

No description available.

Computer Engineering

Electrical Engineering

image processing

image stitching

image matching

reverse engineering

multimodal matching

hardware Trojans

hardware Trojan detection

integrated circuit

A Comprehensive Analysis of the Environmental Impact on ROPUFs employed in Hardware Security, and Techniques for Trojan Detection

Alsulami, Faris Nafea

January 2022

No description available.

Electrical Engineering

Computer Engineering

Hardware Security

FPGA, PUF

ROPUF

Advanced Metering Infrastructure

Smart Grid

Zero Trust Architecture

Blockchain Technology

Hardware Trojans

Side-Channel Analysis.

Détection non destructive de modification malveillante de circuits intégrés / NON-DESTRUCTIVE DETECTION OF HARDWARE TROJANS IN INTEGRATED CIRCUITS

Exurville, Ingrid

30 October 2015

L'exportation et la mutualisation des industries de fabrication des circuits intégrés impliquent de nombreuses interrogations concernant l'intégrité des circuits fabriqués. On se retrouve alors confronté au problème d'insertion d'une fonctionnalité dissimulée pouvant agir de façon cachée : on parle de Cheval de Troie Matériel (CTM). En raison de la complexité d'un circuit intégré, repérer ce genre de modification se révèle particulièrement difficile. Le travail proposé dans ce manuscrit s'oriente vers une technique de détection non destructrice de CTM. L’approche consiste à utiliser les temps de calculs internes du système étudié comme canal permettant de détecter des CTM. Dans ces travaux, un modèle décrivant les temps de calcul est défini. Il prend notamment en compte deux paramètres importants que sont les conditions expérimentales et les variations de procédés.Des attaques en faute par glitchs d’horloge basée sur la violation de contraintes temporelles permettent de mesurer des temps de calcul internes. Des cartes fiables sont utilisées pour servir de référence. Après avoir validé la pertinence de ce canal d’étude concernant l’obtention d’informations sur le comportement interne du circuit cible, on procède à des détections expérimentales de CTM insérés à deux niveaux d’abstraction (niveau RTL et après l'étape de placement/routage). Des traitements avec prise en compte des variations de procédés permettent d'identifier si les cartes testées sont infectées par un CTM. / The globalization of integrated circuits fabrication involves several questions about the integrity of the fabricated circuits. Malicious modifications called Hardware Trojans (HT) can be introduced during the circuit production process. Due to the complexity of an integrated circuit, it is really difficult to find this kind of alterations.This work focuses on a non-destructive method of HT detection. We use the paths delays of the studied design as a channel to detect HT. A model to describe paths delays is defined. It takes into account two important parameters which are the experimental conditions and the process variations.Faults attacks by clock glitches based on timing constraints violations have been performed to measure data paths delays. Reliable circuits are used for reference. After validating the relevance of this channel to get information on the internal behavior of the targeted design, experimental detections of HT inserted on two different abstraction levels (RTL and after place and route) were achieved. Process variations are taken into consideration in the studies to detect if the tested circuits are infected.

Chevaux de Troie Matériel

Circuits Intégrés

Temps de Calcul

Glitchs d’Horloge

Contraintes Temporelles

Variations de Procédés

FPGA

Attaques en Faute

Hardware Trojans

Integrated circuits

Fault attack

Clock glitches

Timing constraints

FPGA

Process variations

Data Path Delays

Advances in public-key cryptology and computer exploitation / Avancées en cryptologie à clé publique et exploitation informatique

Géraud, Rémi

05 September 2017

La sécurité de l’information repose sur la bonne interaction entre différents niveaux d’abstraction : les composants matériels, systèmes d’exploitation, algorithmes, et réseaux de communication. Cependant, protéger ces éléments a un coût ; ainsi de nombreux appareils sont laissés sans bonne couverture. Cette thèse s’intéresse à ces différents aspects, du point de vue de la sécurité et de la cryptographie. Nous décrivons ainsi de nouveaux algorithmes cryptographiques (tels que des raffinements du chiffrement de Naccache–Stern), de nouveaux protocoles (dont un algorithme d’identification distribuée à divulgation nulle de connaissance), des algorithmes améliorés (dont un nouveau code correcteur et un algorithme efficace de multiplication d’entiers),ainsi que plusieurs contributions à visée systémique relevant de la sécurité de l’information et à l’intrusion. En outre, plusieurs de ces contributions s’attachent à l’amélioration des performances des constructions existantes ou introduites dans cette thèse. / Information security relies on the correct interaction of several abstraction layers: hardware, operating systems, algorithms, and networks. However, protecting each component of the technological stack has a cost; for this reason, many devices are left unprotected or under-protected. This thesis addresses several of these aspects, from a security and cryptography viewpoint. To that effect we introduce new cryptographic algorithms (such as extensions of the Naccache–Stern encryption scheme), new protocols (including a distributed zero-knowledge identification protocol), improved algorithms (including a new error-correcting code, and an efficient integer multiplication algorithm), as well as several contributions relevant to information security and network intrusion. Furthermore, several of these contributions address the performance of existing and newly-introduced constructions.

Cryptographie à clé publique

Signatures numériques

Codes correcteurs d’erreurs

Algorithmes

Sécurité de l’information

Espions matériels

Public-key cryptography

Zero-knowledge proofs

Digital signatures

Error-correcting codes

Algorithms

Information security

Hardware trojans

005.8

652.8

Origem e Evolução Dinâmica de Algumas Populações de Pequenos Corpos Ressonantes no Sistema Solar / Dynamical evolution and origin of some populations of small Solar System resonant bodies

Roig, Fernando Virgilio

18 October 2001

Nesta tese estudamos algumas regiões de aparente estabilidade no cinturão de asteróides e no cinturão de Kuiper, analisando a evoluçãao dinâmica dos objetos nessas regiões por intervalos de tempo muito longos, em geral, da ordem da idade do Sistema Solar. Centramos principalmente nossa atenção no estudo das populações de pequenos corpos ressonantes, analisando três exemplos diferentes: a ressonância 2/1 com Júpiter e seu entorno (falha de Hecuba), a ressonância 2/3 com Netuno (Plutinos), e a ressonância 1/1 com Júpiter (Troianos). Atacamos o problema com diferentes ferramentas numéricas e analíticas: integração numérica direta de modelos precisos, modelos estatísticos de caminhada aleatória, modelos semi-analíticos baseados no desenvolvimento assimétrico da função perturbadora, cálculo de expoentes de Lyapunov, análise de freqüências, determinação de elementos próprios e taxas de difusão, etc. Os resultados obtidos permitem elaborar conclusões sobre a possível origem e evolução dinâmica destas populações. / In this thesis, we study some regions of regular motion in the asteroid main belt and in the Kuiper belt. We analyze the dynamical evolution in these regions over time scales of the order of the age of the Solar System. We centered our study on the populations of resonant minor bodies, discussing three examples: the 2/1 mean motion resonance with Jupiter (Hecuba gap), the 2/3 resonance with Neptune (Plutinos), and the 1/1 resonance with Jupiter (Trojans). We attack the problem with several different tools, both analytic and numeric: integration of N-body models, random-walk statistical models, semi-analytical models based on the assymetric expansion of the disturbing function, calculation of the maximum Lyapunov exponent, frequancy analysis, estimates of the diffusion of proper elements, etc. The results allow to draw conclusions about the possible origin of these populations.

asteroidal families

caos

chaos

efeito Yarkovsky

famílias de asteróides

métodos numéricos

métodos semi-analíticos

migração planetária

N-body problem

numerical methods

planetary migration

problema de N corpos

resonances

ressonâncias

semi-analytical methods

Sistema Solar: asteróides

Sistema Solar: cinturão de Kuiper

Sistema Solar: Plutão

Sistema Solar: Troianos

Solar System: asteroids

Solar System: Kuiper belt

Solar System: Pluto

Solar System: Trojans

Yarkovsky effect

Origem e Evolução Dinâmica de Algumas Populações de Pequenos Corpos Ressonantes no Sistema Solar / Dynamical evolution and origin of some populations of small Solar System resonant bodies

Fernando Virgilio Roig

18 October 2001

Nesta tese estudamos algumas regiões de aparente estabilidade no cinturão de asteróides e no cinturão de Kuiper, analisando a evoluçãao dinâmica dos objetos nessas regiões por intervalos de tempo muito longos, em geral, da ordem da idade do Sistema Solar. Centramos principalmente nossa atenção no estudo das populações de pequenos corpos ressonantes, analisando três exemplos diferentes: a ressonância 2/1 com Júpiter e seu entorno (falha de Hecuba), a ressonância 2/3 com Netuno (Plutinos), e a ressonância 1/1 com Júpiter (Troianos). Atacamos o problema com diferentes ferramentas numéricas e analíticas: integração numérica direta de modelos precisos, modelos estatísticos de caminhada aleatória, modelos semi-analíticos baseados no desenvolvimento assimétrico da função perturbadora, cálculo de expoentes de Lyapunov, análise de freqüências, determinação de elementos próprios e taxas de difusão, etc. Os resultados obtidos permitem elaborar conclusões sobre a possível origem e evolução dinâmica destas populações. / In this thesis, we study some regions of regular motion in the asteroid main belt and in the Kuiper belt. We analyze the dynamical evolution in these regions over time scales of the order of the age of the Solar System. We centered our study on the populations of resonant minor bodies, discussing three examples: the 2/1 mean motion resonance with Jupiter (Hecuba gap), the 2/3 resonance with Neptune (Plutinos), and the 1/1 resonance with Jupiter (Trojans). We attack the problem with several different tools, both analytic and numeric: integration of N-body models, random-walk statistical models, semi-analytical models based on the assymetric expansion of the disturbing function, calculation of the maximum Lyapunov exponent, frequancy analysis, estimates of the diffusion of proper elements, etc. The results allow to draw conclusions about the possible origin of these populations.

caos

efeito Yarkovsky

famílias de asteróides

métodos numéricos

métodos semi-analíticos

migração planetária

problema de N corpos

ressonâncias

Sistema Solar: asteróides

Sistema Solar: cinturão de Kuiper

Sistema Solar: Plutão

Sistema Solar: Troianos

asteroidal families

chaos

N-body problem

numerical methods

planetary migration

resonances

semi-analytical methods

Solar System: asteroids

Solar System: Kuiper belt

Solar System: Pluto

Solar System: Trojans

Yarkovsky effect