The threat of malicious circuits - Hardware Trojans
Attacks based on the concealment of malicious hardware in integrated circuits have been nicknamed “Hardware Trojan”。 A Trojan Horse is often described as malware that is made to look legitimate。
Hardware Trojans are becoming increasingly common and concerning in recent years due to growing numbers of attacks such as data theft and backdoor insertions into the electronics industry supply chain around the world。 They have proven to be very dangerous and have the ability to maliciously modify the behavior of embedded chips。
CLASSIFICATION AND DETECTION OF HARDWARE TROJANS
Trojans are very hard to locate as they can be inserted anywhere in a microchip; one may for example be in the chip’s processor and another in its power supply。
Trojans can be implemented at different phases in the life-cycle, from the specification phase to the assembly and packaging phase。 They also have different purposes once integrated。 Indeed, some Trojans will seek to change the functionality of the chip, others will choose to degrade performance or completely deny service offered by the chip; some will prefer only to leak information。
A Trojan is usually composed of a payload part (the content of the malicious circuit) and a trigger part (to activate the malicious circuit)。
What makes a Trojan so difficult to detect is that it has different types of activation mechanisms that vary from one Trojan to another。 The detection of malicious hardware can almost be considered as a type of reverse engineering for detection purposes。 Abnormal behavior that could affect the functioning of the circuit is investigated during the system evaluation。
DEALING WITH HARDWARE TROJANS
There are two methods to deal with Hardware Trojans; the reactive method and the proactive one。
The reactive method mostly consists in locating Hardware Trojans by first being aware of their presence in the system。
Analog detection can be used to try to find malicious hardware inside a system, either statically, i。e。, by detecting visible components that are hidden on a printed circuit board or in the packaging; or dynamically, by looking for example at the electromagnetic activity of the system or other physical parameters to try to detect an unexpected phenomenon。
Using Sensors is also an effective reactive solution for locating Trojans。 Indeed, when a Trojan is activated, the system begins to behave abnormally, which can potentially damage it and prevent it from working properly。 Sensors can be used as a warning to notice such activities by detecting anomaly with a regular state-of-operation。
Some Hardware Trojans are actually composed of a combination of hardware and software vulnerabilities, that, when combined, can allow exploitation of the system。 Hardware assertion methods involve identifying some high-level and critical behavioral invariants and checking them during circuit operation。
Although the reactive method of Trojan detection is effective, there is a constant need for additional trust。 That is why some proactive methods are developed in the security sphere as they are particularly effective in detecting incoming attacks。
One of the proactive methods being developed is noticeably Machine Learning。 The use of computer systems that can learn and adapt without following explicit instructions is key to the future of many topics, including Trojan detection。 Since every Trojan is different, it can sometimes be difficult to define an exact method that can be applied to each case。 Machine Learning can generate diverse and complex models and make decisions based on those models。
Another method is to protect the CPU directly by mitigating vulnerabilities and attacks targeting code execution or integrity induced by software code bugs, malicious activity or sought-after performances neglecting security。 Attacks of this type are unique in that they engage both software and hardware; placing the protection layer in the hardware layer protects both。 By escorting the program execution step by step, the method is able to detect any unexpected behavior of the CPU。 Since it is not a method dedicated to a specific type of attack or Trojan, it is effective against any type of attack and any type of Trojan that would try to modify the behavior of the code execution。
The “encoded circuit” method is based on the observation that all integrated circuits are composed of two distinct parts: the combinational part and the sequential one。 The sequential part includes the data and control registers which are easier to recognize on the IC layout because of their size。 It is easier for an attacker to connect the Trojan to the sequential; therefore, this method aims at encoding and masking all sequential registers with Linear Boolean Code。
SECURE-IC FOR PROTECTING YOUR EMBEDDED CIRCUITS
As Hardware Trojans continue to be developed for nefarious purposes, it is Secure-IC’s duty to protect the devices against these new threats。
Secure-IC has developed LaboryzrTM to assess the weaknesses of a system against Hardware Trojan threats。 It offers a multitude of services and use-cases, associating both proactive and reactive methods to detect and deal with Trojans such as reactive analog detection or machine learning。
On the protection and embedded detection side, Secure-IC has also implemented proactive and reactive methods, such as Cyber Escort UnitTM and Digital SensorTM combined with Secure-IC’s AI-based security monitoring technology Smart MonitorTM
以下是譯文:
透過在積體電路中隱藏惡意硬體來實施的攻擊行為稱為“硬體木馬”。特洛伊木馬通常描述為看起來合法的惡意軟體。
近年來,由於全球電子行業供應鏈中的資料盜竊和後門植入等攻擊越來越多,硬體木馬越來越普遍,也越來越令人擔憂。事實證明,這些攻擊非常危險,並能夠惡意修改嵌入式晶片的行為。
硬體木馬的分類和檢測
木馬很難被找出,因為它們可以插入微晶片中的任何地方;例如,可能在晶片的處理器中,也可能在晶片的電源中。
從規範階段到裝配和封裝階段,木馬可以在晶片的不同生命週期階段實施。整合後,它們的目的也不盡相同。事實上,有些木馬會試圖改變晶片的功能,有些會降低效能或完全拒絕晶片提供的服務;有些則只洩露資訊。
木馬通常由有效負載部分(惡意電路的內容)和觸發部分(用於啟用惡意電路)組成。
木馬之所以難以檢測,是因為它有不同型別的啟用機制,並且不同木馬有不同的啟用機制。對惡意硬體的檢測幾乎可以看作是一種出於檢測目的的逆向工程。在系統評估過程中,要對可能影響電路執行的異常行為進行調查。
硬體木馬的處理
處理硬體木馬有兩種方法;被動法和主動法。
被動法主要是首先意識到系統中存在硬體木馬,然後找出它們。
模擬檢測可用於嘗試發現系統內的惡意硬體,可以是靜態的(即檢測隱藏在印刷電路板上或封裝中的可見元件);也可以是動態的(例如,透過觀察系統的電磁活動或其他物理引數來嘗試檢測異常現象)。
使用感測器也是找出木馬的一種有效的被動式解決方案。事實上,當木馬被啟用時,系統就會開始出現異常行為,這可能會損害系統並阻止其正常工作。感測器可以作為一種警告,透過檢測正常執行狀態下的異常來提醒使用者注意此類活動。
有些硬體木馬實際上由軟硬體漏洞組合而成,透過結合使用這些漏洞,攻擊者就可以侵入系統。硬體斷言法涉及到識別一些高階和關鍵的行為不變數,並在電路操作過程中進行檢查。
儘管被動式木馬檢測方法行之有效,但仍然需要持續地建立額外的信任。這就是為什麼在安全領域開發了一些主動式方法,因為它們在檢測來襲攻擊方面特別有效。
其中一個正在開發的主動式方法就是機器學習。使用在無需遵循明確指令的情況下就能進行學習和調整的計算機系統,是未來許多課題的關鍵,包括木馬檢測。由於每個木馬各不相同,有時很難定義一個適合所有案例的確切方法。機器學習可以生成多樣化的複雜模型,並根據這些模型做出決策。
另一種方法是直接保護CPU,減少針對由軟體程式碼漏洞、惡意活動或一味追求效能而忽視安全性引起的程式碼執行或完整性問題的漏洞和攻擊。這類攻擊很特殊,因為它們同時涉及軟體和硬體;將保護層放在硬體層則可以保護兩者。透過一步步為程式執行保駕護航,該方法能夠檢測到CPU的任何意外行為。由於這種方法不是專門針對特定型別的攻擊或木馬,因此它對任何型別的攻擊以及任何型別試圖修改程式碼執行行為的木馬都有效。
“編碼電路”法基於所有積體電路都由兩個不同的部分組成:組合部分和序列部分。序列部分包括資料和控制暫存器,由於它們的尺寸,在積體電路布圖上更容易識別。攻擊者更容易將木馬連線到序列部分;因此,這種方法旨在用線性布林程式碼對所有序列暫存器進行編碼和遮蔽。
SECURE-IC助力保護嵌入式電路
隨著不斷有人出於險惡目的而開發出各種硬體木馬,Secure-IC的任務就是保護裝置免受這些新的威脅。
Secure-IC開發了LaboryzrTM來評估系統在抵禦硬體木馬威脅時的弱點。它提供了多種服務和用例,將主動式和被動式方法結合起來,以檢測和處理木馬,比如被動式模擬檢測或機器學習。
在保護和嵌入式檢測方面,Secure-IC也實施了主動式和被動式方法,如Cyber Escort UnitTM和Digital SensorTM結合Secure-IC基於人工智慧的安全監控技術Smart MonitorTM。
中國積體電路設計業2021年會暨無錫積體電路產業創新高峰論壇將於12月1日至2日在無錫太湖博覽中心舉行,Secure-IC 誠摯地邀請您蒞臨我們的展位072 ,共同探討嵌入式安全需求和方案,期待實現更好的交流與合作。
摩爾精英與Secure-IC是深度戰略合作伙伴,雙方合作包括安全IP和iSE解決方案、安全評估工具以及安全認證諮詢服務的代理,涵蓋的應用場景包括汽車電子、可信計算、AIoT和工業物聯網、電子健康、通訊加密、安全交易、邊緣計算與雲、數字版權保護、身份認證、安全儲存、消費電子等領域。
