The Semiconductor Security War

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

modern chips own your life for instance take the a15 soc that is sitting inside your iphone inside that chip are multiple security assets of high corporate value encryption keys developer keys drm keys and so on furthermore imagine how much of your life's business is conducted through your mobile phone for instance my phone has my biometric information my bank access information passwords to all my services and so on software security protections are frequently implemented with the tenant that trust starts in silicon but a house cannot be built on soft sand likewise a secure system cannot be architectured on top of compromise hardware in this video i want to talk about the daunting problem of maintaining security in today's modern semiconductors so why compromise hardware an attacker can have a variety of goals and defenders have to consider all of them they might want to outright disable or destroy the system usually at a specified time in the future these include kill switches back doors and control circuitry or they might be looking to just change the chip's behavior for instance pirates look to compromise cable tv cards so that they can get access to cable tv for free iphone jailbreaks might also go under this category as well or they might want to leak or gain access to sensitive information stored on the device like the encryption keys or they might be seeking to steal ip from the chip itself integrated circuit counterfeit and piracy is a real thing and can cost companies millions of dollars furthermore the stolen ip can be used to find additional more damaging vulnerabilities in the overall chip design so there are a lot of purely commercial reasons to compromise hardware and that assumes you aren't even a person of interest to some nation state these compromises can be introduced in a couple of ways invasive or non-invasive let's start with the latter non-invasive attacks do not require any work to be done on the device prior to the attack because of this attacks are often very scalable and little evidence is left after the deed is done for this reason they are considered very dangerous for instance a timing side channel attack this is a passive attack where you try to acquire sensitive data by measuring the computation time in a piece of hardware i know it sounds crazy but if you know the algorithm and the values of its input you can calculate its output this is helpful for extracting encryption keys and passwords examples of timing attacks have been presented in conferences against hardware implementations of rsa a venerable public key cryptography system the infamous spectre security vulnerability is exploited with a timing attack an invasive hardware attack involves changing the physical layout of one or more integrated circuits there are a number of ways to do this for instance someone might try to do this by swapping a legitimate design with an illegitimate design but the invasive attack of greatest recent concern would be to insert additional logic to the design a hardware trojan these are malicious intentional modifications of a circuit that results in undesired behavior one very controversial example of this is bloomberg's 2018 report about super microcomputer i know that article was extremely controversial and it made bloomberg a rag in some people's eyes regardless of whether or not it is actually true the attack described is a realistic threat vector just because this specific incident didn't happen does not mean it cannot happen at all i think it makes sense to briefly stop here so that we can review several major steps within the chip design and fabrication process this will help us better understand how hardware trojans can be inserted into a gym as it gets designed and fabricated semiconductor design starts with a specification that specification is turned into a high level design representation of the chip referred to as an rtl using a language like verilog modern socs are architectured by integrating hundreds of pre-designed and pre-verified hardware blocks or cores cores can be rtl designs soft cores as it is called or designs already laid out hardcores this ip block design methodology allows for design reuse cost reduction and helps meet time to market constraints without it i don't think modern semiconductor design is possible at a commercial level these cores are provided by an ecosystem of industry players original equipment manufacturers semiconductor design houses or even by the foundry itself none of these cores can be trusted and inserted into the final design as is without verification and testing then that high level representation is converted into a net list a bunch of gates these are done with third-party eda tools like cadence genus synthesis solution the gates in the list are then placed and physically routed using eda software the design is then transmitted to a foundry for fabrication usually in a file format called gdsii after fabrication the wafer is cut and packaged before being shipped into the rest of the supply chain compromises of various types depending on their various goals and situations can be introduced all throughout this design stage process including at the fabrication level a trojan inserted during the specification and the design stage before fabrication is called a pre-silicon attack a trojan inserted during fabrication is called an in silicon attack and anything after that is referred to as a post-silicon attack what makes trojan so hard to find is that we often don't know their type size or location it is possible for someone a disgruntled employee a nation state anyone to introduce malicious logic into these ips via an untrusted third-party ip vendor an untrusted foundry a component taken off the shelf or even through an untrusted eda tool the source of such an introduced flaw can be easily hidden found long after the damage is done furthermore they are frequently designed to only activate during rare conditions which aren't easily covered during the verification checks these covert attacks as they are called can sit unnoticed for many years many existing analyses are geared towards finding trojans at the foundry level this is especially the case if you're not fabbing that chip at a location not previously vetted to be secure some foundries have done something called split manufacturing this is an obfuscation technique where different untrusted foundries flap different parts of the chip no single foundry has a whole view of the final product the most extreme method to detect a trojan in a fapped chip would be to take a ground up approach you de-package the entire chip reverse engineer it and look at it layer by layer so that you can see exactly how it has been fapped naturally this gets you the best results but the chip is totally unusable at the end you might have guaranteed this particular chip to be all right but what about others the fab might have made so we can't say this is all that scalable the most common non-destructive approach is something called a side channel technique they look at a chipped signals its power timing temperature radiation signature etc and compare them against what's given off by some trusted quote-unquote golden version of the chip so you do the destructive tear down examination for one such fab chip to get that first golden version then compare its golden signals against those of subsequent chips in the same run sudden changes or delays in the current timing profile radiation or power signals hint at the presence of a trojan as no processes get more advanced chips get more complicated and transistors get smaller which means that side channel variation analysis gets more subtle does that change just normal or something else a foot something to think about and golden version detection techniques are not so effective at the design specification and rtl stages because there is often no golden version of the chip design to compare against the trojan adversary only wants the trojan to activate under rare conditions this means inserting it into a rare branch of the design a metaphorical back alley so ideally you only want to include the design code you use into the chip nothing more and nothing less i talked a little bit about verification in my previous video verification tests are frequently run for finding and debugging manufacturing errors those tests simulate normal working conditions you might understand the weakness of this approach though when it comes to finding trojans you're basically hoping that the test hits and triggers the trojan's rare activation case by sheer luck researchers have proposed other methods for instance coverage analyses that look at the percentage of lines of hdl code that gets activated during an intensive verification test code that sits unactivated gets flagged as a potential trojan and then one of my favorites ring oscillation a ring oscillator describes a device composed of an odd number of not gates linked together in a ring a not gate is a logic that negates something for instance from your mom to not your mom designers put ring oscillators into their ic design and listen to their output frequency if a trojan within the design activates it adds new gates into the loop that changes the oscillator's frequency like a fly caught in a spider's web i guess the reality though is that you're basically reaching out into the dark in hope of getting lucky you can't count on that so you will also want to have good security design practices to design for trust as it is called there's a few ways to do this the first way is designed to make it easier for the techniques i just talked about to detect a hidden trojan to facilitate a side channel signal analysis you might design the chip to minimize its background side channel signals that way you can better hear potential side channel variations when running the analysis another way is to make it harder for potential trojan adversaries to insert the trojan in the first place for instance camouflaging the logic gates in a semiconductor layout this keeps attackers from understanding the original design preventing them from successfully inserting a trojan here's a nifty one modern designs often have unused spaces that have non-functional filler cells put in a common trojan insertion technique is to replace a filler cell with a trojan but what if you were to wire up the filler cells into a circuit and then test them if someone replaced a filler cell then this will let us know that there is something wrong increasing globalization complexity and aggressive commercial requirements have opened up more opportunities to steal and compromise semiconductors at design level the reality is that many vendors have to balance the security issue against these commercial concerns i've listed just a small subset of the available detection techniques to find trojans across the whole field to use them all is impractical since these commercial concerns are aggressive more attention should be paid to making it harder for trojans and other invasive attacks to be implanted in the first place prevention over treatment as with their software brethren the hardware security industry is engaged in an ever escalating battle with their adversaries there is no golden bullet to address all of these concerns a broad range of security steps should be taken with the goal of making life for the other side much harder on the whole alright everyone that's it for tonight thanks for watching subscribe to the channel sign up for the newsletter and i'll see you guys next time

Info

Channel: Asianometry

Views: 111,422

Rating: undefined out of 5

Keywords:

Id: 8G39EK4qyrk

Channel Id: undefined

Length: 12min 52sec (772 seconds)

Published: Thu Mar 31 2022