On December 12-13, I attended The TRUDEVICE workshop in Freiburg. There, experts in hardware security from various domains met to discuss methods to increase the hardware security of integrated circuits. Below I present some of the subjects which I found most interesting.
One of the topics concerned the detection of hardware Trojans and more generally checking the integrity of integrated circuits. A European project called HINT was launched in 2012 to find solutions to this problem and to create a common framework to verify a system’s integrity. Initial results from this project were presented at TRUDEVICE by Julien Francq from CASSIDIAN.
Although the universe of hardware Trojan possibilities is diverse, they managed to identify two main solutions for their detection: Logic scanning and side channel leakage comparisons. Functional logic scanning is not well adapted for identifying Trojans, as they are likely to be designed to not alter the functional behavior. A statistical approach was proposed targeting the rare events of a circuit which may contain the Trojan features. A circuit containing a Trojan should have a different current consumption and electromagnetic emission profile. This means that side channel analysis could help to identify tampered hardware. The main problem of this approach is that you must own at least one hardware implementation without any Trojan to have reference traces. Three other presentations were dedicated to hardware Trojan detection and insertion during this workshop.
Other possible threats to the integrity of an integrated circuit are hardware edits or fault injections performed from the backside of the silicon. To perform such attacks it is often useful to thin the silicon to allow more precise access to the circuit. Researchers from Polytechnic University of Catalonia have created a solution to detect and react to such invasive thinning techniques. They achieved that by using Through-silicon vias (TSV). These can be seen as vertical connections through the whole die. These connections have capacitances which depend on their height. They designed an asynchronous detector which shall halt the circuit operation if a significant variation is observed in the global capacitance of all such vias which could indicate malicious thinning. They claim that the cost of such protection should not be that high since TSVs are included by default in 3D integrated circuits.
Once an attacker is able to compromise hardware security he needs efficient methods to inject faults and exploit them. Several talks dealt with fault injection during this workshop. A talk by STMicroelectronics and l’École Nationale Supérieure des Mines described the possible effect of a laser pulse on SRAM. They compared simulation results with experimental results from a frontside laser fault injection. They described which kind of effects we could expect to have when we attack an SRAM with different laser spot sizes. Another talk about fault injection was given by Philipp Jovanovic (@Daeinar). He shows a new approach developed with other researchers to construct fault-based attacks. If an attacker has perturbed an integrated circuit for example using laser pulses and he has collected faulted results then he can construct fault-based attacks in order to reveal the secrets of the chip. Their idea is to use existing efficient tools to solve huge systems of algebraic equations on faulted results in order to obtain the secret key which was used during an encryption. He presented the results obtained with this idea applied to the LED cipher and then compared the performance of two equation solvers; MiniSat and CryptoMiniSat which they used during their analysis. Their idea is quite generic and opens interesting ways to analyse ciphers which have no public fault-based attacks.
Presentations are available here.