Enhancing Cybersecuritywith Trusted Hardware - UMD
Enhancing Cybersecurity withTrusted HardwareElectrical and Computer Engineering Dept.Institute for Systems Research and MC2Gang Qugangqu@umd.edu
You can’t and should not trustthe hardware you are givenSide Channel AttacksHardware TrojansKiller switchTime bombUntrusted Microchip Supply ChainHardware counterfeitingHardware design intellectual property2
Trust in Microchip Supply ChainTrust becomes an issue with offshore foundry & designcomplexitySource:DARPA BAA 06-40-Trust for IC3
Trust in Microchip Supply ChainTrust becomes an issue with offshore foundry & designcomplexity How to ensure the final chip does exactly what we ask? “No Less”: are all the design specification met?“No more”: does the chip do anything extra beyond what is asked?Source:DARPA BAA 06-40- Trust for IC4
What Does Trust Mean?Find a 3rd degree polynomial f(x) s.t.f(1) 0f(2) 0Answers:1.2.3.4.f(x) f(x) f(x) f(x) x2-3x 2 (x-1)(x-2)x3-2x2-x 2 (x-1)(x-2)(x 1)x3-4x2 5x-2 (x-1)2(x-2)x3-5x2 8x-4 (x-1)(x-2)2Which one(s) can be trusted?5
Trust in System/Chip DesignWhat if A 0, B 1, x 0?ABxA’B’00001001100100111010010101----6
Trust in System/Chip DesignWhat if A 0, B 1, x 0?ABxA’B’0000100110010011101001010100007
Trust in System/Chip 01100It is even worst than this 118
Trust in System/Chip 1010010101100It is even worst than this 119
1. Trust in System/Chip DesignWorst or best scenarioHow to ensure trust?Worst or best scenarioTrust metric10
1. Trust in System/Chip DesignWorst or best scenarioHow to ensure trust?Worst or best scenarioPublications:Trust metricJ. Gu, G. Qu, and Q. Zhou. “Information Hiding forTrusted System Design”, (DAC 2009).L. Yuan, P. Pari, and G. Qu. “Finding RedundantConstraints for FSM Minimization”, (AAAI 2004).L. Yuan and G. Qu. “Information Hiding in FiniteState Machine”, (IHW 2004).11
2. Physically Unclonable FunctionWhat is PUF?PUF in security:Store/generate keyDevice identificationSilicon PUF: process variationDelay based: Arbiter PUF, Ring OscillatorPUFMemory based: SRAM PUF, Butterfly PUFExample: RO PUF1 if top path is faster, 0 otherwise12
2. Physically Unclonable FunctionChallengesHardware efficiencyReliability under all operating environmentSecurity against potential attacksPublicationsC. Yin and G. Qu. “Temperature-Aware CooperativeRing Oscillator PUF,” (HOST 2009).C. Yin and G. Qu. “LISA: Maximizing RO PUF’sSecret Extraction,” (HOST 2010).C. Yin and G. Qu. “A Regression-Based EntropyDistiller for RO PUFs,” (DAC 2012).C. Yin and G. Qu. “Kendall Syndrome Coding (KSC)for Group-Based RO PUFs,” (DAC 2012).13
3. Trusted Executing EnvironmentPseudo Instructionswith Side InformationInstructionCacheConventional ProcessorHigh PerformanceCPU PipelineDecoded InstructionLight-weight DecoderDataExtractorLUTAdmission ControllerIntegrity, Reliability,and Origin CheckInterrupt:abnormally report,system shutdown, Security Related InformationSide InformationPerformance Enhancing InformationHigh-Performance Trusted Processor14
3. Trusted Executing EnvironmentFPGA PrototypingArea (0.2%)Power (0.07%)Applications:Mobile code, mobile devicesTrustSensor and sensor networks.http://www.opalkelly.com/Publications:M. Taylor, C. Yin, M. Wu, and G. Qu. “A Hardware-AssistedData Hiding Based Approach in Building High PerformanceSecure Execution Systems,” (HOST 2008).A. Swaminathan, Y. Mao, M. Wu, and Krishnan Kailas: “DataHiding in Compiled Program Binaries for Enhancing ComputerSystem Performance,” (IHW 2005).15
Virtualcommunicationlinks4. The SecureGo SystemPhysicalcommunicationlinks16
4. The SecureGo SystemSpeed:RSA: 50K cycles @ 100MHzT-DES: 4.8K cycles @ 38MHzUSB connection: 12Mbps1 transaction: less than 1 msHardware resource:Size: 170K gates, or 4mmx4mm.Power: 0.5mW per transactionSecurity:Credit card fraudidentity theftE-commerce17
5. Counterfeiting & IP ProtectionA 4-bit ALU: Original gate-lever circuit and the samedesign with message “UMCP TERPS” embedded.18
5. Counterfeiting & IP ProtectionDES: Same functionality, area, and performance with a4768-bit watermark embedded in the FPGA design19
Hardware in Security and TrustEnabler.Enhancer.Enforcer.Our research activities:Trusted system/IC (integrated circuit) designHigh performance trusted computing platformPUF based security and trustIntellectual property protection (counterfeiting)Energy efficiencyEmbedded systems, sensors, defense applications.20
Gang Qu gangqu@umd.edu. 2 You can’t and should not trust the hardware you are given Side Channel Attacks Hardware Trojans Killer switch Time bomb Untrusted Microchip Supply Chain Hardware counterfeiting Hardware design
University Health Center (301) 314-8180 / health.umd.edu University Police (non-emergency) (301) 405-3555 Emergency (police, fire, medical) 911 . UMD Parking and Shuttle Bus transportation.umd.edu Washington Area Metro System (Bus and Train) www.wmata.com Campus Organizations . orgsync.umd.edu Campus Recreation recwell.umd.eduServices
Trusted Computing refers to a platform of the type specified by the Trusted Computing Group (TCG)1 as well as the next generation of hardware [43, 81, 4] and operating system [63, 49, 9] designed to provide trusted features and hardware-enforced isolation. A trusted platform (TP) is a platform that has a
2.3 Trusted Computing The Trusted Computing Group (TCG) [10] proposed a set of hardware and software technologies to enable the construction of trusted platforms. In particular, the TCG proposeda standardforthe design of the trusted platform module (TPM) chip that is now bundled with com
TC Trusted Computing TCG Trusted Computing Group, group of companies developing the TC specs TCPA Trusted Computing Platform Alliance, predecessor of TCG TPM Trusted Platform Module, the hardware Palladium, LaGrande, implementations from various companies, are not always
Assume VMM is free of software vulnerabilities (i.e., trusted) Hardware support required – Hardware attestation Like the Trusted Computing Group’s (TCG’s) Trusted Platform Module (TPM) – Sealed Storage Decryption (unseal) of data (storage) o
92 Trusted Computing and Linux a section on future work. 2 Goals of Trusted Computing The Trusted Computing Group (TCG) has cre-ated the Trusted Computing specifications in response to growing security problems in the technology field. “The purpose of TCG is to develop,
The Trusted Contact(s) must be at least 18 years old. Trusted Contact Information . Trusted Contact information provided on this form will replace all Trusted Contact information currently on file. Person 1. If you have no changes to your existing Trusted Contact, please skip this section. Name . Title, First Middle Name Last Name, Suffix .
API 653 Tank Inspection, Repair, Alteration and Reconstruction, 3rd 2005 American Petroleum Institute USA Current Inspection, repair, modification and reconstruction of tanks built edition incorporating addendum 1 to API 650 or API 12C and 2 4 . Standard Title Year Publishing body Country Status Primary focus BS EN 14015 Specification for the design and 2004 European Europe Current Design and .
