Iidss 2017 sarwono sutikno arwin sumari (cps in defense)

Introduction to Hardware
Trojan and Cyber-Physical
Systems Risks and
Vulnerabilities: A Case in
Defense Sector
Sarwono Sutikno, Dr.Eng., CISA, CISSP, CISM, CSXF
Advisor to Corruption Eradication Commission (KPK)
Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung (ITB), Bandung, Indonesia
Colonel Dr. Arwin Datumaya Wahyudi Sumari, S.T., M.T.
Policy Analyst for Contingency Plan at Deputy of Political and Strategy, Secretariat General of National Resilience Council
Head of Information Resilience Division at Desk for National Cyberspace, Coordinating Ministry for Political, Law and Security
Senior Researcher, Cognitive Artificial Intelligence Research Group (CAIRG) at School of Electrical Engineering and Informatics,
Institut Teknologi Bandung (ITB), Bandung, Indonesia

OUTLINE
• CYBERSPACE
• NETWORK-CENTRIC WARFARE
• CYBER-PHYSICAL SYSTEMS
• INTERNET-OF-THINGS
• RISKS AND VULNERABILITIES: HARDWARE
TROJAN
• PREVENTIVE WAYS
• CONCLUDING REMARKS
Sarwono Sutikno-Arwin Sumari@IIDSS2017 - 13 July 2017
2

CYBERSPACE
A global domain within the information
environment consisting of the
interdependent network of information
technology infrastructures, including the
Internet, telecommunications networks,
computer systems, and embedded
processors and controllers
3

CYBERSPACE – It’s a man-made domain
What do you need?
- IT devices
- Comm links (wired/
wireless)
- Data to be exchanged
VERY
EASY
4

CYBERSPACE
Air
Space
SeaLand
5

NETWORK-CENTRIC WARFARE
• A digital battlefield network
• Each warfare element is an information processing
node, some of nodes are autonomous or
intelligent, some are embedded systems
• Information is exchanged amongst nodes
• Shared situational awareness
• Accelerate decision making cycle
• Decision superiority
6

CYBER-PHYSICAL SYSTEMS
• The integration of computation and a physical
process
• Composed of physical process monitored and
controlled by a cyber system, which is a
networked system of distributed sensing,
communication, and computational devices
• Embedded systems can be considered CPSes
7

CYBER-PHYSICAL SYSTEMS
•Characteristics:
•largescale system sizes
•heterogeneity of resources
•uncertain system dynamics
•extensive physical interactions
8

INTERNET-OF-THINGS
• Devices with Internet
Protocol address that use
Internet (network) as the
medium for information
exchanging
• When everything is
connected ....
9

INTERNET-OF-THINGS
10

HARDWARE VULNERABILITIES
• Embedded systems are highly needed for various applications
especially in Internet-of-Things era
• Defense sector uses embedded systems in almost its weapon
equipment especially in NCW era where size is matter
• Small size embedded systems can only be achieved via
Integrated (Circuit) IC technology
• Vulnerabilities of embedded system hardware emerge from
any level of IC manufacturing
11

HARDWARE TROJAN
• A malicious and deliberately
stealthy modiﬁcation made
to an electronic device such
as the circuitry of an IC or
chip
• It can change the chips
functionality and thereby
undermine trust in the
systems using that chip
12

HARDWARE TROJAN – TAXONOMY
13

VULNERABILITIES AND RISKS
14

HARDWARE TROJAN – Attack of Doping
• Doping is a process for
modifying the electrical
properties of silicon by
introducing tiny impurities like
phosphorous, boron and gallium,
into the crystal.
• By switching the doping on a few
transistors, parts of the
integrated circuit no longer work
as they should. Because the
changes happen at the atomic
level, the stuff is hard to detect.
15

HARDWARE TROJAN – Attack with Payload
• Combinationally triggered Trojan –
subclass of digitally triggered
• Occurrence of condition A = 0, B = 0
at the trigger nodes A, B causes
payload node C to have an incorrect
value at Cmodified
• Attacker chooses a rare activation
condition from low-controllable
inputs making trojan unlikely to
trigger during manufacturing test
16

PREVENTIVE WAYS
• At Design Level
• The ability to create trusted circuits using untrusted EDA tools
• At Fabrication Level
• Provide both hardware specifications and a list of “security-related properties.”
There must be an agreement among Customers and manufactures on the
requirements of the specified hardware to be fabricated
• At Post-Fabrication Level
• Reconfigurable logic could be placed between the output of some ICs and the
input of other ICs to cut attacker access at the Register Transfer Level
17

Internet-of-
Things
Cyber-Physical
Systems
Critical
Infrastructures
Embedded
Systems
Networked
System
High
Vulnerability
and Very
Risky
Spy Satellite
Spy Satellite
Operation Field
UAV
Example on NCW for
Military Operation
18

Risks on NCW
• Satellite may send mislead information to other nodes (F-16, UAV,
AEW/C, MPA, Radar). The same occurs to other nodes
• Avionics system may not work properly and may risk the aircrafts
(accident, friendly fire etc.)
• Reconnaissance system may be degraded
• Radar system may detect erroneous targets
• Information exchange may be delayed
• Field Operation may be mapped wrongly
• Shared situational awareness may not be achieved
• Decision made may unprecise and risk the units
• Decision superiority may not be achieved
• Victory may not be achieved, too and probably loose
19

CONCLUDING REMARKS
• Real examples of CPS are embedded systems which have been parts
of various application especially in Defense sector
• CPSes give full support to military mission moreover now is NCW era
• CPSes hardware is vulnerable to hardware attack i.e. Hardware
Trojan, and is almost impossible to be detected
• Trojan attack to military equipment during military mission may
cause severe looses not only to the equipment themselves but also to
the objective of the mission itself
20

REFERENCES
• A.D.W. Sumari, Letnan Kolonel Lek, Dr., S.T., M.T., (2011), Optimalisasi Sistem K4IPP guna Meningkatkan Efektivitas
Pengambilan Keputusan dalam rangka Mendukung Tugas-Tugas TNI AU, Taskap Terbaik Peraih Penghargaan
“Sastratama”, Seskoau A-48, Bandung
• A.D.W. Sumari, Dr., S.T., M.T., Kolonel Lek (2015), Kedaulatan Cyber Indonesia dari Perspektif Militer, Simposium
Nasional CyberSecurity (SNCS) 2015, Kemenkopolhukam, 3-4 Juni 2015
• A. Iqbal (2013), “Security Threats in Integrated Circuits”, https://sdm.mit.edu/security-threats-in-integrated-
circuits/#note-xiii
• A. Tiwari (2015), “Hardware Trojans”, https://www.slideshare.net/OWASPdelhi/hardware-trojans-by-anupam-tiwari
• P. Paganini (2013), “Integrated circuits can be compromised using Undetectable hardware Trojans”,
http://thehackernews.com/2013/09/Undetectable-hardware-Trojans.html
• Ramesh Karri, Kurt Rosenfeld, Jeyavijayan Rajendran, Mohammad Tehranipoor, "Trustworthy Hardware: Identifying
and Classifying Hardware Trojans", Computer, vol. 43, no. , pp. 39-46, October 2010
• X. Cao (2015), “Hardware Trojan vulnerability “,
http://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=5654&context=etd
• Hardware attacks, backdoors and electronic component qualification,
http://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/
• http://gauss.ececs.uc.edu/Courses/c6056/pdf/hardware.pdf
21

Iidss 2017 sarwono sutikno arwin sumari (cps in defense)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Iidss 2017 sarwono sutikno arwin sumari (cps in defense)

Similar to Iidss 2017 sarwono sutikno arwin sumari (cps in defense) (20)

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F (20)

Recently uploaded

Recently uploaded (20)

Iidss 2017 sarwono sutikno arwin sumari (cps in defense)