The document discusses cybersecurity challenges and opportunities for hardware-based solutions. It notes that the US is engaged in a "low-intensity" cyber conflict and cannot solely rely on military approaches. Hardware assurance technologies can help address issues like detecting counterfeit chips, ensuring device authenticity, and establishing secure communication channels. Combining on-chip instrumentation, encryption, and GPS could provide next-generation cybersecurity capabilities.

1. Cybersecurity Peter L. Levin Consulting Professor January 2009

2. Evolution of GPS Service Availability (sparse constellation) Accuracy (selective availability) Integrity (aviation) Coverage (urban canyons and indoors) Security (location based authentication) Copied without shame or remorse, but with attribution, from Per Enge

3. The Problem Statement “The United States is already engaged in a ‘low-intensity’ cyber conflict”. - General Wesley K. Clark, former SACEUR “[And] cannot kill or capture its way to victory”. Robert M. Gates, Secretary of Defense

4. “It is a battle we are loosing”

5. The Black Swan Effect We won’t be more secure in a day Planning takes time, energy, focus Competing priorities False perceptions current safety difficulty of raising the bar . . . but we can be crippled in seconds Insidious attacks can come from anywhere the network, the software, or the hardware Catastrophic results if we’re left unprotected

6. Public Awareness Has Changed

7. “ several Georgian state computers [were] under external control” So they moved websites to Google:

8. P2P uses as much as 60% of Internet Bandwidth P2P networks offer an easy way to disguise illegitimate payloads using sophisticated protocols, and can divert network traffic to arbitrary ports From Spector 360

9. Machine Readable Travel Documents

10. Cracked in ten seconds for $10,000

11. Real-world reliability vs digital security reliability Seven nines: aircraft landing Six nines: mature manufacturing qa Five nines: PSTN availability (after 100 years) Four nines: domestic electric energy transmission Three nines: maximum possible desktop uptime Two nines: credit-card number protection One nine: internet traffic not broadly related to attack Zero nines: “[a]bility of stock antivirus to find new malware” Security is a Subset of Reliability * *from the article of that name by Geer and Conway, IEEE Security and Privacy, Dec 08

12. The (Cyber)Security Marketplace

13. Hardware Sabotage “The most monumental non-nuclear explosion ever seen from space” was reportedly caused by the US in a Soviet commercial gas pipeline. An Israeli bombing raid on a suspected Syrian nuclear facility was (allegedly!) due to a “kill switch” that turned off surveillance radar.

14. Hardware’s Axis of Evil

15. Counterfeits are Expensive and Dangerous Exploit complexity Difficult to detect Compromise security Source: Unclassified FBI Report, January 2008

16. Chip-Making in Four Easy Steps RTL & Layout Design Mask Creation Logic Circuit Design Function Specification Thanks to Grace and Sherman for this slide

17. Chip-Level Hardware Assurance Graphic from Sally Adee, IEEE Spectrum authenticity and provenance mechanical compromise add extra wires add extra transistors

18. “ Your Hands Can’t Hit What Your Eyes Can’t See” DAFCA provides on-chip, at-speed, in-system visibility

19. Integrate Verification and Validation Tap the lines “pre-silicon” Software only Platform/technology agnostic Automated Observe behavior “post-silicon” Configure, operate, and control FSM Don’t slow down, don’t stop No extra pins, no special libraries React Injection, isolation, remediation

20. Why At-Speed Observability Matters Example: 5 billion transaction “boot scenario” SW simulation @ 0.01 MHz = 6 days* HW acceleration @ 0.1MHz = 14 hours* At-speed @ 500 MHz = 10 seconds * Even these are 10x faster than IBM’s benchmark

21. Two Examples By “hardware assurance” we mean: Is the chip authentic? Is the chip functioning properly? Until now, most of the attention has been focused on “static” views

22. Detect Malfunction Invisible to functional logic Invisible to application software Impossible to understand by inspection It’s just gates and flops, no hard macros It’s configured on the fly

23. An Instrumented GPS Chip Trace RAM (1k x 128) Transaction Engine PTE TRACER LCD_MUX CB1_MUX aligner 4-fifo grp_lcd_out grp_lcd_fifo_rd2 grp_lcd_fifo_rd1 grp_lcd_fifo_rd3 grp_lcd_rgb grp_arm_i grp_arm_r_0 grp_usb_slv grp_usb_mstr 125 125 125 FINAL_SPN 125 CB2_MUX 125 CB3_MUX 125 125 GP_IN 2 valid bit valid bit Observation Bus = 125 (probe grp) + 2 Valid + 1 Time Stamp = 128 bit 1 valid for domain crossing of 10Mhz to 166MHz 1 valid for domain crossing of 83KHz to 166MHz SPN NETWORK 166MHz 10MHz 1 valid bit 1 valid bit 125 CDC_LCD 166MHz 166MHz CAPSTIM aligner Trace RAM (1k x 128)

24. The Road Ahead abstraction Detected Violation Software objects, pointers, calls, register writes Bus cycles, arbitration policies, event sequencing On-Chip cycle protocols and timing T T T T T T T T T T T T T T T T T T T Bus Protocol Assertions Static Mode Selects Exception Generators Memory Checkers Performance Monitors Traffic Generators Event Sequencing Boot-up System Software Application Software O c D observe characterize detect observe characterize detect

25. Device Authenticity/Anti-Counterfeit Counterfeit chips are easy to make, hard to detect Enormous economic incentive most hackers are driven by money Attractive targets for adversaries banks, hospitals, military installations Our customers need an inexpensive and reliable way to detect counterfeit devices in the field

26. An Anti-Counterfeit Architecture DAFCA – on-chip instrumentation eScrypt – embedded security SiDense (CMOS embedded flash) Zanio – highly secure positioning and time

27. On-Chip, At-Speed, In-System Instrumentation Tap the lines pre-silicon Conveniently, easily, ubiquitously Formal/model check the result Observe behavior at speed Assertions, triggers, breakpoints Performance monitoring React Injection, remediation, isolation Step One: “Talk to me ”

28. Establish An Encrypted Channel On-Chip PKI Extremely compact Unique Based on random mfg variability Secure Store keys in protected cmos flash Step Two: “Talk securely to me ”

29. Embed A Secret Unique GPS token One-time insertion Prove authenticity Dynamic challenge-response protocol Can be implemented in-field Two factor security Device fingerprint (PUF) Device pedigree (location and time) Step Three: “Tell me a secret ”

30. Use GPS to Ensure Authenticity Easy to use – no interruption of design implementation flow No special pins, no special libraries, no performance degradation On-chip, at-speed, in-system can be accessed remotely, and in-field Set an extremely high bar for hackers

31. Secure Channel, Secret Message DAFCA + eScrypt + Zanio enables Access to the Zanio core from the device, from the operating system, or from the host system Message passing to and from the device without fear of compromise A “plug compatible” device that can easily replace or substitute unprotected chips

32. Location Security Application areas Public health and safety Tolling and mobile asset tracking Networked asset protection (including data) National security applications (including MTDs) Financial infrastructure (laundering and fraud) How do you know you are where you think you are? How do I know that you are where you say you are?

33. Next Generation Cybersecurity Augment the GNSS utility to Defeat spoofing Overcome jamming Security for GNSS -> Security from GNSS

34. Conclusion Cybersecurity is a priority of the new administration Approximately $30 billion in new programs Hardware assurance will be a prominent part of the technical roadmap Anti-tamper and anti-counterfeit solutions are available today