xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
In this work, we propose a modified DEFENSE architecture termed as xDEFENSE that can detect and react to hardware attacks in real-time. In the past, several Root of Trust architectures such as DEFENSE and RETC have been proposed to foil attempts by hardware Trojans to leak sensitive information. In a typical Root of Trust architecture scenario, hardware is allowed to access the memory only by responding properly to a challenge requested by the memory guard. However in a recent effort, we observed that these architectures can in fact be susceptible to a variety of threats ranging from denial of service attacks, privilege escalation to information leakage, by injecting a Trojan into the Root of Trust modules such as memory guards and authorized hardware. In our work, we propose a security monitor that monitors all transactions between the authorized hardware, memory guard and memory. It also authenticates these components through the use of Hashed Message Authentication Codes (HMAC) to detect any invalid memory access or denial of service attack by disrupting the challenge-response pairs. The proposed xDEFENSE architecture was implemented on a Xilinx SPARTAN 3 FPGA evaluation board and our results indicate that xDEFENSE requires 143 additional slices as compared to DEFENSE and incurs a monitoring latency of 22ns.
xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
In this work, we propose a modified DEFENSE architecture termed as xDEFENSE that can detect and react to hardware attacks in real-time. In the past, several Root of Trust architectures such as DEFENSE and RETC have been proposed to foil attempts by hardware Trojans to leak sensitive information. In a typical Root of Trust architecture scenario, hardware is allowed to access the memory only by responding properly to a challenge requested by the memory guard. However in a recent effort, we observed that these architectures can in fact be susceptible to a variety of threats ranging from denial of service attacks, privilege escalation to information leakage, by injecting a Trojan into the Root of Trust modules such as memory guards and authorized hardware. In our work, we propose a security monitor that monitors all transactions between the authorized hardware, memory guard and memory. It also authenticates these components through the use of Hashed Message Authentication Codes (HMAC) to detect any invalid memory access or denial of service attack by disrupting the challenge-response pairs. The proposed xDEFENSE architecture was implemented on a Xilinx SPARTAN 3 FPGA evaluation board and our results indicate that xDEFENSE requires 143 additional slices as compared to DEFENSE and incurs a monitoring latency of 22ns.
![xDEFENSE:An Extended DEFENSE for mitigating
Next Generation Intrusions
James Lamberti, Devu Manikantan Shila andVivekVenugopal
• Hardware Trojan Threats (HTTs) are
virus-like stealthy malicious components
that can infect the Integrated Circuit
(IC).
• Various stages of an IC lifecycle are
vulnerable to attacks due to the
outsourcing of design and manufacture.
• Majority of the ASICs and FPGAs
fabricated in China and Taiwan (Source:
DARPA)
[1] M.Abramovici and P. Bradley.“Integrated circuit security: new threats and solutions”. In Proceedings of the 5th Annual
Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and
Strategies, page 55.ACM, 2009.
[2] T. Huffmire,et. al,“Moats and drawbridges:An isolation primitive for reconfigurable hardware based systems,” in
Security and Privacy, 2007. SP ’07. IEEE Symposium on, May 2007, pp. 281–295.
Implementation and Results
• Our results manifest that using
power, the hardware Trojans remained
undetected.
• Using timing and resource utilization,
the message spoofing and the denial of
service HTTs indicated a visible change
from the golden model, thus increasing
it’s detection rate.
• We implement an architectural
refinement in the form of a trusted
anchor for embedding user-defined
policies that prevents HTTs from
activating within the system.
• The Trusted Anchor incurs a latency
cost for the secure handshake
protocol and utilizes more resources
for the monitoring logic.
Conclusion
References
Background work
• DEFENSE improves bus guarding and scrambling techniques by adding
hardware to provide real-time security monitoring.
• RETC-CPS is an extension of DEFENSE, where a firewall constantly
checks the model behavior against a set of user-defined security policies.
• A classic Root of Trust (RoT) design consists of a secure memory and a
key guard. The authorized module is allowed to access the contents of
memory only via a guard module. However, this RoT can be
compromised with the presence of a Man-In-The-Middle attack by a
hardware Trojan.
• The Trusted Anchor is configured with the following set of policies
related to information leakage: (1) Unauthorized IP cores are restricted
from memory access, (2) The key is never allowed to leave an IP core via
IP core-IP core or IP core-I/O links.
•The Trusted Anchor monitors the communication links for any violation
of these policies and if detected, it will reset the device or perform
memory/key zeroization.
Introduction
Address
Logic
Address
Logic
Response
Generator
Challenge
Generator
Encryption
Response
Generator
Memory
Authorized module Unauthorized module Guard module
Man-In-
The-
Middle
HTT
Unknown
USA
Europe
Asia
USA
Europe
Asia
FPGA manufacturing locations ASIC manufacturing locations
• Also, in the RoT testbed, an
unauthorized module can access the
key from the authorized module,
which remains undetected.
• Both DEFENSE and RETC do not
address spoofing attacks, as there is
no security built into it.
Trusted
Anchor
Unauthorized
IP
Memory
Secure
handshake
Trusted module
I/O
Authorized IP
I/O
Secure
handshake
Reset
key leakage
no key leakage
monitor
Root of Trust with a Man-In-The-Middle HTT
ChangefromtheGoldenmodel
-1
-0.75
-0.5
-0.25
0
0.25
0.5
0.75
1
Timing Resource
Beat the RoT (Denial of Service)
Beat the RoT (Message Spoofing)](https://image.slidesharecdn.com/fpga2014poster2v1-161214010305/75/xdefense-an-extended-defense-for-mitigating-next-generation-intrusions-1-2048.jpg?cb=1668562191)
Recommended
![[Kcc poster] 정준영](https://cdn.slidesharecdn.com/ss_thumbnails/kccposter-170624041745-thumbnail.jpg?width=384&fit=bounds)
More Related Content
What's hot
What's hot(20)
Viewers also liked
Viewers also liked(20)
Similar to xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
Similar to xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions(20)
Recently uploaded
Recently uploaded(20)
xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
- 1. xDEFENSE:An Extended DEFENSE for mitigating Next Generation Intrusions James Lamberti, Devu Manikantan Shila andVivekVenugopal • Hardware Trojan Threats (HTTs) are virus-like stealthy malicious components that can infect the Integrated Circuit (IC). • Various stages of an IC lifecycle are vulnerable to attacks due to the outsourcing of design and manufacture. • Majority of the ASICs and FPGAs fabricated in China and Taiwan (Source: DARPA) [1] M.Abramovici and P. Bradley.“Integrated circuit security: new threats and solutions”. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, page 55.ACM, 2009. [2] T. Huffmire,et. al,“Moats and drawbridges:An isolation primitive for reconfigurable hardware based systems,” in Security and Privacy, 2007. SP ’07. IEEE Symposium on, May 2007, pp. 281–295. Implementation and Results • Our results manifest that using power, the hardware Trojans remained undetected. • Using timing and resource utilization, the message spoofing and the denial of service HTTs indicated a visible change from the golden model, thus increasing it’s detection rate. • We implement an architectural refinement in the form of a trusted anchor for embedding user-defined policies that prevents HTTs from activating within the system. • The Trusted Anchor incurs a latency cost for the secure handshake protocol and utilizes more resources for the monitoring logic. Conclusion References Background work • DEFENSE improves bus guarding and scrambling techniques by adding hardware to provide real-time security monitoring. • RETC-CPS is an extension of DEFENSE, where a firewall constantly checks the model behavior against a set of user-defined security policies. • A classic Root of Trust (RoT) design consists of a secure memory and a key guard. The authorized module is allowed to access the contents of memory only via a guard module. However, this RoT can be compromised with the presence of a Man-In-The-Middle attack by a hardware Trojan. • The Trusted Anchor is configured with the following set of policies related to information leakage: (1) Unauthorized IP cores are restricted from memory access, (2) The key is never allowed to leave an IP core via IP core-IP core or IP core-I/O links. •The Trusted Anchor monitors the communication links for any violation of these policies and if detected, it will reset the device or perform memory/key zeroization. Introduction Address Logic Address Logic Response Generator Challenge Generator Encryption Response Generator Memory Authorized module Unauthorized module Guard module Man-In- The- Middle HTT Unknown USA Europe Asia USA Europe Asia FPGA manufacturing locations ASIC manufacturing locations • Also, in the RoT testbed, an unauthorized module can access the key from the authorized module, which remains undetected. • Both DEFENSE and RETC do not address spoofing attacks, as there is no security built into it. Trusted Anchor Unauthorized IP Memory Secure handshake Trusted module I/O Authorized IP I/O Secure handshake Reset key leakage no key leakage monitor Root of Trust with a Man-In-The-Middle HTT ChangefromtheGoldenmodel -1 -0.75 -0.5 -0.25 0 0.25 0.5 0.75 1 Timing Resource Beat the RoT (Denial of Service) Beat the RoT (Message Spoofing)