xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions

Vivek Venugopalan
Vivek VenugopalanResearch Scientist at United Technologies Research Center

In this work, we propose a modified DEFENSE architecture termed as xDEFENSE that can detect and react to hardware attacks in real-time. In the past, several Root of Trust architectures such as DEFENSE and RETC have been proposed to foil attempts by hardware Trojans to leak sensitive information. In a typical Root of Trust architecture scenario, hardware is allowed to access the memory only by responding properly to a challenge requested by the memory guard. However in a recent effort, we observed that these architectures can in fact be susceptible to a variety of threats ranging from denial of service attacks, privilege escalation to information leakage, by injecting a Trojan into the Root of Trust modules such as memory guards and authorized hardware. In our work, we propose a security monitor that monitors all transactions between the authorized hardware, memory guard and memory. It also authenticates these components through the use of Hashed Message Authentication Codes (HMAC) to detect any invalid memory access or denial of service attack by disrupting the challenge-response pairs. The proposed xDEFENSE architecture was implemented on a Xilinx SPARTAN 3 FPGA evaluation board and our results indicate that xDEFENSE requires 143 additional slices as compared to DEFENSE and incurs a monitoring latency of 22ns.

xDEFENSE:An Extended DEFENSE for mitigating
Next Generation Intrusions
James Lamberti, Devu Manikantan Shila andVivekVenugopal
• Hardware Trojan Threats (HTTs) are
virus-like stealthy malicious components
that can infect the Integrated Circuit
(IC). 	

• Various stages of an IC lifecycle are
vulnerable to attacks due to the
outsourcing of design and manufacture.	

• Majority of the ASICs and FPGAs
fabricated in China and Taiwan (Source:
DARPA)
[1] M.Abramovici and P. Bradley.“Integrated circuit security: new threats and solutions”. In Proceedings of the 5th Annual
Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and
Strategies, page 55.ACM, 2009.	

[2] T. Huffmire,et. al,“Moats and drawbridges:An isolation primitive for reconfigurable hardware based systems,” in
Security and Privacy, 2007. SP ’07. IEEE Symposium on, May 2007, pp. 281–295.
Implementation and Results
• Our results manifest that using
power, the hardware Trojans remained
undetected.	

• Using timing and resource utilization,
the message spoofing and the denial of
service HTTs indicated a visible change
from the golden model, thus increasing
it’s detection rate.	

• We implement an architectural
refinement in the form of a trusted
anchor for embedding user-defined
policies that prevents HTTs from
activating within the system.	

• The Trusted Anchor incurs a latency
cost for the secure handshake
protocol and utilizes more resources
for the monitoring logic.
Conclusion
References
Background work
• DEFENSE improves bus guarding and scrambling techniques by adding
hardware to provide real-time security monitoring. 	

• RETC-CPS is an extension of DEFENSE, where a firewall constantly
checks the model behavior against a set of user-defined security policies.	

• A classic Root of Trust (RoT) design consists of a secure memory and a
key guard. The authorized module is allowed to access the contents of
memory only via a guard module. However, this RoT can be
compromised with the presence of a Man-In-The-Middle attack by a
hardware Trojan.
• The Trusted Anchor is configured with the following set of policies
related to information leakage: (1) Unauthorized IP cores are restricted
from memory access, (2) The key is never allowed to leave an IP core via
IP core-IP core or IP core-I/O links. 	

•The Trusted Anchor monitors the communication links for any violation
of these policies and if detected, it will reset the device or perform
memory/key zeroization.
Introduction
Address
Logic
Address
Logic
Response
Generator
Challenge
Generator
Encryption
Response
Generator
Memory
Authorized module Unauthorized module Guard module
Man-In-
The-
Middle
HTT
Unknown
USA
Europe
Asia
USA
Europe
Asia
FPGA manufacturing locations ASIC manufacturing locations
• Also, in the RoT testbed, an
unauthorized module can access the
key from the authorized module,
which remains undetected.	

• Both DEFENSE and RETC do not
address spoofing attacks, as there is
no security built into it.
Trusted
Anchor
Unauthorized
IP
Memory
Secure
handshake
Trusted module
I/O
Authorized IP
I/O
Secure
handshake
Reset
key leakage
no key leakage
monitor
Root of Trust with a Man-In-The-Middle HTT
ChangefromtheGoldenmodel
-1
-0.75
-0.5
-0.25
0
0.25
0.5
0.75
1
Timing Resource
Beat the RoT (Denial of Service)
Beat the RoT (Message Spoofing)

Recommended

What is network security and Types by
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
358 views9 slides
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020) by
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)mike parks
759 views149 slides
Impact to it security of incorrect configuration of firewall policies and thi... by
Impact to it security of incorrect configuration of firewall policies and thi...Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...usman butt
3.4K views11 slides
Firmware analysis 101 by
Firmware analysis 101Firmware analysis 101
Firmware analysis 101veerababu penugonda(Mr-IoT)
373 views13 slides
[Kcc poster] 정준영 by
[Kcc poster] 정준영[Kcc poster] 정준영
[Kcc poster] 정준영Junyoung Jung
837 views12 slides
Beginners guide on how to start exploring IoT 2nd session by
Beginners  guide on how to start exploring IoT 2nd sessionBeginners  guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionveerababu penugonda(Mr-IoT)
982 views38 slides

More Related Content

What's hot

Modern Network Security Issue and Challenge by
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
1.2K views12 slides
Topics in network security by
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
10.1K views11 slides
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02 by
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
571 views24 slides
Trend Internet of Things by
Trend Internet of ThingsTrend Internet of Things
Trend Internet of ThingsDeris Stiawan
200 views25 slides
Network Attack and Intrusion Prevention System by
Network Attack and  Intrusion Prevention System Network Attack and  Intrusion Prevention System
Network Attack and Intrusion Prevention System Deris Stiawan
518 views42 slides
IoT security zigbee -- Null Meet bangalore by
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreveerababu penugonda(Mr-IoT)
1.5K views30 slides

What's hot(20)

Modern Network Security Issue and Challenge by Ikhtiar Khan Sohan
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and Challenge
Ikhtiar Khan Sohan1.2K views
Topics in network security by Nasir Bhutta
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta10.1K views
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02 by PacSecJP
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
PacSecJP571 views
Trend Internet of Things by Deris Stiawan
Trend Internet of ThingsTrend Internet of Things
Trend Internet of Things
Deris Stiawan200 views
Network Attack and Intrusion Prevention System by Deris Stiawan
Network Attack and  Intrusion Prevention System Network Attack and  Intrusion Prevention System
Network Attack and Intrusion Prevention System
Deris Stiawan518 views
Cyber Security: Trends and Globar War by Nasir Bhutta
Cyber Security: Trends and Globar WarCyber Security: Trends and Globar War
Cyber Security: Trends and Globar War
Nasir Bhutta706 views
Network security by Vikas Jagtap
 Network security Network security
Network security
Vikas Jagtap1.5K views
Network security and protocols by Online
Network security and protocolsNetwork security and protocols
Network security and protocols
Online 11.6K views
Network security - Defense in Depth by Dilum Bandara
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara5.8K views
IOT privacy and Security by noornabi16
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
noornabi16527 views
Presentation network security by cegonsoft1999
Presentation network securityPresentation network security
Presentation network security
cegonsoft19991.3K views

Viewers also liked

Real-time processing for ATST by
Real-time processing for ATSTReal-time processing for ATST
Real-time processing for ATSTVivek Venugopalan
763 views28 slides
Swathy CV (1) by
Swathy CV (1)Swathy CV (1)
Swathy CV (1)Swathy Sudharman
131 views3 slides
Sogno di un alunno by
Sogno di un alunnoSogno di un alunno
Sogno di un alunnoOrnella Castellano
87 views11 slides
Использование технологий виртуализации Vmware by
Использование технологий виртуализации VmwareИспользование технологий виртуализации Vmware
Использование технологий виртуализации VmwareКРОК
265 views20 slides
Hand me pitch deck V 1.0 by
Hand me pitch deck V 1.0Hand me pitch deck V 1.0
Hand me pitch deck V 1.0Arun Purushothaman
564 views14 slides
жыву ў беларусі і тым ганаруся by
жыву ў беларусі і тым ганарусяжыву ў беларусі і тым ганаруся
жыву ў беларусі і тым ганарусяihar_nestser
329 views26 slides

Viewers also liked(20)

Использование технологий виртуализации Vmware by КРОК
Использование технологий виртуализации VmwareИспользование технологий виртуализации Vmware
Использование технологий виртуализации Vmware
КРОК265 views
жыву ў беларусі і тым ганаруся by ihar_nestser
жыву ў беларусі і тым ганарусяжыву ў беларусі і тым ганаруся
жыву ў беларусі і тым ганаруся
ihar_nestser329 views
Peter Van Geit's talk on the success of Chennai Trekking Club at TEDxChennai ... by NFN Labs
Peter Van Geit's talk on the success of Chennai Trekking Club at TEDxChennai ...Peter Van Geit's talk on the success of Chennai Trekking Club at TEDxChennai ...
Peter Van Geit's talk on the success of Chennai Trekking Club at TEDxChennai ...
NFN Labs1.8K views
EMC XtremIO: Зверь выходит на охоту by КРОК
EMC XtremIO: Зверь выходит на охотуEMC XtremIO: Зверь выходит на охоту
EMC XtremIO: Зверь выходит на охоту
КРОК513 views
Research trials and tribulations: Content analysis of online comments to arti... by Annis Lee Adams
Research trials and tribulations: Content analysis of online comments to arti...Research trials and tribulations: Content analysis of online comments to arti...
Research trials and tribulations: Content analysis of online comments to arti...
Annis Lee Adams227 views
120715 agile requirements_handout by Andreas Birk
120715 agile requirements_handout120715 agile requirements_handout
120715 agile requirements_handout
Andreas Birk2.4K views
MIPI DevCon 2016: Using MIPI Conformance Test Suites for Pre-Silicon Verifica... by MIPI Alliance
MIPI DevCon 2016: Using MIPI Conformance Test Suites for Pre-Silicon Verifica...MIPI DevCon 2016: Using MIPI Conformance Test Suites for Pre-Silicon Verifica...
MIPI DevCon 2016: Using MIPI Conformance Test Suites for Pre-Silicon Verifica...
MIPI Alliance5.8K views
Внедрение бизнес приложений by КРОК
Внедрение бизнес приложенийВнедрение бизнес приложений
Внедрение бизнес приложений
КРОК1.8K views
Облака в вашей компании: обозначаем цели, определяем методы by КРОК
Облака в вашей компании: обозначаем цели, определяем методыОблака в вашей компании: обозначаем цели, определяем методы
Облака в вашей компании: обозначаем цели, определяем методы
КРОК617 views
Manufacturing process of porcelain insulators by Anand Raj
Manufacturing process of porcelain insulatorsManufacturing process of porcelain insulators
Manufacturing process of porcelain insulators
Anand Raj21.6K views
Как повысить качество работы операторов на 20% by КРОК
Как повысить качество работы операторов на 20%Как повысить качество работы операторов на 20%
Как повысить качество работы операторов на 20%
КРОК440 views
Что такое спорт крок by КРОК
Что такое спорт крокЧто такое спорт крок
Что такое спорт крок
КРОК1.2K views
Как уменьшить отток клиентов by Vladimir Levin
Как уменьшить отток клиентовКак уменьшить отток клиентов
Как уменьшить отток клиентов
Vladimir Levin856 views
Renforcer l'accessibilité avec le FALC by Cap'Com
Renforcer l'accessibilité avec le FALCRenforcer l'accessibilité avec le FALC
Renforcer l'accessibilité avec le FALC
Cap'Com3.4K views

Similar to xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions

Internet of things security "Hardware Security" by
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
2.4K views26 slides
Safe and secure autonomous systems by
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
592 views18 slides
Day4 by
Day4Day4
Day4Jai4uk
630 views52 slides
How PUF Technology is Securing Io by
How PUF Technology is Securing IoHow PUF Technology is Securing Io
How PUF Technology is Securing IoAbacus Technologies
86 views4 slides
IoT security-arrow-roadshow #iotconfua by
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaAndy Shutka
163 views24 slides
Your Thing is Pwned - Security Challenges for the IoT by
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
1.6K views54 slides

Similar to xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions(20)

Safe and secure autonomous systems by Alan Tatourian
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
Alan Tatourian592 views
Day4 by Jai4uk
Day4Day4
Day4
Jai4uk630 views
IoT security-arrow-roadshow #iotconfua by Andy Shutka
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
Andy Shutka163 views
Your Thing is Pwned - Security Challenges for the IoT by WSO2
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO21.6K views
Security technologies by Dhani Ahmad
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad4.3K views
Cyber Securing Physical Security May 2015 by mauimarketing
Cyber Securing Physical Security May 2015Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015
mauimarketing856 views
PIP-MPU: FORMAL VERIFICATION OF AN MPUBASED SEPARATION KERNEL FOR CONSTRAINED... by ijesajournal
PIP-MPU: FORMAL VERIFICATION OF AN MPUBASED SEPARATION KERNEL FOR CONSTRAINED...PIP-MPU: FORMAL VERIFICATION OF AN MPUBASED SEPARATION KERNEL FOR CONSTRAINED...
PIP-MPU: FORMAL VERIFICATION OF AN MPUBASED SEPARATION KERNEL FOR CONSTRAINED...
ijesajournal8 views
Pip-MPU: Formal Verification of an MPU-Based Separationkernel for Constrained... by ijesajournal
Pip-MPU: Formal Verification of an MPU-Based Separationkernel for Constrained...Pip-MPU: Formal Verification of an MPU-Based Separationkernel for Constrained...
Pip-MPU: Formal Verification of an MPU-Based Separationkernel for Constrained...
ijesajournal6 views
The new era of mega trends securtity by Ahmed Sallam
The new era of mega trends securtityThe new era of mega trends securtity
The new era of mega trends securtity
Ahmed Sallam244 views
01_Metasploit - The Elixir of Network Security by Harish Chaudhary
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary356 views
4.report (cryptography & computer network) by JIEMS Akkalkuwa
4.report (cryptography & computer network)4.report (cryptography & computer network)
4.report (cryptography & computer network)
JIEMS Akkalkuwa169 views
LAS16-300K2: Geoff Thorpe - IoT Zephyr by Shovan Sargunam
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam1K views
Vishwanath rakesh ece 561 by RAKESH_CSU
Vishwanath rakesh ece 561Vishwanath rakesh ece 561
Vishwanath rakesh ece 561
RAKESH_CSU365 views
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi... by Jiunn-Jer Sun
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun55 views

Recently uploaded

dummy.pptx by
dummy.pptxdummy.pptx
dummy.pptxJamesLamp
5 views2 slides
sam_software_eng_cv.pdf by
sam_software_eng_cv.pdfsam_software_eng_cv.pdf
sam_software_eng_cv.pdfsammyigbinovia
10 views5 slides
MongoDB.pdf by
MongoDB.pdfMongoDB.pdf
MongoDB.pdfArthyR3
49 views6 slides
Ansari: Practical experiences with an LLM-based Islamic Assistant by
Ansari: Practical experiences with an LLM-based Islamic AssistantAnsari: Practical experiences with an LLM-based Islamic Assistant
Ansari: Practical experiences with an LLM-based Islamic AssistantM Waleed Kadous
9 views29 slides
Proposal Presentation.pptx by
Proposal Presentation.pptxProposal Presentation.pptx
Proposal Presentation.pptxkeytonallamon
67 views36 slides
SUMIT SQL PROJECT SUPERSTORE 1.pptx by
SUMIT SQL PROJECT SUPERSTORE 1.pptxSUMIT SQL PROJECT SUPERSTORE 1.pptx
SUMIT SQL PROJECT SUPERSTORE 1.pptxSumit Jadhav
22 views26 slides

Recently uploaded(20)

MongoDB.pdf by ArthyR3
MongoDB.pdfMongoDB.pdf
MongoDB.pdf
ArthyR349 views
Ansari: Practical experiences with an LLM-based Islamic Assistant by M Waleed Kadous
Ansari: Practical experiences with an LLM-based Islamic AssistantAnsari: Practical experiences with an LLM-based Islamic Assistant
Ansari: Practical experiences with an LLM-based Islamic Assistant
M Waleed Kadous9 views
SUMIT SQL PROJECT SUPERSTORE 1.pptx by Sumit Jadhav
SUMIT SQL PROJECT SUPERSTORE 1.pptxSUMIT SQL PROJECT SUPERSTORE 1.pptx
SUMIT SQL PROJECT SUPERSTORE 1.pptx
Sumit Jadhav 22 views
Design_Discover_Develop_Campaign.pptx by ShivanshSeth6
Design_Discover_Develop_Campaign.pptxDesign_Discover_Develop_Campaign.pptx
Design_Discover_Develop_Campaign.pptx
ShivanshSeth649 views
ASSIGNMENTS ON FUZZY LOGIC IN TRAFFIC FLOW.pdf by AlhamduKure
ASSIGNMENTS ON FUZZY LOGIC IN TRAFFIC FLOW.pdfASSIGNMENTS ON FUZZY LOGIC IN TRAFFIC FLOW.pdf
ASSIGNMENTS ON FUZZY LOGIC IN TRAFFIC FLOW.pdf
AlhamduKure8 views
_MAKRIADI-FOTEINI_diploma thesis.pptx by fotinimakriadi
_MAKRIADI-FOTEINI_diploma thesis.pptx_MAKRIADI-FOTEINI_diploma thesis.pptx
_MAKRIADI-FOTEINI_diploma thesis.pptx
fotinimakriadi12 views
BCIC - Manufacturing Conclave - Technology-Driven Manufacturing for Growth by Innomantra
BCIC - Manufacturing Conclave -  Technology-Driven Manufacturing for GrowthBCIC - Manufacturing Conclave -  Technology-Driven Manufacturing for Growth
BCIC - Manufacturing Conclave - Technology-Driven Manufacturing for Growth
Innomantra 15 views
2023Dec ASU Wang NETR Group Research Focus and Facility Overview.pptx by lwang78
2023Dec ASU Wang NETR Group Research Focus and Facility Overview.pptx2023Dec ASU Wang NETR Group Research Focus and Facility Overview.pptx
2023Dec ASU Wang NETR Group Research Focus and Facility Overview.pptx
lwang78180 views
Créativité dans le design mécanique à l’aide de l’optimisation topologique by LIEGE CREATIVE
Créativité dans le design mécanique à l’aide de l’optimisation topologiqueCréativité dans le design mécanique à l’aide de l’optimisation topologique
Créativité dans le design mécanique à l’aide de l’optimisation topologique
LIEGE CREATIVE8 views
Design of machine elements-UNIT 3.pptx by gopinathcreddy
Design of machine elements-UNIT 3.pptxDesign of machine elements-UNIT 3.pptx
Design of machine elements-UNIT 3.pptx
gopinathcreddy37 views
GDSC Mikroskil Members Onboarding 2023.pdf by gdscmikroskil
GDSC Mikroskil Members Onboarding 2023.pdfGDSC Mikroskil Members Onboarding 2023.pdf
GDSC Mikroskil Members Onboarding 2023.pdf
gdscmikroskil63 views

xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions

  • 1. xDEFENSE:An Extended DEFENSE for mitigating Next Generation Intrusions James Lamberti, Devu Manikantan Shila andVivekVenugopal • Hardware Trojan Threats (HTTs) are virus-like stealthy malicious components that can infect the Integrated Circuit (IC). • Various stages of an IC lifecycle are vulnerable to attacks due to the outsourcing of design and manufacture. • Majority of the ASICs and FPGAs fabricated in China and Taiwan (Source: DARPA) [1] M.Abramovici and P. Bradley.“Integrated circuit security: new threats and solutions”. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, page 55.ACM, 2009. [2] T. Huffmire,et. al,“Moats and drawbridges:An isolation primitive for reconfigurable hardware based systems,” in Security and Privacy, 2007. SP ’07. IEEE Symposium on, May 2007, pp. 281–295. Implementation and Results • Our results manifest that using power, the hardware Trojans remained undetected. • Using timing and resource utilization, the message spoofing and the denial of service HTTs indicated a visible change from the golden model, thus increasing it’s detection rate. • We implement an architectural refinement in the form of a trusted anchor for embedding user-defined policies that prevents HTTs from activating within the system. • The Trusted Anchor incurs a latency cost for the secure handshake protocol and utilizes more resources for the monitoring logic. Conclusion References Background work • DEFENSE improves bus guarding and scrambling techniques by adding hardware to provide real-time security monitoring. • RETC-CPS is an extension of DEFENSE, where a firewall constantly checks the model behavior against a set of user-defined security policies. • A classic Root of Trust (RoT) design consists of a secure memory and a key guard. The authorized module is allowed to access the contents of memory only via a guard module. However, this RoT can be compromised with the presence of a Man-In-The-Middle attack by a hardware Trojan. • The Trusted Anchor is configured with the following set of policies related to information leakage: (1) Unauthorized IP cores are restricted from memory access, (2) The key is never allowed to leave an IP core via IP core-IP core or IP core-I/O links. •The Trusted Anchor monitors the communication links for any violation of these policies and if detected, it will reset the device or perform memory/key zeroization. Introduction Address Logic Address Logic Response Generator Challenge Generator Encryption Response Generator Memory Authorized module Unauthorized module Guard module Man-In- The- Middle HTT Unknown USA Europe Asia USA Europe Asia FPGA manufacturing locations ASIC manufacturing locations • Also, in the RoT testbed, an unauthorized module can access the key from the authorized module, which remains undetected. • Both DEFENSE and RETC do not address spoofing attacks, as there is no security built into it. Trusted Anchor Unauthorized IP Memory Secure handshake Trusted module I/O Authorized IP I/O Secure handshake Reset key leakage no key leakage monitor Root of Trust with a Man-In-The-Middle HTT ChangefromtheGoldenmodel -1 -0.75 -0.5 -0.25 0 0.25 0.5 0.75 1 Timing Resource Beat the RoT (Denial of Service) Beat the RoT (Message Spoofing)