查看原文
其他

恶意电路威胁之硬件木马

摩尔芯闻 2022-01-15
The threat of malicious circuits - Hardware Trojans

Attacks based on the concealment of malicious hardware in integrated circuits have been nicknamed “Hardware Trojan”. A Trojan Horse is often described as malware that is made to look legitimate.

Hardware Trojans are becoming increasingly common and concerning in recent years due to growing numbers of attacks such as data theft and backdoor insertions into the electronics industry supply chain around the world. They have proven to be very dangerous and have the ability to maliciously modify the behavior of embedded chips.


CLASSIFICATION AND DETECTION OF HARDWARE TROJANS

Trojans are very hard to locate as they can be inserted anywhere in a microchip; one may for example be in the chip’s processor and another in its power supply.

Trojans can be implemented at different phases in the life-cycle, from the specification phase to the assembly and packaging phase. They also have different purposes once integrated. Indeed, some Trojans will seek to change the functionality of the chip, others will choose to degrade performance or completely deny service offered by the chip; some will prefer only to leak information.

A Trojan is usually composed of a payload part (the content of the malicious circuit) and a trigger part (to activate the malicious circuit).

What makes a Trojan so difficult to detect is that it has different types of activation mechanisms that vary from one Trojan to another. The detection of malicious hardware can almost be considered as a type of reverse engineering for detection purposes. Abnormal behavior that could affect the functioning of the circuit is investigated during the system evaluation.

DEALING WITH HARDWARE TROJANS

There are two methods to deal with Hardware Trojans; the reactive method and the proactive one.

The reactive method mostly consists in locating Hardware Trojans by first being aware of their presence in the system.

Analog detection can be used to try to find malicious hardware inside a system, either statically, i.e., by detecting visible components that are hidden on a printed circuit board or in the packaging; or dynamically, by looking for example at the electromagnetic activity of the system or other physical parameters to try to detect an unexpected phenomenon.

Using Sensors is also an effective reactive solution for locating Trojans. Indeed, when a Trojan is activated, the system begins to behave abnormally, which can potentially damage it and prevent it from working properly. Sensors can be used as a warning to notice such activities by detecting anomaly with a regular state-of-operation.

Some Hardware Trojans are actually composed of a combination of hardware and software vulnerabilities, that, when combined, can allow exploitation of the system. Hardware assertion methods involve identifying some high-level and critical behavioral invariants and checking them during circuit operation.

Although the reactive method of Trojan detection is effective, there is a constant need for additional trust. That is why some proactive methods are developed in the security sphere as they are particularly effective in detecting incoming attacks.

One of the proactive methods being developed is noticeably Machine Learning. The use of computer systems that can learn and adapt without following explicit instructions is key to the future of many topics, including Trojan detection. Since every Trojan is different, it can sometimes be difficult to define an exact method that can be applied to each case. Machine Learning can generate diverse and complex models and make decisions based on those models.

Another method is to protect the CPU directly by mitigating vulnerabilities and attacks targeting code execution or integrity induced by software code bugs, malicious activity or sought-after performances neglecting security. Attacks of this type are unique in that they engage both software and hardware; placing the protection layer in the hardware layer protects both. By escorting the program execution step by step, the method is able to detect any unexpected behavior of the CPU. Since it is not a method dedicated to a specific type of attack or Trojan, it is effective against any type of attack and any type of Trojan that would try to modify the behavior of the code execution.

The “encoded circuit” method is based on the observation that all integrated circuits are composed of two distinct parts: the combinational part and the sequential one. The sequential part includes the data and control registers which are easier to recognize on the IC layout because of their size. It is easier for an attacker to connect the Trojan to the sequential; therefore, this method aims at encoding and masking all sequential registers with Linear Boolean Code.

SECURE-IC FOR PROTECTING YOUR EMBEDDED CIRCUITS

As Hardware Trojans continue to be developed for nefarious purposes, it is Secure-IC’s duty to protect the devices against these new threats.

Secure-IC has developed LaboryzrTM to assess the weaknesses of a system against Hardware Trojan threats. It offers a multitude of services and use-cases, associating both proactive and reactive methods to detect and deal with Trojans such as reactive analog detection or machine learning.

On the protection and embedded detection side, Secure-IC has also implemented proactive and reactive methods, such as Cyber Escort UnitTM and Digital SensorTM combined with Secure-IC’s AI-based security monitoring technology Smart MonitorTM

以下是译文:


通过在集成电路中隐藏恶意硬件来实施的攻击行为称为“硬件木马”。特洛伊木马通常描述为看起来合法的恶意软件。

近年来,由于全球电子行业供应链中的数据盗窃和后门植入等攻击越来越多,硬件木马越来越普遍,也越来越令人担忧。事实证明,这些攻击非常危险,并能够恶意修改嵌入式芯片的行为。


硬件木马的分类和检测


木马很难被找出,因为它们可以插入微芯片中的任何地方;例如,可能在芯片的处理器中,也可能在芯片的电源中。

从规范阶段到装配和封装阶段,木马可以在芯片的不同生命周期阶段实施。集成后,它们的目的也不尽相同。事实上,有些木马会试图改变芯片的功能,有些会降低性能或完全拒绝芯片提供的服务;有些则只泄露信息。

木马通常由有效负载部分(恶意电路的内容)和触发部分(用于激活恶意电路)组成。

木马之所以难以检测,是因为它有不同类型的激活机制,并且不同木马有不同的激活机制。对恶意硬件的检测几乎可以看作是一种出于检测目的的逆向工程。在系统评估过程中,要对可能影响电路运行的异常行为进行调查。

硬件木马的处理


处理硬件木马有两种方法;被动法和主动法。

被动法主要是首先意识到系统中存在硬件木马,然后找出它们。

模拟检测可用于尝试发现系统内的恶意硬件,可以是静态的(即检测隐藏在印刷电路板上或封装中的可见组件);也可以是动态的(例如,通过观察系统的电磁活动或其他物理参数来尝试检测异常现象)。

使用传感器也是找出木马的一种有效的被动式解决方案。事实上,当木马被激活时,系统就会开始出现异常行为,这可能会损害系统并阻止其正常工作。传感器可以作为一种警告,通过检测正常运行状态下的异常来提醒用户注意此类活动。
有些硬件木马实际上由软硬件漏洞组合而成,通过结合使用这些漏洞,攻击者就可以侵入系统。硬件断言法涉及到识别一些高级和关键的行为不变量,并在电路操作过程中进行检查。

尽管被动式木马检测方法行之有效,但仍然需要持续地建立额外的信任。这就是为什么在安全领域开发了一些主动式方法,因为它们在检测来袭攻击方面特别有效。

其中一个正在开发的主动式方法就是机器学习。使用在无需遵循明确指令的情况下就能进行学习和调整的计算机系统,是未来许多课题的关键,包括木马检测。由于每个木马各不相同,有时很难定义一个适合所有案例的确切方法。机器学习可以生成多样化的复杂模型,并根据这些模型做出决策。

另一种方法是直接保护CPU,减少针对由软件代码漏洞、恶意活动或一味追求性能而忽视安全性引起的代码执行或完整性问题的漏洞和攻击。这类攻击很特殊,因为它们同时涉及软件和硬件;将保护层放在硬件层则可以保护两者。通过一步步为程序执行保驾护航,该方法能够检测到CPU的任何意外行为。由于这种方法不是专门针对特定类型的攻击或木马,因此它对任何类型的攻击以及任何类型试图修改代码执行行为的木马都有效。

“编码电路”法基于所有集成电路都由两个不同的部分组成:组合部分和序列部分。序列部分包括数据和控制寄存器,由于它们的尺寸,在集成电路布图上更容易识别。攻击者更容易将木马连接到序列部分;因此,这种方法旨在用线性布尔代码对所有序列寄存器进行编码和屏蔽。

SECURE-IC助力保护嵌入式电路


随着不断有人出于险恶目的而开发出各种硬件木马,Secure-IC的任务就是保护设备免受这些新的威胁。

Secure-IC开发了LaboryzrTM来评估系统在抵御硬件木马威胁时的弱点。它提供了多种服务和用例,将主动式和被动式方法结合起来,以检测和处理木马,比如被动式模拟检测或机器学习。

在保护和嵌入式检测方面,Secure-IC也实施了主动式和被动式方法,如Cyber Escort UnitTM和Digital SensorTM结合Secure-IC基于人工智能的安全监控技术Smart MonitorTM


中国集成电路设计业2021年会暨无锡集成电路产业创新高峰论坛将于12月1日至2日在无锡太湖博览中心举行,Secure-IC 诚挚地邀请您莅临我们的展位072 ,共同探讨嵌入式安全需求和方案,期待实现更好的交流与合作。

摩尔精英与Secure-IC是深度战略合作伙伴,双方合作包括安全IP和iSE解决方案、安全评估工具以及安全认证咨询服务的代理,涵盖的应用场景包括汽车电子、可信计算、AIoT和工业物联网、电子健康、通信加密、安全交易、边缘计算与云、数字版权保护、身份认证、安全存储、消费电子等领域。

点击文末”阅读原文“,了解更多信息!

扫码即可咨询安全IP和解决方案


您可能也对以下帖子感兴趣

文章有问题?点此查看未经处理的缓存