Non-deterministic timers for hardware Trojan activation (or how a little randomness can go the wrong way)

Frank Imeson, Saeed Nejati, Siddharth Garg, Mahesh Tripunitara

Research output: Contribution to conferencePaperpeer-review

Abstract

The security of digital Integrated Circuits (ICs) is essential to the security of a computer system that comprises them. A particularly pernicious attack is the insertion of a hardware backdoor, that is triggered in the field using a timer that is also inserted in the hardware. Prior work has addressed deterministic timer-based triggers — those that are designed to trigger at a specific time with probability 1. We address open questions related to the feasibility of realizing non-deterministic timer-based triggers in hardware — those that are designed with a random component. We show that such timers can be realized in hardware in a manner that is impractical to detect or disable using existing countermeasures of which are aware. We discuss our design, implementation and analysis of such a timer. We show that the attacker can have surprisingly fine-grained control over the time-window within which the timer triggers. Our timer has several other appealing features as well, from the attacker’s standpoint. For example, it is practical and effective with only a few bits of Non-Volatile (NV) memory and a small time-window within which volatile state needs to be maintained. Our work raises the bar considerably for defense mechanisms for hardware security.

Original languageEnglish (US)
StatePublished - 2016
Event10th USENIX Workshop on Offensive Technologies, WOOT 2016 - Austin, United States
Duration: Aug 8 2016Aug 9 2016

Conference

Conference10th USENIX Workshop on Offensive Technologies, WOOT 2016
Country/TerritoryUnited States
CityAustin
Period8/8/168/9/16

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Software

Fingerprint

Dive into the research topics of 'Non-deterministic timers for hardware Trojan activation (or how a little randomness can go the wrong way)'. Together they form a unique fingerprint.

Cite this