Do not trust the cores, Trojans
If someone put a piece of RTL into your SoC designed to leak information to the outside world, or simply kill the device stone dead, could you spot it? Really? Although the prospect seems a little far-fetched to begin with, the SRC is concerned enough to have convened a group comprised of industry experts and academics – the Trustworthy and Secure Semiconductors and Systems (T3S) consortium – to work out how to stop rogue circuitry making it into ICs in today’s highly disaggregated supply chain and why we should fear geeks bearing ‘gifts’.
The DAC conference will join in the call next week (1-5 June), asking: who can you trust? Your foundry? Your IP suppliers? Your customers? Anybody? Because, right now, trust is where the only protection lies. Security researchers have developed a number of proofs of concept that demonstrate how difficult it is to detect hardware trojans – circuits that subvert the operation of the SoC. And they can be surprisingly small. One example, covered in our guide on hardware trojans, involves tiny changes to the dopant masks for individual standard cells to make the cryptoprocessor of an SoC vulnerable to an attacker, as covered in our hardware trojans guide.
Competitive evolution
One way researchers have found to explore how feasible it is to detect trojans, as well as insert them, is to pit teams against each other. A session at DAC 51 will feature teams who took part in the last CSAW Embedded Systems Challenge organized by NYU Polytechnic. Winning teams had to sneak their RTL trojans past a checking algorithm that looks at how well-connected the alien logic is to the rest of the hardware. You can find out how successful the teams’ strategies were in Session 88, beginning at 1:30pm on 5 June.
In between the somewhat James Bond-like idea of taking over an SoC from the inside, hardware designers also have to face the problems of dealing with counterfeiting, copying and reverse engineering. But the problems of security being covered at DAC reach far up the stack.
Green Hills Software David Kleidermacher, who presents a SKY Talk at DAC 51 on Wednesday (4 June), has been warning about the looming problems of embedded-systems security for a number of years.
Attack the edge
Although security researchers and people such as Kleidermacher have warned about the problem for years, it came to a head this year with the Target hack, showing how the vulnerable underbelly of many networks is no longer Windows – although that remains painfully insecure – but the embedded systems with practically zero protection.
Kleidermacher pointed to two myths at Embedded World in Nürnberg, Germany earlier this year: “People think if only we lock down the server really well that will solve the problem. If we fail to protect the things, attackers will go after the things. The second part of the myth is that there isn’t valuable information on the edge. That isn’t true.”
At this year’s DAC, Kleidermacher will focus on the problem facing vehicle manufacturers as they build intensively networked systems that use a combination of consumer-grade and automotive-grade components. A car is a somewhat different target to a retailer – the hacker is not going to make off with more than a couple of credit cards. But even inadvertently, the potential is there to disrupt the safe operation of the machine, for example, if the infotainment system starts spewing data across the vehicle’s drive-by-wire networks.
At Embedded World, Kleidermacher presented a five-point plan for making embedded systems more secure, focusing on common problems in software development such as giving tasks way too many system privileges just because that’s the easy way to do things. That is likely to be an important rule in automotive where you will want to ensure that the MP3 player isn’t able to suddenly take control of the Ethernet network.