hardware trojans hidden in rtl don’t cares -...
TRANSCRIPT
HardwareTrojansHiddeninRTLDon’tCares-AutomatedInser9onandPreven9onMethodologies
NicoleFernShrikantKulkarni
Kwang-Ting(Tim)Cheng
UCSantaBarbara
1
MainContribu9ons
• ProposeanovelTrojantypeu9lizingRTLdon’tcarestoleakinternalcircuitnodevalueswithoutchangingoriginalcircuitfunc9onality
• FormulateanautomatedTrojaninser9onandpreven9onmethodology
• ApplymethodologytoanEllip9cCurveprocessorwithover500don’tcarebits
2
HardwareTrojans
• Maliciouscircuitryinsertedinthehardwaredesign
• Canbeinsertedbyanypartywithaccesstothedesign!
• Goals:leakinforma9on,inducefaults,chipfailure,gainrootprivileges,etc.
3
TrojanClasses
1. Thelogicfunc9onsofsomedesignsignalsarealtered,systemspecifica9onsareviolated
2. TheTrojanleaksinforma9onthroughside-channels
3. Thelogicfunc2onsofonlythosedesignsignalswhichhaveunspecifiedbehaviorarealteredtoaddmaliciousfunc2onalitywithoutviola2ngsystemspecifica2ons
4
ThreatModel
• AtRTorgatelevel,assignvaluesor9eotherinternaldesignsignalstoRTLdon’t-carestoaccomplishmaliciousfunc9onality
• MaliciousCADtool,disgruntledemployee,anyonewithaccesstomodifyRTLornetlist
• PerfectequivalencecheckercannotdetectthisTrojantype!
5
PriorWork
• IPwatermarkingbyembeddinginforma9onintheassignmentofdon’tcarevalues1
• Trojansexploi9ngincompletelyspecifiedstatetransi9onandoutputfunc9ons2
1. G.QuandL.Yuan.SecureHardwareIPsbyDigitalWatermark.InIntroduc9ontoHardwareSecurityandTrust,pages123–141.SpringerNewYork,2012.
2. C.DunbarandG.Qu.DesigningTrustedEmbeddedSystemsfromFiniteStateMachines.ACMTransac9onsonEmbeddedCompu9ngSystems(TECS),2014.
6
Example1
Whencontrol==2’b11,wecanleakthekey!
7
Example1
The4don’tcarebitsaredangerousbecause:
1. Thedon’tcaresarereachable2. Aprimaryoutput(whichtheaeackercan
observe)differsdependingonthevalueofthedon’tcarebits
8
Sowhynotsimplyremovealldon’tcaresfromtheVerilogcode?
Don’tcareshavebeenusedforlogicop9miza9onforseveraldecades!
R.Bergamaschietal.Efficientuseoflargedon’tcaresinhigh-levelandlogicsynthesis.InICCAD,Nov1995.
9
Example2
TruncatedCounter
10
Example2
Unreachabledon’tcares
Reachable,butonly1bitcanpropagatetooutput
Whencounter=100andcontrol=11:
1 xx1
tmp<=data^1x00
100
xx1100&
x00
XPropagatesXBlocked 11
Ellip9cCurveProcessor(ECP)• ComputesG=[k]P,where[k]isP“mul9plied”byitselfk9mes• DifficulttodeterminesecretkonlyknowingGandP
C.RebeiroandD.Mukhopadhyay.HighPerformanceEllip9cCurveCrypto-processorforFPGAPlarorms.In12thIEEEVLSIDesignAndTestSymposium,2008.
12
Don’tCaresinControlUnit
• Duringeachofthe38states,controlsignalscwl[9:0]andcwh[22:0]areassigned
• Replacingdon’tcareswith0’sleadstoan8%areaincrease!
CodesnippetfromControlUnit(ecsmul.v)
cwh[7:4]areX!
13
TheECPTrojan• DuringState15:• AddressforRegisterBank2isunknown!• WriteenableforRegisterBank2isunknown!
CodesnippetfromRegisterBankControl(regbank.v) 14
TheECPTrojan
sxandsyareprimarycircuitoutputs!
Codesnippetfromtoplevelmodule
15
AutomatedInser9on/Preven9onMethodology
16
GoalofMethodology
• Classifyeachdon’tcareasdangerousorsafe• Dangerousdon’tcarescauseachangeinobservablesignalsbasedoniftheyare0or1
• Compare2versionsofthedesigneachwithdifferentassignmentsofthedon’tcarebits
17
EquivalenceCheckingFormula9on• MikeTurpinproposesusingsequen9alequivalencecheckingtocomparethesamedesignwithitself(withdifferentdon’tcarevaluesinthe2versions)
• Forscalabilityreasons,were-formulateintermsofcombina2onalequivalencecheckingand“statereachability”
M.Turpin.SolvingVerilogX-IssuesbySequen9allyComparingaDesignwithitself.You’llnevertrustunixdiffagain!InSNUG,2005.
18
EquivalenceCheckingFormula9on
dci
dcj
a y
dch...
dck...
...
... ...
...
PIs
PPIs
POs
PPOs
C
Q D
Q D
Q D
...
19
EquivalenceCheckingFormula9on1. Makealldon’tcarebitsprimaryinputs2. Create2copiesofthecircuitwheredci=0anddci=13. CheckifC0andC1areequivalent
a y
a y
XOR
{PIs, PPIs}
{dc0, dcj,…, dcn-1}
{POs, PPOs}
C0
C1
z
dci=0
dci=1
20
ExcludingUnreachableStates• Counterexamplecancontainanunreachablestate• Lextractedusingstatedesignknowledge,dead-code
analysisorreachabilityanalysis
a y
a y
XOR
{PIs, PPIs}
{dc0, dcj,…, dcn-1}
{POs, PPOs}
C0
C1
z
dci=0
dci=1XOR
w
Logic Function L
PPIs 1 if state is unreachable
21
MethodologyAppliedtoECP
• 572primaryinputbits,467primaryoutputbits,and11232stateelements
• 538don’tcarebits– 282:bitsincwlandcwhduringstates0−38– 33:bitsincwlandcwhduringcasedefault– 233:casedefaultinthequadblkmodule
• YosysusedtotransformVerilogintoBLIF• ABCusedforcombina9onalequivalencechecking
22
Classifica9onofDon’tCares
23
Dis9nguishingClasses1and2
• AtrentaSpyglassToolusedtoperformcodereachabilityfordon’tcaresinRows4-6– NoAssignX-ML:Iden9fiesdon’tcaresonRHSofassignment
– Av_dontcare01:Iden9fiesreachablexassignments
• Row7don’tcaresreachable,butpropaga9oncondi9onneversa9sfiedforStates1-38– NeedformalpropertycheckertoconfirmRow7don’tcaresaresafe
24
TrojanPreven9onAreaOverhead• Evenwithoutanalysisdis9nguishingClasses1and2,theareaoverheadismanageablecomparedwithreplacingalldon’tcarebits
• AutomatedanalysisuncoveredboththeECPTrojanaswellas33addi9onalbitswithinforma9onleakagepoten9al
25
Conclusions
• ProposednovelTrojantype• InsertedTrojaninanEllip9cCurveProcessorwhichleaksallkeybitsduringacyclewithunspecifiedcircuitoutputbehavior
• Iden9fieddon’tcaresusedinECPTrojanwithautomatedTrojanpreven9onmethodology
26
Ques9ons?
27
BackupSlides
28
Whyperformequivalencecheckingn9mesinsteadof2nchoose29mes?
• ndon’tcarebits,2npossiblecircuits• Ex.n=2,4possiblecircuits,6comparisons
dc0 dc1 CircuitVersion
0 0 A
0 1 B
1 0 C
1 1 D
dc0dc1==dc0dc1? Ifequivalent:
00v.10 A==C
01v.11 B==D
00v.01 A==B
10v.11 C==D
00v.11 A==D
01v.10 B==C
dc0<-0v.dc0<-1withdc1asPI
dc1<-0v.dc1<-1withdc0asPI
Onlyneedtoperformequivalencecheckingtwice!!29
TypesofRTLX’s• Don’tCares– Synthesistoolisfreetoassign0or1– Valueknownayersynthesis
• Unknowns– Unini9alizedorun-drivensignals– Ex.Flip-flopslackingaknownresetvalueorsignalsinaclock-gatedblock
– Unknownun9lopera9onofactualsiliconM.Turpin.TheDangersofLivingwithanX(bugshiddeninyourVerilog).InSNUG,2003.L.PiperandV.Vimjam.X-propaga2onwoes:MaskingbugsatRTLandunnecessarydebugatthenetlist.InDVCon,2012. 30
X-bugs
• RTLandgate-levelsimula9ondiscrepancies• Unintendedpropaga9onofunknownvalues– Improperresetorpowermanagementsequence
• NormallyX’sincircuitoutputsduringintermediatecomputa9oncyclesarenotbugs,aslongasthefinalresultiscorrect– ToaddressTrojanthreat,noX’smustappearatoutputsduringanycycle
H.-Z.Chouetal.FindingresetnondeterminisminRTLdesigns:ScalableX-analysismethodologyandcasestudy.InDATE,2010. 31
Exis9ngX-analysisTools
• JasperX-prop,AtrentaSpyglass,CadenceIncisive,SynopsysMagellan,etc.
• RTLandgate-levelsimula9ondiscrepancies• Unintendedpropaga9onofunknownvalues– Improperresetorpowermanagementsequence
• NormallyX’sincircuitoutputsduringintermediatecomputa9oncyclesarenotbugs,aslongasthefinalresultiscorrect
32