A Touch of Evil: High-Assurance Cryptographic
Hardware from Untrusted Components
Vasilios Mavroudis
University College London
v.mavroudis@cs.ucl.ac.uk
Andrea Cerulli
University College London
andrea.cerulli.13@ucl.ac.uk
Petr Svenda
Masaryk University
svenda@.muni.cz
Dan Cvrcek
EnigmaBridge
dan@enigmabridge.com
Dusan Klinec
EnigmaBridge
dusan@enigmabridge.com
George Danezis
University College London
g.danezis@ucl.ac.uk
ABSTRACT
The semiconductor industry is fully globalized and integrated cir-
cuits (ICs) are commonly dened, designed and fabricated in dier-
ent premises across the world. This reduces production costs, but
also exposes ICs to supply chain attacks, where insiders introduce
malicious circuitry into the nal products. Additionally, despite
extensive post-fabrication testing, it is not uncommon for ICs with
subtle fabrication errors to make it into production systems. While
many systems may be able to tolerate a few byzantine components,
this is not the case for cryptographic hardware, storing and comput-
ing on condential data. For this reason, many error and backdoor
detection techniques have been proposed over the years. So far
all attempts have been either quickly circumvented, or come with
unrealistically high manufacturing costs and complexity.
This paper proposes Myst, a practical high-assurance architec-
ture, that uses commercial o-the-shelf (COTS) hardware, and pro-
vides strong security guarantees, even in the presence of multi-
ple malicious or faulty components. The key idea is to combine
protective-redundancy with modern threshold cryptographic tech-
niques to build a system tolerant to hardware trojans and errors.
To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS compo-
nents. Specically, we employ more than a hundred COTS secure
cryptocoprocessors, veried to FIPS140-2 Level 4 tamper-resistance
standards, and use them to realize high-condentiality random
number generation, key derivation, public key decryption and sign-
ing. Our experiments show a reasonable computational overhead
(less than
1%
for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added.
KEYWORDS
cryptographic hardware; hardware trojans; backdoor-tolerance;
secure architecture
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for prot or commercial advantage and that copies bear this notice and the full citation
on the rst page. Copyrights for components of this work owned by others than the
author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior specic permission
and/or a fee. Request permissions from permissions@acm.org.
CCS ’17, October 30-November 3, 2017, Dallas, TX, USA
©
2017 Copyright held by the owner/author(s). Publication rights licensed to Associa-
tion for Computing Machinery.
ACM ISBN 978-1-4503-4946-8/17/10... $15.00
https://doi.org/10.1145/3133956.3133961
1 INTRODUCTION
Many critical systems with high security needs rely on secure
cryptoprocessors to carry out sensitive security tasks (e.g., key gen-
eration and storage, legally binding digital signature, code signing)
and provide a protection layer against cyber-attacks and security
breaches. These systems are typically servers handling sensitive
data, banking infrastructure, military equipment and space sta-
tions. In most cases, secure cryptoprocessors come embedded into
Hardware Security Modules, Trusted Platform Modules and Cryp-
tographic Accelerators, which are assumed to be both secure and
reliable. This entails that errors in any of the Integrated Circuits
(ICs) would be devastating for the security of the nal system. For
this reason, the design and fabrication of the underlying ICs must
abide f to high-quality specications and standards. These ensure
that there are no intentional or unintentional errors in the circuits,
but more importantly ensure the integrity of the hardware supply
chain. [52].
Unfortunately, vendors are not always able to oversee all parts of
the supply chain [
38
,
60
]. The constant reduction in transistor size
makes IC fabrication an expensive process, and IC designers often
outsource the fabrication task to overseas foundries to reduce their
costs [
35
,
46
,
99
]. This limits vendors to run only post-fabrication
tests to uncover potential defects. Those tests are very ecient
against common defects, but subtle errors are hard to uncover.
For instance, cryptoprocessors with defective RNG modules and
hardware cipher implementations have made it into production in
the past [31, 39].
Additionally, parts of the IC’s supply chain are left vulnera-
ble to attacks from malicious insiders [
12
,
63
,
67
,
84
] and have a
higher probability of introducing unintentional errors in the nal
product. In several documented real-world cases, contained errors,
backdoors or trojan horses. For instance, recently an exploitable
vulnerability was discovered on Intel processors that utilize Intel
Active Management Technology (AMT) [
49
], while vulnerable ICs
have been reported in military [
59
,
78
] applications, networking
equipment [
40
,
50
], and various other application [
2
,
56
,
76
,
77
]. Fur-
thermore, the academic community has designed various types of
hardware trojans (HT), and backdoors that demonstrate the extent
of the problem and its mitigation diculty [
11
,
18
,
23
,
54
,
65
,
91
–
93
].
Due to the severity of these threats, there is a large body of
work on the mitigation of malicious circuitry. Existing works have
pursued two dierent directions: detection and prevention. De-
tection techniques aim to determine whether any HTs exist in a
given circuit [
3
,
79
,
95
,
97
], while prevention techniques either
Session G5: Hardening Hardware
CCS’17, October 30-November 3, 2017, Dallas, TX, USA
1583
评论1
最新资源