Hardware Security

Introduction
• Hardware security –differs from software, network,
and data security because of the nature of
hardware.
• Hardware design and manufacturing occur before
or during software development,
• Security- Early product life cycle
• Hardware –Executes the software code, controls
cyber physical system
• So it is the last line for defense or damage of system
• Hardware also has a longer lifespan than most
software
• After we deploy hardware we usually cannot
update it
• We can update software by uploading new code
• Even after hardware outlives its usefulness,
we must dispose of it properly or risk attacks
such as theft of the data or software still
resident in the hardware.
• Hardware security is important for the entire
lifespan of a cyber-physical system, from
before design until after retirement.
• Two aspects of security
Hardware provide chain security
Hardware support for software package
security
 Hardware –Supply chain security
• Possible attacks on the IC supply chain include
maliciously modifying ICs, copying of ICs to
produce cloned devices, or stealing intellectual
property (IP)

• A malicious modification to an IC is called a Trojan

circuit or Hardware Trojan, because the modification
hides itself within the IC and possibly even provides
correct, useful functionality before it attacks
• Cloned or counterfeit ICs lead to lost
revenue and may be less reliable than the original,
potentially affecting the reputation of the original
device manufacturer and the security of the
end user.
IP theft is similar to counterfeiting but
• may be used to create competing devices without
incurring the research and development costs.
• All of these attacks may cause financial harm to
the original designer or device manufacturer
• It also introduce potential risks to end users
due to loss of reliability and security.
• Supply chain attacks can happen during any of
the un-trusted phases prior to deployment
within an electronic device.
• The primary phases of the IC supply chain,
shown in Figure 12-1, are design, fabrication,
and test.
• The IC design phase consists of all the code
and other inputs to the tools.
• Some of the design processes are observable
and auditable, and therefore trusted.
• Third party IP is increasingly used in a
protected manner like designers and
consumers.
• The design phase has mixed levels of trust,
and IC design is vulnerable to supply chain
attacks.
• Fabrication processes are similarly un-trusted
due to a lack of verifiability and trust at
offshore foundries.
• The test phase is trusted in its entirety.
• As designing circuits has become more
complicated, commercial pressures have driven
technologies that improve time-to-market. One
• such technology is reconfigurable logic, for
example,
the field programmable gate array (FPGA) devices.
• A reconfigurable device can be reprogrammed
after it is deployed.
• A reconfigurable logic make IP theft and
cloning easier.
• Testing for Trojan Circuits
• One approach to Trojan circuit detection is to
look for additions and modifications to an IC in
a laboratory setting prior to deploying the final
Product.
• silicon design authentication, which verifies
that an IC contains only the designer’s
intended functionality and nothing else
• Silicon design authentication is difficult due to
increasing IC complexity, shrinking feature sizes,
and lack of knowledge about what functionality
has been added to
the IC.
• Detection by physical inspection is insufficient
due to the complexity and size of modern ICs.
• Two promising directions of Trojan circuit
detection
• 1. side-channel analysis and 2. Trojan activation.
• Side channel Analysis- If there is any deviation
in signals, temperature or timing. It indicates
the presence of trojan circuit.
• Trojan activation techniques –improvement of
side channel analysis techniques
• Trigger trojan circuit to identify malicioius
behavior.
• The silicon design authentication techniques
are useful for detecting the presence of
malicious circuitry prior to deploying devices
• Design for Hardware Trust
-Computer-aided design (CAD) and
electronic design automation (EDA) tools are
crucial to the efficiency and success of circuit
design.
• - Design tools focus mainly on design for
test(DFT) or design for manufacturability
(DFM) design for hardware trust(DFHT)
• DFHT seeks to prevent Trojan circuits from
being introduced during design or fabrication.
• Watermarking. Watermarking is an
established technique for marking property
such that counterfeit goods are detectable;
• IC watermarking helps to detect counterfeit
devices and IP theft.
• Metadata are embedded within the IC design,
so the manufactured product contains an
identifiable watermark that does not affect
the circuit’s functionality.
• Effective watermarking requires that the
watermark is not easy to copy.
• Fingerprints, PUFs, and Metering
• Fingerprinting improves on watermarking
by enabling tracing of stolen property so
that after discovering a counterfeit device
punitive measures may be taken.
• Physically unclonable functions (PUFs) can
provide IC authentication.
• IC metering extends device fingerprinting to
restrict production and distribution of Ics
• The goal of metering is to prevent attackers
from copying a design and creating cloned
devices.
• When an IC is recovered and suspected of
being pirated, it can be checked against the
registered ICs
HARDWARE SUPPORT FOR SOFTWARE SECURITY
• Security policies define how users of a
computing system are allowed to use, modify,
or share its resources.
• An operating system (OS) defines the security
policies and relies on hardware to assist in
enforcing them.
Memory Protection in Commodity Systems.

• Two major components—the processor and

Memory.
• The processor fetches code and data from
memory to execute programs.
• If both components are shared by all programs
then a program might corrupt or steal another’s
data in memory, accidentally or maliciously, or
prevent any other program from accessing the
processor(denial-of-service).
• To avoid such scenarios,
• a privileged entity must control the allocation
(time and space) of compute resources
(processor and memory).
• The highest privilege ring, the kernel controls all
compute resources.
• It can read and write from any memory location
execute any instruction supported by the
processor, receive all hardware events, and
operate all peripherals.
• User applications – residing in the lowest
privilege level – have limited access to
memory ,cannot execute privileged
instructions, and can only access peripherals by
invoking OS services.
• A processor differentiates between
• kernel and user with bits in a special register,
• generically called the program status word
and specifically called the Program Status
Register in ARM architectures, Hypervisor
State Bit in PowerPC architectures, Privileged
Mode in the Processor State Register in SPARC
architectures, or Current Privilege Level in the
Code Segment Register in Intel architectures.
Architectural Support for Buffer Overflow

• Hardware-assisted approaches to buffer overflow

protection improve upon accuracy and performance by
using a variety of techniques
• One common solution is to maintain a shadow of the
return address in hardware by creating a return
address stack or monitoring the location of the return
address for any unauthorized modifications
• Other hardware-supported solutions protect all
• control flow in general, including branches and
• jumps
• Secure Return Address Stack (SRAS)
implements a shadow stack in hardware with
processor modifications
• the shadow stack only holds return addresses.
• On a function call (CALL), the return address is
pushed to the regular stack and the shadow
stack.
• On a return (RET), SRAS pops and compares
the return address from both stacks.