惡意電路威脅之硬件木馬_風聞

The threat of malicious circuits - Hardware Trojans

Attacks based on the concealment of malicious hardware in integrated circuits have been nicknamed “Hardware Trojan”. A Trojan Horse is often described as malware that is made to look legitimate.

Hardware Trojans are becoming increasingly common and concerning in recent years due to growing numbers of attacks such as data theft and backdoor insertions into the electronics industry supply chain around the world. They have proven to be very dangerous and have the ability to maliciously modify the behavior of embedded chips.

CLASSIFICATION AND DETECTION OF HARDWARE TROJANS

Trojans are very hard to locate as they can be inserted anywhere in a microchip; one may for example be in the chip’s processor and another in its power supply.

Trojans can be implemented at different phases in the life-cycle, from the specification phase to the assembly and packaging phase. They also have different purposes once integrated. Indeed, some Trojans will seek to change the functionality of the chip, others will choose to degrade performance or completely deny service offered by the chip; some will prefer only to leak information.

A Trojan is usually composed of a payload part (the content of the malicious circuit) and a trigger part (to activate the malicious circuit).

What makes a Trojan so difficult to detect is that it has different types of activation mechanisms that vary from one Trojan to another. The detection of malicious hardware can almost be considered as a type of reverse engineering for detection purposes. Abnormal behavior that could affect the functioning of the circuit is investigated during the system evaluation.

DEALING WITH HARDWARE TROJANS

There are two methods to deal with Hardware Trojans; the reactive method and the proactive one.

The reactive method mostly consists in locating Hardware Trojans by first being aware of their presence in the system.

Analog detection can be used to try to find malicious hardware inside a system, either statically, i.e., by detecting visible components that are hidden on a printed circuit board or in the packaging; or dynamically, by looking for example at the electromagnetic activity of the system or other physical parameters to try to detect an unexpected phenomenon.

Using Sensors is also an effective reactive solution for locating Trojans. Indeed, when a Trojan is activated, the system begins to behave abnormally, which can potentially damage it and prevent it from working properly. Sensors can be used as a warning to notice such activities by detecting anomaly with a regular state-of-operation.

Some Hardware Trojans are actually composed of a combination of hardware and software vulnerabilities, that, when combined, can allow exploitation of the system. Hardware assertion methods involve identifying some high-level and critical behavioral invariants and checking them during circuit operation.

Although the reactive method of Trojan detection is effective, there is a constant need for additional trust. That is why some proactive methods are developed in the security sphere as they are particularly effective in detecting incoming attacks.

One of the proactive methods being developed is noticeably Machine Learning. The use of computer systems that can learn and adapt without following explicit instructions is key to the future of many topics, including Trojan detection. Since every Trojan is different, it can sometimes be difficult to define an exact method that can be applied to each case. Machine Learning can generate diverse and complex models and make decisions based on those models.

Another method is to protect the CPU directly by mitigating vulnerabilities and attacks targeting code execution or integrity induced by software code bugs, malicious activity or sought-after performances neglecting security. Attacks of this type are unique in that they engage both software and hardware; placing the protection layer in the hardware layer protects both. By escorting the program execution step by step, the method is able to detect any unexpected behavior of the CPU. Since it is not a method dedicated to a specific type of attack or Trojan, it is effective against any type of attack and any type of Trojan that would try to modify the behavior of the code execution.

The “encoded circuit” method is based on the observation that all integrated circuits are composed of two distinct parts: the combinational part and the sequential one. The sequential part includes the data and control registers which are easier to recognize on the IC layout because of their size. It is easier for an attacker to connect the Trojan to the sequential; therefore, this method aims at encoding and masking all sequential registers with Linear Boolean Code.

SECURE-IC FOR PROTECTING YOUR EMBEDDED CIRCUITS

As Hardware Trojans continue to be developed for nefarious purposes, it is Secure-IC’s duty to protect the devices against these new threats.

Secure-IC has developed LaboryzrTM to assess the weaknesses of a system against Hardware Trojan threats. It offers a multitude of services and use-cases, associating both proactive and reactive methods to detect and deal with Trojans such as reactive analog detection or machine learning.

On the protection and embedded detection side, Secure-IC has also implemented proactive and reactive methods, such as Cyber Escort UnitTM and Digital SensorTM combined with Secure-IC’s AI-based security monitoring technology Smart MonitorTM

以下是譯文：

通過在集成電路中隱藏惡意硬件來實施的攻擊行為稱為“硬件木馬”。特洛伊木馬通常描述為看起來合法的惡意軟件。

近年來，由於全球電子行業供應鏈中的數據盜竊和後門植入等攻擊越來越多，硬件木馬越來越普遍，也越來越令人擔憂。事實證明，這些攻擊非常危險，並能夠惡意修改嵌入式芯片的行為。

硬件木馬的分類和檢測

木馬很難被找出，因為它們可以插入微芯片中的任何地方；例如，可能在芯片的處理器中，也可能在芯片的電源中。

從規範階段到裝配和封裝階段，木馬可以在芯片的不同生命週期階段實施。集成後，它們的目的也不盡相同。事實上，有些木馬會試圖改變芯片的功能，有些會降低性能或完全拒絕芯片提供的服務；有些則只泄露信息。

木馬通常由有效負載部分（惡意電路的內容）和觸發部分（用於激活惡意電路）組成。

木馬之所以難以檢測，是因為它有不同類型的激活機制，並且不同木馬有不同的激活機制。對惡意硬件的檢測幾乎可以看作是一種出於檢測目的的逆向工程。在系統評估過程中，要對可能影響電路運行的異常行為進行調查。

硬件木馬的處理

處理硬件木馬有兩種方法；被動法和主動法。

被動法主要是首先意識到系統中存在硬件木馬，然後找出它們。

模擬檢測可用於嘗試發現系統內的惡意硬件，可以是靜態的（即檢測隱藏在印刷電路板上或封裝中的可見組件）；也可以是動態的（例如，通過觀察系統的電磁活動或其他物理參數來嘗試檢測異常現象）。

使用傳感器也是找出木馬的一種有效的被動式解決方案。事實上，當木馬被激活時，系統就會開始出現異常行為，這可能會損害系統並阻止其正常工作。傳感器可以作為一種警告，通過檢測正常運行狀態下的異常來提醒用户注意此類活動。

有些硬件木馬實際上由軟硬件漏洞組合而成，通過結合使用這些漏洞，攻擊者就可以侵入系統。硬件斷言法涉及到識別一些高級和關鍵的行為不變量，並在電路操作過程中進行檢查。

儘管被動式木馬檢測方法行之有效，但仍然需要持續地建立額外的信任。這就是為什麼在安全領域開發了一些主動式方法，因為它們在檢測來襲攻擊方面特別有效。

其中一個正在開發的主動式方法就是機器學習。使用在無需遵循明確指令的情況下就能進行學習和調整的計算機系統，是未來許多課題的關鍵，包括木馬檢測。由於每個木馬各不相同，有時很難定義一個適合所有案例的確切方法。機器學習可以生成多樣化的複雜模型，並根據這些模型做出決策。

另一種方法是直接保護CPU，減少針對由軟件代碼漏洞、惡意活動或一味追求性能而忽視安全性引起的代碼執行或完整性問題的漏洞和攻擊。這類攻擊很特殊，因為它們同時涉及軟件和硬件；將保護層放在硬件層則可以保護兩者。通過一步步為程序執行保駕護航，該方法能夠檢測到CPU的任何意外行為。由於這種方法不是專門針對特定類型的攻擊或木馬，因此它對任何類型的攻擊以及任何類型試圖修改代碼執行行為的木馬都有效。

“編碼電路”法基於所有集成電路都由兩個不同的部分組成：組合部分和序列部分。序列部分包括數據和控制寄存器，由於它們的尺寸，在集成電路布圖上更容易識別。攻擊者更容易將木馬連接到序列部分；因此，這種方法旨在用線性布爾代碼對所有序列寄存器進行編碼和屏蔽。

SECURE-IC助力保護嵌入式電路

隨着不斷有人出於險惡目的而開發出各種硬件木馬，Secure-IC的任務就是保護設備免受這些新的威脅。

Secure-IC開發了LaboryzrTM來評估系統在抵禦硬件木馬威脅時的弱點。它提供了多種服務和用例，將主動式和被動式方法結合起來，以檢測和處理木馬，比如被動式模擬檢測或機器學習。

在保護和嵌入式檢測方面，Secure-IC也實施了主動式和被動式方法，如Cyber Escort UnitTM和Digital SensorTM結合Secure-IC基於人工智能的安全監控技術Smart MonitorTM。

中國集成電路設計業2021年會暨無錫集成電路產業創新高峯論壇將於12月1日至2日在無錫太湖博覽中心舉行，Secure-IC 誠摯地邀請您蒞臨我們的展位072 ，共同探討嵌入式安全需求和方案，期待實現更好的交流與合作。

摩爾精英與Secure-IC是深度戰略合作伙伴，雙方合作包括安全IP和iSE解決方案、安全評估工具以及安全認證諮詢服務的代理，涵蓋的應用場景包括汽車電子、可信計算、AIoT和工業物聯網、電子健康、通信加密、安全交易、邊緣計算與雲、數字版權保護、身份認證、安全存儲、消費電子等領域。