Posted November 8th, 2011
New design techniques to protect vulnerable hardware from malicious manufacturing flaws have been developed by researchers at Polytechnic Institute of New York University (NYU-Poly) and the University of Connecticut with some help from the crowd.
Ramesh Karri, NYU-Poly professor of electrical and computer engineering, explains that most engineers design systems under the assumption that the underlying hardware is trustworthy; in other words, free of malicious elements. That assumption, he says, is false.
In May 2010, for example, the FBI’s Operation Network Raider seized more than 700 pieces of counterfeit Cisco network hardware and labels with an estimated retail value of more than $143 million. While that scheme was likely conceived for financial gain, designers of integrated circuits, or microchips, also need to protect military, financial, transportation and other critical digital infrastructure from Trojans inserted by intruders with other criminal or military intentions. Like the Trojan horses of Greek mythology, cyber Trojans appear to be harmless but instead steal information or harm a system once it is in operation.
Karri and researchers from the University of Connecticut developed new techniques that designers can use to defend against weaknesses in the supply chain, which typically includes an overseas manufacturer and often stretches across the globe. Their new “design for trust” techniques update the well established “design for manufacturability” and “design for testability” mantras. They were outlined in two IEEE Computer Magazine articles, “Trustworthy Hardware: Trojan Detection and Design-for-Trust Challenges,” and “Trustworthy Hardware: Identifying and Classifying Hardware Trojans.”
“The ‘design for trust’ techniques build on existing design and testing methods,” explains Karri.
One such technique involves ring oscillators, which are sets of odd numbered, inverting logic gates that designers use to ensure an integrated circuit’s reliability. Circuits with ring oscillators produce specific frequencies based on the arrangement of ring oscillators. Trojans alter the original design’s frequencies and alert testers to a compromised circuit. However, sophisticated criminals could account for the frequency change in their Trojan design and implementation. Karri and his team suggest designers thwart their tactics by creating more variants of ring oscillator arrangements than criminals can keep track of, making it harder for them to implant a Trojan without testers detecting it.
Unlike microbiologists with relatively easy access to sample viruses, Karri and other hardware security researchers cannot study ample real-world Trojans because companies and governments are reluctant to share infected hardware for reasons of intellectual property, national security or fear of embarrassment. So Karri and his colleagues turned to the crowd to collect sample Trojans that informed their design-for-trust techniques.
Graduate and undergraduate students from across the country build and detect hardware Trojans for the Embedded Systems Challenge, part of NYU-Poly’s annual Cyber Security Awareness Week (CSAW) white-hat hacking competition. Karri and his team analyzed a diverse collection of 58 submissions from the 2008 competition and developed a taxonomy that is helping to standardize metrics for evaluating Trojans.
Crowdsourcing Trojans benefits the team’s research and will help guide future researchers and practitioners, according to Jeyavijayan Rajendran, an NYU-Poly electrical and computer engineering doctoral candidate and co-author. Rajendran was the 2009 winner of the Embedded Systems Challenge and has been the student leader of the national challenge since then. In the 2010 competition, Rajendran’s 2009-winning defense was successfully attacked. “I went back and studied the vulnerabilities and developed additional techniques to fix them,” he says. “The Embedded Systems Challenge changed my research process. Now I am not only thinking from a defender's point of view, but I am also thinking from an attacker's point of view.”
Trojans from the Embedded Systems Challenge and the design-for-trust techniques are available on TrustHub.org, a National Science Foundation (NSF) funded site created to encourage community building and knowledge exchange among hardware security researchers and professionals. NYU-Poly is one of four cybersecurity research institutions that founded the site.
In addition to the NSF, the Air Force Research Laboratory supports Karri and his team’s research at NYU-Poly. The final rounds of the 2011 NYU-Poly CSAW challenges will be held Nov. 9 – 11, 2011, in Brooklyn. To register, visit http://engineering.nyu.edu/csaw2011.
Polytechnic Institute of New York University (formerly Polytechnic University), an affiliate of New York University, is a comprehensive school of engineering, applied sciences, technology and research, and is rooted in a 157-year tradition of invention, innovation and entrepreneurship: i2e. The institution, founded in 1854, is the nation’s second-oldest private engineering school. In addition to its main campus in New York City at MetroTech Center in downtown Brooklyn, it also offers programs at sites throughout the region and around the globe. Globally, NYU-Poly has programs in Israel, China and is an integral part of NYU's campus in Abu Dhabi. For more information, visit engineering.nyu.edu.