Abstract
Finite state machines (FSMs) control the functionality of System-on-Chip (SoC) designs. The security and trustworthiness of SoCs can be compromised by exploring the vulnerabilities of their FSMs. Any deviation from the specification of FSMs can endanger the security and trustworthiness of SoCs. This is a critical concern when an FSM is responsible for controlling the usage or propagation of protected information (e.g., secret keys) in a secure component. FSM vulnerabilities may be introduced by a rogue designer or an attacker who inserts hardware Trojans in the FSM implementation. Traditional FSM design flows as well as CAD tools may create unintentional security vulnerabilities in FSM designs (e.g., when a synthesis tool is trying to optimize a gate-level netlist). These vulnerabilities can also be introduced unintentionally by a CAD tool. In this chapter, we present an efficient formal analysis framework based on symbolic algebra to find FSM vulnerabilities. The proposed method tries to find inconsistencies between the specification and FSM implementation through manipulation of respective polynomials. Security properties (such as a safe transition to a protected state) are derived using specification polynomials and verified against implementation polynomials. In case of a failure, the vulnerability is reported. While existing methods can verify legal transitions, the proposed approach tries to solve the important and non-trivial problem of detecting illegal accesses to the design states (e.g., protected states).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
J. Backer, D. Hély, R. Karri, Secure design-for-debug for systems-on-chip, in IEEE International Test Conference (ITC) (IEEE, Piscataway, 2015), pp. 1–8
E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in Annual International Cryptology Conference (Springer, Berlin, 1997), pp. 513–525
E. Brickell, A survey of hardware implementations of RSA, in Advances in CryptologyCRYPTO89 Proceedings (Springer, Berlin, 1990), pp. 368–370
D. Cox, J. Little, D. O’shea, in Ideals, Varieties, and Algorithms, vol. 3 (Springer, Berlin, 1992)
C. Dunbar, G. Qu, Designing trusted embedded systems from finite state machines. ACM Trans. Embed. Comput. Syst. (TECS) 13(5s), 153, 2014
F. Farahmandi, Y. Huang, P. Mishra, Trojan localization using symbolic algebra, in Design Automation Conference (ASP-DAC), 2017 22nd Asia and South Pacific (IEEE, Piscataway, 2017), pp. 591–597
N. Fern, K.-T.T. Cheng, Detecting hardware trojans in unspecified functionality using mutation testing, in Proceedings of the IEEE/ACM International Conference on Computer-Aided Design (IEEE, Piscataway, 2015), pp. 560–566
X. Guo, R.G. Dutta, P. Mishra, Y. Jin, Scalable SoC trust verification using integrated theorem proving and model checking, in IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (IEEE, Piscataway, 2016)
https://www.synopsys.com/support/training/rtl-synthesis/design-compiler.html
Y. Huang, S. Bhunia, P. Mishra, MERS: statistical test generation for side-channel analysis based trojan detection, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (ACM, New York, 2016), pp. 130–141
R. Karri, J. Rajendran, K. Roseland, M. Tehranipoor, Trustworthy hardware: identifying and classifying hardware trojans, in IEEE Computer (IEEE, Piscataway, 2010), pp. 39–46
P.C. Kocher, Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems, in Annual International Cryptology Conference (Springer, Berlin, 1996), pp. 104–113
P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Annual International Cryptology Conference (Springer, Berlin, 1999), pp. 388–397
S.C. Ma, P. Franco, E.J. McCluskey, An experimental chip to evaluate test techniques experiment results, in Proceedings, International Test Conference, 1995 (IEEE, Piscataway, 1995), pp. 663–672
T. Meade, S. Zhang, Y. Jin, Netlist reverse engineering for high-level functionality reconstruction, in 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC) (IEEE, Piscataway, 2016), pp. 655–660
A. Nahiyan, K. Xiao, K. Yang, Y. Jin, D. Forte, M. Tehranipoor, AVFSM: a framework for identifying and mitigating vulnerabilities in FSMS, in Design Automation Conference (DAC), 2016 53nd ACM/EDAC/IEEE (IEEE, Piscataway, 2016), pp. 1–6
A. Nahiyan, F. Farahmandi, D. Forte, P. Mishra, M. Tehranipoor, Security-aware FSM Design Flow for Identifying and Mitigating Vulnerabilities to Fault Attacks, in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) (IEEE, Piscataway, 2018)
OpenCores. http://opencores.org
J. Rajendran, V. Vedula, R. Karri, Detecting malicious modifications of data in third-party intellectual property cores, in Proceedings of the 52nd Annual Design Automation Conference (ACM, New York, 2015), p. 112
X. Sun, P. Kalla, F. Enescu, Word-level traversal of finite state machines using algebraic geometry, in 2016 IEEE International High Level Design Validation and Test Workshop (HLDVT) (IEEE, Piscataway, 2016), pp. 142–149
B. Sunar, G. Gaubatz, E. Savas, Sequential circuit design for embedded cryptographic applications resilient to adversarial faults. IEEE Trans. Comput. 57(1), 126–138 (2008)
Z. Wang, M. Karpovsky, Robust fsms for cryptographic devices resilient to strong fault injection attacks, in 2010 IEEE 16th International On-Line Testing Symposium (IEEE, Piscataway, 2010), pp. 240–245
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Farahmandi, F., Huang, Y., Mishra, P. (2020). Vulnerability Assessment of Controller Designs. In: System-on-Chip Security. Springer, Cham. https://doi.org/10.1007/978-3-030-30596-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-30596-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30595-6
Online ISBN: 978-3-030-30596-3
eBook Packages: EngineeringEngineering (R0)