Abstract
Over the past decades, the exponentially high rate of growth in number of connected devices has been accompanied by the discovery of new security loopholes, vulnerabilities and attacks in the network infrastructure. The original ethernet protocol was not designed considering the security aspect of the network architecture. In order to improve the security of the ethernet, many solutions and standards have been proposed. The IEEE 802.1AE Media Access Control Security (MACSec) standard is one of the most recent link layer security protocols which provides encryption and authentication between two network interfaces for secure next-generation deployments. In this paper we present a network packet redirection attack on a MACSec enabled NetFPGA-SUME based ethernet switch, by means of a Hardware Trojan (HT). The HT design is based on a probabilistic counter update mechanism with multiple triggers which eventually affects the way in which a network packet flows through the switch. In particular, an activated HT redirects a packet to an incorrect port, and in turn to a malicious eavesdropper. The proposed HT evades most of the recent hardware trust verification schemes. We present the complete architecture of the proposed MACSec enabled ethernet switch, followed by the design and mode of operation of the HT with promising experimental results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bhunia, S., et al.: Protection against hardware Trojan attacks: towards a comprehensive solution. IEEE Des. Test 30(3), 6–17 (2013)
Carnevale, B., Falaschi, F., Crocetti, L., Hunjan, H., Bisase, S., Fanucci, L.: An implementation of the 802.1AE MAC security standard for in-car networks. In: 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), pp. 24–28 (2015)
Chakraborty, R.S., Narasimhan, S., Bhunia, S.: Hardware Trojan: threats and emerging solutions. In: Proceedings of the IEEE International High Level Design Validation and Test Workshop (HLDVT 2009), pp. 166–171. IEEE (2009)
Chakraborty, R.S., Wolff, F., Paul, S., Papachristou, C., Bhunia, S.: MERO: a statistical approach for hardware Trojan detection. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 396–410. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_28
Chen, H., Chen, Y., Summerville, D.H.: A survey on the application of FPGAs for network infrastructure security (2011)
Chen, Z., Guo, X., Nagesh, R., Reddy, A., Gora, M., Maiti, A.: Hardware Trojan designs on BASYS FPGA board. In: Embedded System Challenge Contest in Cyber Security Awareness Week-CSAW (2008)
CISCO Ethernet Encryption for High Speed WAN deployments (2018). https://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Security/MACsec/WP-High-Speed-WAN-Encrypt-MACsec.pdf
Cruz, J., Farahmandi, F., Ahmed, A., Mishra, P.: Hardware Trojan detection using ATPG and model checking. In: 2018 31st International Conference on VLSI Design and 2018 17th International Conference on Embedded Systems (VLSID), pp. 91–96, January 2018. https://doi.org/10.1109/VLSID.2018.43
Dice, D., Lev, Y., Moir, M.: Scalable statistics counters. In: Proceedings of the Twenty-Fifth Annual ACM Symposium on Parallelism in Algorithms and Architectures, SPAA 2013, pp. 43–52. ACM, New York (2013). https://doi.org/10.1145/2486159.2486182. http://doi.acm.org/10.1145/2486159.2486182
Guo, X., Dutta, R.G., Jin, Y., Farahmandi, F., Mishra, P.: Pre-silicon security verification and validation: a formal perspective. In: 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1–6, June 2015. https://doi.org/10.1145/2744769.2747939
Haider, S.K., Jin, C., Ahmad, M., Shila, D.M., Khan, O., van Dijk, M.: Advancing the State-of-the-Art in Hardware Trojans Detection. IEEE Trans. Dependable Secur. Comput. 16(1), 18–32 (2019). https://doi.org/10.1109/TDSC.2017.2654352
Haider, S.K., Jin, C., van Dijk, M.: Advancing the state-of-the-art in hardware Trojans design. CoRR abs/1605.08413 (2016). http://arxiv.org/abs/1605.08413
Hicks, M., Finnicum, M., King, S.T., Martin, M.M.K., Smith, J.M.: Overcoming an untrusted computing base: detecting and removing malicious hardware automatically. In: 2010 IEEE Symposium on Security and Privacy, pp. 159–172, May 2010. https://doi.org/10.1109/SP.2010.18
IEEE Standard for Local and metropolitan area networks–Port-Based Network Access Control (2010)
IEEE Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Security (2006)
Indukuri, N.R.: Layer 2 security for smart grid networks. In: 2012 IEEE International Conference on Advanced Networks and Telecommunciations Systems (ANTS), pp. 99–104 (2012)
Johnson, A.P., Saha, S., Chakraborty, R.S., Mukhopadhyay, D., Gören, S.: Fault attack on AES via hardware Trojan insertion by dynamic partial reconfiguration of FPGA over ethernet. In: Proceedings of the 9th Workshop on Embedded Systems Security, WESS 2014, pp. 1:1–1:8 (2014)
Kiravuo, T., Sarela, M., Manner, J.: A survey of ethernet LAN security. IEEE Commun. Surv. Tutor. 15(3), 1477–1491 (2013)
Koteshwara, S., Das, A., Parhi, K.K.: FPGA implementation and comparison of AES-GCM and Deoxys authenticated encryption schemes. In: 2017 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1–4 (2017)
Krieg, C., Wolf, C., Jantsch, A.: Malicious LUT: a stealthy FPGA Trojan injected and triggered by the design flow. In: 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 1–8, November 2016. https://doi.org/10.1145/2966986.2967054
Lin, L., Burleson, W., Paar, C.: MOLES: malicious off-chip leakage enabled by side-channels. In: Proceedings of the 2009 International Conference on Computer-Aided Design, pp. 117–122. ACM (2009)
NetFPGA SUME’s Reference Switch Design (2018). https://github.com/NetFPGA/NetFPGA-SUME-public/wiki/NetFPGA-SUME-Reference-Learning-Switch
Rajendran, J., Dhandayuthapany, A.M., Vedula, V., Karri, R.: Formal security verification of third party intellectual property cores for information leakage. In: 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID), pp. 547–552, January 2016. https://doi.org/10.1109/VLSID.2016.143
Riley, N., Zilles, C.: Probabilistic counter updates for predictor hysteresis and bias. IEEE Comput. Archit. Lett. 5(1), 18–21 (2006)
Rostami, M., Koushanfar, F., Karri, R.: A primer on hardware security: models, methods, and metrics. Proc. IEEE 102(8), 1283–1295 (2014)
Sturton, C., Hicks, M., Wagner, D., King, S.T.: Defeating UCI: building stealthy and malicious hardware. In: 2011 IEEE Symposium on Security and Privacy, pp. 64–77, May 2011
Tehranipoor, M., Karri, R., Koushanfar, F., Potkonjak, M.: Trust-Hub (2019). http://trust-hub.org
The NetFPGA Project (2018). https://netfpga.org/
Waksman, A., Suozzo, S., Sethumadhavan, S.: FANCI: identification of stealthy malicious logic using Boolean functional analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 697–708 (2013). https://doi.org/10.1145/2508859.2516654
Xiao, K., Forte, D., Jin, Y., Karri, R., Bhunia, S., Tehranipoor, M.: Hardware Trojans: lessons learned after one decade of research. ACM Trans. Des. Autom. Electron. Syst. 22(1), 6:1–6:23 (2016)
Xilinx AXI Protocol Reference Guide (2018). https://www.xilinx.com/support/documentation/ip_documentation/ug761_axi_reference_guide.pdf
Xilinx AXI4-Stream Infrastructure IP Suite (2018). https://www.xilinx.com/support/documentation/ip_documentation/axis_infrastructure_ip_suite/v1_1/pg085-axi4stream-infrastructure.pdf
Zhang, J., Xu, Q.: On hardware Trojan design and implementation at register-transfer level. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 107–112, June 2013. https://doi.org/10.1109/HST.2013.6581574
Zhang, J., Yuan, F., Xu, Q.: DeTrust: defeating hardware trust verification with stealthy implicitly-triggered hardware trojans. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 153–166. ACM (2014)
Zilberman, N., Audzevich, Y., Kalogeridou, G., Manihatty-Bojan, N., Zhang, J., Moore, A.: NetFPGA: rapid prototyping of networking devices in open source. SIGCOMM Comput. Commun. Rev. 45(4), 363–364 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Govindan, V., Koteshwara, S., Das, A., Parhi, K.K., Chakraborty, R.S. (2019). ProTro: A Probabilistic Counter Based Hardware Trojan Attack on FPGA Based MACSec Enabled Ethernet Switch. In: Bhasin, S., Mendelson, A., Nandi, M. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2019. Lecture Notes in Computer Science(), vol 11947. Springer, Cham. https://doi.org/10.1007/978-3-030-35869-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-35869-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-35868-6
Online ISBN: 978-3-030-35869-3
eBook Packages: Computer ScienceComputer Science (R0)