Filter by type:

Sort by year:

Defensive Routing: a Preventive Layout-Level Defense Against Untrusted Foundries

Timothy Trippel, Kang G. Shin, Kevin B. Bush, and Matthew Hicks
Preprint CoRR, abs/1906.08842, June 2019.


Since the inception of the integrated circuit (IC), the size of the transistors used to construct them continually shrink. While this advancement significantly improves computing capability, the associated massive complexity forces IC designers to outsource fabrication. Outsourcing presents a security threat: comprehensive post-fabrication inspection is infeasible given the size of modern ICs, thus it is nearly impossible to know if the foundry has altered your design during fabrication (i.e., inserted a hardware Trojan). Defending against a foundry-side adversary is challenging because—with as little as two gates—hardware Trojans can completely undermine software security. Prior work attempts to both detect and prevent such foundry-side attacks, but all existing defenses are ineffective against the most advanced hardware Trojans.

We present Defensive Routing (DR), a preventive layout-level defense against untrusted foundries, capable of thwarting the insertion of even the stealthiest hardware Trojans. DR is directed and routing-centric: it prevents foundry-side attackers from connecting rogue wires to security-critical wires by shielding them with guard wires. Unlike shield wires commonly deployed for cross-talk reduction, DR guard wires present an additional technical challenge: they must be tamper-evident in both the digital and analog domains. To address this challenge, we present two different categories of guard wires: natural and synthetic. Natural guard wires are comprised of pre-existing wires that we route adjacent to security-critical wires, while synthetic guard wires are added to the design specifically to protect security-critical wires. Natural guard wires require no additional hardware and are digitally tamper-evident. Synthetic guard wires require additional hardware, but are tamper-evident in both the digital and analog domains.

We implement automated tools for deploying both types of guard wires in IC layouts of commercial complexity. We evaluate the protections provided by both natural and synthetic guard wires across thee different IC designs: a processor and AES and DSP accelerators. We then compare the efficacy of DR to existing placement-centric layout-level defenses. DR is shown to successfully defend against even the stealthiest hardware Trojans, across several designs, with less than 1% power, performance, and area overheads.

An Extensible Framework for Quantifying the Coverage of Defenses Against Untrusted Foundries

Timothy Trippel, Kang G. Shin, Kevin B. Bush, and Matthew Hicks
Preprint CoRR, abs/1906.08836, June 2019.


The transistors used to construct Integrated Circuits (ICs) continue to shrink. While this shrinkage improves performance and density, it also reduces trust: the price to build leading-edge fabrication facilities has skyrocketed, forcing even nation states to outsource the fabrication of high-performance ICs. Outsourcing fabrication presents a security threat because the black-box nature of a fabricated IC makes comprehensive inspection infeasible. Since prior work shows the feasibility of fabrication-time attackers’ evasion of existing post-fabrication defenses, IC designers must be able to protect their physical designs before handing them off to an untrusted foundry. To this end, recent work suggests methods to harden IC layouts against attack. Unfortunately, no tool exists to assess the effectiveness of the proposed defenses—meaning gaps may exist.

This paper presents an extensible IC layout security analysis tool called IC Attack Surface (ICAS) that quantifies defensive coverage. For researchers, ICAS identifies gaps for future defenses to target, and enables the quantitative comparison of existing and future defenses. For practitioners, ICAS enables the exploration of the impact of design decisions on an IC’s resilience to fabrication-time attack. ICAS takes a set of metrics that encode the challenge of inserting a hardware Trojan into an IC layout, a set of attacks that the defender cares about, and a completed IC layout and reports the number of ways an attacker can add each attack to the design. While the ideal score is zero, practically, our experience is that lower scores correlate with increased attacker effort.

To demonstrate ICAS’ ability to reveal defensive gaps, we analyze over 60 layouts of three real-world hardware designs (a processor and AES and DSP accelerators), protected with existing defenses. We evaluate the effectiveness of each circuit/defense combination against three attacks from the literature. Results show that some defenses are ineffective and others, while effective at reducing the attack surface, leave 10’s to 1000’s of unique attack implementations for an attacker to exploit.

WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks

Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu
Conference The 2nd IEEE European Symposium on Security & Privacy (EuroS&P), Paris, France, April 2017. (Acceptance Rate: 19.6%)


Cyber-physical systems depend on sensors to make automated decisions. Resonant acoustic injection attacks are already known to cause malfunctions by disabling MEMS-based gyroscopes. However, an open question remains on how to move beyond denial of service attacks to achieve full adversarial control of sensor outputs. Our work investigates how analog acoustic injection attacks can damage the digital integrity of a popular type of sensor: the capacitive MEMS accelerometer. Spoofing such sensors with intentional acoustic interference enables an out-of-spec pathway for attackers to deliver chosen digital values to microprocessors and embedded systems that blindly trust the unvalidated integrity of sensor outputs. Our contributions include (1) modeling the physics of malicious acoustic interference on MEMS accelerometers, (2) discovering the circuit-level security flaws that cause the vulnerabilities by measuring acoustic injection attacks on MEMS accelerometers as well as systems that employ on these sensors, and (3) two software-only defenses that mitigate many of the risks to the integrity of MEMS accelerometer outputs.

We characterize two classes of acoustic injection attacks with increasing levels of adversarial control: output biasing and output control. We test these attacks against 20 models of capacitive MEMS accelerometers from 5 different manufacturers. Our experiments find that 75% are vulnerable to output biasing, and 65% are vulnerable to output control. To illustrate end-to-end implications, we show how to inject fake steps into a Fitbit with a $5 speaker. In our self-stimulating attack, we play a malicious music file from a smartphone’s speaker to control the on-board MEMS accelerometer trusted by a local app to pilot a toy RC car. In addition to offering hardware design suggestions to eliminate the root causes of insecure amplification and filtering, we introduce two lowcost software defenses that mitigate output biasing attacks: randomized sampling and 180° out-of-phase sampling. These software-only approaches mitigate attacks by exploiting the periodic and predictable nature of the malicious acoustic interference signal. Our results call into question the wisdom of allowing microprocessors and embedded systems to blindly trust that hardware abstractions alone will ensure the integrity of sensor outputs.

Protecting Motion Sensors from Acoustic Injection Attack

Kevin Fu, Peter Honeyman, Timothy Trippel, and Ofir Weisse
Patent US Patent App. 16/303,495; Published: Nov. 29, 2018.


This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.