Anci ent Greece TCAP Review Week 3. Geography Of Ancient Greece.
F ANCI : Identifying Malicious Ci r cuits
description
Transcript of F ANCI : Identifying Malicious Ci r cuits
![Page 1: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/1.jpg)
FANCI: Identifying Malicious Circuits
Presented by: Jayce Gaines
Slides adapted from:Adam Waksman
Matthew Suozzo Simha Sethumadhavan
Computer Architecture & Security Technologies LabDepartment of Computer Science
Columbia University
1
![Page 2: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/2.jpg)
How Much Do You Trust Hardware?
[1]
[2]
[3]
[4]
1) The Guardian 2012, 2) New York Times 2012, 3) The Register 2013, 4) Tech Review 2013
These are all actual headlines from 2012 and ’13:
![Page 3: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/3.jpg)
The Problem of Third-Party IP
16
190
(International Business Strategies, 2012)
![Page 4: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/4.jpg)
The Problem of Third-Party IP
Why is this a problem?
- Can you trust the third party?
- Will they add malicious back doors to your proprietary work?
- Can you be assured to find backdoors if they exist?
![Page 5: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/5.jpg)
Our Solution• Automatically identify malicious
circuits in third-party hardware design IP
.
.
.assign bus_x87_i = arg0 & arg1; always @(posedge clk) beginif (rst) data_store_reg7 <= 16’b0;else beginif (argcarry_i37 == 16’hbacd0013) begin data_store_reg7 <= 16’d7777;
endelse data_store_reg7 <=
data_value7; endendassign bus_x88_i = arg2 ^ arg3;assign bus_x89_i = arg4 | arg6 nor
arg5;...
![Page 6: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/6.jpg)
• Automatically identify malicious circuits in third-party hardware design IP• Engineers read few lines instead of
thousands or millions
.
.
.assign bus_x87_i = arg0 & arg1; always @(posedge clk) beginif (rst) data_store_reg7 <= 16’b0;else begin
if (argcarry_i37 == 16’hbacd0013) begin data_store_reg7 <= 16’d7777;
endelse data_store_reg7 <=
data_value7; endendassign bus_x88_i = arg2 ^ arg3;assign bus_x89_i = arg4 | arg6 nor
arg5;...
Our Solution
![Page 7: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/7.jpg)
Overview
• Motivation• Hardware can be evil, don’t live in
denial• Evil hardware is stealthy
• Algorithm• Rank by degree of stealth
• Results• No false negatives, pragmatic and
effective
• The Future of FANCI• How would we attack FANCI?
• Conclusions• Can we really use this tool today?
![Page 8: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/8.jpg)
What is FANCI?
FANCI – Functional Analysis for Nearly-unused Circuit Identification
- In the simplest form FANCI analyzes hardware designs and determines if there are any possible backdoors hidden in the design.
- The goal is to prevent these backdoors from making it past the first stages of hardware design, at which point it would be extremely costly and time consuming to fix.
- FANCI is show to do this automatically with great success.
![Page 9: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/9.jpg)
Backdoors: Fact #1
Backdoor = Trigger + Payload
Ex: AES Key Stealing Ciphertext Key Exfiltration
Instead of generating Ciphertext…0xba5eba11
d(0xba5eba11)
![Page 10: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/10.jpg)
Backdoors: Fact #1
Backdoor = Trigger + Payload
Ex: AES Key Stealing Ciphertext Key Exfiltration
…a backdoor can give access to the key!0xba5eba11
key
![Page 11: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/11.jpg)
Backdoors: Fact #2
Stealth
= Power
It’s easy to overlook well hidden or subtle backdoors. Especially ones that aren’t active!
![Page 12: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/12.jpg)
Backdoors: Fact #3
Validation != Security
With so much code it is not only possible, but likely that stealthy portions of code are not tested properly!
![Page 13: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/13.jpg)
What FANCI Does
• We need to catch stealthy circuits that validation is not able to catch.
• The goal is to take the burden off of validators and make an automatic tool that is able to easily find hidden code.
• We want to be able to do this with as little error as possible, avoiding false positives and negatives, and allowing for easy verification.
![Page 14: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/14.jpg)
What FANCI Does
It’s obvious that by design malicious code wants to be well concealed and buried in benign code to avoid detection.
![Page 15: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/15.jpg)
Identifying Stealthy Code• FANCI offers a new quantitative measure of
stealth• We rank wires in a circuit by stealth value.
• Any wire is connected to many other wires• Stealth value is computed from the control values of
all the wires its connected to.
![Page 16: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/16.jpg)
Defining Control
A B C OUT
1 1
0 1
1 0
0 0
1 1
0 0
1 0
0 1
Out = f(A, B, C)
How often does an input matter?
1 01 0
0 10 1
1 11 1
0 00 0
![Page 17: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/17.jpg)
How often does an input matter?
A B C OUT
1 1
0 1
1 0
0 0
1 1
0 0
1 0
0 1
C Matters?
YES
YES
NO
NO
1 01 0
0 10 1
1 11 1
0 00 0
Take C. We can see that in about 2 of 4 cases, it will impact the outcome.
![Page 18: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/18.jpg)
How often does an input matter?
A B C OUT
1 1
0 1
1 0
0 0
1 1
0 0
1 0
0 1
C Matters?
YES
YES
NO
NO
Control = #Observed / Total = 2/4 = 0.5
So, the effect of C on OUT is 0.5
1 01 0
0 10 1
1 11 1
0 00 0
![Page 19: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/19.jpg)
Larger Circuits
E OUT
1 1
0 1
1 1
0 0
1 0
0 1
E Matters?
YES
YES
NO
Control = #Observed / Total = 2/16 = 0.125
32 Rows16 Pairs
A B C D
1 1 1 11 1 1 0
1 1 1 11 1 1 1
0 0 0 00 0 0 0
However, with a larger set and more input values we get a much lower impact ratio.
![Page 20: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/20.jpg)
Larger Circuits
So what does this mean?
- With Larger sets of input it is easier to hide impact.
- A low chance of affecting output lends itself to stealthiness and makes it easier to hide malicious code. Thus it is given a higher stealth value.
- FANCI uses this stealth value to determine potential for maliciousness.
![Page 21: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/21.jpg)
Example: 4-to-1 Mux• Consider a real circuit (4-to-1
multiplexer)• How can we measure control?
![Page 22: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/22.jpg)
Example: 4-to-1 Mux• When does the output M depend on the value of A?
• When S1 and S2 = 0 (one fourth of cases)
• The total effect will be 0.25
0.25
0.25
0.25
0.25
![Page 23: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/23.jpg)
Example: 4-to-1 Mux
• M is dependent on S1 and sometimes affected• When A is different from C (and S2 = 0)
• When B is different from D (and S2 = 1)
• One half of cases (total effect = 0.5)
0.25
0.25
0.25
0.25
0.5 0.5
![Page 24: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/24.jpg)
Does This Look Suspicious?
M
A B C D S1
S2
0.25
0.25
0.25
0.25
0.5 0.5
0.25 0.25 0.25 0.25 0.50 0.50
![Page 25: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/25.jpg)
Does This Look Suspicious?
M
No.Because all control values are high and around the same range, it is unlikely that malicious code would be hidden here.
0.5 0.5
0.25 0.25 0.25 0.25 0.50 0.50A B C D S
1
S2
0.25
0.25
0.25
0.25
![Page 26: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/26.jpg)
Does This Look Suspicious?
0.25
0.25
0.25
0.25
6
{S}
2-63 0.5 0.5
M
A B C D ES1
S2
{S3-
66}
E2-65
0.25 0.25 0.25 0.252-65 0.50 0.50
2-63
Logic
4
Consider this Multiplexer. We now have 5 inputs and the range 3-66 for S, with values shown in the vector.
![Page 27: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/27.jpg)
Does This Look Suspicious?
0.250.25
0.25
0.25
{S}
2-63 0.5 0.5
M
A B C D ES1
S2
{S3-
66}
E2-65
Definitely yes.The control values of E and the range are suspicious due to how rarely they will change the value of M. Perfect for disguising malicious back-doors.
6
0.25 0.25 0.25 0.252-65 0.50 0.50
2-63
Logic
4
![Page 28: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/28.jpg)
Does This Look Suspicious?
0.250.25
0.25
0.25
{S}
2-63 0.5 0.5
M
A B C D ES1
S2
{S3-
66}
E2-65
Definitely yes.The control values of E and the range are suspicious due to how rarely they will change the value of M. Perfect for disguising malicious back-doors.
6
0.25 0.25 0.25 0.252-65 0.50 0.50
2-63
Logic
4
Just checking the min value is often not enough.Better heuristics are needed to evaluate the vector.
![Page 29: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/29.jpg)
Computing Stealth From Control
M
A B C D S1
S2
0.250.250.250.25
0.5 0.5
Mean(M) = (2.0 / 6) = 0.33Median(M) = 0.25Triviality(M) = 0.50
0.25 0.25 0.25 0.25 0.50 0.50
We use three different heuristics for evaluation.Mean, Median and Triviality.
-The Median in the context of backdoor triggers is often close to zero when low or unaffecting wires are present.-The Mean is sensitive to outliers. If there are few dependencies, and one of them is unaffecting, it is likely to get noticed, when compared to the control value.-Triviality is a weighted average of the values in the vector. Weighted by how often they are the only value affecting the output. If it is 0 or 1 it is trivial.
![Page 30: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/30.jpg)
Computing Stealth From Control
M
A B C D ES1
S2
{S3-
66}
Mean(M) = (2.0 / 71) = 0.03Median(M) = 2-63Triviality(M) = 0.50
0.250.250.25
0.25
2-65
6
{S}2-63 0.5 0.5
E
0.25 0.25 0.25 0.252-65 0.50 0.50
2-63
Logic
4
![Page 31: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/31.jpg)
Computing Stealth From Control
M
A B C D ES1
S2
{S3-
66}
Mean(M) = (2.0 / 71) = 0.03Median(M) = 2-63
Triviality(M) = 0.50
0.250.250.25
0.25
2-65
{S}2-63 0.5 0.5
E
6
Triviality detects more triggers. Mean/median detect more payloads.
0.25 0.25 0.25 0.252-65 0.50 0.50
2-63
Logic
4
Here we can see that the mean and median are affected greatly by potential payloads in the wires.
![Page 32: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/32.jpg)
Results• Stealth metrics are effective for existing benchmarks
• No false negatives for TrustHub benchmarks• TrustHub is a hardware backdoor benchmark used for testing
detection applications such as FANCI.
• Effective even on large designs• Able to process full (academic) microprocessor cores
• Efficient enough for modern designs• About 1 day to process an average sized module
• Can catch well-hidden backdoors• 100% coverage against “stealthy, malicious backdoors” (SSP
2011)
![Page 33: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/33.jpg)
Effectiveness On TrustHub
False positive rates for the four different metrics andfor TrustHub benchmarks. The RS232 group — which is the
smallest — has about 8% false positives. The others have much lower rates (less than 1%).
![Page 34: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/34.jpg)
How Would We Attack FANCI?
• Frequent-Action Backdoor• No stealth, requires incompetent/non-existent validation
engineers
• False Positive Flooding• Contrived design, requires naïve integration engineer
• Pathological Pipeline (State Explosion) Backdoor• Contrived design, requires naïve integration engineer
• Foundry (Physical/Parametric) Backdoor• Malicious device from benign design, requires malicious foundry
![Page 35: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/35.jpg)
Security Assurances
• Zero false negatives so far• Mathematical connection exists between stealth and
validation
• FANCI flags wires if and only if they are stealthy• Static and not probabilistic or dynamic
• Can operate on digital, synchronous design IP• Source code or gatelists
• Can achieve design-side security with minimal validation• Works well with current state of practice
![Page 36: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/36.jpg)
The Big Picture: Hardware Security
FANCI is designed to stop possible backdoors that cannot be detected by validation alone during early stages of device/hardware design. (Register Transfer Level Code, Design Synthesis, Physical Synthesis)
This can allow us to fix the issue or get a new third party to take over the IP design before the backdoor gets permanently integrated.
![Page 37: F ANCI : Identifying Malicious Ci r cuits](https://reader036.fdocuments.in/reader036/viewer/2022081513/5681399d550346895da1376b/html5/thumbnails/37.jpg)
Conclusions• Hardware backdoors: A serious, immediate threat
• Currently no way to certify trustworthiness• Causes tech. localization (increased costs)
• FANCI: Static analysis to identify suspicious circuits• Zero false negatives so far• Minimal reliance on validation personnel
• Current Status• Practical, ready for modern designs (e.g., AFRL, CSAW)• First hardware certification tool for trustworthy IP