1

HARDWARE SECURITY

EEC 492/592, CIS 493

Hands-on Experience on Computer System Security

Chan Yu

Cleveland State University

CONTENTS

Overview of Hardware security

Basics

FPGA (Field Programmable Gate Array)

VHDL (VHSIC Hardware Description Language)

* VHSIC: Very High Speed Integrated Circuits

2

CYBER SECURITY IS IMPORTANT

Widespread Internet and Network accesses

Good connectivity but easier attack

Cyber attack is a real problem

More and more people are being affected

Leading cause of financial losses: Hundreds of Billion Dollars

Software piracy

Virus

More severe for mission critical applications

battlefields

VARIOUS TYPES OF SECURITY ATTACKS

Intellectual property theft

Illegally copying software

Virus/Worms

Triggered by a special event, a malicious program can do harmful things

Trojans

Accessing the computer through a back door

Denial of service

3

HARDWARE SECURITY ATTACKS

Trace system from system bus, peripheral bus

Differential power/timing analysis

Build fake devices, device spoof (MOD chip)

Modify RAM

Replay bus signals

Fake bus signal injection

Trigger fake interrupts

Mod-ChipModify game

console to boot up all CD/DVDs!

DSP

Chip

BIOS

Chip

PROTECTED VIDEO PATH – USER

ACCESSIBLE BUS: ENCRYPTION (VISTA)

For DRM (digital rights management) content, digital outputs such as DVI and

HDMI will have High-bandwidth Digital Content Protection (HDCP) enabled,

to prevent someone from recording the digital stream.

In Vista, the control of PC video outputs is provided by PVP-OPM. However,

rather than being a software application programming interface, PVP-OPM

operates with the Windows media components in the protected environment.

Additionally, PVP-UAB (Protected Video Path - User-Accessible Bus) is used to

encrypt video and audio data as it passes over the PCI-Express bus, to prevent

it from being intercepted and copied on the way to the graphics card.

* https://en.wikipedia.org/wiki/Protected_Media_Path

4

SMART CARD

CPU

RAM

test logic

ROM

EEPROMserial i/o

interface

security

logic

databus

ROM: card operating system

RAM: ‘scratch pad’

EEPROM:

- cryptographic keys

– PIN code

– biometric template

– application code

1234 5678 8910

Anne Doe

SMART CARD ATTACKS

Communication

Command scan

File system scan

Invalid / inopportune requests

Crypt-analysis and protocol abuse

5

Smart Card Attack

Use of ‘hidden’ signalselectromagnetic emission

power consumption

timing

Insertion of signalspower glitches

electromagnetic pulses

peak

slope

time

Iddq

area

shape

FPGA

6

WHAT ARE PROGRAMMABLE CHIPS?

Can easily be customized via programming

Can be easily be re-programmed in case of problems

Other benefits: Instant turnaround, low starting cost and low risk

* Some slides borrowed from Dr. Hosszu Gabor

(http://nimrud.eet.bme.hu/cae)

WHY FPGA?

FPGA chips handle dense logic and memory

elements offering very high logic capacity

Uncommitted logic blocks are replicated in an

FPGA with interconnects and I/O blocks

7

FPGA

ALTERA DESIGN SOFTWARE

Software & Development Tools:

Quartus II

Stratix II, Stratix, Stratix GX, Cyclone, APEX II, APEX 20K/E/C, Excalibur, & Mercury Devices

FLEX 10K/A/E, ACEX 1K, FLEX 6000, MAX 7000S/AE/B, MAX 3000A Devices

Quartus II Web Edition

Free Version

Not All Features & Devices Included

MAX+PLUS® II

All FLEX, ACEX, & MAX Devices

8

NIOS: THE PROCESSOR IN SOFTWARE

A full 16/32 bit RISC processor in HDL (Hardware Description Language)

Available in Quartus and it can be targeted for all Altera FPGA’s

Programs can be written for Nios using open GNU pro tools

FPGA DESIGN CYCLE WITH ALTERA QUARTUS

Define a new project and enter the design using VHDL, Verilog or

AHDL languages. Or, Schematic diagrams

Compile and simulate the design.

Find and fix timing violations.

Get power consumption estimates

Perform synthesis

Download the design to FPGA using a programmer board

Quartus

Altera DE0

9

A SIMPLE FPGA MODEL

Made up of a 2-dim. array

of cells

Each cell has four faces

Signals can connect the

face of the tile and can be

individually configured for

input or output

FPGA STRUCTURE

Additionally, express buses are needed

The cell architecture is comprised of a

function unit that can assume any two

input logic function, a 2:1 multiplexer, or

a D-type flip-flop

Reset and clear signals are routed to

each cell

10

VHDL

SHORTLY ABOUT THE VHDL

VHDL is an acronym of VHSIC Hardware Description Language

A Formal Language for Specifying the Behavior and Structure of a

Digital Circuit

Allows Top-Down Design

* VHSIC: Very High Speed Integrated Circuits

11

OVERVIEW

Chip

VHDL STRUCTURE

Library

Definitions, constants

Entity (similar to “.h”)

Interface

Architecture (similar to “.c”)

Implementation, function

12

VHDL - LIBRARY

Include library

library IEEE;

Define the library package used

use IEEE.STD_LOGIC_1164.all;

Define the library file used

For example, STD_LOGIC_1164 defines ‘1’ as logic high and ‘0’ as logic low

output <= ‘1’; --Assign logic high to output

VHDL - ENTITY

It is the interface for

communication among different

modules / components and define

the signal port modes (INPUT

and OUTPUT)

Output 1

Output 2

Output n

Input 1

Input 2

Input n

…... …...

Entity

name

This is a black box that implemented bythe statements in Architecture

13

VHDL - ENTITY

Define INPUT, OUTPUT Port

entity test7 is

port ( inputa : in std_logic;

inputb : in std_logic;

output : out std_logic

);

end test7;

Entity name should be

same as the file name

DO NOT

have ; here