1
HARDWARE SECURITY
EEC 492/592, CIS 493
Hands-on Experience on Computer System Security
Chan Yu
Cleveland State University
CONTENTS
Overview of Hardware security
Basics
FPGA (Field Programmable Gate Array)
VHDL (VHSIC Hardware Description Language)
* VHSIC: Very High Speed Integrated Circuits
2
CYBER SECURITY IS IMPORTANT
Widespread Internet and Network accesses
Good connectivity but easier attack
Cyber attack is a real problem
More and more people are being affected
Leading cause of financial losses: Hundreds of Billion Dollars
Software piracy
Virus
More severe for mission critical applications
battlefields
VARIOUS TYPES OF SECURITY ATTACKS
Intellectual property theft
Illegally copying software
Virus/Worms
Triggered by a special event, a malicious program can do harmful things
Trojans
Accessing the computer through a back door
Denial of service
3
HARDWARE SECURITY ATTACKS
Trace system from system bus, peripheral bus
Differential power/timing analysis
Build fake devices, device spoof (MOD chip)
Modify RAM
Replay bus signals
Fake bus signal injection
Trigger fake interrupts
Mod-ChipModify game
console to boot up all CD/DVDs!
DSP
Chip
BIOS
Chip
PROTECTED VIDEO PATH – USER
ACCESSIBLE BUS: ENCRYPTION (VISTA)
For DRM (digital rights management) content, digital outputs such as DVI and
HDMI will have High-bandwidth Digital Content Protection (HDCP) enabled,
to prevent someone from recording the digital stream.
In Vista, the control of PC video outputs is provided by PVP-OPM. However,
rather than being a software application programming interface, PVP-OPM
operates with the Windows media components in the protected environment.
Additionally, PVP-UAB (Protected Video Path - User-Accessible Bus) is used to
encrypt video and audio data as it passes over the PCI-Express bus, to prevent
it from being intercepted and copied on the way to the graphics card.
* https://en.wikipedia.org/wiki/Protected_Media_Path
4
SMART CARD
CPU
RAM
test logic
ROM
EEPROMserial i/o
interface
security
logic
databus
ROM: card operating system
RAM: ‘scratch pad’
EEPROM:
- cryptographic keys
– PIN code
– biometric template
– application code
1234 5678 8910
Anne Doe
SMART CARD ATTACKS
Communication
Command scan
File system scan
Invalid / inopportune requests
Crypt-analysis and protocol abuse
5
Smart Card Attack
Use of ‘hidden’ signalselectromagnetic emission
power consumption
timing
Insertion of signalspower glitches
electromagnetic pulses
peak
slope
time
Iddq
area
shape
FPGA
6
WHAT ARE PROGRAMMABLE CHIPS?
Can easily be customized via programming
Can be easily be re-programmed in case of problems
Other benefits: Instant turnaround, low starting cost and low risk
* Some slides borrowed from Dr. Hosszu Gabor
(http://nimrud.eet.bme.hu/cae)
WHY FPGA?
FPGA chips handle dense logic and memory
elements offering very high logic capacity
Uncommitted logic blocks are replicated in an
FPGA with interconnects and I/O blocks
7
FPGA
ALTERA DESIGN SOFTWARE
Software & Development Tools:
Quartus II
Stratix II, Stratix, Stratix GX, Cyclone, APEX II, APEX 20K/E/C, Excalibur, & Mercury Devices
FLEX 10K/A/E, ACEX 1K, FLEX 6000, MAX 7000S/AE/B, MAX 3000A Devices
Quartus II Web Edition
Free Version
Not All Features & Devices Included
MAX+PLUS® II
All FLEX, ACEX, & MAX Devices
8
NIOS: THE PROCESSOR IN SOFTWARE
A full 16/32 bit RISC processor in HDL (Hardware Description Language)
Available in Quartus and it can be targeted for all Altera FPGA’s
Programs can be written for Nios using open GNU pro tools
FPGA DESIGN CYCLE WITH ALTERA QUARTUS
Define a new project and enter the design using VHDL, Verilog or
AHDL languages. Or, Schematic diagrams
Compile and simulate the design.
Find and fix timing violations.
Get power consumption estimates
Perform synthesis
Download the design to FPGA using a programmer board
Quartus
Altera DE0
9
A SIMPLE FPGA MODEL
Made up of a 2-dim. array
of cells
Each cell has four faces
Signals can connect the
face of the tile and can be
individually configured for
input or output
FPGA STRUCTURE
Additionally, express buses are needed
The cell architecture is comprised of a
function unit that can assume any two
input logic function, a 2:1 multiplexer, or
a D-type flip-flop
Reset and clear signals are routed to
each cell
10
VHDL
SHORTLY ABOUT THE VHDL
VHDL is an acronym of VHSIC Hardware Description Language
A Formal Language for Specifying the Behavior and Structure of a
Digital Circuit
Allows Top-Down Design
* VHSIC: Very High Speed Integrated Circuits
11
OVERVIEW
Chip
VHDL STRUCTURE
Library
Definitions, constants
Entity (similar to “.h”)
Interface
Architecture (similar to “.c”)
Implementation, function
12
VHDL - LIBRARY
Include library
library IEEE;
Define the library package used
use IEEE.STD_LOGIC_1164.all;
Define the library file used
For example, STD_LOGIC_1164 defines ‘1’ as logic high and ‘0’ as logic low
output <= ‘1’; --Assign logic high to output
VHDL - ENTITY
It is the interface for
communication among different
modules / components and define
the signal port modes (INPUT
and OUTPUT)
Output 1
Output 2
Output n
Input 1
Input 2
Input n
…... …...
Entity
name
This is a black box that implemented bythe statements in Architecture
13
VHDL - ENTITY
Define INPUT, OUTPUT Port
entity test7 is
port ( inputa : in std_logic;
inputb : in std_logic;
output : out std_logic
);
end test7;
Entity name should be
same as the file name
DO NOT
have ; here
Top Related