Hardware Security & Latest R&D

RISE Funders & Universities

RISE Stakeholder Board (ISAB)

Standards & RegulationPotential labelling scheme for consumer IoT products 

Insecure ‘Smart’ Devices

Tech Republic’s list of the least secure connected devices - Feb 2018

Symantec IoT Report “InsecureRouters were the source of 75% of DDoS IoT attacks”- Apr 2019

Adapted from https://www.techrepublic.com/pictures/photos‐the‐11‐least‐secure‐connected‐devices/

Source: F‐Secure, April 2019

2014

IoT Threats 2002-2018• Mirai• Hajime• IoT Reaper• Hide N Seek• VPNFilter

• Mirai• Hajime• IoT Reaper• Hide N Seek• VPNFilter

The Internet of ‘Cloned’ Things

What about counterfeit devices and untrusted supply chains?• Globalisation of supply chains - use of overseas foundries, third party IP, third party test facilities

• Supply chains susceptible to a range of hardware-based security threats• Counterfeit devices could host malicious software, firmware or hardware

IEEE Spectrum, Oct 2013

Threat of Hardware Trojans

First successful real-world FPGA hardware Trojan insertion into a commercial product

Journal of Cryptographic Engineering, Sept 2017

The Big Hack (2018)

• Did it happen? No data• Is it technically plausible? Yes

Recent Vulnerabilities – SCA’s

November 2018: New Meltdown- and Spectre-type transient execution attacks uncovered that affect Intel, AMD and ARM devices Canella et al. “A Systematic Evaluation of Transient Execution Attacks and Defenses”, arXiv preprint [CVBS+ 18] 

Meltdown, Jan 2018 Spectre, Jan 2018 Zombieload, May 2019

RISE Spring School 2018 – Daniel Gruss

https://www.ukrise.org/springschool/programme/

• How do we detect counterfeit devices?

• How do we detect manipulated devices?

• Is it possible to build attack-resilient hardware platforms?

• How do we deal with untrusted manufacturing processes & untrusted supply chains?

Major Research Challenges

Need for Hardware Security

• Demand for Hardware Security research & innovation increasing with growing security needs in embedded & networking devices & cloud services

• A key driver is the Internet of Things (IoT) – everything is becoming a computer

• Multi-layered approach to security needed - establishing a trusted computing baseline that anchors trust in tamper-proof hardware

• A strong hardware security foundation essential for realising secure systems

Vision for RISE

RISE Research Challenges

Understanding Technologies Underpinning

Hardware Security

• State-of-the-art HW security primitives: TRNGs, PUFs• Novel HW analysis toolsets & techniques• Attack-resilient HW platforms, HW IP building blocks

RISE Research Challenges

Maintaining Confidence in

Security Throughout

Product Lifecycle

• Confidence in Developing Secure HW Devices• Supply Chain Confidence • Modelling of HW Security

RISE Research Challenges

• Combining Hardware Roots Of Trust (e.g. TPM, Tees) With Advanced Cryptographic Techniques (e.g. Identity- Or Attribute-based Encryption) To Offer Data-centric Security (e.g. Fido Alliance)

© https://fidoalliance.org

Novel HW Security

Use Cases & Value

Propositions

Can we develop novel applications based on hardware roots of trust?

Development & Pull Through(Barriers to Adoption)

Ease of Development & ease of leveraging best security option

Education of Potential User/Developer base

Understanding Barriers to Adoption

RISE Research Challenges

The RISE Projects

DeepSecurity: Applying Deep Learning to Hardware Security• Global supply chains for electronic devices are now considered to be

susceptible to a range of hardware-based threats• Hardware Trojans• Intellectual Property piracy• Integrated circuit (IC) overproduction• Side Channel attacks

• Major security threats to military, medical, government, transportation etc. • The proposed project will apply a deep learning approach to investigate

two of these threats namely the use of deep-learning in the context of side-channel attacks (SCA) and hardware Trojans (HT).

• Utilisation of deep learning based verification processes in Electronic Design Automation tools to provide feedback to designers on security of designs.

SCARV: A Side-Channel Hardened RISC-V Platform• RISC-V is an open source Instruction Set Architecture (ISA) design

• a specification for the instructions any compatible processor implementation should be able to execute, and the resources those instructions can access - the interface between the processor implementation (HW) and programs that execute on it (SW)

• Open source has resulted in rapid development of a rich support infrastructure including vibrant developer and user communities

• The research goals capitalise on this openness• Since RISC-V can be implemented by anyone, it is possible to develop a core

hardened against specific types of attack; the focus will be on the threat of SCAs.• Since RISC-V can be adapted by anyone, it is possible to develop various

cryptography-specific extensions of the ISA that offer e.g. higher efficiency.• An open "lab free" (i.e., cloud-based) acquisition and analysis workflow enabling easy

and efficient evaluation of side-channel security

IOSEC: Protection and Memory Safety for Input/Output Security• Re-architect I/O systems with security as a primary design constraint. • Investigate the weaknesses of current I/O and propose safer alternatives

• A survey of state-of-the-art access-control protections in current HW and SW designs• Assess utilisation of Input/Output Memory Management Units (IOMMUs)

• Develop a corpus of vector-specific attack techniques which future defences must prevent or mitigate.

• New techniques to restructure CPU-to-I/O interconnects to provide a message-based abstraction for untrustworthy devices

• New distributed-memory protection, enabling greater control of device access to host memory while improving security-performance tradeoffs.

• Hardware-software co-design methodology and FPGA prototyping• Evaluation of performance, complexity, compatibility, and security metrics

User-Controlled HW Security Anchors: Evaluation & Designs• Many modern processors are equipped with hardware extensions that

enable some kind of Trusted Execution Environment (TEE)• Primary objective is to promote and facilitate the adoption of TEE as the

main trust anchor for security architectures. • Evaluation of the security features of different TEE implementations including

assessment of cryptographic protocols, side-channel vulnerabilities, and implementation weaknesses.

• Strong hardware-based security mechanisms to improve both the strength and usability of authentication.

• Build an architecture for designing protocols and user experiences that leverage these hardware security primitives to enhance the security, manageability, and usability of user authentication

• Demonstration on suitable platforms including secure hardware, smart devices and integration with authentication tokens.

Supplementary Projects

rFAS - Reconfigurable FPGA Accelerator Sandboxing• A security infrastructure that allows trustworthy integration and execution

of partially reconfigurable FPGA hardware accelerators in a multi-tenant environment.

• A secure and encapsulated FPGA run-time environment that prevents modules from leaking information from other parts of a system or compromising the integrity of a system.

• This will be achieved through • traditional techniques such as memory protection mechanisms• a new configuration management unit that ensures encapsulation of partial modules

into allocated resources as well as through • a bitstream analysis tool (similar to a virus scanner known from software systems)

that detects malicious sections in FPGA configuration binaries to prevent configuration bitstreams of entering a system.

TimeTrust: Robust Timing via Hardware Roots of Trust and Non-standard Hardware –with Application to EMV Contactless Payments

• Relay attacks are a vulnerability with the view to e.g. steal a car with passive keyless entries.

• TimeTrust project views the protection of ubiquitous systems against strong forms of relay attacks and other proximity/timing-related attacks, via the use and extension of hardware roots of trust (HWRoT), such as, Trusted Platform Modules (TPM).

• These usages/extensions of HWRoT view new combinations of timing capabilities with cryptographic primitives and trusted-computing mechanisms.

• TimeTrust has a strong focus on cryptographic proofs and formal analysis. The main use-case of TimeTrust is contactless electronic payments.

GUPT: A Hardware-Assisted Secure & Private Data Analytics Service

• We increasingly rely on cyber-physical systems and online services based on “data-driven intelligence" requiring four important design properties

• Reliability• Real-time Performance• Scalability• Security & Privacy

• These use adhoc practices currently which are problematic and un-manageable• Proposal is to build an end-to-end system supporting design – development –

deployment of a wide range of data-driven intelligent applications (ML, data privacy & ethical experts)

Safebet: Memory Capabilities to Safe, Aggressive Speculation in Processors

• We wish to explore the promising approach of capability-based protection on the micro-architectural speculation of complex out-of-order cores to mitigate new speculative side-channel attacks similar to Spectre.

• We will establish a specification framework to describe safe speculation in a microarchitecture, and a verification framework to explore the speculative abilities of processor cores.

www.ukrise.org | info@ukrise.org | @UK_RISE

Thank you