Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.739

Study of Hardware AES Module Backdoor Detection through Formal Method  

Park, Jae-Hyeon (Center for Information Security Technologies(CIST), Korea University)
Kim, Seung-joo (Center for Information Security Technologies(CIST), Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 739-751 More about this Journal
Abstract
Security in embedded devices has become a significant issue. Threats on the sup-ply chain, like using counterfeit components or inserting backdoors intentionally are one of the most significant issues in embedded devices security. To mitigate these threats, high-level security evaluation and certification more than EAL (Evaluation Assurance Level) 5 on CC (Common Criteria) are necessary on hardware components, especially on the cryptographic module such as AES. High-level security evaluation and certification require detecting covert channel such as backdoors on the cryptographic module. However, previous studies have a limitation that they cannot detect some kinds of backdoors which leak the in-formation recovering a secret key on the cryptographic module. In this paper, we present an expanded definition of backdoor on hardware AES module and show how to detect the backdoor which is never detected in Verilog HDL using model checker NuSMV.
Keywords
hardware backdoor; formal method; model checker;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Matt Apuzzo, Michael S. Schmidt, "Serect Back Door in Some U.S. Phones Sent Data to China, Analyst Say", https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html?smid=nytcore-ipad-share&smprod=nytcore-ipad, The New York Times, Nov 2016.
2 IoT Analytics, "The Top 10 IoT Segments in 2018 - based on 1,600 real IoT projects", https://iot-analytics.com/top-10-iot-segments-2018-real-iot-projects/, Feb 2018.
3 Iris Heckmannm, Tina Comes, Stefan Nickel, "A Critical review on supply chain risk - Definition, measure and modeling", Omega 52, April 2015.
4 Huawei Cyber Security Evaluation Centre(HCSEC), "Huawei cyber security evaluation centre oversight board: annual report 2019", https://www.gov.uk/government/publications/huawei-cyber-security-evaluation-centre-oversight-board-annual-report-2019, HCSEC, March 2019
5 Jordan Robertson, Michael Rilley, Bloomberg Businessweek, "The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies", https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies?srnd=2018-the-big-hack, Oct 2018.
6 Symantec, "Internet Security Threat Report (ISTR) 2019", https://www.symantec.com/security-center/threat-report, Feb 2019.
7 Common Criteria, "Common Criteria for Information Technology Security Evaluation Part 3 : Security assurance components Version 3.1 Revision 5", April 2017.
8 Yin Zhang, Vern Paxson, "Detecting Backdoor", USENIX Security Symposium, Aug 2000.
9 Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, Giovanni Vigna, "Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware", NDSS, Feb 2015.
10 Felix Schuster, Thorsten Holz, "Towards Reducing the Attack Surface of Software Backdoors", 2013 ACM SIGSAC conference on Computer & communications security, pp. 851-862, CCS'13, Nov 2013.
11 Ryan Williams, Carla P. Comes, Bart Selman, "Backdoor to typical case complexity", IJCAI(International Joint Conference on Artificial Intelligence), volume 3, pp. 1173-1178, Aug 2003.
12 Sam Thomas, Aurelien Francillon, "Backdoors: Definition, Deniability and Detection", International Symposium on Research in Attacks, Intrusions and Defenses, pp. 92-103, Springer, Sep 2018.
13 Mohammad Tehranipoor, Farinaz Koushanfar, "A Survey of Hardware Trojan Taxonomy and Detection", IEEE Design & Test of Computers, volume 27, pp.10-25, IEEE, Feb 2010.
14 He Li, Qiang Liu, Jiliang Zhang, "A survey of hardware Trojan threat and defense", Integration the VLSI journal, volume 55, pp.426-437, ELSEVIER, Sep 2016.   DOI
15 Nisha Jacob, Dominik Merli, Johann Heyszl, Georg Sigl, "Hardware Trojans: current challenges and approaches", IET Computers & Digital Techniques, volume 8, pp. 264-273, IET, Nov 2014.   DOI
16 Julien Francq, Florian Frick, "Introduction to hardware Trojan detection methods", 2015 Design, Automation & Test in Europe Conference & Exhibition(DATE), pp. 770-775), EDA Consortium, March 2015.
17 Adam Waksman, Matthew Suozzo, Simha Sethumadhavan, "FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis", 2013 ACM SISGSAC conference on Computer & communications security, pp.697-708, CCS'13, Aug 2013.
18 Michael Rathmair, Florian Schupfer, Christian Krieg, "Applied Formal Methods for Hardware Trojan Detection", 2014 IEEE International Symposium on Circuits and Systems(ISCAS), pp.169-172, IEEE, July 2014.
19 Jie Zhang, Feng Yuan, Linxiao Wei, Yannan Liu, Qiang Xu, "VeriTrust: Verification for Hardware Trust", IEEE Transaction on Computer-Aided Design of Integrated Circuits and Systems, volume 34, pp.1148-1161, IEEE, July 2015.   DOI
20 Xuehui Zhang, Mohammad Tehranipoor, "Case Study: Detecting Hardware Trojans in Third-Party Digital IP Cores", 2011 IEEE International Symposium on Hardware-Oriented Security and Trust(HOST), pp. 67-70, IEEE, June 2011.
21 Adib Nahiyan, Mehdi Sadi, Rahul Vittal, Gustavo Contreras, Domenic Forte, Mark Tehranipoor, "Hardware Trojan Detection through Information Flow Security Verification", 2017 IEEE Internatioanl Test Conference (ITC), pp.1-10, IEEE, Oct 2017.
22 Mainak Banga, Michael S. Hsiao, "Trusted RTL: Trojan Detection Methodology in Pre-Silicon Designs", 2010 IEEE International Symposium on Hardware-Oriented Security and Trust(HOST), pp. 56-59, IEEE, June 2010.
23 Xiaolong Guo, Raj Gautam Dutta, Prabhat Mishra, Yier Jin, "Automatic RTL-to-formal code converter for IP security formal verification", 2016 17th International Workshop on Microprocessor and SOC Test and Verification (MTV), pp. 35-38. IEEE, Dec 2016.
24 Jeyavijayan Rajendran, Arunshankar Muruga Dhandayuthapany, Vivekananda Vedula, Ramesh Karri, "Formal Security Verification of Third Party Intellectual Property Cores for Information Leakage", 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID), pp.547-552, IEEE, Jan 2016.
25 Elaine Barker, "Recommendation for key management part 1: General (revision 3). NIST special publication, vol. 800-57, pp. 1-147, Jan 2016.
26 Mathieu Renauld, Francois-Xavier Standaert, Nicolas Veyrat-Charvillon, "Algebraic Side-Attacks on the AES: Why Time alse Matter in DPA", International Workshop on Cryptographic Hardware and Embedded Systems, pp. 97-111, Springer, Sep 2009.
27 Mohamed Saied Emam Mohamed, Stanislav Bulygin, Michael Zohner, Annelie Heuser, Michael Walter, Johannes Buchmann, "Improved Algebraic Side Channel Attack on AES", 2012 IEEE International Symposium on Hardware-Oriented Security and Trust(HOST), pp. 146-151), IEEE, June 2012.
28 Niels Ferguson, John KelseyStefan Lucks, Bruce Schneier, Mike Stay, David Wagner, Doug Whiting, "Improved Cryptanalysis of Rijindael", International Conference on Information Security and Cryptology, pp. 39-49, Springer, Dec 2001.
29 Eli Biham, Nathan Keller, "Cryptoanalysis of Reduced Variants of Rijndael", 3rd AES Conference, volume 230, April 2000.
30 Huseyin Demirci, Ali Aydin Selcuk, "A Meet-in-the-Middle Attack on 8-Round AES", International Workshop on Fast Software Encryption, pp. 116-126, Springer, Feb 2008.
31 Trust-hub, "Trojan Benchmarks", https://www.trust-hub.org/benchmarks/trojan, 2018.
32 Roberto Cavada, Alessandro Cimatti, Charles Arthur Jochim, Gavin Keighren, Emanuele Olivetti, Marco Pistore, Marco Roveri, Andrei Tchaltsev, "NuSMV 2.6 User Manual", CMU and ITC-irst, Oct 2015.
33 Xiaolong Guo, Raj Gautam Dutta, Prabhat Mishra, Yier Jin, "Scalable SoC trust verification using integrated theorem proving and model checking", 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 124-129. IEEE, May 2016.
34 Ahmed Irfan, Alessandro Cimatti, Alberto Griggio, Marco Roveri, Roverto Sebastiani, "Verilog2SMV: a tool for word-level verification", Proceedings of the 2016 Conference on Design, Automation & Test in Europe, pp. 1156-1159, EDA Consortium, March 2016.