Kurt Rosenfeld

Trustworthy Hardware: Identifying and Classifying Hardware Trojans

For reasons of economy, critical systems will inevitably depend on electronics made in untrusted factories. A proposed new hardware Trojan taxonomy provides a first step in better understanding existing and potential threats.

Attacks and Defenses for JTAG

JTAG is a well-known standard mechanism for in-field test. Although it provides high controllability and observability, it also poses great security challenges. This article analyzes various attacks and proposes protection schemes.

Trustworthy Hardware: Trojan Detection and Design-for-Trust Challenges

Globalization of the semiconductor industry and associated supply chains have made integrated circuits increasingly vulnerable to Trojans. Researchers must expand efforts to verify trust in intellectual property cores and ICs.

Sensor physical unclonable functions

We propose a novel variety of sensor that extends the functionality of conventional physical unclonable functions to provide authentication, unclonability, and verification of a sensed value. This new class of device addresses the vulnerability in typical sensing systems whereby an attacker can spoof measurements by interfering with the analog signals that pass from the sensor element to the embedded microprocessor. The concept can be applied to any type of analog sensor.

Security-aware SoC test access mechanisms

Test access mechanisms are critical components in digital systems. They affect not only production and operational economics, but also system security. We propose a security enhancement for system-on-chip (SoC) test access that addresses the threat posed by untrustworthy cores. The scheme maintains the economy of shared wiring (bus or daisy-chain) while achieving most of the security benefits of star-topology test access wiring. Using the proposed scheme, the tester is able to establish distinct cryptographic session keys with each of the cores, significantly reducing the exposure in cases where one or more of the cores contains malicious or otherwise untrustworthy logic. The proposed scheme is out of the functional path and does not affect functional timing or power consumption.

A Study of the Robustness of PRNU-based Camera Identification

We investigate the robustness of PRNU-based camera identification in cases where the test images have been passed through common image processing operations. We address the issue of whether current camera identification systems remain effective in the presence of a nontechnical, mildly evasive photographer who makes efforts at circumvention using only standard and/or freely available software. We study denoising, recompression, out-of-camera demosaicing.

Security challenges during VLSI test

VLSI testing is a practical requirement, but unless proper care is taken, features that enhance testability can reduce system security. Data confidentiality and intellectual property protection can be breached through testing security breaches. In this paper we review testing security problems, focusing on the scan technique. We then present some countermeasures which have recently been published and we discuss their characteristics.

Volleystore: A Parasitic Storage Framework

We present Volleystore, a filesystem that stores data on network equipment and servers without any authorization, yet without compromising the systems that are used. This is achieved by exploiting the echo functionality present in most standard Internet protocols. Various issues concerning the design of a parasitic storage system are addressed and a practical system based on Internet Control Message Protocol (ICMP) echo messages is demonstrated. We present an analysis of storage capacity and latency limits for various configurations of the system. We also describe a proof-of-concept implementation of the system and show that one can indeed store data using Volleystore for a reasonable lengths of time. Finally, we suggest defenses against parasitic storage, both abstractly in economic terms and concretely in technical terms.

A secure design-for-test infrastructure for lifetime security of SoCs

Modular design of a system-on-chip (SoC) exposes intellectual property (IP) and SoC assets to attacks in test, debug, and functional modes. We enhance the SoC Design-for-Test (DfT) infrastructure with security countermeasures to thwart these attacks. We first secure IP and SoC assets from attacks in test and debug modes, then reuse the DfT infrastructure to detect attacks in functional mode.

Security and Testing

Test interfaces are present in nearly all digital hardware. In many cases, the security of the system depends on the security of the test interfaces. Systems have been hacked in the field using test interfaces as an avenue for attack. Researchers in industry and academia have developed defenses over the past 20 years. A diligent designer can significantly reduce the chance of system exploitation by understanding known threats and applying known defenses.