Wednesday 6 May 2015

HARDWARE SECURITY


For any electronic system to be secure it not only need to  have secure software but also need to be secure at the  Hardware level and Hardware security is an emerging issue.lets understand the difference between a secure and insecure system with the help of an example
Lets say we have to implement a 3 input encoder that assigns a 2-bit code to each of the three different input combinations. Here X,Y,Z are the inputs to the system and a and b are the outputs

If we look at the table we have used only 3 combinations of  X Y Z but there are 2^3 = 8 combinations possible with these inputs. But here the rest of the inputs are don't care .
If you will solve this system using K-map you will find following logical expression

a=x'yz' +xy'z'=(x(XOR)y)z'
b=x'y'z+xy'z'=(x(XOR)y'

But if you will analyse the  table closely there is another possible expression which is as following

a=z'  b=y'

Now lets compare these two versions ,on the first sight you might feel that the second implementation i.e a=z' and b=y' is a better implementation . Since it will require lesser number of gates which in turn means lesser propagation delay and hence faster system,lesser hardware so cheaper system,lesser space consumption. So it will be a fantastic reduction Isn't it?

But if you would really broaden your perspective and if you will look from the perspective of security this lower implementation is more vulnerable and it is more easy for a potnential intruder to find a back door.

Lets look at the problem
Here we have defined 3 input combinations. for 1,0,0 as input the output is 1,1. But there is another input combination 0,0,0 which we have not defined the system for,but can give the same output . So this is a potential backdoor.
Secondly if we give 011 or 111 is input the system gives 00 as output and  if this output is fed into another part of the system which doesn't expect this input there may arise undesirable things. Such type of attack is called a fault injection attack.

So with this small example we can understand that there is a trade off between the performance and security. Most of the time while making the system secure we have to add some extra overhead.

On the software side there is  more awareness about the vulnerabilities and techniques to fix them.With the software you may run software to test for virus and trojan horse.But on the hardware layer the first thing which is the detection of a vulnerability is very difficult once the final hardware is in your hand. . A complete trust can be only obtained if you have control over the whole development life cycle and again having control over the complete design cycle is very difficult job.
Vulnerabilities may arise in the hardware from the microchip supply chain.Someone can place a back door during the fabrication. Often the fabrication is done off shore in the areas where it can happen cheaply but it makes it difficult to control the design process. The IP and CAD design tools that are used to implement the hardware must be from a trusted source Improper implementation of logic like we saw in the above example is another cause of vulnurability.







No comments:

Post a Comment