Explore the intricacies of analog malicious hardware in this IEEE Symposium on Security & Privacy presentation. Delve into the challenges posed by fabrication-time attackers leveraging analog circuits to create small and stealthy hardware attacks. Learn how capacitors can be used to siphon charge from nearby wires, enabling remotely-controllable privilege escalation in chip designs. Examine the implementation of this attack in an OR1200 processor and understand its ability to evade activation by diverse benchmarks and known defenses. Gain insights into the vulnerabilities introduced by third-party chip fabrication and the limitations of post-fabrication testing in detecting such sophisticated attacks.
Overview
Syllabus
Intro
Software security success forces attackers to lower layers
Dynamic Static Analysis
Challenge: construct an attack that is stealthy and small
Two threats, we focus on the stage that restricts the attacker the most
We leverage analog behavior to construct an attack that is stealthy and small
An ideal analog trigger
Challenge: small capacitors charge quickly, large capacitors induce current spikes
Solution: charge sharing
Creating an analog trigger using gated charge sharing
Creating a privilege escalation attack Our analog trigger is attack agnostic
Implanting A2 into an existing chip layout
Taught by
IEEE Symposium on Security and Privacy
