# RESEARCH INSTITUTE FOR SECURE HARDWARE & EMBEDDED SYSTEMS

## **RISE – Hardware Security and the latest R&D**

## Philip Hodgers IoTSF Conference, London 2019







# **SE** Insecure Connected Devices







## The IoT Security challenge...



Breaking down Mirai: An IoT DDoS Botnet Analysis www.incapsula.com, Aug 2017













Adapted from https://www.techrepublic.com/pictures/photos-the-11-least-secure-connected-devices/





"10s of more micro-architectural attacks to be expected"

... Daniel Gruss, co-author of Meltdown and Spectre attacks, March 2018

## Research Institute for Secure Hardware & Embedded Systems

£5M Research institute, with funding from NCSC and EPSRC

Launched Nov 2017, Prof. Maire O'Neill Centre for Secure Information Technology

Aim: To create a global centre for research and innovation in hardware security

# **RISE Ecosystem**

I I SE



**RISE Research Challenges** 



Combining hardware roots of trust (e.g. TPM, TEEs) with advanced cryptographic techniques, e.g. identity- or attributebased encryption to offer data-centric security (e.g. FIDO)

- Confidence in Developing Secure HW Devices
- Supply Chain Confidence
- Modelling of HW Security

# **RISE Research Projects SE** Research challenges of RISE to be delivered through a series of projects

### **Core Projects**

**SCARV**: a side-channel hardened RISC-V platform. University of Bristol, Dr Daniel Page.

**IOSEC**: Protection and Memory Safety for Input/output Security. University of Cambridge, Dr Robert Watson, Prof Simon Moore, Dr Athanasios Markettos.

#### User-controlled hardware security anchors:

evaluation and designs. University of Birmingham, Prof Mark Ryan, Dr Flavio Garcia and Dr David Oswald.

**Deep Security**: investigating the application of deep learning in SCA and HT detection, with the ultimate goal of utilising deep learning. Queen's University Belfast, Prof Máire O'Neill.

### Tranche 2 Projects

**SafeBet:** Memory capabilities to enable safe, aggressive speculation in processors. University of Cambridge, Prof Simon Moore.

**GUPT**: A Hardware-Assisted Secure and Private Data Analytics Service. University of Edinburgh, Dr Pramod Bhatotia and Dr Markulf Kohlweiss.

**TimeTrust**: Robust Timing via Hardware Roots of Trust and Non-standard Hardware, with Application to EMV Contactless Payments. University of Surrey, Dr Ioana Boreanu, Dr Tom Chothia, Prof Liqun Chen.

**rFAS**: Reconfigurable FPGA Accelerator Sandboxing. University of Manchester, Dr Dirk Koch.

# IOSEC: Protection and Memory Safety for Input/Output Security

A.Theodore Markettos, SimonW.Moore, Robert N.M.Watson

Second Annual RISE Conference

London, 21 November 2019

Funded by EPSRC under the RISE initiative (ref: EP/R012458/1)

A. Theodore Markettos - IOSEC: Protection and Memory Safety for Input/Output Security



# Smaller laptops, more external peripherals

- Laptops getting smaller, more devices are going external
  - Chargers, dongles, docking stations
  - Common to borrow external peripherals (power, dongles, displays) from others
- Performance is increasingly more of a constraint. Security?





A. Theodore Markettos – IOSEC: Protection and Memory Safety for Input/Output Security

## I/O Memory Management Unit: device isolation





A. Theodore Markettos - IOSEC: Protection and Memory Safety for Input/Output Security

# Our IOMMU attacks

- Windows 10: barely uses the IOMMU, mostly unprotected from malicious devices
- MacOS: uses IOMMU since 2012 but in a limited way
  - ran a root shell
  - extracted private VPN traffic
- FreeBSD: IOMMU not enabled by default
  - when enabled, tries to properly segregate devices using IOMMU
  - root shell, private data extraction
- Linux: most distros don't enable the IOMMU by default
  - when enabled, tries to segregate devices using IOMMU
  - when enabled, could see private network traffic, kernel data, code pointers etc
  - simply set a bit in a PCIe packet to fully bypass the IOMMU!
- All exploitable from a malicious Thunderbolt dock





# Media interest

 NDSS publication picked up by ~70 media outlets across the world

http://thunderclap.io/thunderclap-paper-ndss2019.pdf

|   |          |          | Th     | eA       | <b>Regis</b><br>Biting the hand that | ter<br>feeds IT |
|---|----------|----------|--------|----------|--------------------------------------|-----------------|
| E | SOETWARE | SECUDITY | DEVOPS | BUSINESS | DEDSONAL TECH                        | SCIENCE         |

#### Security

Thunder, thunder, thunder... Thunderclap: Feel the magic, hear the roar, macOS, Windows pwnage tools are loose

Open memory defenses allow mischief from connected kit

By Thomas Claburn in San Francisco 26 Feb 2019 at 22:40 32 🖵 SHARE 🔻





# Mitigations and impact

- Collaborating with vendors since 2016
- Apple mitigated specific exploit in MacOS 10.12.4
  - encrypt the kernel pointer, hide the flags
- Microsoft shipped Kernel DMA Protection for Thunderbolt 3 inWindows 10 1803
  - IOMMU enabled for Thunderbolt devices (only)
  - Requires post-1803 firmware, ie new products only
  - Best practice guidelines for businesses: 'Standards for a highly secure Windows 10 device'
- Intel enabled IOMMU for Thunderbolt in Linux 4.21 (now 5.0rc), disabled ATS
  - Thunderbolt devices are now less trusted than internal ones
- Major laptop vendor: we won't ship Thunderbolt until we understand this attack vector better



# Thunderclap.io transition to industry

- Vendors want to audit security from malicious devices, but don't have the skill set
- Our hardware and software has been opensourced
- Worked hard to make it accessible to software folks
- Major vendors are now using it internally

#### Thunderclap

Modern computers are vulnerable to malicious peripheral devices

#### Paper

#### GitHub

Media coverage

Getting started with Thunderclap on FPGA

#### Photos

Contact: theo.markettos [at] cl.cam.ac.uk

#### **Getting started with Thunderclap**

This article describes how to get Thunderclap up and running on an FPGA.

#### **Shopping list**

thunderclap.io



To use Thunderclap, the recommended shopping list is as follows:

 Enclustra Mercury+ AA1 FPGA module with Arria 10 FPGA, part number 10AS027E4F29E3SG (€459). If these are out of stock, the



A. Theodore Markettos – IOSEC: Protection and Memory Safety for Input/Output Security



## DEEPSECURITY: APPLYING DEEP LEARNING TO HARDWARE SECURITY



## **DeepSecurity: Applying Deep Learning to Hardware Security**

## **Overall Goal**

To investigate the use of **Deep Learning** for security verification in EDA tools, specifically in relation to **Hardware Trojan detection** and **Side channel analysis** to allow non-security experts to receive feedback on how to improve the security of their designs prior to fabrication.





## Hardware Trojans

- Hardware Trojans (HTs) are malicious modifications to integrated circuits (ICs)
  - Emerging security concern in the IC industry
- Globalisation of semiconductor supply chains, design and fabrication of ICs now distributed worldwide
  - use of overseas foundries,
  - third party IP,
  - third party test facilities
- Becoming difficult to ensure the integrity and authenticity of devices





## An Improved Automatic Hardware Trojan Generation Platform



**CSIT** is a Research Centre of the ECIT Institute



## An Improved Automatic Hardware Trojan Generation Platform

Generated HT benchmark samples:



(a) Combinational Trojan with functional error payload



(b) FSM based sequential Trojan with a SHIFT based leakage circuit

When compared with the COTD detection results from [1], who proposed a dynamic Hardware Trojan benchmark.

## TABLE I COMPARISON OF COTD-BASED HT DETECTION RESULTS

| Banchmarks  | Trigger Conditon | Туре | HTs in [1]    |        | Generated HTs [2] |               |
|-------------|------------------|------|---------------|--------|-------------------|---------------|
| Deneminarks | (Rare/Total)     |      | <b>FPR(%)</b> | FNR(%) | <b>FPR(%)</b>     | <b>FNR(%)</b> |
| s13207-c5_6 | 5/6              | comb | 25            | 0      | 0.39              | 23            |
| s13207-s5_6 | 5/6              | seq  | 0.11          | 0      | 0.41              | 19            |
| s15850-c5_6 | 5/6              | comb | 27            | 0      | 12                | 25            |
| s15850-s5_6 | 5/6              | seq  | 0.09          | 0      | 0.11              | 17            |
| s35932-c5_6 | 5/6              | comb | 60            | 0      | 15                | 33            |
| s35932-s5_6 | 5/6              | seq  | 0.08          | 0      | 0.03              | 20            |

[1] J. Cruz, Y. Huang, P. Mishra, and S. Bhunia, "An automated configurable trojan insertion framework for dynamic trust benchmarks," in Proc. Design, Automation Test in Europe Conf. Exhibition, March 2018

[2] Yu, S., Liu, W., & O'Neill, M. (2019). An Improved Automatic Hardware Trojan Generation Platform. In IEEE Computer Society Annual Symposium on VLSI (ISVLSI)

#### CSIT is a Research Centre of the ECIT Institute



## A Novel Feature Extraction Strategy for Hardware Trojan Detection

"A Novel Feature Extraction Strategy for Hardware Trojan Detection" ISCAS 2020, (Submitted)



CSIT is a Research Centre of the ECIT Institute

# RISE Spring School https://www.ukrise.org/springschool/programme/

PUF: From Research to Practice Chongyan Gu, Queen's University Belfast, UK



Winning the War in Memory Simon Moore, University of Cambridge, UK



Perspectives on hardware security: embedding it everywhere, continuously and inexpensively *Massimo Alioto, National University of Singapore* 



ARM's perspective on the importance of hardware security research *Richard Grisenthwait, ARM* 



Software-based Microarchitectural Attacks Dr Daniel Gruss, Graz University of Technology, Austria



Physical Attacks:

Towards combined threat, protection and beyond Shivam Bhasin, David Berend, Nanyang Technical University Singapore





# Thank you

ukrise.org | info@ukrise.org | @UK\_RISE





