Stanford Cybersecurity January 2009

Peter L. Levin, January 2009

CybersecurityPeter L. Levin

Consulting ProfessorJanuary 2009

Zanio


Evolution of GPS Service

• Availability (sparse constellation)• Accuracy (selective availability)• Integrity (aviation)• Coverage (urban canyons and indoors)• Security (location based authentication)

Copied without shame or remorse, but with attribution, from Per Enge


The Problem Statement

“The United States is already engaged in a ‘low-intensity’ cyber conflict”.

- General Wesley K. Clark, former SACEUR

“[And] cannot kill or capture its way to victory”.- Robert M. Gates, Secretary of Defense


“It is a battle we are loosing”


The Black Swan Effect

• We won’t be more secure in a day– Planning takes time, energy, focus– Competing priorities– False perceptions

• current safety• difficulty of raising the bar

• . . . but we can be crippled in seconds– Insidious attacks can come from anywhere

• the network, the software, or the hardware

– Catastrophic results if we’re left unprotected


Public Awareness Has Changed


“several Georgian state computers [were] under external control”

So they moved websites to Google:


P2P uses as much as 60% of Internet Bandwidth

P2P networks offer an easy way to disguise illegitimate payloads using sophisticated protocols, and can divert network traffic to arbitrary ports

From Spector 360


Machine Readable Travel Documents


Cracked in ten seconds for $10,000


Real-world reliability vs digital security reliability • Seven nines: aircraft landing• Six nines: mature manufacturing qa• Five nines: PSTN availability (after 100 years)• Four nines: domestic electric energy transmission• Three nines: maximum possible desktop uptime• Two nines: credit-card number protection• One nine: internet traffic not broadly related to attack• Zero nines: “[a]bility of stock antivirus to find new malware”

Security is a Subset of Reliability*

*from the article of that name by Geer and Conway, IEEE Security and Privacy, Dec 08


The (Cyber)Security Marketplace

Networks and Systems

Software Applications and Operating SystemsTampering, license manipulation, theft

Denial of service, port scans, worms, exploits

Hardware HW Trojans, design manipulation, counterfeits

Information Infrastructure Security

Zanio


Hardware Sabotage

“The most monumental non-nuclear explosion ever seen from space” was reportedly caused by the US in a Soviet commercial gas pipeline.

An Israeli bombing raid on a suspected Syrian nuclear facility was (allegedly!) due to a “kill switch” that turned off surveillance radar.


Hardware’s Axis of Evil

Enforce Policy(insure proper behavior)

DRM HW Assurance

Accidental Errors

Nefarious Intent

Observe Function(detect misbehavior)


Counterfeits are Expensive and Dangerous• Exploit complexity• Difficult to detect• Compromise security

Source:

Unclassified FBI Report, January 2008


Chip-Making in Four Easy Steps

RTL & Layout Design

Mask Creation

Logic Circuit Design

FunctionSpecification

Thanks to Grace and Sherman for this slide


Chip-Level Hardware Assurance

Graphic from Sally Adee, IEEE Spectrum

authenticity and provenance

mechanical compromise

add extra wiresadd extra transistors


“Your Hands Can’t Hit What Your Eyes Can’t See”

DAFCA provides on-chip, at-speed, in-system visibility


Integrate Verification and Validation

• Tap the lines “pre-silicon”– Software only – Platform/technology agnostic– Automated

• Observe behavior “post-silicon”– Configure, operate, and control FSM– Don’t slow down, don’t stop– No extra pins, no special libraries

• React– Injection, isolation, remediation

Core X

Core Y


Why At-Speed Observability Matters

• Example: 5 billion transaction “boot scenario”– SW simulation @ 0.01 MHz = 6 days*– HW acceleration @ 0.1MHz = 14 hours*– At-speed @ 500 MHz = 10 seconds

* Even these are 10x faster than IBM’s benchmark


Two Examples

By “hardware assurance” we mean:1) Is the chip authentic?2) Is the chip functioning properly?

• Until now, most of the attention has been focused on “static” views


Detect Malfunction

• Invisible to functional logic• Invisible to application software• Impossible to understand by inspection

– It’s just gates and flops, no hard macros– It’s configured on the fly


An Instrumented GPS Chip

TraceRAM

(1k x 128)

Transaction Engine

PTE

TRACER

LCD

_MU

X

CB

1_M

UX

alig

ner

4-fifo

grp_lcd_out

grp_lcd_fifo_rd2

grp_lcd_fifo_rd1

grp_lcd_fifo_rd3

grp_lcd_rgb

grp_arm_i

grp_arm_r_0

grp_usb_slv

grp_usb_mstr

125

125125

FIN

AL_

SP

N

125

CB

2_M

UX

125

CB3_MUX

125

125

GP_IN

2 valid bit

valid bit

Observation Bus = 125 (probe grp) + 2 Valid + 1 Time Stamp = 128 bit1 valid for domain crossing of 10Mhz to 166MHz1 valid for domain crossing of 83KHz to 166MHz

SPN NETWORK

166MHz

10MHz

1 valid

bit

1 valid bit

125

CDC_LCD

166MHz

166MHz

CAPSTIM

alig

ner Trace

RAM

(1k x 128)


The Road Aheadab

stra

ctio

n

DetectedViolation

O

c

D

observe

characterize

detect

Software objects, pointers, calls, register writes

Bus cycles, arbitration policies, event sequencing

On-Chipcycle protocols

and timing

observe

characterize

detect

T T T T T T T T T

T T T T T

T T T T T

Bus Protocol AssertionsStatic Mode Selects

Exception GeneratorsMemory Checkers

Performance Monitors

Traffic GeneratorsEvent Sequencing

Boot-up System Software Application Software


Device Authenticity/Anti-Counterfeit

• Counterfeit chips are easy to make, hard to detect• Enormous economic incentive

– most hackers are driven by money

• Attractive targets for adversaries– banks, hospitals, military installations

Our customers need an inexpensive and reliable way to detect counterfeit devices in the field


An Anti-Counterfeit Architecture

• DAFCA – on-chip instrumentation• eScrypt – embedded security

– SiDense (CMOS embedded flash)

• Zanio – highly secure positioning and time


On-Chip, At-Speed, In-System Instrumentation

Tap the lines pre-silicon•Conveniently, easily, ubiquitously•Formal/model check the result

Observe behavior at speed•Assertions, triggers, breakpoints•Performance monitoring

React•Injection, remediation, isolation

Core X

Core Y

Step One: “Talk to me”


Establish An Encrypted Channel

On-Chip PKI•Extremely compact

Unique •Based on random mfg variability

Secure•Store keys in protected cmos flash

Step Two: “Talk securely to me”


Embed A Secret

Unique GPS token•One-time insertion

Prove authenticity• Dynamic challenge-response protocol• Can be implemented in-field

Two factor security•Device fingerprint (PUF)•Device pedigree (location and time)

Step Three: “Tell me a secret”

Zanio


Use GPS to Ensure Authenticity

• Easy to use – no interruption of design implementation flow

• No special pins, no special libraries, no performance degradation

• On-chip, at-speed, in-system – can be accessed remotely, and in-field

Set an extremely high bar for hackers


Secure Channel, Secret Message

• DAFCA + eScrypt + Zanio enables– Access to the Zanio core from the device, from the

operating system, or from the host system– Message passing to and from the device without

fear of compromise– A “plug compatible” device that can easily replace

or substitute unprotected chips


Location Security

• Application areas– Public health and safety– Tolling and mobile asset tracking– Networked asset protection (including data)– National security applications (including MTDs)– Financial infrastructure (laundering and fraud)

How do you know you are where you think you are?How do I know that you are where you say you are?


Next Generation Cybersecurity

• Augment the GNSS utility to– Defeat spoofing– Overcome jamming

• Security for GNSS -> Security from GNSS


Conclusion

• Cybersecurity is a priority of the new administration

• Approximately $30 billion in new programs• Hardware assurance will be a prominent part

of the technical roadmap• Anti-tamper and anti-counterfeit solutions are

available today