Hardware Security Challenges

  • Ted HuffmireEmail author
  • Cynthia Irvine
  • Thuy D. Nguyen
  • Timothy Levin
  • Ryan Kastner
  • Timothy Sherwood


This chapter discusses the problem of malicious hardware, or gateware, on FPGAs. Categories of malicious hardware, the problem of foundry trust, and attacks facilitated by malicious inclusions are presented. This chapter also explains the problem of covert channels on FPGAs, with a formal definition of a covert channel in general and a description of the specific case of covert channels on FPGAs. Methods for detecting and mitigating these covert channels are also described.


Smart Card Cache Line Covert Channel Defense Advance Research Project Agency Side Channel Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    O. Aciíçmez, Yet another microarchitectural attack: exploiting I-cache, in Proceedings of the First Computer Security Architecture Workshop (CSAW), Fairfax, VA, November 2007 Google Scholar
  2. 2.
    O. Aciíçmez, S. Gueron, J.P. Seifert, New branch prediction vulnerabilities in OpenSSL and necessary software countermeasures. IACR Cryptology ePrint Archive, Report 039, 2007 Google Scholar
  3. 3.
    O. Aciíçmez, J.P. Seifert, Cheap hardware parallelism implies cheap security, in Proceedings of the Fourth Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), Vienna, Austria, September 2007 Google Scholar
  4. 4.
    O. Aciíçmez, J.P. Seifert, C.K. Koc, Micro-architectural cryptanalysis. IEEE Secur. Priv. 5(4), 62–64 (2007) CrossRefGoogle Scholar
  5. 5.
    S. Adee, The hunt for the kill switch. IEEE Spectrum 45(5), 35–39 (2008) Google Scholar
  6. 6.
    R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems (Wiley, New York, 2001) Google Scholar
  7. 7.
    R. Anderson, M. Kuhn, Tamper resistance: a cautionary note, in Proceedings of the Second USENIX Workshop on Electronic Commerce, Oakland, CA, November 1996 Google Scholar
  8. 8.
    Z. Chen, P. Schaumont, Slicing up a perfect hardware masking scheme, in Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2008), Anaheim, CA, June 2008 Google Scholar
  9. 9.
    Defense Science Board, High performance microchip supply. White Paper, February 2005 Google Scholar
  10. 10.
    K. Gandolfi, C. Mourtel, F. Olivier, Electromagnetic analysis: concrete results, in Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems (CHES), Paris, France, May 2001 Google Scholar
  11. 11.
    I. Hadzic, S. Udani, J. Smith, FPGA viruses, in Proceedings of the Ninth International Workshop on Field-Programmable Logic and Applications (FPL’99), Glasgow, UK, August 1999 Google Scholar
  12. 12.
    W.M. Hu, Lattice scheduling and covert channels, in Proceedings of the 1992 IEEE Symposium on Security and Privacy, Oakland, CA, May 1992 Google Scholar
  13. 13.
    T. Huffmire, T. Sherwood, R. Kastner, T. Levin, Enforcing memory policy specifications in reconfigurable hardware. Comput. Secur. 27(5–6), 197–215 (2008) CrossRefGoogle Scholar
  14. 14.
    J. Kelsey, B. Schneier, C. Hall, D. Wagner, Side channel cryptanalysis of product ciphers. J. Comput. Secur. 8(2–3), 141–158 (2000) Google Scholar
  15. 15.
    R.A. Kemmerer, Shared resource matrix methodology: an approach to identifying storage and timing channels, in ACM Transactions on Computer Systems, 1983 Google Scholar
  16. 16.
    R.A. Kemmerer, A practical approach to identifying storage and timing channels: twenty years later, in Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC), Las Vegas, Nevada, USA, December 2002 Google Scholar
  17. 17.
    S.T. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, Y. Zhou, Designing and implementing malicious hardware, in Proceedings of the First Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Francisco, CA, April 2008 Google Scholar
  18. 18.
    D. Kirovski, M. Drinic, M. Potkonjak, Enabling trusted software integrity, in Tenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X), San Jose, CA, October 2002 Google Scholar
  19. 19.
    P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems, in Proceedings of the 16th Annual International Cryptology Conference (CRYPTO), Santa Barbara, CA, August 1996 Google Scholar
  20. 20.
    P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Proceedings of the 19th Annual International Cryptology Conference (CRYPTO), Santa Barbara, CA, August 1999 Google Scholar
  21. 21.
    B.W. Lampson, A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973) CrossRefGoogle Scholar
  22. 22.
    D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, M. Horowitz, Architectural support for copy and tamper resistant software, in Eighth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), San Jose, CA, October 2000 Google Scholar
  23. 23.
    J.I. Lieberman, National security aspects of the global migration of the US semiconductor industry. White Paper, June 2003 Google Scholar
  24. 24.
    J. Lotspiech, S. Nusser, F. Pestoni, Broadcast encryption’s bright future. IEEE Comput. 35(8), 57–63 (2002) CrossRefGoogle Scholar
  25. 25.
    J.P. McGregor, R.P. Lee, Protecting cryptographic keys and computations via virtual secure coprocessing, in Workshop on Architectural Support for Security and Antivirus (WASSA) Held in Conjunction with the Eleventh International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), Boston, MA, October 2004 Google Scholar
  26. 26.
    J.K. Millen, Covert channel capacity, in Proceedings of the 1987 IEEE Symposium on Security and Privacy, Oakland, CA, USA, April 1987 Google Scholar
  27. 27.
    J.K. Millen, Finite-state noiseless covert channels, in Proceedings of the Computer Security Foundations Workshop II, Franconia, NH, USA, June 1989 Google Scholar
  28. 28.
    D.A. Osvik, A. Shamir, E. Tromer, Cache attacks and countermeasures: the case of AES (extended version). Technical Report, Department of Computer Science and Applied Mathematics, Weizmann Institute of Science, Rehovot 76100, Israel, October 2005 Google Scholar
  29. 29.
    D. Page, Theoretical use of cache memory as a cryptanalytic side-channel. Technical Report CSTR-02-003, Department of Computer Science, University of Bristol, June 2002 Google Scholar
  30. 30.
    D. Page, Partitioned cache architecture as a side channel defense mechanism. Cryptology ePrint Archive, Report 2005/280, 2005 Google Scholar
  31. 31.
    H.G. Rice, Classes of recursively enumerable sets and their decision problems. Trans. Am. Math. Soc. 74, 358–366 (1953) MathSciNetzbMATHCrossRefGoogle Scholar
  32. 32.
    B. Sharkey, TRUST in integrated circuits program: briefing to industry, 26 March 2007.
  33. 33.
    S.W. Smith, S.H. Weingart, Building a high-performance, programmable secure coprocessor. Comput. Netw. Int. J. Comput. Telecommun. Netw. (Spec. Issue Comput. Netw. Secur.) 31(9), 831–860 (1999) Google Scholar
  34. 34.
    F. Standaert, L. Oldenzeel, D. Samyde, J. Quisquater, Power analysis of FPGAs: how practical is the attack? Field-Program. Log. Appl. 2778(2003), 701–711 (2003) CrossRefGoogle Scholar
  35. 35.
    N. Topham, A. Gonzalez, Randomized cache placement for eliminating conflicts. IEEETC: IEEE Trans. Comput. 48, 185–192 (1999) CrossRefGoogle Scholar
  36. 36.
    S. Trimberger, Trusted design in FPGAs, in Proceedings of the 44th Design Automation Conference, San Diego, CA, USA Google Scholar
  37. 37.
    Z. Wang, R. Lee, New cache designs for thwarting cache-based side channel attacks, in Proceedings of the 34th International Symposium on Computer Architecture (ISCA), San Diego, CA, June 2007 Google Scholar
  38. 38.
    X. Wang, M. Tehranipoor, J. Plusquellic, Detecting malicious inclusions in secure hardware: challenges and solutions, in IEEE Workshop on Hardware Oriented Security and Trust (HOST), Anaheim, CA, June 2008 Google Scholar
  39. 39.
    J. Yang, Y. Zhang, L. Gao, Fast secure processor for inhibiting software piracy and tampering, in Proceedings of the Thirty-Sixth International Symposium on Microarchitecture (MICRO-36), San Diego, CA, December 2003 Google Scholar
  40. 40.
    P. Yu, P. Schaumont, Secure FPGA circuits using controlled placement and routing, in Proceedings of the 2007 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS’07), Salzburg, Austria, October 2007 Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2010

Authors and Affiliations

  • Ted Huffmire
    • 1
    Email author
  • Cynthia Irvine
    • 1
  • Thuy D. Nguyen
    • 1
  • Timothy Levin
    • 1
  • Ryan Kastner
    • 2
  • Timothy Sherwood
    • 3
  1. 1.Department of Computer ScienceNaval Postgraduate SchoolMontereyUSA
  2. 2.Dept. of Computer Science and Eng.University of California, San DiegoLa JollaUSA
  3. 3.Department of Computer ScienceUC, Santa BarbaraSanta BarbaraUSA

Personalised recommendations