Security Implications of Intentional Capacitive Crosstalk

Kison, Christian; Awad, Omar Mohamed; Fyrbiak, Marc; Paar, Christof

doi:10.1109/tifs.2019.2900914

Cited by 17 publications

(3 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the context of HTs, the malicious actions of concern in this paper; bit-flipping and stuck-at-faults could be realized in a number of different ways from the addition of a single logic gate and connecting it to the internal ADC wires responsible for driving ADC outputs, to the utilization of capacitive crosstalk [4].Such cross-talk based HTs could be introduced by an untrusted foundry, by adding or moving wires to increase capacitive crosstalk in the proximity of wires carrying signals of interest. A capacitive crosstalk HT could force a targeted wire to stay at logic high for several cycles, leading to a sequence of erroneous outputs [4]. Pre-existing counters in some ADCs could be utilized in activating an injected HT after a certain sequence of events.…”

Section: The Threat Vectormentioning

confidence: 99%

Run-time integrity monitoring of untrustworthy analog front-ends

Salem

Topham

2023

2023 Design, Automation &Amp; Test in Europe Conference &Amp; Exhibition (DATE)

View full text Add to dashboard Cite

Recent advances in hardware attacks, such as cross talk and covert channel based attacks, expose the structural and operational vulnerability of analog and mixed-signal circuit elements to the introduction of malicious and untrustworthy behaviour at run-time, potentially leading to adverse physical, personal, and environmental consequences.One untrustworthy behaviour of concern, is the introduction of abnormal/unexpected frequencies to the signals at the analog/ digital interface of a SoC, realised through intermittent bit-flipping or stuck-at-faults in the middle and lower bits of these signals.In this paper, we study the impact of these actions and propose integrity monitoring of signals of concern based on analysing the temporal and arithmetic relations between their samples. This paper presents a hybrid software/ hardware machine-learning based framework that consists of two phases; a run-time monitoring phase, and a trustworthiness assessment phase. The framework is evaluated with three different applications and its effectiveness in detecting the untrustworthy behaviour of concern is verified. This framework is device, application, and architecture agnostic, and relies only on analysing the output of the analog front-end, allowing its implementation in SoCs with on-chip and custom analog front-ends as well as those with outsourced and commercial off-the-shelf (COTS) analog front-ends.

show abstract

Section: The Threat Vectormentioning

confidence: 99%

Run-time integrity monitoring of untrustworthy analog front-ends

Salem

Topham

2023

2023 Design, Automation &Amp; Test in Europe Conference &Amp; Exhibition (DATE)

View full text Add to dashboard Cite

show abstract

“…A similar notion is utilized to introduce triggers that are activated after some delay or operate on a specific voltage threshold [40]. Analog Trojans are also designed using the coupling capacitor between the victim and aggressor wire in sub-micron process technologies [41] so that the low to high transition on the aggressor can adequately affect the victim wire and flip its digital value. Similarly, RF-leaking Trojans leak the information through the Trojan-induced channel without affecting the legitimate signal/channel [10], [42].…”

Section: Analog/rf Trojansmentioning

confidence: 99%

Survey of Recent Developments for Hardware Trojan Detection

Jain¹,

Zhou

Guin

2021

2021 IEEE International Symposium on Circuits and Systems (ISCAS)

View full text Add to dashboard Cite

The outsourcing of the design and manufacturing of Integrated Circuits (ICs) poses a severe threat to our critical infrastructures as an adversary can exploit them by bypassing the security features by activating a hardware Trojan. These malicious modifications in the design introduced at an untrusted fabrication site can virtually leak any secret information from a secure system to an adversary. This paper discusses all three different hardware Trojan models, such as combinational, sequential, and analog Trojans. We provide a survey of the recent advancements in Trojan detection techniques classified based on their applicability to different Trojans types. We describe a practical approach recently developed using the characterization of Electro-Optical Frequency Mapping (EOFM) images of the chip to detect a hardware Trojan by identifying malicious state elements. This survey also presents open problems with Trojan detection and suggests future research directions in hardware Trojan detection.

show abstract

“…Another common HT design are the sequential HTs which are triggered with a sequence of conditions and not with a specific state or condi-tion like the combinational HTs. More complex HTs include silicon wearout mechanisms [7], hidden side-channels [8], changing dopant polarity in active areas of transistors [9], siphoning charge from victim wires known as A2 attack [10], [11], activating a row in DRAM to corrupt data in nearby rows known as rowhammer attack [12], exploiting capacitive crosstalk effects [13], leveraging characteristics of emerging Non-Volatile Memories (NVMs) [14], etc.…”

Section: Introductionmentioning

confidence: 99%

Leaking Wireless ICs via Hardware Trojan-Infected Synchronization

Diaz-Rizo¹,

Aboushady²,

Stratigopoulos³

2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

We propose a Hardware Trojan (HT) attack in wireless Integrated Circuits (ICs) that aims at leaking sensitive information within a legitimate transmission. The HT is hidden inside the transmitter modulating the sensitive information into the preamble of each transmitted frame which is used for the synchronization of the transmitter with the receiver. The data leakage does not affect synchronization and is imperceptible by the inconspicuous nominal receiver as it does not incur any performance penalty in the communication. A knowledgeable rogue receiver, however, can recover the data using signal processing that is too expensive and impractical to be used during run-time in nominal receivers. The HT mechanism is designed at circuit-level and is embedded entirely into the digital section of the RF transceiver having a tiny footprint. The proposed HT attack is demonstrated with measurements on a hardware platform. We demonstrate the stealthiness of the attack, i.e., its ability to evade defenses based on testing and run-time monitoring, and the robustness of the attack, i.e., the ability of the rogue receiver to recover the leaked information even under unfavorable channel conditions.

show abstract

Security Implications of Intentional Capacitive Crosstalk

Cited by 17 publications

References 29 publications

Run-time integrity monitoring of untrustworthy analog front-ends

Run-time integrity monitoring of untrustworthy analog front-ends

Survey of Recent Developments for Hardware Trojan Detection

Leaking Wireless ICs via Hardware Trojan-Infected Synchronization

Contact Info

Product

Resources

About