Hardware and Security: Vulnerabilities and Solutions

This chapter introduces the role that computer hardware plays for attack and defense in cyberphysical systems. Hardware security – whether for attack or defense – differs from software, network, and data security because of the nature of hardware. Often, hardware design and manufacturing occur before or during software development, and as a result, we must consider hardware security early in product life cycles. Yet, hardware executes the software that controls a cyberphysical system, so hardware is the last line of defense before damage is done – if an attacker compromises hardware then software security mechanisms may be useless. Hardware also has a longer lifespan than most software because after we deploy hardware we usually cannot update it, short of wholesale replacement, whereas we can update software by uploading new code, often remotely. Even after hardware outlives its usefulness, we must dispose of it properly or risk attacks such as theft of the data or software still resident in the hardware. So, hardware security concerns the entire lifespan of a cyber-physical system, from before design until after retirement. In this chapter, we consider two aspects of hardware security: security in the processor supply chain and hardware mechanisms that provide software with a secure execution environment. We start by exploring the security threats that arise during the major phases of the processor supply chain (Section 12.2). One such threat is the Trojan circuit, an insidious attack that involves planting a vulnerability in a processor sometime between design and fabrication that manifests as an exploit after the processor has been integrated, tested, and deployed as part of a system. We discuss ways to test for Trojan circuits (Section 12.2.1), how design automation tools can improve the trustworthiness of design and fabrication to reduce the likelihood of successful supply chain attacks (Section 12.2.2), defensive techniques that modify a computer processor’s architecture to detect runtime deviations (Section 12.2.3), and how software might check the correctness of its execution by verifying the underlying hardware (Section 12.2.4). We begin the second aspect of hardware security – how hardware can support software to provide secure execution throughout a cyberphysical system’s lifetime – by introducing how hardware supports secure systems (Section 12.3). One contribution of hardware is that it can implement security mechanisms with smaller