[go: up one dir, main page]
Scribd
Upload
31 views15 pages

Intro To Hardware Security

Uploaded by

Abiha Shams
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views15 pages

Intro To Hardware Security

Uploaded by

Abiha Shams
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

2025 Fall Department of Computer Science & IT

Hardware Security
(CT-479)

Muhammad Hammad
2025 Fall Department of Computer Science & IT

What is Hardware Security?

Definition:
The practice of protecting the physical components of a system (chips, PCBs, devices)
and the data they process from unauthorized access, modification, or destruction.
2025 Fall Department of Computer Science & IT

Why Hardware Security is Critical (Root of Trust)

A hardware-based Root of
Trust (RoT) is an inherently
trusted component that
performs secure cryptographic
functions.
2025 Fall Department of Computer Science & IT

Why Hardware Security is Critical (Cost of Breaches)

A software bug can be patched. A hardware flaw often requires a physical recall
or replacement (extremely costly).
A single flawed chip can be installed in millions of devices worldwide.
Example:
Intel's FDIV Bug (1994): ~$475 million cost for recall and replacement.
Meltdown/Spectre (2018): Required complex software patches that
impacted performance across the entire global computing ecosystem.
Estimated cost: billions.
2025 Fall Department of Computer Science & IT

Hardware vs. Software Security

Aspect Hardware Security Software Security

Layer Physical, foundational Logical, application-level

Patching Difficult, often impossible Easier, via updates

Attack Surface Physical access, side-channels Network, interfaces

Can be optimized (dedicated Overhead from running on


Performance
circuits) CPU
Provide a trusted execution
Goal Protect data & functionality
environment
2025 Fall Department of Computer Science & IT

Security Foundations (CIA+)

Confidentiality: Data must remain hidden from unauthorized users (e.g.,


preventing key leakage via cache-timing attacks).
Integrity: Data and system behavior must not be altered without
detection (e.g., protection against hardware Trojans that modify logic).
Authentication: Ensuring entities (devices/users) are genuine (e.g.,
using PUF-based authentication for IoT devices).
Availability: Systems must resist denial-of-service and remain
operational (e.g., protecting chips from laser fault attacks).
2025 Fall Department of Computer Science & IT

How Can Hardware Be Attacked?

Attacks are classified by the level


of physical interaction required:
Non-Invasive: No physical
damage. (Software, SCA).
Semi-Invasive: Chip is
decapsulated but probes not
used. (Optical, EM Fault).
Invasive: Chip is decapsulated
and modified. (Microprobing,
FIB).
2025 Fall Department of Computer Science & IT

Hardware Attack Categories

Hardware Trojans: Malicious modifications during design/fabrication that remain


dormant until triggered.
Example: A hidden circuit that leaks AES keys after 1000 encryptions.

Counterfeit ICs: Fake/recycled chips entering the supply chain.


Example: Low-grade memory chips sold as new — may fail early and cause system
breaches.
2025 Fall Department of Computer Science & IT

Hardware Attack Categories

Fault Attacks: Induce a computational error to bypass security.


Example: In RSA encryption, if a faulty computation is forced, the faulty and correct
outputs can be combined to compute the private key. Thus, a momentary glitch can
break strong encryption.

Supply Chain Risks: Chips compromised at foundries before even reaching end-
users.
2025 Fall Department of Computer Science & IT

The Global Supply Chain: A Weak Link

Problem: Modern chips are designed in one country, fabricated in another,


and packaged in a third. This creates trust issues.
Counterfeit ICs: Recycled, remarked, or cloned chips that fail prematurely
or act maliciously.
Hardware Trojans: Malicious modifications inserted at any stage (design,
fabrication, assembly). A "kill switch" or backdoor.
2025 Fall Department of Computer Science & IT

Case Study(Stuxnet)

Infected Windows PCs to search for specific Siemens PLC controller software.
Compromised the PLC software.
Sent malicious commands to the PLCs to speed up/down the centrifuges, causing
physical destruction.
Hid the damage by feeding pre-recorded sensor data to the operators.
2025 Fall Department of Computer Science & IT

Consumer Impact (IoT, Smartphones)

IoT Devices: Often have poor security. Can be hijacked into botnets (Mirai) or used
to spy (cameras/mics).
Smartphones: Side-channel attacks can steal encryption keys, biometric data, and
personal information.
Gaming Consoles: Fault injection and hardware exploits used for piracy and
cheating.
2025 Fall Department of Computer Science & IT

Enterprise Impact (Cloud, Datacenters)

Cloud Servers: Multi-tenant environments. Attacks like Spectre could allow one
customer to read another customer's memory.
Hardware Trojans in server CPUs could create a backdoor into entire corporate
networks.
Supply Chain Attacks on network hardware (routers, switches) could compromise
data in transit.
2025 Fall Department of Computer Science & IT

National Security Impact

Military Systems: Jets, ships, and communication systems rely on secure hardware.
A backdoor could be catastrophic.
Critical Infrastructure: Power grid, water treatment, financial systems. A Stuxnet-like
attack could cripple a nation.
Espionage: Compromised hardware in government agencies provides a permanent,
undetectable channel for data exfiltration.
2025 Fall Department of Computer Science & IT

Conclusion

Hardware security is the critical root of trust.


Attacks are real, varied, and have severe consequences.
The global supply chain is a major vulnerability.
Defense requires a multi-layered approach: Prevent, Detect, Correct.
This field is constantly evolving in the cat-and-mouse game of security.

You might also like