Applied Physical Attacks and Silicon Defenses

Overview

The lab portion of this class centers around the open-source Verilog-based SOC (currently OpenRISC/ORPSOC on an Digilent Atlys board)

Software will be prepared to minimize or eliminate any FPGA learning curve for those with ASIC backgrounds.

The labs include defining security objectives, test planning, and executing both pre- and post- silicon tests in order to discover security vulnerabilities in the design.

As a final lab, attendees will be asked to do end-to-end security review and testing of some new features on a customized ORPSOC.

Targets

This course targets an open-source verilog SOC on an FPGA development board. This is representative of a wide range of ASIC silicon devices, and focuses on re-use of 3rd party IP blocks in a safe and secure way.

Length

2-5 days

Audience

This course is geared towards silicon architects, designers, and validators, both for ASIC and FPGA designs.

Format

20% lecture

70% Lab

10% discussion

Outline

Please note that the course is still in development and the exact details may evolve.

1. Requirements & Design
   • Lecture: Hardware SDL, Security Requirements and Common Terminology
   • Lab 1: Setup and Configure SOC Synthesis and Toolchain
   • Lecture: Common Security Failures
   • Lab 2: Building a High-level Test Plan
2. Implementation
   • Lecture: Pre-silicon Test Types and Security Test Planning
   • Lab 1: Develop a Detailed Pre-silicon Test Plan
   • Lab 2: Executing Pre-silicon Validation (x-prop, path tracing, manual review)
   • Lab 3: Pre-silicon Bug-fixing and Resolution
3. Verification
   • Lecture: Post-silicon Test Types and Validation Re-use
   • Lab 1: Develop a Detailed Post-silicon Test Plan
   • Lab 2: Executing Post-silicon Validation (automated and manual)
   • Lab 3: Post-silicon Bug-fixing and Resolution
4. Advanced Hardware Attacks
   • Lecture: Integrating 3rd Party IP Securely
   • Lab 1: New IP Block Test Planning, Execution, and Resolution
   • Lecture: Sidechannels and Glitching
   • Lab 2: Simple Timing Side Channel
   • Lab 3: Simple Glitching Attack

• Applied Physical Attacks 1: Embedded and IoT Systems
• Hardware Attacks, Risks, Threats, and Mitigations
• Applied Physical Attacks 4: Hardware Implants
• Hands-on JTAG for Fun and Root Shells!
• Applied Physical Attacks 2: Hardware Pentesting
• Applied Physical Attacks 3: Rapid Prototyping
• Applied Physical Attacks on a Raspberry Pi
• Side Channel Attacks for Hardware N00BZ
• Applied Physical Attacks and Silicon Defenses
• WTFpga
• Applied Physical Attacks on x86 Systems