Undetectable proof-of-concept chip poisoning uses analog circuits to escalate privilege

In A2: Analog Malicious Hardware, a paper given at the 2016 IEEE Symposium on Security and Privacy, a group of researchers from the University of Michigan detail a novel, frightening attack on the integrity of microprocessors that uses nearly undetectable tampering, late in the manufacturing process, to allow attackers to trip the "privilege" bit on the chip from userspace processes.

The A2 attack is distinguished from other hardware tampering in several ways. First, the tampering is done during the fabrication phase of the chip's production, long after the chip's design is finalized. Second, the A2 makes very clever use of analog components to replace digital counters, making it so small that it can fit into very small spaces (as small as a single gate). Third: this small size makes the tampering virtually undetectable, even when the finished chip is subjected to close inspection with electron-tunnelling microscopes. Finally, because the attack leverages analog components to set up complicated triggers, it is undetectable using traditional post-production testing methods.

The researchers demonstrated a working version of their exploit using an OR1200 open source processor, and they "expect a A2-like attack in x86 processors to be much harder to detect and easier to implement than its OR1200 counterpart," because, "there are more viable victim registers in x86."

This is another example of "demon-haunted technology" that is designed to detect the situations in which it is being inspected, and modify its behavior to hide features that are harmful to the user. When the inspection ends, the harmful features resurface.

The alchemists of old assumed that they got different results each time they ran their experiments because the universe was haunted by demons who'd punish them for their hubris by changing the rules of physics when they were examined (in reality, alchemists were just shitty lab-techs, and their secrecy and lack of peer-review allowed them to delude themselves that the universe was at fault, not themselves). The future of uninspectable, stealthy, corrupted hardware is demonological in nature.

A hardware attack is composed of a trigger and a payload. The trigger monitors wires and state within the design and activates the attack payload under very rare conditions such that the attack stays hidden during normal operation and testing. Previous research has identified that evading detection is a a critical property for hardware Trojans designers [20]. Evading detection involves more than just avoiding attack activation during normal operation and testing though, it includes hiding from visual/side-channel inspection. There is a tradeoff at play between the two in that the more complex the trigger (i.e., the better that it hides at run time), the larger the impact that trigger has on the surrounding circuit (i.e., the worse that it hides from visual/side-channel inspection).

We propose A2, a fabrication-time attack that is small, stealthy, and controllable. To achieve these outcomes, we develop trigger circuits that operate in the analog domain; circuits based on charge accumulating on a capacitor from infrequent events inside the processor. If the charge-coupled infrequent events occur frequently enough, the capacitor will fully charge and the payload is activated, which deploys a privilege escalation attack. We target the privilege bit in a processor, as privilege escalation constitutes a simple payload with maximum capability provided to the attacker. Our analog trigger similar to the counter-based triggers often used in digital triggers, except using the capacitor has the advantage of a natural reset condition due to leakage.

We create the trigger using a custom analog circuit that a fabrication-time attacker inserts after the entire design has been placed and routed. Compared to traditional digitally described hardware Trojans, our analog trigger maintains a high level of stealth and controllability, while dramatically reducing the impact on area, power, and timing due to the attack. An added benefit of a fabrication-time attack compared to a design time attack (when digital-only triggers tend to get added) is that the fabrication-time attack has to pass through few verification stages.

A2: Analog Malicious Hardware [Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, Dennis Sylvester/2016 IEEE Symposium on Security and Privacy]

(via O'Reilly Radar)

Start the discussion at bbs.boingboing.net