RAMCO INSTITUTE OF TECHNOLOGY

Department of Electronics and Communication

Engineering Academic Year: 2023-2024 (Even Semester)

UNIT V –UNIVERSITY TWO MARK QUESTIONS WITH ANSWERS

HARDWARE SECURITY
Degree, Semester& Branch : IV Semester B.E. ECE
Course Code & Title : EC3401-Networks and Security

1. What is meant by hardware security?

Hardware security is the protection of physical devices from threats that
would facilitate unauthorized access to enterprise systems.
Hardware security is a domain of enterprise security that focuses on protecting all
physical devices, machines, and peripherals. This protection can be in the form of
physical security such as guards, locked doors, and CCTV cameras. It can also be in
the form of a dedicated hardware component, such as an integrated circuit that
provides cryptographic functions for protecting the hardware from security
vulnerabilities and deflecting attackers.

2. Define hardware trust. find its difference with hardware security.

A hardware root of trust is the foundation on which all secure operations of a
computing system depend. It contains the keys used for cryptographic functions and
enables a secure boot process. It is inherently trusted, and therefore must be secure by
design.
HARDWARE SECURITY HARDWARE TRUST
Hardware security issues arise from its Hardware trust issues arise from
own vulnerability to attacks (e.g., side- involvement of untrusted entities in the
channel or Trojan attacks) at different life cycle of a hardware, including
levels (such as, chip or PCB). untrusted IP or computer-aided design
(CAD) tool vendors, and untrusted
design, fabrication, test, or distribution
facilities.
It leads to lack of robust hardware These parties are capable of violating the
support for software and system security. trustworthiness of a hardware component
or system. They can potentially cause
deviations
from intended functional behavior,
performance, or reliability.
Some examples are IP piracy and It can lead to denial of service (DoS), or
reverse- engineering, counterfeiting, information leakage attacks during field
micro probing attacks on ICs, physical operation.
tampering of components in PCBs, bus
 snooping in PCBs, and access to
privileged resources through the
test/debug infrastructure.

3. Define hardware Trojans.

A Hardware Trojan (HT) is a malicious modification of the circuitry of an integrated
circuit. A hardware Trojan is completely characterized by its physical representation and its
behavior. The payload of an HT is the entire activity that the Trojan executes when it is
triggered. The functionalities of the Trojan include controlling, modifying, disabling, or
snooping the contents of the design under attack.

4. What are the classified attributes of hardware Trojans.

5. Classify side channel attacks.

Classification of side channel
attacks 1.Invasive vs. non-invasive
2. Active vs. passive

6. Define physical attacks and mention its types.

(i).Physical attacks are divided into three categories: noninvasive, semi-invasive, and
invasive attacks.
(ii).A noninvasive attack does not require any initial preparations of the device under test,
and will not physically harm the device during the attack. The attacker can either tap the
wires to the device, or plug it into a test circuit for the analysis.
(iii).Invasive attacks require direct access to the internal components of the device, which
normally requires a well-equipped and knowledgeable attacker to succeed.
Meanwhile, invasive attacks are becoming constantly more demanding and expensive, as
feature sizes shrink, and device complexity increases.
(iv).There is a large gap between noninvasive and invasive attacks.Many attacks fall into this
gap, called semi-invasive attacks. They are not very expensive as classical penetrative
invasive attacks, but are as easily repeatable as noninvasive attacks. Like invasive attacks,
they require depackaging the chip in order to get access to its surface. However, the
passivation layer of the chip remains intact, as semi-invasive methods do not require creating
contacts to the internal wires.

7.Classify physical attacks.

1. Reverse Engineering
2. Probing Attack
3. Invasive Fault Injection Attack

8. What is meant by Reverse Engineering?

Reverse engineering (RE) is the process involving the thorough examination of an object to
achieve a full understanding of its construction and/or functionality; a method used by
attackers as part of mounting their attack. RE is now widely used to clone, duplicate, or
reproduce systems and devices in various security-critical applications, such as smartcards,
smartphone, military, financial, and medical systems. In this section, the RE of electronic
systems, which can be achieved by extracting the system’s underlying physical information
through destructive or nondestructive methods. Anti-RE techniques should have the ability to
monitor, detect, resist, and react to invasive and noninvasive attacks.

9. What are t-Private Circuits, a circuit which is used to mitigate physical attacks?
The t -private circuit technique is based on the assumption that the number of concurrent
probe channels that an attacker could use is limited, and exhausting this resource deters an
attack. In this technique, the circuit of a security-critical block is transformed so that at least t
+ 1 probes are required within one clock cycle to extract one bit of information. First,
masking is applied to split computation into multiple separate variables, where an important
binary signal x is encoded into t +1 binary signals by XORing it with t independently
generated random signals (rt+1 = x⊕r1⊕· · ·⊕rt).
Input encoder (left) and output decoder (right) for masking in t-private circuits.

9. Write design for security mechanisms.

(1) Trusted executionenvironment (TEE), such as ARM’s TrustZone, Intel SGX, and
Samsung Knox, which protects code and data of an application from other untrusted
applications with respect to confidentiality (the
ability to observe a data), integrity (the ability to change it), and availability (the ability to
access certain
data/code by the rightful owner).
(2) Protection ofsecurity-critical assets in an SoC through appropriate realization of security
policies, such as access control and information flow policies, which govern the CIA
requirements for these assets.

10. What is meant by block chain technology.

A blockchain is a type of distributed database or ledger—one of today's top tech trends—
which means the power to update a blockchain is distributed between the nodes, or
participants, of a public or private computer network. This is known as distributed ledger
technology, or DLT.

11. List the applications of block chain technology.

Money Transfer
Financial exchanges
Lending
Insurance
Real estate
Secure personal information
Securely share medical information etc,

12. Write the counter measures for side channel attacks.

Countermeasures can be implemented at several levels:
• At the transistor level: logical gates and circuits are built such that the information
leakage is reduced;
• at the program level: the order of operations can be randomized or dummy
instructions can be inserted randomly to make the alignment of traces more difficult;
• at the algorithmic level: the operations of the cryptographic algorithm are computed
in such a way that the information leakage is reduced;
• at protocol level: the protocol is designed such that it limits the number of
computations an attacker can provoke with a given key.

13. Mention the counter measures for physical attacks.

System-Level Anti-Reverse Engineering
Active Shields for avoiding probing attacks
Analog Shields and Sensors avoiding probing attacks
t-Private Circuits for reducing probing attacks
The basic strategies to prevent against fault injection attacks are intrusion detection,
algorithmic resistance, and error detection.

14. What are the differences between reverse engineering with honest and dishonest
motivations?
15. List three categories of reverse engineering and their differences.
(1) Chip-level RE: Digital chips include application-specific integrated circuits
(ASICs), field-programmable gate arrays (FPGAs), and memories. RE of chips can be
nondestructive or destructive. X-ray tomography is a nondestructive method of RE that can
provide layer-by-layer images of chips, and is often used for the analysis of internal vias,
traces, wire bonding, capacitors, contacts, or resistors. Destructive analysis, on the other
hand, might consist of etching and grinding every layer for analysis.
(2) PCB-level RE: Electronic chips and components are mounted on a laminated
nonconductive
PCB [17] and electrically interconnected using conductive copper traces and vias.
(3)System-level RE: A system’s firmware includes the information about the system’s
operation and timing, and is typically embedded within nonvolatile memories (NVMs), such
as ROM, EEPROM, and Flash. RE can provide a deeper insight into the system under attack.

16. Mention need for hardware security.

Hardware security can pertain to a device used to scan a system or monitor network traffic.
Common examples include hardware firewalls and proxy servers. Less common examples
include hardware security modules that provision cryptographic keys for critical functions
such as encryption, decryption and authentication for various systems. Hardware systems can
provide stronger security than software and can also include an additional layer of security
for mission-critical systems.

17. list the different levels of abstraction of electronic hardware.

18. Outline the classification of Trojans based on the “Activation Mechanism”.

According to their activation mechanism, Hardware Trojans are classified as Externally
triggered or always-on.

19. Describe the difference between a combinational and a sequential Trojan.

Combinational Trojans are triggered on the occurrence of rare logic values of one or more
internal nodes, while a sequential Trojan exhibits its malicious effect after a sequence of rare
events during long period of field operation.
20. Illustrate the taxonomy of Trojan countermeasures.