Probabilistic Hardware Trojan Attacks on Multiple Layers of Reconfigurable Network Infrastructure

  • PDF / 1,482,426 Bytes
  • 18 Pages / 595.224 x 790.955 pts Page_size
  • 83 Downloads / 199 Views

DOWNLOAD

REPORT


Probabilistic Hardware Trojan Attacks on Multiple Layers of Reconfigurable Network Infrastructure Rijoy Mukherjee1 · Vidya Govindan1 · Sandhya Koteshwara2 · Amitabh Das2 · Keshab K. Parhi2 · Rajat Subhra Chakraborty1 Received: 27 April 2020 / Accepted: 7 October 2020 © Springer Nature Switzerland AG 2020

Abstract Over the past decades, there has been an exponential growth in the number of connected devices, often without well-thought out security mechanisms in place for the relevant network standards and protocols. As a result, security loopholes have been discovered and widely exploited for these vulnerable connected devices, often with devastating consequences. As a countermeasure to these attacks, subsequently some of these original network standards have been enhanced with addition of security features, e.g., the original insecure Ethernet protocol (IEEE 802.3) was supplemented by the IEEE 802.1AE Media Access Control Security (MACSec) standard. In this paper, we present a network packet redirection attack on reconfigurable network devices, specifically a MACSec-enabled NetFPGA-SUME based Ethernet switch, as well as on a NetFPGA-SUME based IPv4 router, by means of Hardware Trojan (HT) insertion. Our HT design is probabilistic in its functionality, with multi-level trigger mechanism. In the MAC layer attack, an activated HT redirects a frame to an incorrect port leading to possible eavesdropping by a malicious attacker as well as denial-of-service, while in the network layer attack, upon activation it forwards all IP packets through a sub-optimal router port causing a denial-of-service attack on the receiver. The proposed HT evades most state-of-the-art HT detection schemes, while having very low resource footprint. We present the complete architecture, detailed description of the mode of operation, and implementation of the HT, with promising experimental results. Keywords Denial-of-service · Ethernet switch · Hardware trojan · IPv4 router · MACSec · NetFPGA · Network security

1 Introduction The rapid global increase in Internet connectivity since its inception has compelled the networking industry to continuously innovate networking applications and network-centric devices. In particular, the relatively recent advent of the Internet of Things has led to an explosion in the number

A preliminary version of this work was presented at the International Conference on Security, Privacy and Applied Cryptographic Engineering 2019 (SPACE’19). The current version additionally describes a different probabilistic Hardware Trojan attack for the Network Layer that affects IPv4 routing.  Rajat Subhra Chakraborty

[email protected]

Extended author information available on the last page of the article.

of connected devices. However, oftentimes, consideration for performance and connectivity issues has dominated the thought process of network designers, and regretfully security has been an afterthought. This has resulted in billions of connected devices, ranging from the largest Web servers to the smallest net