News and Events
Graf Research and the University of Southern California's Information Sciences Institute will publish our work on “Irrefutable Tamper Logging through FPGA Key Management” at the 2017 DoD Anti-Tamper Conference. Co-authors include Jonathan Graf and Ali Asgar Sohanghpurwala from Graf Research and Matthew French and Dr. Andrew Schmidt from USC-ISI.
Graf Research has been awarded a Phase 0 BAA research project entitled DPA Title III Trusted FPGAs.
Brief Program Summary: The Department of Defense (DoD) and Intelligence Community (IC) have identified Field Programmable Gate Arrays (FPGAs) as a critical enabling technology across a wide variety of present and future systems. Advanced, commercially available FPGAs do not meet DoD's requirements for Trusted Systems as they are manufactured in un-Trusted fabrication facilities, primarily off-shore, and are considered vulnerable to tampering and insertion of malicious software and/or hardware. This program seeks to improve the security posture and reduce the risk associated with FPGA technology by addressing security concerns in the design, development, fabrication and supply lifecycle of FPGA devices. The purpose of this study is to conduct an analysis and develop an approach to ensure the availability of advanced “Trusted” and space qualified re-programmable FPGAs technology to support DoD/IC applications including satellite and strategic missile systems. “Trust” is defined as assurance of the integrity and availability of a product wherein that product will reliably operate as intentionally designed and not contain any malicious hardware and/or software that will compromise the intended application; e.g., exfiltration of sensitive data, etc. Efforts envisioned during this Phase 0 study include: analysis of current FPGA manufacturing capabilities; analysis of future technical capabilities needed to meet the needs of the FPGA market (USG and commercial); creation of a draft technical plan and schedule to establish a Trusted source for space qualified FPGA devices, to include (non-binding) high-level cost projections, to establish quantitative “Trust” criteria for FPGAs; identification and analysis of the markets for FPGAs; and identification of business strategies to ensure long term success in the Trusted and space qualified FPGA market.
Graf Research will present two papers at GOMAC 2017. The first is on the private verification of FPGA bitstreams: a method for verifying that bitstream contents are trustworthy without reverse engineering them. The second is on OpTrust, the software tool that encapsulates our game theoretic decision engine for microelectronics trust.
-----
Private Verification for FPGA Bitstreams
Jonathan Graf and Ali Asgar Sohanghpurwala
Abstract: We introduce private verification, a novel paradigm for trustworthy microelectronics design verification. Private verification methods and software simultaneously meet two requirements: (1) comprehensively verifying the design and (2) maintaining the privacy of certain aspects of the design, such as its implementation details or design format. We present an implementation of such a tool, entitled PV-Bit, which is capable of verifying the contents of FPGA bitstreams without exposing the details of the vendor-proprietary bitstream format or posing other security risks.
-----
OpTrust: Software for Determining Optimal Test Coverage and Strategies for Trust
Jonathan Graf
Abstract: Building on our prior work in the theory and practice of applying game theory to determine optimal test strategies for hardware Trojan detection, we present the OpTrust software tool. OpTrust is an automated game solving tool that offers microelectronics developers guidance about the optimal test strategies to ensure the trustworthiness of their designs. It divides roles among a red team, a threat environment team, and the developer. In this way, complexity and sensitive information are hidden from developers, allowing them easy access to test guidance.
Jonathan Graf will be giving an invited talk, entitled "A Few Thoughts about FPGA Trust," and leading a working group brainstorming session at the 2017 NDIA FPGA Assurance Workshop on March 1-2. Be sure to come out to attend this stimulating event!
Graf Research has been awarded a Phase 1 SBIR entitled, "CP-SMARTS" We will create a model of cyber physical security called CP-SMARTS: Cyber Physical Security for Mission-Aware ARmy Tactical Systems. CP-SMARTS will model not only the services required of Cyber Physical Systems (such as computation, communications, control, etc.) but also Mission Assurance requirements (definitions of Mission Essential Function and corresponding vulnerabilities and mitigations) and Information Assurance services (such as Confidentiality, Integrity, Availability, Authentication, etc.). A core element of our teams CPS philosophy one that will permeate our approach in modeling, model checking, and implementation is that we always keep deployment in mind. This means creating models and model checking methods that integrate well into the development environment of the user who will deploy the CPS. In so doing, we create technologies that not only work on the whiteboard and in simulation but also can be readily adopted by commercial and military CPS designers.
Graf Research has been awarded funding to develop custom electronic design automation (EDA) software for Field Programmable Gate Arrays.
Graf Research will be at the Xilinx Security Working Group in Longmont, CO from Oct 24-25, 2016. Make sure to say hello and chat with us about our exciting new research avenues!
Graf Research has been awarded a Phase 1 SBIR to research and develop optimal strategies for cloud-based trust assessment. We anticipate creating not only a novel cloud architecture that can facilitate the use of many of the DARPA-sponsored custom microelectronics trust software tools but also a unique, cloud-hosted software product OpTrust-C which will devise optimal strategies for the proper implementation of defensive measures.
Continuing our publication of the applications of Game Theory to various levels of trust assessment, we discuss system-level applications in our IEEE NAECON 2016 paper. Come on out and see our presentation!
-----
Towards System-Level Adversary Attack Surface Modeling for Microelectronics Trust
Jonathan Graf
Abstract: Models of trust for microelectronic systems are difficult to create due to the large variety of adversarial strategies available. Building on previous work, we present a new adversary model that considers the large heterogeneous attack surface that is realistically available on a diverse microelectronic system. We also present an expanded game theoretic model that permits reasoning about optimal adversarial and defensive strategies across this varied attack surface.
Graf Research has been awarded a Phase 1 SBIR entitled "Irrefutable Tamper Logging." On this project, we will create the GR-TLogger, a tamper logger that makes use of the key management capabilities of next-generation secure FPGAs to store tamper logs that are information rich, semi-permanent, and irrefutable.
Jonathan Graf will be presenting an invited lecture entitled "FPGA Trust: Threats, Methods, Metrics, and Optimization" to the Hardware Security Symposium at the Potomac Institute for Policy Studies on May 2, 2016.
Jonathan Graf of Graf Research along with co-presenter Dale Reese of Idaho Scientific will be giving an invited lecture to Virginia Tech's Center for Embedded Systems for Critical Applications (CESCA). The topic is "FPGA MPSoC Security: Design and Runtime." Come on out and hear us! Details below:
FPGA MPSoC Security: Design and Runtime
Jonathan Graf, Founder, Graf Research; Dale Reese, Founder and Chief Scientist, Idaho Scientific
2:30pm - 3:30pm on April 15, 2016 (Friday) at Whittemore Hall 457
Abstract: An emerging class of Field Programmable Gate Array (FPGA) – the Multi-Processor System on Chip (MPSoC) – holds enormous promise for novel processing architectures in a variety of domains. Within the context of high-security systems, the same-die close coupling of heterogeneous processing structures with hardened security resources is of particular interest. Modern FPGA MPSoCs provide not only programmable FPGA fabric, ARM CPUs, graphics processor units (GPUs), and digital signal processors (DSPs) but also cryptographic accelerators, physically unclonable functions (PUFs), and hardware random number generators (HRNGs). This pairing of processing and security resources raises the possibility of using them to create tightly integrated, custom secure processors for emerging networked applications that demand the highest security standards. FPGA MPSoCs hold the potential of revolutionizing the security posture for high-security Internet of Things (IoT) applications such as autonomous vehicles, intelligent energy grid devices, home and industrial automation, cyber-physical systems – and even the datacenter.
In this seminar, Jonathan Graf (Graf Research) and Dale Reese (Idaho Scientific) will introduce the variety of embedded computing security disciplines that meet within the confines of FPGA MPSoCs. Security must be built into these devices from the moment they are first designed, all the way through their supply chains, during the development of each piece of software and firmware, and throughout every runtime operation of each disparate processing structure. Collectively, this makes the FPGA MPSoC an exciting new device class with exceptional opportunities for new embedded computing security innovation.
We are continuing to publish our research on the use of Game Theory to optimize hardware Trojan detection processes in our paper at IEEE HOST 2016. Make sure to come by and chat with us!
-----
Trust Games: How Game Theory Can Guide the Development of Hardware Trojan Detection Methods
Jonathan Graf
Abstract: The development of circuit testing and verification methods is commonly driven by formal analysis centered on an abstract mathematical model of the error or defect the method is designed to detect. Hardware Trojans, however, confound attempts to develop simple representative models due to the varieties of their physical embodiments in a circuit and the creative nature of a rational human adversary. Since it is nonetheless desirable to have a mathematical framework for determining the effectiveness of hardware Trojan detection methods, we present a game theoretic framework for so doing. Modeling the Trojan maker and detection method designer as opposing players in a 2-person strategic game is a necessary step in our process. However, the ultimate utility of the approach depends on an accurate security economic model of both players that can correctly consider the players’ incentives, empirically-derived detection method efficacy metrics, a comprehensive taxonomy of hardware Trojans, and the places in the design cycle of the circuit where the Trojan insertion and detection occur. In this paper, we present such a security economic model and the resulting game, which we call the Trust Game. We illustrate the value of this game primarily in the context of how it may guide the development of new hardware Trojan detection methods. We solve a representative game, illustrating the value of two common solution concepts, the iterated elimination of dominated strategies and Nash equilibrium. We further show that this framework has utility to both of the opposing players in the game. Finally, we recommend the development of standardized Trust Games that can be used to quickly measure the efficacy of both new hardware Trojans and hardware Trojan detection methods.
We're going to GOMAC this year to present our paper, "Toward Optimal Hardware Trojan Detection through Security Economics and Game Theory." Come on out to see us!
——-
Toward Optimal Hardware Trojan Detection through Security Economics and Game Theory
Jonathan Graf
Abstract: We present a security economic model that informs the optimal selection of hardware Trojan detection strategies. Our model accurately represents the economics and efficacy of available verification and Trojan detection methods and accounts for the varieties of available hardware Trojans. Paired with game theoretic analysis, this model informs ASIC/FPGA designers and associated policy makers of optimal defensive strategies.
It’s a first for Graf Research! Jonathan Graf has been invited to give a talk at the Industrial Security Working Group Panel on FPGA Configuration Security. The topic is “Threats to FPGA Configuration Security: The (Alarming!) Sophistication of Academic Exploits.” This will be the first time that Graf Research Corporation is represented at a conference, and certainly not the last!
Jonathan Graf will be attending the Xilinx Security Working Group in Longmont, CO from October 26-28. Be sure to say hello and chat about our upcoming research!
Graf Research has been founded!
