Viewing entries tagged
Hardware Security

Our First Patent!

Our First Patent!

We have received a patent on PV-Bit, our unique method of assessing the trustworthiness of FPGA bitstream contents, ensuring they are free from hardware Trojans or unwanted modifications.

Originally, we published a description of this method at GOMAC back in 2017. Since then, we realized we could take the verification method we presented there and patent it. Jonathan Graf, Scott Harper, and Ali Asgar Sohanghpurwala all contributed to the writing of the patent. Great work to all our people who put in the knowledge, effort, and time that made this patent possible!

 ——-

Private Verification for FPGA Bitstreams

US Patent No US 10,902,132 B2

Jonathan Graf, Ali Asgar Sohanghpurwala, Scott Harper

Abstract: An apparatus, method and system are disclosed which may be used for assessing the trustworthiness of a particular proprietary microelectronics device design representation in a manner that will maintain its confidentiality and, among other things, thwart attempts at unauthorized access, misappropriation and reverse engineering of the confidential proprietary aspects contained in the design representation and/or its bit stream design implementation format. The disclosed method includes performing a process for assessing/verifying a particular microelectronics device design representation and then providing some indication of the trustworthiness of that representation. An example utility/tool which implements the disclosed method is described that is particularly useful for trust assessment and verification of FPGA designs. The described utility/tool may be instantiated on a semiconductor device or implemented as a software utility executable on a mobile computing device or other information processing system, apparatus or network.

 ——-

You can take a look at our patent at this link.

 

A diagram from our PV-Bit patent.

 

Graf Research Presents "Measuring Trust" at MAPLD 2018

For a second consecutive year, Graf Research has been invited to the Military and Aerospace Programmable Logic Devices (MAPLD) Workshop in La Jolla, California, this time to present a keynote lecture.  Jonathan Graf will present a topic entitled "Measuring Trust" on May 24.  Be sure to stop in and see our keynote!

——-

Measuring Trust

By Jonathan Graf

MAPLD 2018

In space and defense microelectronics research, we often define trust in a domain-specific manner: we trust our microelectronic devices when they are genuine devices that do what they are supposed to do and nothing else.   Measuring whether a microelectronic device is trusted requires blending disparate contributors.  In practice, however, many tend to focus on one contributor to the exclusion of others.  We often look exclusively at trust assessment methods (tools, best practices, techniques) that measure attributes of systems or devices, conflating a measurement of method efficacy with a measure of trust.  How to transition from metrics that measure the efficacy of a method to metrics that measure all components that contribute to trust is an ongoing topic of research, both at Graf Research and elsewhere.  These trust metrics systems blend measurements of methods with the concept of an adversary.  The adversary has their own methods and uses them to interact with a defender in an engagement.  Modeling this engagement correctly requires knowledge not only of the strategies available to each party but also their resources, capabilities, and goals.  A useful model that considers all these elements can quantitatively inform those who wish to measure whether their devices meet the above trust definition.

In this invited talk, we will construct a system of trust metrics that considers all requisite elements.  It uses a quantified, cost-indexed risk function as a trust metric to describe the payoff to a defender for selecting certain sets of methods as a detection strategy.  It similarly models the adversary and their payoff for selecting an exploitation strategy.  The goal of each party is to maximize their payoff.  We demonstrate how these two payoff metrics may be combined using game theory to select the optimal strategies for both the adversary and defender to achieve their highest payoff when considering the likely actions of the other party.  This example system focuses on hardware Trojan detection.  It tells the defender the optimal method of how to find Trojans. Incidentally, it also tells the adversary the optimal methods of how to exploit the system.  We conclude the talk by comparing this metric to other emerging trust metrics.

Graf Research at IEEE HOST (and TAME and WISE)

Graf Research will be at the IEEE International Symposium on Hardware Oriented Security and Trust (HOST) as well as the co-located workshops the Trusted and Assured MicroElectronics Forum (TAME) and Women in Hardware and Systems Security (WISE).   Please say hello to Jonathan Graf, who will be a poster session chair and judge at HOST and a panelist in the TAME forum, and Whitney Batchelor, who will be a poster judge at WISE.  See you there!

 

GOMAC 2017: "Private Verification for FPGAs" and "OpTrust"

Graf Research will present two papers at GOMAC 2017.  The first is on the private verification of FPGA bitstreams: a method for verifying that bitstream contents are trustworthy without reverse engineering them.  The second is on OpTrust, the software tool that encapsulates our game theoretic decision engine for microelectronics trust.

-----

Private Verification for FPGA Bitstreams
Jonathan Graf and Ali Asgar Sohanghpurwala

Abstract: We introduce private verification, a novel paradigm for trustworthy microelectronics design verification. Private verification methods and software simultaneously meet two requirements: (1) comprehensively verifying the design and (2) maintaining the privacy of certain aspects of the design, such as its implementation details or design format. We present an implementation of such a tool, entitled PV-Bit, which is capable of verifying the contents of FPGA bitstreams without exposing the details of the vendor-proprietary bitstream format or posing other security risks.

-----

OpTrust: Software for Determining Optimal Test Coverage and Strategies for Trust
Jonathan Graf

Abstract: Building on our prior work in the theory and practice of applying game theory to determine optimal test strategies for hardware Trojan detection, we present the OpTrust software tool. OpTrust is an automated game solving tool that offers microelectronics developers guidance about the optimal test strategies to ensure the trustworthiness of their designs. It divides roles among a red team, a threat environment team, and the developer. In this way, complexity and sensitive information are hidden from developers, allowing them easy access to test guidance.