Over 40 organisations from the fields of 5G, AI, IoT and automotive participated in OneSpin’s fourth annual puzzle competition, held to highlight real-world problems of trust vulnerabilities in hardware designs and suggest ways to avoid them. Among them: Xilinx, Intel, Fotonation, NXP, Nokia, AMD, Sensirion and the OpenHW Group, who worked on detecting hardware Trojans inserted into two RTL designs.
The puzzle required participants to find Trojans in the designs sourced from TrustHub and were allowed to use any tool available to them to reach a solution. Guidance was provided on how OneSpin solutions would allow the Trojans to be found. Participants were required to submit waveforms of the traces that activate these Trojans.
The challenge’s goal was to highlight the awareness of vulnerability risks associated with Trojans and to suggests a path to automatic detection of these types of IC supply chain attacks.
Winners Nithin Kumar Guggilla of Xilinx, Tero Kuusijärvi of NOKIA, and Wayne Yun of AMD found the Trojans; they receive Bose SoundSport wireless headphones.
Hardware trust and security dilemma
The nature of today’s complex electronics makes them extremely vulnerable to unintended or malicious attacks. A hardware Trojan is engineered to cause major damage in response to a trigger known by the attacker. It could expose “secure” data, cause serious product malfunction, or even destroy a chip.
Modern, highly-configurable hardware provides a favourable hiding place for backdoors, time bombs, performance degradation or kill switches. And the threat of Trojans being inserted into third-party IPs or during pre-silicon design implementation steps is of increasing concern to the hardware community. Everything from connected autonomous vehicles, medical devices, smartphones, defense and aerospace systems, nuclear power plants, 5G networks, IoT devices and cloud computing are at risk.
Companies have an obligation to ensure that these systems and devices are protected against attacks that could compromise safety and security. The OneSpin Hardware Trust and Security challenge illustrates how vulnerable designs are to Trojans that can hide throughout all the stages of IC development and how to combat them.
“This challenge has confirmed that more and more companies now understand the importance of protecting their hardware designs against trust and security risks,” commented Raik Brinkmann, President and CEO of OneSpin. “Leaving vulnerabilities in the design, whether unintentional or malicious, can have catastrophic consequences. Being able to exhaustively detect these ‘holes’ in the design is critical to delivering safe, trusted, and secure devices to the market. OneSpin is at the forefront of providing the technology assuring trust and security at the hardware level, as part of IC integrity.”
More about the winners’ entries can be found at https://www.onespin.com/blog.