Identification of digital device hardware vulnerabilities based on scanning systems and semi-natural modeling

Objectives. The development of computer technology and information systems requires the consideration of issues of their security, various methods for detecting hardware vulnerabilities of digital device components, as well as protection against unauthorized access. An important aspect of this problem is to study existing methods for the possibility and ability to identify hardware errors or search for errors on the corresponding models. The aim of this work is to develop approaches, tools and technology for detecting vulnerabilities in hardware at an early design stage, and to create a methodology for their detection and risk assessment, leading to recommendations for ensuring security at all stages of the computer systems development process.
Methods. Methods of semi-natural modeling, comparison and identification of hardware vulnerabilities, and stress testing to identify vulnerabilities were used.
Results. Methods are proposed for detecting and protecting against hardware vulnerabilities: a critical aspect in ensuring the security of computer systems. In order to detect vulnerabilities in hardware, methods of port scanning, analysis of communication protocols and device diagnostics are used. The possible locations of hardware vulnerabilities and their variations are identified. The attributes of hardware vulnerabilities and risks are also described. In order to detect vulnerabilities in hardware at an early design stage, a special semi-natural simulation stand was developed. A scanning algorithm using the Remote Bitbang protocol is proposed to enable data to be transferred between OpenOCD and a device connected to the debug port. Based on scanning control, a verification method was developed to compare a behavioral model with a standard. Recommendations for ensuring security at all stages of the computer systems development process are provided.
Conclusions. This paper proposes new technical solutions for detecting vulnerabilities in hardware, based on methods such as FPGA system scanning, semi-natural modeling, virtual model verification, communication protocol analysis and device diagnostics. The use of the algorithms and methods thus developed will allow developers to take the necessary measures to eliminate hardware vulnerabilities and prevent possible harmful effects at all stages of the design process of computer devices and information systems.

1. Smetana D. FPGA-Enabled Trusted Boot Is Part of Building Security into Every Aspect of Trusted Computing Architectures. Military & Aerospace Electronics Journal. September 25, 2019. Available from URL: https://www.militaryaerospace.com/trusted-computing/article/14040672/trustedcomputing-embedded-computing-realworld

2. Sesin I.Yu., Bolbakov R.G. Comparative analysis of software optimization methods in context of branch predication on GPUs. Russ. Technol. J. 2021;9(6):7–15 (in Russ.). https://doi.org/10.32362/2500-316X-2021-9-6-7-15

3. Shayan M., Basu K., Karri R. Hardware Trojans Inspired Hardware IP Watermarks. IEEE Design & Test. 2019;36(6):72–79. https://doi.org/10.1109/MDAT.2019.2929116

4. Hennessy J.L., Patterson D.A. A new golden age for computer architecture: Domain-specific hardware/software co-design, enhanced security, open instruction sets, and agile chip development. In: Proceedings of the 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA). IEEE; 2018. https://doi.org/10.1109/ISCA.2018.00011

5. Li D., Zhang Q., Zhao D., Li L., He J., Yuan Y., Zhao Y. Hardware Trojan Detection Using Effective Property-Checking Method. Electronics. 2022;11(17):2649. https://doi.org/10.3390/electronics11172649

6. Alekhin V.A. Designing electronic systems using SystemC and SystemC-AMS. Russ. Technol. J. 2020;8(4):79–95 (in Russ.). https://doi.org/10.32362/2500-316X-2020-8-4-79-95

7. Yang K., Zhang K., Ren J., Shen X. Security and privacy in mobile crowdsourcing: Challenges and opportunities. IEEE Commun. Mag. 2015;53(8):75–81. https://doi.org/10.1109/MCOM.2015.7180511

8. Lou X., Zhang T., Jiang J., Zhang Y. A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography. Vol. 1. No. 1. March 2021. Available from URL: https://arxiv.org/pdf/2103.14244

9. Skorobogatov S., Woods C. Breakthrough Silicon Scanning Discovers Backdoor in Military Chip. In: Prouff E., Schaumont P. (Eds.). Cryptographic Hardware and Embedded Systems – CHES 2012. Lecture Notes in Computer Science. 2012. V. 7428. Berlin, Heidelberg: Springer. https://doi.org/10.1007/978-3-642-33027-8_2

10. Tasiran S., Keutzer K. Coverage metrics for functional validation of hardware designs. IEEE Des. Test. Comput. 2001;18(4):36–45. https://doi.org/10.1109/54.936247

11. Mukhopadhyay D., Chakraborty R.S. Hardware Security: Design, Threats, and Safeguards. CRC Press; 2014. 542 p. ISBN 978-1-4398-9584-9

12. Tarasov I.E. PLIS Xilinx. Yazyki opisaniya apparatury VHDL i Verilog, SAPR, priemy proektirovaniya (FPGA Xilinx. Hardware Description Languages VHDL and Verilog, CAD, Design Techniques). Moscow: Goryachaya liniya – Telekom; 2024. 538 p. (in Russ.). ISBN 978-5-9912-0802-4

13. Turkington K., Masseios K., Constantinides G.A., Leong P. FPGA Based Acceleration of the Linpack Benchmark: A High Level Code Transformation Approach. In: 2006 International Conference on Field Programmable Logic and Applications. IEEE; 2007. INSPEC Accession Number: 9604301. https://doi.org/10.1109/FPL.2006.311240

14. Tamuly S., Joseph A. Chandrasekharan J. Deep Learning Model for Image Classification. In: Smys S., Tavares J., Balas V., Iliyasu A. (Eds.). Computational Vision and Bio-Inspired Computing. ICCVBIC 2019. Advances in Intelligent Systems and Computing. Springer, Cham; 2019. V. 1108. P. 312–320. https://doi.org/10.1007/978-3-030-37218-7_36

15. Majeric F., Gonzalvo B., Bossuet L. JTAG Fault Injection Attack. IEEE Embed. Syst. Lett. 2018;10(3):65–68. https://doi.org/10.1109/LES.2017.2771206

16. Abdalhag B., Awad A., Hawash A. A fast Binary Decision Diagram (BDD)-based reversible logic optimization engine driven by recent meta-heuristic reordering algorithms. Microelectron. Reliab. 2021;123:114168. https://doi.org/10.1016/j.microrel.2021.114168

17. Pevtsov E.F., Demenkova T.A., Shnyakin A.A. Design for Testability of Integrated Circuits and Project Protection Difficulties. Russ. Technol. J. 2019;7(4):60–70 (in Russ.). https://doi.org/10.32362/2500-316X-2019-7-4-60-70

18. Kuo M.-H., Hu Ch.-M., Lee K.-J. Time-Related Hardware Trojan Attacks on Processor Cores. In: IEEE International Test Conference in Asia (ITC-Asia). IEEE; 2019. https://doi.org/10.1109/ITC-Asia.2019.00021

19. Komolov D., Zolotukho R. Using special memory chips to ensure FPGA copy protection. Komponenty i tekhnologii = Components& Technologies. 2008;12:24–26 (in Russ.).Available from URL: https://kit-e.ru/wp-content/uploads/2008_12_24.pdf.

20. Becker A., Hu W., Tai Y., Brisk P., Kastner R., Ienne P. Arbitrary Precision and Complexity Tradeoffs for Gate-Level Information Flow Tracking. In: Proceedings of the 54th ACM/EDAC/IEEE Design Automation Conference (DAC). IEEE, 2017. Part 128280. https://doi.org/10.1145/3061639.3062203

21. Polychronou N.F., Thevenon P.H., Puys M., Beroulle V. A Comprehensive Survey of Attacks without Physical Access Targeting Hardware Vulnerabilities in IoT/IIoT Devices, and Their Detection Mechanisms. ACM Trans. Design Automat. Electron. Syst. 2022;27(1):1–35. https://doi.org/10.1145/3471936

22. Erata F., Deng Sh., Zaghloul F., Xiong W., Demir O., Szefer J. Survey of Approaches and Techniques for Security Verification of Computer Systems. ACM J. Emerg. Technol. Comput. Syst. 2022;1(1):Article 1. https://doi.org/10.1145/3564785

23. Yang X., Zhao D., Jiang Y., Zhang X., Yuan Y. Fault Simulation and Formal Analysis in Functional Safety CPU FMEDA Campaign. J. Phys.: Conf. Ser. 2021;1769:012061. https://doi.org/10.1088/1742-6596/1769/1/012061