0:49

And the third reason here is so when people design hardwares to implement

Â applications, implement functions, when you implement for example crypto crimi,

Â primitives, what they consider is performance, not security.

Â So this potentially can introduce security vulnerabilities into the system.

Â Finally, there might be malicious designers, malicious foundries.

Â They may add hardware trojans into the hardware.

Â 1:31

So today we are going to talk about microchip supply chain security and

Â the back doors.

Â And all the other concerns we are going to talk about later.

Â So let's start with the microchip supply chain.

Â So this figure is coming from a 2006 report

Â from the Defense Advanced Research Projects Agency.

Â It shows the design goes from a user specification.

Â Goes to the design team for design.

Â Goes to the manufacturer for fabrication.

Â And then eventually deliver back to the system, back to the system user for

Â testing and for deployment and monitoring.

Â So when the entire design and fabrication phase is in, in house,

Â it can be under control, everything is trusted.

Â However, with the increased design complexity, and

Â with the off shore foundry, a lot of these plugs becomes untrusted.

Â 2:25

So for example, this design team, it may be trusted, we might say okay,

Â okay, you have this design team for

Â years, but however, they are using models, which come from other sources.

Â They are using third party intellectual properties.

Â They are using design tools.

Â And these things may not be designed with a trusted source.

Â And also when we talk about the foundries, these are oversee of, for foundries.

Â They're out of our control.

Â So what we have here is only the phase when we

Â specify the system we can trust it.

Â When we get the system back we can do the test by ourself.

Â We'll trust our testing.

Â When we deploy the system.

Â When we monitor the system we can trust this.

Â And everything the middle we may not trust it.

Â 3:12

So now let's come down to see a couple more concrete examples.

Â So the first example we have is coming from the reveal slides for

Â digital logical design.

Â So where, where do we have this 3-input encoder.

Â So there are three bits input x, y and z.

Â And at, at any time, each, any one of them can be one, the only one.

Â And what we want to do is we want to encode this with a two bit code,

Â which will be fit into the next module as input.

Â 3:41

So if you remember from the review slides,

Â what we have here is the optimal design looks like this.

Â A is the complement of z, and then b, b is the complement of y.

Â So we know this is the best design.

Â However, there might a couple of security problems for this design.

Â 3:59

So first if we have 000 as the input,

Â following this design, a will be 1, which is the complement of z.

Â And then b will also be 1, which is the complement of y.

Â So this overall will give us an output 11 as the code.

Â Which coincides with the code for inputs combination 100.

Â So this potentially becomes a backdoor to the case of input 100.

Â And the second question, well, maybe actually is a more severe problem.

Â So when we have inputs such as 011 or 111,

Â the output of this optimal design, give us 00 as the output.

Â Which will be feed into the next module as input, but

Â however if you come back to our system specification here,

Â 5:10

So the next slide we're going to see an example of sequential system design.

Â Where we have a three state find-a-state machine.

Â And we have state 00, state 01, and 10.

Â And this table shows, this diagram shows you that if I'm at state 00 for

Â example I'll input X equal to zero, I'm going to move to state 01 and output a 1.

Â So if you follow the traditional design we have reviewed in the review slides.

Â What we have here is we need to flip flop the A and the B,

Â we encoded the two bits 0 and 0 or 01110.

Â And then we need the input, and

Â then we need to specify what will be the next stage.

Â 'Kay?

Â So, for example, like the one we have mention earlier, start from stage 00.

Â I input x equal to 0, I'm going to move to state 0, 1 okay.

Â 6:29

So for example here, 01, that is my current state.

Â Then if input is 0, I don't care where it goes.

Â I don't care what is the next state.

Â But however, from this system here, you cannot generate I don't care.

Â When the system is at state 01,iIf you give 0 as

Â an input the system has to direct you to a deterministic state.

Â 7:11

What happens if those has counted one?

Â So this give you another state,

Â state 11, which is not specified in the original system specification here.

Â And however when the system is designed in this way,

Â you must have some next state when the current state is 11.

Â 7:43

So this leads us to the following five finite state machine model for

Â the system, actually, was delivered to us.

Â This system here.

Â It is a four stage state machine,

Â with everything completely specified, particularly these four red edges.

Â 8:02

And now you say okay so, this three-state machine is what I want.

Â I want you to design a system for, for

Â me to do this functionality, and this is what is delivered to me, and

Â if I check all these original constraint, they are met.

Â 8:40

So for example, now we see this finite state machine, it is what we required and

Â this is what delivered.

Â And we mentioned that we may have these backdoors here,

Â and then how can we figure out these backdoors?

Â Well how can attackers find these backdoors?

Â So we consider this simple case,

Â where we assume that state 00 is a state that we want to restrict the access.

Â So the original system nobody can come back to 00,

Â there's no incoming edge coming into 00.

Â But however in this new state, where this new state machine have been implemented,

Â I do see this address coming back.

Â I do see this one coming back.

Â I do see this one coming back.

Â And then from first state 00 I can go to 01 and then come back.

Â So the state machine that I have, that designed, everybody can come back and

Â access state 00.

Â So this is the potential vulnerability.

Â But how easy it is for the attackers to find this back door?

Â [SOUND] To show this, we designed a very simple random walk attack.

Â So in this attack, the attacker is going to start from a random state, for

Â example, 01.

Â And then he is going to try, try a random input for example one again.

Â And with this one, the system will move him into state 10.

Â And then we say okay, so this is not what I want, not state 00.

Â So he is going to try another random input, for example 00.

Â And then this one stays at state 10, still not the target at 00.

Â And next time the attacker is going to try input one, and

Â this will take him directly to the state of 00.

Â Which means that the attacker now have access to the state 00 which he

Â doesn't have access.

Â Where, we, he should not have access.

Â [SOUND] So now we use the same example to show how

Â malicious designers can introduce hardware Trojan into the system.

Â So for example in this case, again we want to limit the access to state 00.

Â And then malicious designers may say, so I want to have a back door access to it.

Â And how do I do, do that?

Â