Title

Data Secrecy Protection Through Information Flow Tracking In Proof-Carrying Hardware Ip - Part I: Framework Fundamentals

Keywords

data secrecy protection; dynamic information assurance; Hardware trust; information flow tracking; proof-carrying code

Abstract

Proof-carrying hardware intellectual property (PCHIP) is a previously proposed framework for ensuring trustworthiness of third-party hardware IP through the development of formal proofs for security properties designed to prevent introduction of malicious behavior. Based on this framework, we introduce new approaches for assuring that the secrecy of internal information in a hardware design is not compromised by design flaws or malicious hardware Trojans. Specifically, we devise two PCHIP-based information flow tracking approaches, which enhance the formal PCHIP framework with secrecy tags and/or sensitivity levels in order to provide mechanisms for proving that sensitive information does not reach undesired sites. To assist in the development of data secrecy properties, we also introduce the concept of theorem generation functions, which enable generation of security theorems independent of the target circuit, thereby paving the way for proof automation. In addition, we enhance the PCHIP framework with a hierarchy-preserving methodology and we show its utility in preventing malicious data modification, which may indirectly result in sensitive information leakage, such as by modifying the secret key in a cryptographic core. This enhanced PCHIP framework also enables development of hybrid module libraries, which contain hardware description language code along with proofs of lemmas for these modules. These module libraries can then be used for hierarchically proving security properties in higher level designs, thereby reducing the proof development burden in the general PCHIP framework. Efforts toward automation of the proposed methodologies, as well as evaluation of their effectiveness in identifying design flaws or hardware Trojans in various cryptographic hardware designs are presented in part II of this paper series.

Publication Date

10-1-2017

Publication Title

IEEE Transactions on Information Forensics and Security

Volume

12

Issue

10

Number of Pages

2416-2429

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/TIFS.2017.2707323

Socpus ID

85029233527 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85029233527

This document is currently not available here.

Share

COinS