Skip to main content

The promises of Cyber Physical Systems can only be realized if security is addressed from its very inception. CPS provides several attack surfaces, side channel analysis being one of them. CPS is instituted of heterogeneous components, typically designed as a network of interacting elements with physical input and output instead of as standalone devices. Security of CPS is often provided by ensuring confidentiality, integrity, and authentication by incorporating cryptographic techniques. However, the implementation of these cryptographic algorithms can itself be targets of further attacks, called side channel analysis. For example, the power consumption or the electromagnetic radiations of a bitcoin wallet can lead to the leakage of its private key, which implies the entire technology built on that is compromised. Likewise, autonomous electric bulbs, which are commercially deployed IoT products have shown to leak via power analysis their secret keys which are used to authenticate any firmware upload. Once it is compromised, the side channel attack can be combined with other attack vectors to make the attacks against IoT or CPS go nuclear!

Threat of Trojans

In another attack surface, many of the products used in IoT or SCADA are being purchased from offshore companies and are being packed in foreign fabs. Particularly for safety-critical infrastructure, there is always a possibility and apprehension that these electronics can be infected by stealthy modifications which are called as Hardware Trojans. Detecting these malicious modifications, which can happen at the IC level or even PCB level, are extremely difficult. Recently it is suspected that a Chinese military unit designed and manufactured microchips as small as a sharpened pencil tip (around 0.2 mm). Some of these chips were built to look like signal conditioning couplers, however they contained memory, networking capability, and enough processing power for launching an attack. These microchips were inserted at Chinese factories that supplied Supermicro, one of the world’s biggest sellers of server motherboards. The tampered motherboards were built into several server machines which were assembled by the company. The sabotaged computers made their ways into datacenters of several companies. Alarmingly, when one of these servers were installed and turned on, the microchip altered the Operating System’s core to accept further changes. In order to receive further instructions for attackers these Trojan infected chips could also contact attacker-controlled machines! It is indeed alarming and underlines that detection and isolation of such malware infected electronics is of paramount importance.

Answers to key questions

The above discussion leads to the following research questions: a. How to test the side channel robustness of security products being installed in Cyber Physical Systems ( CPS)? Can these tests be performed in a black box or gray box approach? b. How can we develop a Trojan detection test-bed for Cyber Physical Systems (CPS) and IoT products? To address the first question above, we need to develop test methodology for side channel leakage. This would involve being able to perform the leakage detections in a black box setting, as many of these designs would be without much details. The approach would be also to develop a reverse engineering know-how, from where we can in the first level do an extent of reverse engineering to comprehend the codebase/design executing in the device. This would be followed by a second level approach of developing black-box test-suites for leakage detections, wrt. power, faults, and so on. To address the second question, a viable approach would be through imaging-based Trojan/counterfeit detection. For example, to sanitize ICs that we get taped out in offshore fabs, we can try to develop a methodology wherein we can try to obtain back the gds2 (the final format sent to the fab unit) by taking high quality images (using the FIB station at IIT Kharagpur) and comparing with the gds2 actually sent during the design developed in our laboratory. One can try to incorporate Image processing techniques accompanied with suitable data-analysis techniques to make the detection more accurate. However, for PCB level Trojan detections, we need to augment the setup with other instruments for imaging, like X-Ray based devices, which are more appropriate for PCB level detection. Deliverable from this will be a SCADA/IoT Side Channel Test Lab, Trojan Test Lab. The set up and knowhow developed in these labs can be then replicated in government cyber security certification agencies such as STQC. The test service at the Technology Innovation Hub (TIH) can be extended to any cyber security company interested in testing their hardware for security vulnerabilities at the hardware layer. However, the Technology Innovation Hub (TIH) will not have power to issue certificates and such set up must be made available at certification agencies.