Hardware Security Flashcards
What is hardware security?
Protecting devices from direct tampering, supply chain attacks, and other physical or systemic threats.
What are the primary threats in hardware security?
Direct physical tampering.
Indirect supply chain tampering.
What are some hardware security mitigation techniques?
User-verifiable hardware.
Tamper-evident and anti-cloning techniques.
Plausible deniability.
What are passive hardware attacks?
Attacks that involve little or no modification to the target system, such as optical or RF side-channel analysis.
What are active hardware attacks?
Intrusive attacks that manipulate hardware, such as fault injection, glitching, or rowhammering.
What is fault injection, and what does it achieve?
Deliberately causing errors in a device’s operation to leak sensitive data or bypass security checks.
What is the rowhammer attack?
An attack that exploits electrical interactions between memory rows to flip bits and cause unintended behavior.
What are supply chain attacks?
Compromising devices during manufacturing or distribution to insert malicious components or tamper with functionality.
Name two methods used in supply chain attacks.
Substituting components.
Adding hidden chips inside packages.
Why are supply chain attacks hard to detect?
Hardware tampering often leaves no visual or immediate functional changes, requiring advanced tools like X-ray or SEM for detection.
What is verifiable hardware?
Hardware designed to allow inspection and verification of its components and functionality by end-users or third parties.
How can open-source principles aid in hardware security?
Peer-reviewed designs can identify vulnerabilities, and open tools can ensure proper implementation.
What is the main challenge in verifying hardware?
Complexity, as modern chips have billions of transistors, making comprehensive verification difficult.
What features make devices tamper-evident?
Unique identifiers.
Sensitivity to physical stress, temperature, and chemicals.
Durable one-way lock mechanisms.
What is an FPGA?
Field Programmable Gate Array, a reprogrammable chip used to implement hardware designs securely.
How does an FPGA enhance hardware trust?
Enables user-side verification of hardware functionality and design, narrowing the gap between design and use.
How do FPGAs mitigate the TOCTOU problem?
By allowing users to compile and verify designs directly before use.
What is plausible deniability in the context of hardware?
Ensuring an adversary cannot prove or disprove the existence of sensitive data.
Name two techniques for achieving plausible deniability in devices.
Encrypting data to make it indistinguishable from free space.
Avoiding metadata leakage that could reveal encrypted data.
What are the limitations of plausible deniability?
It diminishes with repeated forensic imaging and cannot guarantee safety against coercion or destruction.
What is “ptychographic X-ray imaging”?
A non-destructive 3D imaging method for reverse engineering and verifying complex chip designs.
Why is silicon difficult to inspect with X-rays?
Silicon is relatively transparent to X-rays, and complex designs may require advanced methods like CT scanning.
What are the three principles for evidence-based trust in hardware?
- Complexity is the enemy of verification.
- Verify entire systems, not just components.
- Empower end-users to verify and seal their hardware.
How does social context influence security?
Locks and tamper-evident features often rely on social norms and deterrents rather than purely technical measures.