Hardware Security

Question 1

What is hardware security?

Answer 1

Protecting devices from direct tampering, supply chain attacks, and other physical or systemic threats.

Question 2

What are the primary threats in hardware security?

Answer 2

Direct physical tampering.
Indirect supply chain tampering.

Question 3

What are some hardware security mitigation techniques?

Answer 3

User-verifiable hardware.
Tamper-evident and anti-cloning techniques.
Plausible deniability.

Question 4

What are passive hardware attacks?

Answer 4

Attacks that involve little or no modification to the target system, such as optical or RF side-channel analysis.

Question 5

What are active hardware attacks?

Answer 5

Intrusive attacks that manipulate hardware, such as fault injection, glitching, or rowhammering.

Question 6

What is fault injection, and what does it achieve?

Answer 6

Deliberately causing errors in a device’s operation to leak sensitive data or bypass security checks.

Question 7

What is the rowhammer attack?

Answer 7

An attack that exploits electrical interactions between memory rows to flip bits and cause unintended behavior.

Question 8

What are supply chain attacks?

Answer 8

Compromising devices during manufacturing or distribution to insert malicious components or tamper with functionality.

Question 9

Name two methods used in supply chain attacks.

Answer 9

Substituting components.
Adding hidden chips inside packages.

Question 10

Why are supply chain attacks hard to detect?

Answer 10

Hardware tampering often leaves no visual or immediate functional changes, requiring advanced tools like X-ray or SEM for detection.

Question 11

What is verifiable hardware?

Answer 11

Hardware designed to allow inspection and verification of its components and functionality by end-users or third parties.

Question 12

How can open-source principles aid in hardware security?

Answer 12

Peer-reviewed designs can identify vulnerabilities, and open tools can ensure proper implementation.

Question 13

What is the main challenge in verifying hardware?

Answer 13

Complexity, as modern chips have billions of transistors, making comprehensive verification difficult.

Question 14

What features make devices tamper-evident?

Answer 14

Unique identifiers.
Sensitivity to physical stress, temperature, and chemicals.
Durable one-way lock mechanisms.

Question 15

What is an FPGA?

Answer 15

Field Programmable Gate Array, a reprogrammable chip used to implement hardware designs securely.

Question 16

How does an FPGA enhance hardware trust?

Answer 16

Enables user-side verification of hardware functionality and design, narrowing the gap between design and use.

Question 17

How do FPGAs mitigate the TOCTOU problem?

Answer 17

By allowing users to compile and verify designs directly before use.

Question 18

What is plausible deniability in the context of hardware?

Answer 18

Ensuring an adversary cannot prove or disprove the existence of sensitive data.

Question 19

Name two techniques for achieving plausible deniability in devices.

Answer 19

Encrypting data to make it indistinguishable from free space.
Avoiding metadata leakage that could reveal encrypted data.

Question 20

What are the limitations of plausible deniability?

Answer 20

It diminishes with repeated forensic imaging and cannot guarantee safety against coercion or destruction.

Question 21

What is “ptychographic X-ray imaging”?

Answer 21

A non-destructive 3D imaging method for reverse engineering and verifying complex chip designs.

Question 22

Why is silicon difficult to inspect with X-rays?

Answer 22

Silicon is relatively transparent to X-rays, and complex designs may require advanced methods like CT scanning.

Question 23

What are the three principles for evidence-based trust in hardware?

Answer 23

1. Complexity is the enemy of verification.
2. Verify entire systems, not just components.
3. Empower end-users to verify and seal their hardware.

Question 24

How does social context influence security?

Answer 24

Locks and tamper-evident features often rely on social norms and deterrents rather than purely technical measures.