Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

HOACS: Homomorphic Obfuscation Assisted Concealing of Secrets to Thwart Trojan Attacks in COTS Processor

Tanvir Hossain, Matthew Showers, Mahmudul Hasan, Tamzidul Hoque

TL;DR

HOACS tackles the zero-trust risk of hardware Trojans in COTS processors by introducing a software-oriented countermeasure based on Residue Number Coding (RNC). By encoding secret assets and performing computations on encoded data, HOACS preserves confidentiality without requiring trusted supply-chain entities or design modifications, demonstrated through an AES case study and an LLVM IR automation pipeline (HOACS-IR). The results indicate that RNC-based operations yield substantial performance advantages over traditional fully homomorphic encryption while maintaining robust leakage protection even in untrusted hardware, with a practical security posture against unknown-moduli attacks. This approach enables practical, secure execution on COTS hardware and offers a pathway to extend to other algorithms and privacy-preserving applications, albeit with remaining work on encoding-time attacks and optimization of runtime overhead.

Abstract

Commercial-off-the-shelf (COTS) components are often preferred over custom Integrated Circuits (ICs) to achieve reduced system development time and cost, easy adoption of new technologies, and replaceability. Unfortunately, the integration of COTS components introduces serious security concerns. None of the entities in the COTS IC supply chain are trusted from a consumer's perspective, leading to a ''zero trust'' threat model. Any of these entities could introduce hidden malicious circuits or hardware Trojans within the component, allowing an attacker in the field to extract secret information (e.g., cryptographic keys) or cause a functional failure. Existing solutions to counter hardware Trojans are inapplicable in such a zero-trust scenario as they assume either the design house or the foundry to be trusted and consider the design to be available for either analysis or modification. In this work, we have proposed a software-oriented countermeasure to ensure the confidentiality of secret assets against hardware Trojans that can be seamlessly integrated in existing COTS microprocessors. The proposed solution does not require any supply chain entity to be trusted and does not require analysis or modification of the IC design. To protect secret assets in an untrusted microprocessor, the proposed method leverages the concept of residue number coding (RNC) to transform the software functions operating on the asset to be fully homomorphic. We have implemented the proposed solution to protect the secret key within the Advanced Encryption Standard (AES) program and presented a detailed security analysis. We also have developed a plugin for the LLVM compiler toolchain that automatically integrates the solution in AES. Finally, we compare the execution time overhead of the operations in the RNC-based technique with comparable homomorphic solutions and demonstrate significant improvement.

HOACS: Homomorphic Obfuscation Assisted Concealing of Secrets to Thwart Trojan Attacks in COTS Processor

TL;DR

HOACS tackles the zero-trust risk of hardware Trojans in COTS processors by introducing a software-oriented countermeasure based on Residue Number Coding (RNC). By encoding secret assets and performing computations on encoded data, HOACS preserves confidentiality without requiring trusted supply-chain entities or design modifications, demonstrated through an AES case study and an LLVM IR automation pipeline (HOACS-IR). The results indicate that RNC-based operations yield substantial performance advantages over traditional fully homomorphic encryption while maintaining robust leakage protection even in untrusted hardware, with a practical security posture against unknown-moduli attacks. This approach enables practical, secure execution on COTS hardware and offers a pathway to extend to other algorithms and privacy-preserving applications, albeit with remaining work on encoding-time attacks and optimization of runtime overhead.

Abstract

Commercial-off-the-shelf (COTS) components are often preferred over custom Integrated Circuits (ICs) to achieve reduced system development time and cost, easy adoption of new technologies, and replaceability. Unfortunately, the integration of COTS components introduces serious security concerns. None of the entities in the COTS IC supply chain are trusted from a consumer's perspective, leading to a ''zero trust'' threat model. Any of these entities could introduce hidden malicious circuits or hardware Trojans within the component, allowing an attacker in the field to extract secret information (e.g., cryptographic keys) or cause a functional failure. Existing solutions to counter hardware Trojans are inapplicable in such a zero-trust scenario as they assume either the design house or the foundry to be trusted and consider the design to be available for either analysis or modification. In this work, we have proposed a software-oriented countermeasure to ensure the confidentiality of secret assets against hardware Trojans that can be seamlessly integrated in existing COTS microprocessors. The proposed solution does not require any supply chain entity to be trusted and does not require analysis or modification of the IC design. To protect secret assets in an untrusted microprocessor, the proposed method leverages the concept of residue number coding (RNC) to transform the software functions operating on the asset to be fully homomorphic. We have implemented the proposed solution to protect the secret key within the Advanced Encryption Standard (AES) program and presented a detailed security analysis. We also have developed a plugin for the LLVM compiler toolchain that automatically integrates the solution in AES. Finally, we compare the execution time overhead of the operations in the RNC-based technique with comparable homomorphic solutions and demonstrate significant improvement.
Paper Structure (42 sections, 9 equations, 11 figures, 3 tables, 12 algorithms)

This paper contains 42 sections, 9 equations, 11 figures, 3 tables, 12 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Threat Model
  4. Existing Hardware Trojan Countermeasures
  5. Residue Number Coding (RNC)
  6. Basic of RNC
  7. Example of Arithmetic Operation in RNC
  8. Homomorphic Encryption using RNC
  9. Proposed Method
  10. Overview of Framework
  11. Initializations
  12. Encoding Secret Assets
  13. Secure Program Execution
  14. Decoding Secret Assets
  15. Termination of Secure Operation
  16. ...and 27 more sections

Figures (11)

  • Figure 1: The common stages of designing a custom IC, compared to the process involved in acquiring COTS IC. For a consumer of the COTS IC, none of supply chain stages are accessible and all involved vendors are assume to be untrusted.
  • Figure 2: Hardware Trojan examples that leak sensitive information through (a) side channel and (b) functional port $Y$ observable to an attacker. The leakage activates when the trigger condition is applied to the design.
  • Figure 3: A simple RNC process using an example similar to that used by Garner in his seminal paper 5219515_Garner_ResidueNumberSystem. This example demonstrates the homomorphic addition of integers 29 and 27 using moduli 17 and 19.
  • Figure 4: This figure visualizes several RNC conversions. Red nodes represent types of operations that require RNC processing. The green nodes represent operations that have been fully translated to use residue-based values.
  • Figure 5: Proposed framework to obfuscate secret assets. Also, each stage shows its functions from Alg \ref{['algo_flow']}. $ADDENC$ function is one of the arithmetic operations shown here in the execution stage.
  • ...and 6 more figures