Researchers have designed a microchip that detects deliberately inserted hardware defects such as "back doors" that permit hacking and the entry of malware.
This chip that checks for sabotage was developed at New York University's Tandon School of Engineering. It contains both an embedded module that proves its calculations are correct and an external module that validates the first module's proofs.
The configuration developed by multi-institution team of researchers is an example of an approach called "verifiable computing" (VC) that keeps tabs on a chip's performance and can spot telltale signs of Trojans.
The research project involved Riad S. Wahby of Stanford, ahbi shelat of the University of Virginia, Max Howald of The Cooper Union, Michael Walfish of the NYU Courant Institute of Mathematical Sciences and Siddarth Garg of New York University
Under the system proposed by the team, the verifying processor can be fabricated separately from the chip.
"Employing an external verification unit made by a trusted fabricator means that I can go to an untrusted foundry to produce a chip that has not only the circuitry-performing computations, but also a module that presents proofs of correctness," said Garg, an assistant professor of electrical and computer engineering at NYU and a team member.
The chip designer turns to a trusted foundry to build a separate, less complex module: an ASIC (application-specific integrated circuit) whose sole job is to validate the proofs of correctness generated by the internal module of the untrusted chip.
Garg said this arrangement provides a safety net for the chip maker and the end user.
"Under the current system, I can get a chip back from a foundry with an embedded Trojan. It might not show up during post-fabrication testing, so I'll send it to the customer," said Garg.
"But two years down the line it could begin misbehaving. The nice thing about our solution is that I don't have to trust the chip because every time I give it a new input, it produces the output and the proofs of correctness, and the external module lets me continuously validate those proofs."
An added advantage is the chip built by the external foundry is smaller, faster and more power-efficient than the trusted ASIC, sometimes by orders of magnitude. The VC setup can potentially reduce the time, energyand chip area needed to generate proofs.
"For certain types of computations, it can even outperform the alternative: performing the computation directly on a trusted chip," said Garg.
The researchers next plan to investigate techniques to reduce both the overhead that generating and verifying proofs imposes on a system and the bandwidth required between the prover and verifier chips. "And because with hardware, the proof is always in the pudding, we plan to prototype our ideas with real silicon chips," said Garg.
To pursue the promise of verifiable ASICs, Garg; abhi shelat of the University of Virginia; Rosario Gennaro of the City University of New York; Mariana Raykova of Yale University and Michael Taylor of the University of California, San Diego will share a five-year National Science Foundation Large Grant of $3 million.
Verifiable ASICS by Riad S. Wahby of Stanford University, Max Howald of The Cooper Union, Garg, shelat, and Michael Walfish of the NYU Courant Institute of Mathematical Sciences, earned a Distinguished Student Paper Award at the IEEE Symposium on Security and Privacy, one of the leading global conferences for computer security research. The authors were supported by grants from the NSF, the Air Force Office of Scientific Research, the Office of Naval Research, a Microsoft Faculty Fellowship, and a Google Faculty Research Award.