Recently, hardware manufacturers are increasingly outsourcing their production process into countries with lower cost structure. Although this reduces the cost of hardware production, it also creates opportunity for attackers to hack into the supply chain and change the original design of the hardware components. Such changes could range from short circuiting a module (for instance random number generators) to inserting parasite circuits and new masks (such as hardware Trojan circuits). These kind of intrusions are difficult to detect through pure functional testing. Furthermore, attacks on runtime program attributes (eg. fault injection attacks) are increasing in number and sophistication.In this thesis we propose techniques for platform verification and secure program execution that can be used in low-end to medium-end embedded systems. Our design incorporates a pre-deployment device verification and dedicated security module that monitors the program’s properties during execution. Both our pre-deployment and runtime verification methods constitute compile and execution time computations to reduce the time required for security checks during runtime.In the core of this thesis, we analyse the current threats to the embedded systems platform and programs. This leads to two major contributions spanning the pre and post integration of embedded systems into the larger electronic equipment. We propose side channel based pre-deployment platform verification techniques. In our techniques we use instruction and basic block level side channel templatesto identify anomalies within the target platform. Our approach does not require prior detailed knowledge of the inner workings of the program or the platform under test. Furthermore, we also propose the design of a generic runtime secure program execution architecture. Our proposal protects the target program’s run-time data, instructions and control flow jumps during its execution. To achieve this goal without affecting the performance of the main processor we introduce a dedicated hardware module. Finally, we provide the test implementations of ourproposals along with their performance measures.
展开▼
