Protro: A probabilistic counter based hardware trojan attack on FPGA based macsec enabled ethernet switch

Vidya Govindan, Sandhya Koteshwara, Amitabh Das, Keshab K. Parhi, Rajat Subhra Chakraborty

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Over the past decades, the exponentially high rate of growth in number of connected devices has been accompanied by the discovery of new security loopholes, vulnerabilities and attacks in the network infrastructure. The original ethernet protocol was not designed considering the security aspect of the network architecture. In order to improve the security of the ethernet, many solutions and standards have been proposed. The IEEE 802.1AE Media Access Control Security (MACSec) standard is one of the most recent link layer security protocols which provides encryption and authentication between two network interfaces for secure next-generation deployments. In this paper we present a network packet redirection attack on a MACSec enabled NetFPGA-SUME based ethernet switch, by means of a Hardware Trojan (HT). The HT design is based on a probabilistic counter update mechanism with multiple triggers which eventually affects the way in which a network packet flows through the switch. In particular, an activated HT redirects a packet to an incorrect port, and in turn to a malicious eavesdropper. The proposed HT evades most of the recent hardware trust verification schemes. We present the complete architecture of the proposed MACSec enabled ethernet switch, followed by the design and mode of operation of the HT with promising experimental results.

Original languageEnglish (US)
Title of host publicationSecurity, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Proceedings
EditorsShivam Bhasin, Avi Mendelson, Mridul Nandi
PublisherSpringer
Pages159-175
Number of pages17
ISBN (Print)9783030358686
DOIs
StatePublished - Jan 1 2019
Event9th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2019 - Gandhinagar, India
Duration: Dec 3 2019Dec 7 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11947 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference9th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2019
CountryIndia
CityGandhinagar
Period12/3/1912/7/19

Fingerprint

Ethernet
Field Programmable Gate Array
Field programmable gate arrays (FPGA)
Switch
Switches
Attack
Hardware
Medium access control
Medium Access Control
Packet networks
Network protocols
Network architecture
Security Protocols
Hardware Design
Modes of Operation
Authentication
Interfaces (computer)
Cryptography
Network Architecture
Vulnerability

Keywords

  • AES-GCM
  • AXI4-Stream
  • FPGA
  • Hardware Trojan
  • MACSec
  • NetFPGA
  • Network security

Cite this

Govindan, V., Koteshwara, S., Das, A., Parhi, K. K., & Chakraborty, R. S. (2019). Protro: A probabilistic counter based hardware trojan attack on FPGA based macsec enabled ethernet switch. In S. Bhasin, A. Mendelson, & M. Nandi (Eds.), Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Proceedings (pp. 159-175). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11947 LNCS). Springer. https://doi.org/10.1007/978-3-030-35869-3_12

Protro : A probabilistic counter based hardware trojan attack on FPGA based macsec enabled ethernet switch. / Govindan, Vidya; Koteshwara, Sandhya; Das, Amitabh; Parhi, Keshab K.; Chakraborty, Rajat Subhra.

Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Proceedings. ed. / Shivam Bhasin; Avi Mendelson; Mridul Nandi. Springer, 2019. p. 159-175 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11947 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Govindan, V, Koteshwara, S, Das, A, Parhi, KK & Chakraborty, RS 2019, Protro: A probabilistic counter based hardware trojan attack on FPGA based macsec enabled ethernet switch. in S Bhasin, A Mendelson & M Nandi (eds), Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11947 LNCS, Springer, pp. 159-175, 9th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2019, Gandhinagar, India, 12/3/19. https://doi.org/10.1007/978-3-030-35869-3_12
Govindan V, Koteshwara S, Das A, Parhi KK, Chakraborty RS. Protro: A probabilistic counter based hardware trojan attack on FPGA based macsec enabled ethernet switch. In Bhasin S, Mendelson A, Nandi M, editors, Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Proceedings. Springer. 2019. p. 159-175. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-35869-3_12
Govindan, Vidya ; Koteshwara, Sandhya ; Das, Amitabh ; Parhi, Keshab K. ; Chakraborty, Rajat Subhra. / Protro : A probabilistic counter based hardware trojan attack on FPGA based macsec enabled ethernet switch. Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Proceedings. editor / Shivam Bhasin ; Avi Mendelson ; Mridul Nandi. Springer, 2019. pp. 159-175 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{01067263a23d476aa8e0887b5f5018d0,
title = "Protro: A probabilistic counter based hardware trojan attack on FPGA based macsec enabled ethernet switch",
abstract = "Over the past decades, the exponentially high rate of growth in number of connected devices has been accompanied by the discovery of new security loopholes, vulnerabilities and attacks in the network infrastructure. The original ethernet protocol was not designed considering the security aspect of the network architecture. In order to improve the security of the ethernet, many solutions and standards have been proposed. The IEEE 802.1AE Media Access Control Security (MACSec) standard is one of the most recent link layer security protocols which provides encryption and authentication between two network interfaces for secure next-generation deployments. In this paper we present a network packet redirection attack on a MACSec enabled NetFPGA-SUME based ethernet switch, by means of a Hardware Trojan (HT). The HT design is based on a probabilistic counter update mechanism with multiple triggers which eventually affects the way in which a network packet flows through the switch. In particular, an activated HT redirects a packet to an incorrect port, and in turn to a malicious eavesdropper. The proposed HT evades most of the recent hardware trust verification schemes. We present the complete architecture of the proposed MACSec enabled ethernet switch, followed by the design and mode of operation of the HT with promising experimental results.",
keywords = "AES-GCM, AXI4-Stream, FPGA, Hardware Trojan, MACSec, NetFPGA, Network security",
author = "Vidya Govindan and Sandhya Koteshwara and Amitabh Das and Parhi, {Keshab K.} and Chakraborty, {Rajat Subhra}",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-35869-3_12",
language = "English (US)",
isbn = "9783030358686",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "159--175",
editor = "Shivam Bhasin and Avi Mendelson and Mridul Nandi",
booktitle = "Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Proceedings",

}

TY - GEN

T1 - Protro

T2 - A probabilistic counter based hardware trojan attack on FPGA based macsec enabled ethernet switch

AU - Govindan, Vidya

AU - Koteshwara, Sandhya

AU - Das, Amitabh

AU - Parhi, Keshab K.

AU - Chakraborty, Rajat Subhra

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Over the past decades, the exponentially high rate of growth in number of connected devices has been accompanied by the discovery of new security loopholes, vulnerabilities and attacks in the network infrastructure. The original ethernet protocol was not designed considering the security aspect of the network architecture. In order to improve the security of the ethernet, many solutions and standards have been proposed. The IEEE 802.1AE Media Access Control Security (MACSec) standard is one of the most recent link layer security protocols which provides encryption and authentication between two network interfaces for secure next-generation deployments. In this paper we present a network packet redirection attack on a MACSec enabled NetFPGA-SUME based ethernet switch, by means of a Hardware Trojan (HT). The HT design is based on a probabilistic counter update mechanism with multiple triggers which eventually affects the way in which a network packet flows through the switch. In particular, an activated HT redirects a packet to an incorrect port, and in turn to a malicious eavesdropper. The proposed HT evades most of the recent hardware trust verification schemes. We present the complete architecture of the proposed MACSec enabled ethernet switch, followed by the design and mode of operation of the HT with promising experimental results.

AB - Over the past decades, the exponentially high rate of growth in number of connected devices has been accompanied by the discovery of new security loopholes, vulnerabilities and attacks in the network infrastructure. The original ethernet protocol was not designed considering the security aspect of the network architecture. In order to improve the security of the ethernet, many solutions and standards have been proposed. The IEEE 802.1AE Media Access Control Security (MACSec) standard is one of the most recent link layer security protocols which provides encryption and authentication between two network interfaces for secure next-generation deployments. In this paper we present a network packet redirection attack on a MACSec enabled NetFPGA-SUME based ethernet switch, by means of a Hardware Trojan (HT). The HT design is based on a probabilistic counter update mechanism with multiple triggers which eventually affects the way in which a network packet flows through the switch. In particular, an activated HT redirects a packet to an incorrect port, and in turn to a malicious eavesdropper. The proposed HT evades most of the recent hardware trust verification schemes. We present the complete architecture of the proposed MACSec enabled ethernet switch, followed by the design and mode of operation of the HT with promising experimental results.

KW - AES-GCM

KW - AXI4-Stream

KW - FPGA

KW - Hardware Trojan

KW - MACSec

KW - NetFPGA

KW - Network security

UR - http://www.scopus.com/inward/record.url?scp=85076522350&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85076522350&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-35869-3_12

DO - 10.1007/978-3-030-35869-3_12

M3 - Conference contribution

AN - SCOPUS:85076522350

SN - 9783030358686

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 159

EP - 175

BT - Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Proceedings

A2 - Bhasin, Shivam

A2 - Mendelson, Avi

A2 - Nandi, Mridul

PB - Springer

ER -