[PLUG-TALK] Another attack vector: your chip fab
Aaron Burt
aaron at bavariati.org
Fri May 27 14:17:35 UTC 2016
Thought Keith would get a kick out of this, and/or already have IP
covering it...
http://lwn.net/Articles/688751/
"In this paper, we show how a fabrication-time attacker can leverage
analog circuits to create a hardware attack that is small (i.e.,
requires as little as one gate) and stealthy (i.e., requires an unlikely
trigger sequence before effecting [sic] a chip’s functionality). In the
open spaces of an already placed and routed design, we construct a
circuit that uses capacitors to siphon charge from nearby wires as they
transition between digital values. When the capacitors fully charge,
they deploy an attack that forces a victim flip-flop to a desired value.
We weaponize this attack into a remotely-controllable privilege
escalation by attaching the capacitor to a wire controllable and by
selecting a victim flip-flop that holds the privilege bit for our
processor."
More information about the PLUG-talk
mailing list