Hardware Security and Assurance: The Power of Reverse Engineering

Abstract

Traditional cybersecurity focuses on software and networking and relies on an inherent trust of the underlying hardware. However, the argument that hardware is inherently trustworthy is no longer accurate. The economics of the modern semiconductor industry has created a horizontal supply chain that involves more and more untrusted organizations and IPs. With lesser oversight over supply chains, state level attackers and other hackers can surreptitiously modify integrated circuits (ICs), printed circuit boards (PCBs), and firmware (FW) with hardware Trojans, kill switches, backdoors, and other malware. In addition, e-waste, obsolescence, geopolitical events, and pandemic-related disruptions are incentivizing and facilitating counterfeit electronics. 

Hardware assurance refers to activities to ensure a level of confidence that electronics function as intended and are free of known vulnerabilities, either intentionally or unintentionally inserted into a system's hardware throughout its life cycle. Although reverse engineering is often presented in a negative light, it may be the only foolproof method for providing hardware assurance, especially for commercial-off-the-shelf (COTS) ICs and PCBs where little prior information is available. In this lecture we shall present the recent advances in side-channel based FW reverse engineering as well as IC/PCB reverse engineering steps: delayering, imaging, automated image analysis, and automated annotation. Further, we will delineate the scenarios where reverse engineering can support hardware security and assurance. Finally, we will describe the gaps that need to be filled before realizing the ideal hardware assurance flows.

About this Lecture

Request this Lecture

To request this particular lecture, please complete this online form.

Request a Tour

To request a tour with this speaker, please complete this online form.

All requests will be sent to ACM headquarters for review.