Paper 2020/750
Doppelganger Obfuscation - Exploring the Defensive and Offensive Aspects of Hardware Camouflaging
Max Hoffmann and Christof Paar
Abstract
Hardware obfuscation is widely used in practice to counteract reverse engineering. In recent years, low-level obfuscation via camouflaged gates has been increasingly discussed in the scientific community and industry. In contrast to classical high-level obfuscation, such gates result in recovery of an erroneous netlist. This technology has so far been regarded as a purely defensive tool. We show that low-level obfuscation is in fact a double-edged sword that can also enable stealthy malicious functionalities. In this work, we present Doppelganger, the first generic design-level obfuscation technique that is based on low-level camouflaging. Doppelganger obstructs central control modules of digital designs, e.g., FSMs or bus controllers, resulting in two different design functionalities: an apparent one that is recovered during reverse engineering and the actual one that is executed during operation. Notably, both functionalities are under the designer's control. In two case studies, we apply Doppelganger to a universal cryptographic coprocessor. First, we show the defensive capabilities by presenting the reverse engineer with a different mode of operation than the one that is actually executed at an area overhead of less than 0.6%. Then, for the first time, we demonstrate the considerable threat potential through low-level obfuscation. We show how an invisible, remotely exploitable key-leakage Trojan can be injected into the same cryptographic coprocessor just through obfuscation at an area overhead of mere 0.01%.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- Hardware ObfuscationCamouflagingHardware Trojans
- Contact author(s)
- max hoffmann @ rub de
- History
- 2021-05-25: revised
- 2020-06-21: received
- See all versions
- Short URL
- https://ia.cr/2020/750
- License
-
CC BY