Probabilistic Hardware Trojan Attacks on Multiple Layers of Reconfigurable Network Infrastructure

Over the past decades, there has been an exponential growth in the number of connected devices, often without well-thought out security mechanisms in place for the relevant network standards and protocols. As a result, security loopholes have been discovered and widely exploited for these vulnerable connected devices, often with devastating consequences. As a countermeasure to these attacks, subsequently some of these original network standards have been enhanced with addition of security features, e.g., the original insecure Ethernet protocol (IEEE 802.3) was supplemented by the IEEE 802.1AE Media Access Control Security (MACSec) standard. In this paper, we present a network packet redirection attack on reconfigurable network devices, specifically a MACSec-enabled NetFPGA-SUME based Ethernet switch, as well as on a NetFPGA-SUME based IPv4 router, by means of Hardware Trojan (HT) insertion. Our HT design is probabilistic in its functionality, with multi-level trigger mechanism. In the MAC layer attack, an activated HT redirects a frame to an incorrect port leading to possible eavesdropping by a malicious attacker as well as denial-of-service, while in the network layer attack, upon activation it forwards all IP packets through a sub-optimal router port causing a denial-of-service attack on the receiver. The proposed HT evades most state-of-the-art HT detection schemes, while having very low resource footprint. We present the complete architecture, detailed description of the mode of operation, and implementation of the HT, with promising experimental results.

Download paper here

Recommended citation: Mukherjee, R., Govindan, V., Koteshwara, S., Das, A., Parhi, K. K., & Chakraborty, R. S. (2020). Probabilistic Hardware Trojan Attacks on Multiple Layers of Reconfigurable Network Infrastructure. Journal of Hardware and Systems Security, 4(4), 343–360.