A team of researchers have designed a new solution to malicious circuitry in device chips. The team’s chip contains an embedded module that monitors its own computations and flags defects before attackers can sabotage devices.
The embedded module proves its own calculations are correct, and its external module validates the first module’s proofs. Siddharth Garg, an assistant professor of electrical and computer engineering at NYU Tandon School of Engineering, created a configuration that is an example of “verifiable computing,” an approach that monitors a chip’s performance and can identify trojans.
Garg is one of a group of collaborators that worked on this project. The other researchers include: Riad Wahby of Stanford University, Ahbi Shelat of the University of Virginia, Max Howald of The Cooper Union, and Michael Walfish of the NYU Courant Institute of Mathematical Sciences.
With the system, the verifying processor is fabricated separately from the chip, which means he “can go to an untrusted foundry to produce a chip that has not only the circuitry-performing computations, but also a module that presents proofs of correctness,” Garg said.
(Related: Rackspace manages security across clouds)
The current arrangement between chip designers and customers doesn’t provide a safety net. Garg said that the system would be more secure because with every new input, the chip produces the output and the “proofs of correctness, and the external module lets me constantly validate those proofs.
“Under the current system, I can get a chip back from a foundry with an embedded trojan. It might not show up during post-fabrication testing, so I’ll send it to the customer. But two years down the line, it could begin misbehaving.”
Another advantage of the chip is that it’s built by an external foundry. This means it’s more power-efficient than the application-specific integrated circuit, which validates the proofs of correctness that is generated by the internal module of an untrusted chip, he said.
Garg and the researchers plan on prototyping their ideas with real silicon chips. The researchers also want to investigate new techniques that will reduce overhead and bandwidth that’s required between the prover and verifier chips.
The complete research paper from the researchers can be found here.