Indirect signs method for detecting hardware threats of technical means

Anatoliy A. Chuprinov; Dmitry O. Smirnov

doi:10.26583/bit.2022.2.01

Безопасность информационных технологий (Jun 2022)

Indirect signs method for detecting hardware threats of technical means

Anatoliy A. Chuprinov,
Dmitry O. Smirnov

Affiliations

Anatoliy A. Chuprinov: Federal State Budgetary Institution "All-Russian Research Institute of Radio Electronics"
Dmitry O. Smirnov: Limited Liability Company "Information Security Center"

DOI: https://doi.org/10.26583/bit.2022.2.01
Journal volume & issue: Vol. 29, no. 2
pp. 10 – 19

Abstract

Read online

The use of foreign computer-aided design (CAD) systems and debugging of IP-blocks in the development of ultra-large integrated circuits (VLSI) are associated with the risks of the appearance of "Trojans", not declared by developers of software and finished product. "Trojans" are relatively easy to embed, so that they will not be detected by tests and test sequences, generated by the same CAD system, when checking the finished product. The identification of "Trojans" allows increasing the level of information security of electronic equipment, which uses VLSI of foreign production. Procedures for detecting "Trojans" should also be subjected to domestic VLSI, developed and manufactured using CAD systems and the elements. Four classes of elements were selected as objects of threats to reduce information security: - hardware, without embedded software; - hardware, that do not have built-in software, changing the implemented functions depending on external influences; - software and hardware, containing a computer program and data that cannot be changed by the users; - software and hardware, containing a computer program and data that can be changed by the users. In general, the threat to information security is considered as a function that is not characteristic of the component, which implementation damages the user of the electronic equipment. The task of creating a methodological apparatus for identifying information Trojans in VLSI is considered in the paper. In order to solve the problem a method of indirect signs is proposed, which allows identifying the presence or probability of an information threat in the VLSI or electronic equipment, using this VLSI. The essence of the method consists in the application of signature analysis, based on the use of test sequences that help to establish an unambiguous correspondence between the input effects and the responses of the tested VLSI, depending on its internal parameters only.The developed mathematical apparatus can be used as the basis for hardware and software control of information security of the dual-use electronic equipment.

electronic component base, verification, information security, information security, signature, database, software.

Published in Безопасность информационных технологий

ISSN: 2074-7128 (Print); 2074-7136 (Online)
Publisher: Joint Stock Company "Experimental Scientific and Production Association SPELS
Country of publisher: Russian Federation
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Science: Science (General): Cybernetics: Information theory
Website: https://bit.spels.ru

About the journal

Abstract

Keywords