System and methods for silencing hardware backdoors

US 9,037,895 B2
Filed: 10/13/2011
Issued: 05/19/2015
Est. Priority Date: 10/13/2010
Status: Active Grant

First Claim

Patent Images

1. A method for preventing activation of hardware backdoors installed in a digital circuit, the digital circuit comprising one or more hardware units to be protected and a clock which produces a clock signal, the method comprising:

initiating a timer set for a period less than or equal to a determined validation time period of the digital circuit;

performing a reset operation on the hardware units upon expiration of the timer by turning off power to the hardware units for at least one cycle of the clock signal to interrupt operation of the hardware units;

continually repeating the initiating of the timer for further reset operations while the digital circuit is in operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for preventing activation of hardware backdoors installed in a digital circuit, the digital circuit comprising one or more hardware units to be protected. A timer is repeatedly initiated for a period less than a validation epoch, and the hardware units are reset upon expiration of the timer to prevent activation of a time-based backdoor. Data being sent to the hardware unit is encrypted in an encryption element to render it unrecognizable to a single-shot cheat code hardware backdoor present in the hardware unit. The instructions being sent to the hardware unit are reordered randomly or pseudo-randomly, with determined sequential restraints, using an reordering element, to render an activation instruction sequence embedded in the instructions unrecognizable to a sequence cheat code hardware backdoor present in the hardware unit.

21 Citations

View as Search Results

14 Claims

1. A method for preventing activation of hardware backdoors installed in a digital circuit, the digital circuit comprising one or more hardware units to be protected and a clock which produces a clock signal, the method comprising:
- initiating a timer set for a period less than or equal to a determined validation time period of the digital circuit;
  
  performing a reset operation on the hardware units upon expiration of the timer by turning off power to the hardware units for at least one cycle of the clock signal to interrupt operation of the hardware units;
  
  continually repeating the initiating of the timer for further reset operations while the digital circuit is in operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - storing, before performing the reset operation, a current value of at least one placeholder in a memory; and
      
      restoring, after performing the reset operation, the at least one placeholder using the value stored in the memory.
  - 3. The method of claim 2, wherein the at least one placeholder comprises an instruction pointer register.
  - 4. The method of claim 1, wherein the determined validation time period of the digital circuit corresponds to a time period during which validation testing of the digital circuit was performed without detecting activation of a time-triggered hardware backdoor.
  - 5. The method of claim 1, further comprising:
    - storing, in a buffer, interrupts sent to the hardware units, including the interrupts sent during the reset operations; and
      
      outputting the interrupts to the hardware units from the buffer based on acknowledgments received from the hardware units, so that interrupts received during the reset operations are not lost.
  - 6. The method of claim 1, further comprising applying the clock signal to a power supply input of at least one of the hardware units until a determined burn-out threshold is reached to destroy non-volatile memory in the at least one hardware unit.
  - 7. The method of claim 1, wherein the digital circuit comprises one or more of:
    - a microprocessor, a digital signal processor, a memory controller, a micro-controller, a network controller, a display controller, a graphic core, a bus interfaces, a cryptographic unit, a decoder, an encoder, a content addressable memory (CAM), or a memory block.

8. A system for preventing activation of hardware backdoors installed in a digital circuit, the digital circuit comprising one or more hardware units to be protected and a clock which produces a clock signal, the system comprising:
- at least one circuit element connected to the one or more hardware units of the digital circuit, wherein the at least one circuit element is configured to perform;
  
  initiating a timer set for a period less than or equal to a determined validation time period of the digital circuit;
  
  performing a reset operation on the hardware units upon expiration of the timer by turning off power to the hardware units for at least one cycle of the clock signal to interrupt operation of the hardware units; and
  
  continually repeating the initiating of the timer for further reset operations while the digital circuit is in operation.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the at least one circuit element is further configured to perform:
    - storing, before performing the reset operation, a current value of at least one placeholder in a memory; and
      
      restoring, after performing the reset operation, the at least one placeholder using the value stored in the memory.
  - 10. The system of claim 9, wherein the at least one placeholder comprises an instruction pointer register.
  - 11. The method of claim 8, wherein the at least one circuit element is verified not to contain hardware backdoors before being incorporated into the digital circuit.
  - 12. The system of claim 8, wherein the determined validation time period of the digital circuit corresponds to a time period during which validation testing of the digital circuit was performed without detecting activation of a time-triggered hardware backdoor.
  - 13. The system of claim 8, further comprising:
    - a buffer configured to store interrupts sent to the hardware units, including the interrupts sent during the reset operations,wherein the buffer is further configured to output the interrupts to the hardware units based on acknowledgments received from the hardware units, so that interrupts received during the reset operations are not lost.
  - 14. The system of claim 8, wherein the digital circuit comprises one or more of:
    - a microprocessor, a digital signal processor, a memory controller, a micro-controller, a network controller, a display controller, a graphic core, a bus interfaces, a cryptographic unit, a decoder, an encoder, a content addressable memory (CAM), or a memory block.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Original Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Inventors
Sethumadhavan, Lakshminarasimhan, Waksman, Adam
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Shepperd, Eric W

Application Number

US13/273,016
Publication Number

US 20120124393A1
Time in Patent Office

1,314 Days
Field of Search

713/1, 713/300, 713/500, 713/502, 713600-601, 726/25, 726/36, 702176-178, 714/814
US Class Current

713/502
CPC Class Codes

G06F 21/76   in application-specific int...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 9/002   Countermeasures against att...

H04L 9/008   involving homomorphic encry...

System and methods for silencing hardware backdoors

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for silencing hardware backdoors

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links