Runtime Detection of Probing/Tampering on Interconnecting Buses
Date of Original Version
It has been reported that physical probing on an off-chip bus can reveal confidential information in an electronic system. An attacker can use non-invasive and inexpensive electric probes (or interposers) to measure signals from circuit traces, such as the memory bus between the memory controller and a memory module. This paper describes a method to detect any bus probing/tampering by tracking the phase shift of output digital waveforms, induced by input impedance change at the bus transmitter (Tx). A low-overhead digital circuit based on flip-flop's metastability is built around the Tx using a field-programmable logic gate array (FPGA) to precisely measure the phase shift of output signals. Uniquely, the output data launched by the Tx is used as a stimulus signal, thus, the proposed method holds the advantage of detecting probing attacks at run-time. That is, the detection action operates in parallel with the normal data transfer on a bus without any interference, imposing zero latency to the communication channel. In order to show its feasibility in a real-world communication protocol, we implemented the proposed method in the DDR memory controller on an FPGA board (Xilinx ZCU104). The working prototype is able to protect a memory bus between the FPGA board and a DDR4 DIMM with a data rate of 2400MT/s. Experimental results show that the proposed method can be used to countermeasure interposer attacks, probing attacks, and cold boot attacks. We believe that the proposed method can be implemented in a variety of communication channels.
Proceedings - 29th IEEE International Symposium on Field-Programmable Custom Computing Machines, FCCM 2021
Xu, Zhenyu, Thomas Mauldin, Qing Yang, and Tao Wei. "Runtime Detection of Probing/Tampering on Interconnecting Buses." Proceedings - 29th IEEE International Symposium on Field-Programmable Custom Computing Machines, FCCM 2021 , (2021): 247-251. doi:10.1109/FCCM51124.2021.00038.