Software-based Runtime Protection of Secret Assets in Untrusted Hardware under Zero Trust

The complexity of the design and fabrication process of electronic devices is advancing with their ability to provide wide-ranging functionalities including data processing, sensing, communication, artificial intelligence, and security. Due to these complexities in the design and manufacturing process and associated time and cost, system developers often prefer to procure off-the-shelf components directly from the market instead of developing custom Integrated Circuits (ICs) from scratch. Procurement of Commerical-Off-The-Shelf (COTS) components reduces system development time and cost significantly, enables easy integration of new technologies, and facilitates smaller production runs. Moreover, since various companies use the same COTS IC, they are generally available in the market for a long period and are easy to replace. 

Although utilizing COTS parts can provide many benefits, it also introduces serious security concerns. None of the entities in the COTS IC supply chain are trusted from a consumer's perspective, leading to a ”Zero Trust” supply chain threat model. Any of these entities could introduce hidden malicious circuits or hardware Trojans within the component that could help an attacker in the field extract secret information (e.g., cryptographic keys) or cause a functional failure. Existing solutions to counter hardware Trojans are inapplicable in a zero trust scenario as they assume either the design house or the foundry to be trusted. Moreover, many solutions require access to the design for analysis or modification to enable the countermeasure. 

In this work, we have proposed a software-oriented countermeasure to ensure the confidentiality of secret assets against hardware Trojan attacks in untrusted COTS microprocessors. The proposed solution does not require any supply chain entity to be trusted and does not require analysis or modification of the IC design.  

To protect secret assets in an untrusted microprocessor, the proposed method leverages the concept of residue number coding to transform the software functions operating on the asset to be homomorphic. We have presented a detailed security analysis to evaluate the confidentiality of a secret asset under Trojan attacks using the secret key of the Advanced Encryption Standard (AES) program as a case study. Finally, to help streamline the application of this protection scheme, we have developed a plugin for the LLVM compiler toolchain that integrates the solution without requiring extensive source code alterations.