While software viruses are easy to spot and fix with downloadable patches, deliberately inserted defects are almost invisible. For example, a secretly inserted ‘back door’ function could allow attackers to alter or take over a device or system at a time of their choosing.
Looking to counter this threat, researchers from the NYU Tandon School of Engineering, are developing a chip with both an embedded and external module. The first proves the chip’s calculations are correct, the second then validates the first module's proofs.
According to assistant professor, Siddharth Garg’s, the configuration, an example of an approach called ‘verifiable computing’ (VC), is able to monitor a chip's performance and can spot warning signs of Trojans.
The cost of chip manufacturing has become so high that few companies are able to design, prototype and manufacturer their own chips most have to rely on outsourcing, so the ability to verify a chip is becoming increasingly important.
This approach allows the verifying processor to be fabricated separately from the chip. By employing an external verification unit the chip designer can turn to an untrusted foundry to produce a chip that not only produces the circuitry-performing computations but a module that presents proofs of correctness.
The chip design then turns to a trusted foundry to build a separate, less complex module: an application-specific integrated circuit (ASIC) with the sole job of validating the proofs of correctness generated by the internal module of the untrusted chip.
Commenting, Garg said: "I don't have to trust the chip because every time I give it a new input, it produces the output and the proofs of correctness, and the external module will allow me to continuously validate those proofs."
An added advantage is that the chip built by the external foundry is smaller, faster, and more power-efficient than the trusted ASIC. The VC setup can therefore potentially reduce the time, energy, and chip area needed to generate proofs.
According to Garg, the team is set to investigate additional techniques to reduce both the overhead that generating and verifying proofs imposes on a system and the bandwidth required between the prover and verifier chips.