Blue team red team approach to hardware trust assessment

Abstract

Hardware security techniques are validated using fixed in-house methods. However, the effectiveness of such techniques in the field cannot be the same as the attacks are dynamic. A red team blue team approach mimics dynamic attack scenarios and thus can be used to validate such techniques by determining the effectiveness of a defense and identifying vulnerabilities in it. By following a red team blue team approach, we validated two trojan detection techniques namely, path delay measurement and ring oscillator frequency monitoring, in the Embedded Systems Challenge (ESC) 2010. In ESC, one team performed the blue team activities and eight other teams performed red team activities. The path delay measurement technique detected all the trojans. The ESC exposed a vulnerability in the RO-based technique which was exploited by the red teams causing some trojans to be undetected. Post ESC, we developed a technique to fix this vulnerability.