Abstract

Over the past decades, there has been an exponential growth in the number of connected devices, often without well-thought out security mechanisms in place for the relevant network standards and protocols. As a result, security loopholes have been discovered and widely exploited for these vulnerable connected devices, often with devastating consequences. As a countermeasure to these attacks, subsequently some of these original network standards have been enhanced with addition of security features, e.g., the original insecure Ethernet protocol (IEEE 802.3) was supplemented by the IEEE 802.1AE Media Access Control Security (MACSec) standard. In this paper, we present a network packet redirection attack on reconfigurable network devices, specifically a MACSec-enabled NetFPGA-SUME based Ethernet switch, as well as on a NetFPGA-SUME based IPv4 router, by means of Hardware Trojan (HT) insertion. Our HT design is probabilistic in its functionality, with multi-level trigger mechanism. In the MAC layer attack, an activated HT redirects a frame to an incorrect port leading to possible eavesdropping by a malicious attacker as well as denial-of-service, while in the network layer attack, upon activation it forwards all IP packets through a sub-optimal router port causing a denial-of-service attack on the receiver. The proposed HT evades most state-of-the-art HT detection schemes, while having very low resource footprint. We present the complete architecture, detailed description of the mode of operation, and implementation of the HT, with promising experimental results.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.