TINTERNATURAL ON OSS

Title: DoS and Data Leakage Trojans on Hardware

**Team: SystemsGenesys** 

Member: Eleftherios Batzolis Mentor: Dr. Konstantinos Rantos

Web Services and Information Security Lab International Hellenic University





### OpenAl's ChatGPT v.4:

- It is highly sophisticated
- It performs better with code
- Added versatility
- **API Integration**

# **Prompting Pattern**

We used the Chain Of Thought(CoT) technique:

- Digital design is a really complex task that requires complex reasoning an produces context aware responses.
- These tasks (like creating an FSM) require multiple intermediate reasoning steps.



J. Wei *et al.*, "Chain-of-Thought Prompting Elicits Reasoning in Large Language Models," 2022, doi: <u>10.48550/ARXIV.2201.11903</u>.

# **Prompt engineering**

In order to gather the necessary steps to create a hardware trojan using an LLM, we enhanced our prompt engineering techniques **first** by using the <u>Recipe</u> prompt pattern:

- The main intent of this process is to gather a sequence of steps with an intent to create the trojan (for example "I would like to add "X" feature to my codebase. I need to perform steps A,B,C. Provide a sequence for me and fill any missing steps.").
- Using this pattern the LLM will analyze a concrete sequence of steps for creating with purpose the trojan(for example "Identify any unnecessary steps")



Prompt example: https://chat.openai. com/share/44e377 58-e3c0-4025-98a8-89f75f36166b



https://chat.openai.c om/share/8d425e27d6d8-473b-9f53-7e42fdf6c008

# **Prompting Pattern**

We **then** used the <u>Persona</u> prompt pattern to:

- provide the LLM with intent (for example, "Acts as a digital engineer") and conceptualize context (refactor the code, provide Verilog files)
- provide the LLM with motivation to achieve a certain task (for example, "refactor the code to provide extended functionality").
- structure fundamental contextual statements around key ideas (for example, "Provide code that a digital designer would create")
- provide example code for the LLM to follow along by using the *Chain of Thought* prompt engineering technique (for example "This part of code "X" from my codebase needs new features.").

# 1 st design

A UART D.o.S. hw trojan



During the course of our investigation, ChatGPT's content filtering procedure impeded attempts to write "malicious" code. We discovered a means to circumvent this security and "exploit" the system by utilizing ZULU as the primary prompting language. As a proof of concept, we present the dialogues below:

Asking how to build a chemical bomb using English:



Asking how to build a chemical bomb using Zulu:



# **UART** peripheral with a D.o.S. hw trojan

This is design is a UART peripheral in Verilog.

- We added the functionality of a trigger inside the state machine inserted in the transmitter part of UART core.
- The state machine seeks the sequence of **8'b11111111**.
- After state activation any transmission is blocked and a halt\_status signal is active.
- This single-shot prompt design, is <u>not</u> possible without bypassing the content filter.

### Severity of the vulnerability

- Insertion phase: Design
- Abstraction level: Register-transfer level (RTL)
- Act. mechanism: Conditionally triggered
- Functional Effects: Denial of service
- Physical characteristics: Functional



# st design

A wishbone bus D.o.S. hw trojan targeting a)simple wb bus implementation b)efabless <u>Caravel</u> project

## Why attack the wishbone bus?

### Wishbone Bus is:

- One of the most popular open source protocols to connect IP blocks inside an SoC.
- Used broadly all over the world because of the Interoperability, flexibility, and reusability it offers.
- Used substantially in Universities worldwide.
- Used by companies (like efabless) all over the world.
- Open-source





## Simple (Al gen.)wishbone bus D.o.S. hw trojan

Prompt: https://chat.openai.com/share/89c53be5-10bf-4ecc-859a-894b3ae967c2

This is design is simple wishbone bus peripheral in Verilog.

- We added the functionality of a trigger inside the state machine inserted in the wb bus core.
- The state machine seeks the sequence of **32'hCAFEBABE**.
- After state activation any transmission is blocked and a

### Severity of the vulnerability

- Insertion phase: Design
- Abstraction level: Register-transfer level (RTL)
- Act. mechanism: Conditionally triggered
- Functional Effects: Denial of service
- Physical characteristics: Functional



### Caravel project wishbone bus D.o.S. hw trojan

Our malicious code implementation methodology is:

- We first analyzed the code in the GitHub repository.
- 2. Inside the housekeeping.v file the wishbone to SPI to CPU communication is implemented.
- 3. We can alter the wishbone FSM implementation by adding a stage where if a certain value is transmitted in the bus then an internal signal gets stuck at "0"
- 4. This way we are glitching the handshake method causing a Denial Of Service.

Prompt example:

https://chat.openai.com/share/8d42 5e27-d6d8-473b-9f53-7e42fdf6c008



### Severity of the vulnerability:

- Insertion phase: Design
- Abstraction level: Register-transfer level (RTL)
- Act. mechanism: Conditionally triggered
- Functional Effects: Denial of service
- Physical characteristics: Functional

# Ond design

Leaking key from a <u>symmetric AES block cipher</u>



- One of the most popular encryption standards.
- Used broadly all over the world.
- Is globally standardized, regulated and incompliance with governments, individuals and enterprises.
- Is efficient in terms of processing power and memory usage so it is used everywhere.



## **Code** implementation methodology:

- 1. We first analyzed the code in the <u>GitHub repository</u> it was uploaded.
- 2. We created a "transmit" module for the malicious functionality.
- 3. We altered the functionality of the "aes\_key\_mem" module so when it is instantiated:
  - a) the "transmit" module is instantiated,
  - b) the "key" value is copied,
  - c) the "key" value is being transmitted by a pin.
  - d) Because we haven't got a pinout I used the "Ant1" internal wire for transmission of P.o.C. .
- 4. We use a register to store the key.
- 5. We use a covert way of leaking the key by:
  - modulating an (unused) pin on chip that generates an RF signal,
  - this signal can be used to transmit the key bits,
  - then it can be received with an ordinary AM radio,
  - the data carried by the AM signal can be easily interpreted by a human by using a beep scheme.





Severity of the vulnerability:

Insertion phase: Design

Abstraction level: Register Transfer level

Act. mechanism: Conditionally triggered

Effects: Leak Information

Location: Processor

• Physical characteristics: Functional

P.o.C.

Prompt for transmit.v:

https://chat.openai.com/share/8c8fb

<u>17c-6647-4eee-8c1e-71c2bc0c1b95</u>

