A red team/blue team assessment of functional analysis methods for malicious circuit identification

Recent advances in hardware security have led to the development of FANCI (Functional Analysis for Nearly-Unused Circuit Identification), an analysis algorithm that identifies stealthy, malicious circuits within hardware designs that can perform backdoor operations to compromise security. Evaluations of such methods using benchmarks and academically known attacks are not always equivalent to the dynamic attack scenarios that can arise in the real world. For this reason, we apply a red team/blue team approach to stress-test the abilities of the FANCI prototype. In the Embedded Systems Challenge (ESC) 2013, teams from research groups from multiple continents created designs with backdoors hidden in them as part of a red team effort to circumvent FANCI. Notably, these backdoors were not placed into a priori known designs. The red team was allowed to create arbitrary, unspecified designs. Two interesting results came out of this effort. The first was that FANCI was surprisingly resilient to this wide variety of attacks and was not circumvented by any of the stealthy backdoors created by the red teams. The second result is that frequent-action backdoors, which are non-stealthy backdoors, were often successful. These results emphasize the importance of combining FANCI with a reasonable degree of validation testing. The blue team efforts also exposed some areas where the FANCI prototype could be made more performant, which motivates further development of the prototype.