-
SPERO: Simultaneous Power/EM Side-channel Dataset Using Real-time and Oscilloscope Setups
Authors:
Yunkai Bai,
Rabin Yu Acharya,
Domenic Forte
Abstract:
Cryptosystem implementations often disclose information regarding a secret key due to correlations with side channels such as power consumption, timing variations, and electromagnetic emissions. Since power and EM channels can leak distinct information, the combination of EM and power channels could increase side-channel attack efficiency. In this paper, we develop a miniature dual-channel side-ch…
▽ More
Cryptosystem implementations often disclose information regarding a secret key due to correlations with side channels such as power consumption, timing variations, and electromagnetic emissions. Since power and EM channels can leak distinct information, the combination of EM and power channels could increase side-channel attack efficiency. In this paper, we develop a miniature dual-channel side-channel detection platform, named RASCv3 to successfully extract subkeys from both unmasked and masked AES modules. For the unmasked AES, we combine EM and power channels by using mutual information to extract the secret key in real-time mode and the experiment result shows that less measurements-to-disclosure (MTD) is used than the last version (RASCv2). Further, we adopt RASCv3 to collect EM/Power traces from the masked AES module and successfully extract the secret key from the masked AES module in fewer power/EM/dual channel traces. In the end, we generate an ASCAD format dataset named SPERO, which consists of EM and power traces collected simultaneously during unmasked/masked AES module doing encryption and upload to the community for future use.
△ Less
Submitted 10 May, 2024;
originally announced May 2024.
-
LaserEscape: Detecting and Mitigating Optical Probing Attacks
Authors:
Saleh Khalaj Monfared,
Kyle Mitard,
Andrew Cannon,
Domenic Forte,
Shahin Tajik
Abstract:
The security of integrated circuits (ICs) can be broken by sophisticated physical attacks relying on failure analysis methods. Optical probing is one of the most prominent examples of such attacks, which can be accomplished in a matter of days, even with limited knowledge of the IC under attack. Unfortunately, few countermeasures are proposed in the literature, and none has been fabricated and tes…
▽ More
The security of integrated circuits (ICs) can be broken by sophisticated physical attacks relying on failure analysis methods. Optical probing is one of the most prominent examples of such attacks, which can be accomplished in a matter of days, even with limited knowledge of the IC under attack. Unfortunately, few countermeasures are proposed in the literature, and none has been fabricated and tested in practice. These countermeasures usually require changing the standard cell libraries and, thus, are incompatible with digital and programmable platforms, such as field programmable gate arrays (FPGAs). In this work, we shift our attention from preventing the attack to detecting and responding to it. We introduce LaserEscape, the first fully digital and FPGA-compatible countermeasure to detect and mitigate optical probing attacks. LaserEscape incorporates digital delay-based sensors to reliably detect the physical alteration on the fabric caused by laser beam irradiations in real time. Furthermore, as a response to the attack, LaserEscape deploys real-time hiding approaches using randomized hardware reconfigurability. It realizes 1) moving target defense (MTD) to physically move the sensitive circuity under attack out of the probing field of focus to protect secret keys and 2) polymorphism to logically obfuscate the functionality of the targeted circuit to counter function extraction and reverse engineering attempts. We demonstrate the effectiveness and resiliency of our approach by performing optical probing attacks on protected and unprotected designs on a 28-nm FPGA. Our results show that optical probing attacks can be reliably detected and mitigated without interrupting the chip's operation.
△ Less
Submitted 6 May, 2024;
originally announced May 2024.
-
Programmable EM Sensor Array for Golden-Model Free Run-time Trojan Detection and Localization
Authors:
Hanqiu Wang,
Max Panoff,
Zihao Zhan,
Shuo Wang,
Christophe Bobda,
Domenic Forte
Abstract:
Side-channel analysis has been proven effective at detecting hardware Trojans in integrated circuits (ICs). However, most detection techniques rely on large external probes and antennas for data collection and require a long measurement time to detect Trojans. Such limitations make these techniques impractical for run-time deployment and ineffective in detecting small Trojans with subtle side-chan…
▽ More
Side-channel analysis has been proven effective at detecting hardware Trojans in integrated circuits (ICs). However, most detection techniques rely on large external probes and antennas for data collection and require a long measurement time to detect Trojans. Such limitations make these techniques impractical for run-time deployment and ineffective in detecting small Trojans with subtle side-channel signatures. To overcome these challenges, we propose a Programmable Sensor Array (PSA) for run-time hardware Trojan detection, localization, and identification. PSA is a tampering-resilient integrated on-chip magnetic field sensor array that can be re-programmed to change the sensors' shape, size, and location. Using PSA, EM side-channel measurement results collected from sensors at different locations on an IC can be analyzed to localize and identify the Trojan. The PSA has better performance than conventional external magnetic probes and state-of-the-art on-chip single-coil magnetic field sensors. We fabricated an AES-128 test chip with four AES Hardware Trojans. They were successfully detected, located, and identified with the proposed on-chip PSA within 10 milliseconds using our proposed cross-domain analysis.
△ Less
Submitted 22 January, 2024;
originally announced January 2024.
-
RandOhm: Mitigating Impedance Side-channel Attacks using Randomized Circuit Configurations
Authors:
Saleh Khalaj Monfared,
Domenic Forte,
Shahin Tajik
Abstract:
Physical side-channel attacks can compromise the security of integrated circuits. Most physical side-channel attacks (e.g., power or electromagnetic) exploit the dynamic behavior of a chip, typically manifesting as changes in current consumption or voltage fluctuations where algorithmic countermeasures, such as masking, can effectively mitigate them. However, as demonstrated recently, these mitiga…
▽ More
Physical side-channel attacks can compromise the security of integrated circuits. Most physical side-channel attacks (e.g., power or electromagnetic) exploit the dynamic behavior of a chip, typically manifesting as changes in current consumption or voltage fluctuations where algorithmic countermeasures, such as masking, can effectively mitigate them. However, as demonstrated recently, these mitigation techniques are not entirely effective against backscattered side-channel attacks such as impedance analysis. In the case of an impedance attack, an adversary exploits the data-dependent impedance variations of the chip power delivery network (PDN) to extract secret information. In this work, we introduce RandOhm, which exploits a moving target defense (MTD) strategy based on the partial reconfiguration (PR) feature of mainstream FPGAs and programmable SoCs to defend against impedance side-channel attacks. We demonstrate that the information leakage through the PDN impedance could be significantly reduced via runtime reconfiguration of the secret-sensitive parts of the circuitry. Hence, by constantly randomizing the placement and routing of the circuit, one can decorrelate the data-dependent computation from the impedance value. Moreover, in contrast to existing PR-based countermeasures, RandOhm deploys open-source bitstream manipulation tools on programmable SoCs to speed up the randomization and provide real-time protection. To validate our claims, we apply RandOhm to AES ciphers realized on 28-nm FPGAs. We analyze the resiliency of our approach by performing non-profiled and profiled impedance analysis attacks and investigate the overhead of our mitigation in terms of delay and performance.
△ Less
Submitted 6 May, 2024; v1 submitted 16 January, 2024;
originally announced January 2024.
-
Quantization-aware Neural Architectural Search for Intrusion Detection
Authors:
Rabin Yu Acharya,
Laurens Le Jeune,
Nele Mentens,
Fatemeh Ganji,
Domenic Forte
Abstract:
Deploying machine learning-based intrusion detection systems (IDSs) on hardware devices is challenging due to their limited computational resources, power consumption, and network connectivity. Hence, there is a significant need for robust, deep learning models specifically designed with such constraints in mind. In this paper, we present a design methodology that automatically trains and evolves…
▽ More
Deploying machine learning-based intrusion detection systems (IDSs) on hardware devices is challenging due to their limited computational resources, power consumption, and network connectivity. Hence, there is a significant need for robust, deep learning models specifically designed with such constraints in mind. In this paper, we present a design methodology that automatically trains and evolves quantized neural network (NN) models that are a thousand times smaller than state-of-the-art NNs but can efficiently analyze network data for intrusion at high accuracy. In this regard, the number of LUTs utilized by this network when deployed to an FPGA is between 2.3x and 8.5x smaller with performance comparable to prior work.
△ Less
Submitted 1 March, 2024; v1 submitted 7 November, 2023;
originally announced November 2023.
-
Garbled EDA: Privacy Preserving Electronic Design Automation
Authors:
Mohammad Hashemi,
Steffi Roy,
Fatemeh Ganji,
Domenic Forte
Abstract:
The complexity of modern integrated circuits (ICs) necessitates collaboration between multiple distrusting parties, including thirdparty intellectual property (3PIP) vendors, design houses, CAD/EDA tool vendors, and foundries, which jeopardizes confidentiality and integrity of each party's IP. IP protection standards and the existing techniques proposed by researchers are ad hoc and vulnerable to…
▽ More
The complexity of modern integrated circuits (ICs) necessitates collaboration between multiple distrusting parties, including thirdparty intellectual property (3PIP) vendors, design houses, CAD/EDA tool vendors, and foundries, which jeopardizes confidentiality and integrity of each party's IP. IP protection standards and the existing techniques proposed by researchers are ad hoc and vulnerable to numerous structural, functional, and/or side-channel attacks. Our framework, Garbled EDA, proposes an alternative direction through formulating the problem in a secure multi-party computation setting, where the privacy of IPs, CAD tools, and process design kits (PDKs) is maintained. As a proof-of-concept, Garbled EDA is evaluated in the context of simulation, where multiple IP description formats (Verilog, C, S) are supported. Our results demonstrate a reasonable logical-resource cost and negligible memory overhead. To further reduce the overhead, we present another efficient implementation methodology, feasible when the resource utilization is a bottleneck, but the communication between two parties is not restricted. Interestingly, this implementation is private and secure even in the presence of malicious adversaries attempting to, e.g., gain access to PDKs or in-house IPs of the CAD tool providers.
△ Less
Submitted 7 August, 2022;
originally announced August 2022.
-
HWGN2: Side-channel Protected Neural Networks through Secure and Private Function Evaluation
Authors:
Mohammad Hashemi,
Steffi Roy,
Domenic Forte,
Fatemeh Ganji
Abstract:
Recent work has highlighted the risks of intellectual property (IP) piracy of deep learning (DL) models from the side-channel leakage of DL hardware accelerators. In response, to provide side-channel leakage resiliency to DL hardware accelerators, several approaches have been proposed, mainly borrowed from the methodologies devised for cryptographic implementations. Therefore, as expected, the sam…
▽ More
Recent work has highlighted the risks of intellectual property (IP) piracy of deep learning (DL) models from the side-channel leakage of DL hardware accelerators. In response, to provide side-channel leakage resiliency to DL hardware accelerators, several approaches have been proposed, mainly borrowed from the methodologies devised for cryptographic implementations. Therefore, as expected, the same challenges posed by the complex design of such countermeasures should be dealt with. This is despite the fact that fundamental cryptographic approaches, specifically secure and private function evaluation, could potentially improve the robustness against side-channel leakage. To examine this and weigh the costs and benefits, we introduce hardware garbled NN (HWGN2), a DL hardware accelerator implemented on FPGA. HWGN2 also provides NN designers with the flexibility to protect their IP in real-time applications, where hardware resources are heavily constrained, through a hardware-communication cost trade-off. Concretely, we apply garbled circuits, implemented using a MIPS architecture that achieves up to 62.5x fewer logical and 66x less memory utilization than the state-of-the-art approaches at the price of communication overhead. Further, the side-channel resiliency of HWGN2 is demonstrated by employing the test vector leakage assessment (TVLA) test against both power and electromagnetic side-channels. This is in addition to the inherent feature of HWGN2: it ensures the privacy of users' input, including the architecture of NNs. We also demonstrate a natural extension to the malicious security modeljust as a by-product of our implementation.
△ Less
Submitted 7 August, 2022;
originally announced August 2022.
-
Graphs whose vertices of degree at least 2 lie in a triangle
Authors:
Vinicius L. do Forte,
Min Chih Lin,
Abilio Lucena,
Nelson Maculan,
Veronica A. Moyano,
Jayme L. Szwarcfiter
Abstract:
A pendant vertex is one of degree one and an isolated vertex has degree zero. A neighborhood star-free (NSF for short) graph is one in which every vertex is contained in a triangle except pendant vertices and isolated vertices. This class has been considered before for several contexts. In the present paper, we study the complexity of the dominating induced matching (DIM) problem and the perfect e…
▽ More
A pendant vertex is one of degree one and an isolated vertex has degree zero. A neighborhood star-free (NSF for short) graph is one in which every vertex is contained in a triangle except pendant vertices and isolated vertices. This class has been considered before for several contexts. In the present paper, we study the complexity of the dominating induced matching (DIM) problem and the perfect edge domination (PED) problem for NSF graphs. We prove the corresponding decision problems are NP-Complete for several of its subclasses. As an added value of this study, we have shown three connected variants of planar positive 1in3SAT are also NP-Complete. Since these variants are more basic in complexity theory context than many graph problems, these results can be useful to prove that other problems are NP-Complete.
△ Less
Submitted 7 April, 2024; v1 submitted 25 April, 2022;
originally announced April 2022.
-
A Survey and Perspective on Artificial Intelligence for Security-Aware Electronic Design Automation
Authors:
David Selasi Koblah,
Rabin Yu Acharya,
Daniel Capecci,
Olivia P. Dizon-Paradis,
Shahin Tajik,
Fatemeh Ganji,
Damon L. Woodard,
Domenic Forte
Abstract:
Artificial intelligence (AI) and machine learning (ML) techniques have been increasingly used in several fields to improve performance and the level of automation. In recent years, this use has exponentially increased due to the advancement of high-performance computing and the ever increasing size of data. One of such fields is that of hardware design; specifically the design of digital and analo…
▽ More
Artificial intelligence (AI) and machine learning (ML) techniques have been increasingly used in several fields to improve performance and the level of automation. In recent years, this use has exponentially increased due to the advancement of high-performance computing and the ever increasing size of data. One of such fields is that of hardware design; specifically the design of digital and analog integrated circuits~(ICs), where AI/ ML techniques have been extensively used to address ever-increasing design complexity, aggressive time-to-market, and the growing number of ubiquitous interconnected devices (IoT). However, the security concerns and issues related to IC design have been highly overlooked. In this paper, we summarize the state-of-the-art in AL/ML for circuit design/optimization, security and engineering challenges, research in security-aware CAD/EDA, and future research directions and needs for using AI/ML for security-aware circuit design.
△ Less
Submitted 20 April, 2022; v1 submitted 19 April, 2022;
originally announced April 2022.
-
Circuit Masking: From Theory to Standardization, A Comprehensive Survey for Hardware Security Researchers and Practitioners
Authors:
Ana Covic,
Fatemeh Ganji,
Domenic Forte
Abstract:
Side-channel attacks extracting sensitive data from implementations have been considered a major threat to the security of cryptographic schemes. This has elevated the need for improved designs by embodying countermeasures, with masking being the most prominent example. To formally verify the security of a masking scheme, numerous attack models have been developed to capture the physical propertie…
▽ More
Side-channel attacks extracting sensitive data from implementations have been considered a major threat to the security of cryptographic schemes. This has elevated the need for improved designs by embodying countermeasures, with masking being the most prominent example. To formally verify the security of a masking scheme, numerous attack models have been developed to capture the physical properties of the information leakage as well as the capabilities of the adversary. With regard to these models, extensive research has been performed to realize masking schemes. These research efforts have led to significant progress in the development of security assessment methodologies and further initiated standardization activities. However, since the majority of this work is theoretical, it is challenging for the more practice-oriented hardware security community to fully grasp and contribute to. To bridge the gap, these advancements are reviewed and discussed in this survey, mainly from the perspective of hardware security. In doing so, a clear taxonomy is provided that is helpful for a systematic treatment of the masking-related topics. By giving an extensive overview of the existing methods, this survey (1) provides a research landscape of circuit masking for newcomers to the field, (2) offers guidelines on which attack model and verification tool to choose when designing masking schemes, and (3) identifies interesting new research directions where masking models and assessment tools can be applied. Thus, this survey serves as an essential reference for hardware security practitioners interested in the theory behind masking techniques, the tools useful to verify the security of masked circuits, and their potential applications.
△ Less
Submitted 29 June, 2021; v1 submitted 23 June, 2021;
originally announced June 2021.
-
InfoNEAT: Information Theory-based NeuroEvolution of Augmenting Topologies for Side-channel Analysis
Authors:
Rabin Yu Acharya,
Fatemeh Ganji,
Domenic Forte
Abstract:
Profiled side-channel analysis (SCA) leverages leakage from cryptographic implementations to extract the secret key. When combined with advanced methods in neural networks (NNs), profiled SCA can successfully attack even those crypto-cores assumed to be protected against SCA. Despite the rise in the number of studies devoted to NN-based SCA, a range of questions has remained unanswered, namely: ho…
▽ More
Profiled side-channel analysis (SCA) leverages leakage from cryptographic implementations to extract the secret key. When combined with advanced methods in neural networks (NNs), profiled SCA can successfully attack even those crypto-cores assumed to be protected against SCA. Despite the rise in the number of studies devoted to NN-based SCA, a range of questions has remained unanswered, namely: how to choose an NN with an adequate configuration, how to tune the NN's hyperparameters, when to stop the training, etc. Our proposed approach, ``InfoNEAT,'' tackles these issues in a natural way. InfoNEAT relies on the concept of neural structure search, enhanced by information-theoretic metrics to guide the evolution, halt it with novel stop** criteria, and improve time-complexity and memory footprint. The performance of InfoNEAT is evaluated by applying it to publicly available datasets composed of real side-channel measurements. In addition to the considerable advantages regarding the automated configuration of NNs, InfoNEAT demonstrates significant improvements over other approaches for effective key recovery in terms of the number of epochs (e.g.,x6 faster) and the number of attack traces compared to both MLPs and CNNs (e.g., up to 1000s fewer traces to break a device) as well as a reduction in the number of trainable parameters compared to MLPs (e.g., by the factor of up to 32). Furthermore, through experiments, it is demonstrated that InfoNEAT's models are robust against noise and desynchronization in traces.
△ Less
Submitted 14 October, 2022; v1 submitted 30 April, 2021;
originally announced May 2021.
-
Boosting quantum yields in 2D semiconductors via proximal metal plates
Authors:
Yongjun Lee,
Anshuman Kumar,
Johnathas D'arf Severo Forte,
Andrey Chaves,
Shrawan Roy,
Takashi Taniguchi,
Kenji Watanabe,
Alexey Chernikov,
Joon I. Jang,
Tony Low,
Jeongyong Kim
Abstract:
Monolayer transition metal dichalcogenides (1L-TMDs) have tremendous potential as atomically thin, direct bandgap semiconductors that can be used as convenient building blocks for quantum photonic devices. However, the short exciton lifetime due to the defect traps and the strong exciton-exciton interaction in TMDs has significantly limited the efficiency of exciton emission from this class of mat…
▽ More
Monolayer transition metal dichalcogenides (1L-TMDs) have tremendous potential as atomically thin, direct bandgap semiconductors that can be used as convenient building blocks for quantum photonic devices. However, the short exciton lifetime due to the defect traps and the strong exciton-exciton interaction in TMDs has significantly limited the efficiency of exciton emission from this class of materials. Here, we show that exciton-exciton dipolar field interaction in 1L-WS2 can be effectively screened using an ultra-flat Au film substrate separated by multilayers of hexagonal boron nitride. Under this geometry, dipolar exciton-exciton interaction becomes quadrupole-quadrupole interaction because of effective image dipoles formed inside the metal. The suppressed exciton-exciton interaction leads to a significantly improved quantum yield by an order of magnitude, which is also accompanied by a reduction in the exciton-exciton annihilation (EEA) rate, as confirmed by time-resolved optical measurements. A semiclassical model accounting for the screening of the dipole-dipole interaction qualitatively captures the dependence of EEA on exciton densities. Our results suggest that fundamental EEA processes in the TMD can be engineered through proximal metallic screening, which represents a practical approach towards high-efficiency 2D light emitters.
△ Less
Submitted 30 December, 2020;
originally announced December 2020.
-
Physical Security in the Post-quantum Era: A Survey on Side-channel Analysis, Random Number Generators, and Physically Unclonable Functions
Authors:
Sreeja Chowdhury,
Ana Covic,
Rabin Yu Acharya,
Spencer Dupee,
Fatemeh Ganji,
Domenic Forte
Abstract:
Over the past decades, quantum technology has seen consistent progress, with notable recent developments in the field of quantum computers. Traditionally, this trend has been primarily seen as a serious risk for cryptography; however, a positive aspect of quantum technology should also be stressed. In this regard, viewing this technology as a resource for honest parties rather than adversaries, it…
▽ More
Over the past decades, quantum technology has seen consistent progress, with notable recent developments in the field of quantum computers. Traditionally, this trend has been primarily seen as a serious risk for cryptography; however, a positive aspect of quantum technology should also be stressed. In this regard, viewing this technology as a resource for honest parties rather than adversaries, it may enhance not only the security, but also the performance of specific cryptographic schemes. While considerable effort has been devoted to the design of quantum-resistant and quantum-enhanced schemes, little effort has been made to understanding their physical security. Physical security deals with the design and implementation of security measures fulfilling the practical requirements of cryptographic primitives, which are equally essential for classic and quantum ones. This survey aims to draw greater attention to the importance of physical security, with a focus on secure key generation and storage as well as secure execution. More specifically, the possibility of performing side-channel analysis in the quantum world is discussed and compared to attacks launched in the classic world. Besides, proposals for quantum random number generation and quantum physically unclonable functions are compared to their classic counterparts and further analyzed to give a better understanding of their features, advantages, and shortcomings. Finally, seen from these three perspectives, this survey provides an outlook for future research in this direction.
△ Less
Submitted 8 February, 2021; v1 submitted 8 May, 2020;
originally announced May 2020.
-
Histogram-based Auto Segmentation: A Novel Approach to Segmenting Integrated Circuit Structures from SEM Images
Authors:
Ronald Wilson,
Navid Asadizanjani,
Domenic Forte,
Damon L. Woodard
Abstract:
In the Reverse Engineering and Hardware Assurance domain, a majority of the data acquisition is done through electron microscopy techniques such as Scanning Electron Microscopy (SEM). However, unlike its counterparts in optical imaging, only a limited number of techniques are available to enhance and extract information from the raw SEM images. In this paper, we introduce an algorithm to segment o…
▽ More
In the Reverse Engineering and Hardware Assurance domain, a majority of the data acquisition is done through electron microscopy techniques such as Scanning Electron Microscopy (SEM). However, unlike its counterparts in optical imaging, only a limited number of techniques are available to enhance and extract information from the raw SEM images. In this paper, we introduce an algorithm to segment out Integrated Circuit (IC) structures from the SEM image. Unlike existing algorithms discussed in this paper, this algorithm is unsupervised, parameter-free and does not require prior information on the noise model or features in the target image making it effective in low quality image acquisition scenarios as well. Furthermore, the results from the application of the algorithm on various structures and layers in the IC are reported and discussed.
△ Less
Submitted 28 April, 2020;
originally announced April 2020.
-
Attack of the Genes: Finding Keys and Parameters of Locked Analog ICs Using Genetic Algorithm
Authors:
Rabin Yu Acharya,
Sreeja Chowdhury,
Fatemeh Ganji,
Domenic Forte
Abstract:
Hardware intellectual property (IP) theft is a major issue in today's globalized supply chain. To address it, numerous logic locking and obfuscation techniques have been proposed. While locking initially focused on digital integrated circuits (ICs), there have been recent attempts to extend it to analog ICs, which are easier to reverse engineer and to copy than digital ICs. In this paper, we use a…
▽ More
Hardware intellectual property (IP) theft is a major issue in today's globalized supply chain. To address it, numerous logic locking and obfuscation techniques have been proposed. While locking initially focused on digital integrated circuits (ICs), there have been recent attempts to extend it to analog ICs, which are easier to reverse engineer and to copy than digital ICs. In this paper, we use algorithms based on evolutionary strategies to investigate the security of analog obfuscation/locking techniques. We present a genetic algorithm (GA) approach which is capable of completely breaking a locked analog circuit by finding either its obfuscation key or its obfuscated parameters. We implement both the GA attack as well as a more naive satisfiability modulo theory (SMT)-based attack on common analog benchmark circuits obfuscated by combinational locking and parameter biasing. We find that GA attack can unlock all the circuits using only the locked netlist and an unlocked chip in minutes. On the other hand, while the SMT attack converges faster, it requires circuit specification to execute and it also returns multiple keys that need to be brute-forced by a post-processing step. We also discuss how the GA attack can generalize to other recent analog locking techniques not tested in the paper
△ Less
Submitted 30 March, 2020;
originally announced March 2020.
-
Hardware Trust and Assurance through Reverse Engineering: A Survey and Outlook from Image Analysis and Machine Learning Perspectives
Authors:
Ulbert J. Botero,
Ronald Wilson,
Hangwei Lu,
Mir Tanjidur Rahman,
Mukhil A. Mallaiyan,
Fatemeh Ganji,
Navid Asadizanjani,
Mark M. Tehranipoor,
Damon L. Woodard,
Domenic Forte
Abstract:
In the context of hardware trust and assurance, reverse engineering has been often considered as an illegal action. Generally speaking, reverse engineering aims to retrieve information from a product, i.e., integrated circuits (ICs) and printed circuit boards (PCBs) in hardware security-related scenarios, in the hope of understanding the functionality of the device and determining its constituent…
▽ More
In the context of hardware trust and assurance, reverse engineering has been often considered as an illegal action. Generally speaking, reverse engineering aims to retrieve information from a product, i.e., integrated circuits (ICs) and printed circuit boards (PCBs) in hardware security-related scenarios, in the hope of understanding the functionality of the device and determining its constituent components. Hence, it can raise serious issues concerning Intellectual Property (IP) infringement, the (in)effectiveness of security-related measures, and even new opportunities for injecting hardware Trojans. Ironically, reverse engineering can enable IP owners to verify and validate the design. Nevertheless, this cannot be achieved without overcoming numerous obstacles that limit successful outcomes of the reverse engineering process. This paper surveys these challenges from two complementary perspectives: image processing and machine learning. These two fields of study form a firm basis for the enhancement of efficiency and accuracy of reverse engineering processes for both PCBs and ICs. In summary, therefore, this paper presents a roadmap indicating clearly the actions to be taken to fulfill hardware trust and assurance objectives.
△ Less
Submitted 7 April, 2021; v1 submitted 11 February, 2020;
originally announced February 2020.
-
Defense-in-Depth: A Recipe for Logic Locking to Prevail
Authors:
M Tanjidur Rahman,
M Sazadur Rahman,
Huanyu Wang,
Shahin Tajik,
Waleed Khalil,
Farimah Farahmandi,
Domenic Forte,
Navid Asadizanjani,
Mark Tehranipoor
Abstract:
Logic locking has emerged as a promising solution for protecting the semiconductor intellectual Property (IP) from the untrusted entities in the design and fabrication process. Logic locking hides the functionality of the IP by embedding additional key-gates in the circuit. The correct output of the chip is produced, once the correct key value is available at the input of the key-gates. The confid…
▽ More
Logic locking has emerged as a promising solution for protecting the semiconductor intellectual Property (IP) from the untrusted entities in the design and fabrication process. Logic locking hides the functionality of the IP by embedding additional key-gates in the circuit. The correct output of the chip is produced, once the correct key value is available at the input of the key-gates. The confidentiality of the key is imperative for the security of the locked IP as it stands as the lone barrier against IP infringement. Therefore, the logic locking is considered as a broken scheme once the key value is exposed. The research community has shown the vulnerability of the logic locking techniques against different classes of attacks, such as Oracle-guided and physical attacks. Although several countermeasures have already been proposed against such attacks, none of them is simultaneously impeccable against Oracle-guided, Oracle-less, and physical attacks. Under such circumstances, a defense-in-depth approach can be considered as a practical approach in addressing the vulnerabilities of logic locking. Defense-in-depth is a multilayer defense approach where several independent countermeasures are implemented in the device to provide aggregated protection against different attack vectors. Introducing such a multilayer defense model in logic locking is the major contribution of this paper. With regard to this, we first identify the core components of logic locking schemes, which need to be protected. Afterwards, we categorize the vulnerabilities of core components according to potential threats for the locking key in logic locking schemes. Furthermore, we propose several defense layers and countermeasures to protect the device from those vulnerabilities. Finally, we turn our focus to open research questions and conclude with suggestions for future research directions.
△ Less
Submitted 20 July, 2019;
originally announced July 2019.
-
EOP: An Encryption-Obfuscation Solution for Protecting PCBs Against Tampering and Reverse Engineering
Authors:
Zimu Guo,
Xiaolin Xu,
Mark M. Tehranipoor,
Domenic Forte
Abstract:
PCBs are the core components for the devices ranging from the consumer electronics to military applications. Due to the accessibility of the PCBs, they are vulnerable to the attacks such as probing, eavesdrop**, and reverse engineering. In this paper, a solution named EOP is proposed to migrate these threats. EOP encrypts the inter-chip communications with the stream cipher. The encryption and d…
▽ More
PCBs are the core components for the devices ranging from the consumer electronics to military applications. Due to the accessibility of the PCBs, they are vulnerable to the attacks such as probing, eavesdrop**, and reverse engineering. In this paper, a solution named EOP is proposed to migrate these threats. EOP encrypts the inter-chip communications with the stream cipher. The encryption and decryption are driven by the dedicated clock modules. These modules guarantee the stream cipher is correctly synchronized and free from tampering. Additionally, EOP also incorporates the PCB-level obfuscation for protection against reverse engineering. EOP is designated to be accomplished by utilizing the COTS components. For the validation, EOP is implemented in a Zynq SoC based system. Both the normal operation and tampering detection performance are verified. The results show that EOP can deliver the data from one chip to another without any errors. It is proved to be sensitive to any active tampering attacks.
△ Less
Submitted 20 April, 2019;
originally announced April 2019.
-
PreLatPUF: Exploiting DRAM Latency Variations for Generating Robust Device Signatures
Authors:
B. M. S. Bahar Talukder,
Biswajit Ray,
Domenic Forte,
Md Tauhidur Rahman
Abstract:
Physically Unclonable Functions (PUFs) are potential security blocks to generate unique and more secure keys in low-cost cryptographic applications. Dynamic random-access memory (DRAM) has been proposed as one of the promising candidates for generating robust keys. Unfortunately, the existing techniques of generating device signatures from DRAM is very slow, destructive (destroy the current data),…
▽ More
Physically Unclonable Functions (PUFs) are potential security blocks to generate unique and more secure keys in low-cost cryptographic applications. Dynamic random-access memory (DRAM) has been proposed as one of the promising candidates for generating robust keys. Unfortunately, the existing techniques of generating device signatures from DRAM is very slow, destructive (destroy the current data), and disruptive to system operation. In this paper, we propose \textit{precharge} latency-based PUF (PreLatPUF) that exploits DRAM \textit{precharge} latency variations to generate signatures. The proposed PreLatPUF is fast, robust, least disruptive, and non-destructive. The silicon results from commercially available $DDR3$ chips from different manufacturers show that the proposed key generation technique is at least $ \sim 1,192X$ faster than the existing approaches, while reliably reproducing the key in extreme operating conditions.
△ Less
Submitted 31 July, 2019; v1 submitted 7 August, 2018;
originally announced August 2018.
-
Dirac spectrum in gated multilayer black phosphorus nanoribbons
Authors:
J. D. S. Forte,
D. J. P. de Sousa,
J. Milton Pereira Jr
Abstract:
We investigate the effects of a perpendicular electric field applied to multilayer phosphorene nanoribbons with zigzag and armchair edges. Within the context of the tight-binding model, we explore the electronic properties of these systems giving emphasis to the appearance of Dirac-like spectra, a transition that occurs when the gate density associated with the applied displacement field is greate…
▽ More
We investigate the effects of a perpendicular electric field applied to multilayer phosphorene nanoribbons with zigzag and armchair edges. Within the context of the tight-binding model, we explore the electronic properties of these systems giving emphasis to the appearance of Dirac-like spectra, a transition that occurs when the gate density associated with the applied displacement field is greater than the critical value $n_c$. We show that the confinement properties and the screening effects in such systems play an important role on the determination of $n_c$, suggesting a scheme to determine the thickness, width and edge orientation of multilayered phosphorene nanoribbons. We also explore how this transition affects the electronic transport properties of such systems.
△ Less
Submitted 8 June, 2018;
originally announced June 2018.
-
Secure and Reliable Biometric Access Control for Resource-Constrained Systems and IoT
Authors:
Nima Karimian,
Zimu Guo,
Fatemeh Tehranipoor,
Damon Woodard,
Mark Tehranipoor,
Domenic Forte
Abstract:
With the emergence of the Internet-of-Things (IoT), there is a growing need for access control and data protection on low-power, pervasive devices. Biometric-based authentication is promising for IoT due to its convenient nature and lower susceptibility to attacks. However, the costs associated with biometric processing and template protection are nontrivial for smart cards, key fobs, and so forth…
▽ More
With the emergence of the Internet-of-Things (IoT), there is a growing need for access control and data protection on low-power, pervasive devices. Biometric-based authentication is promising for IoT due to its convenient nature and lower susceptibility to attacks. However, the costs associated with biometric processing and template protection are nontrivial for smart cards, key fobs, and so forth. In this paper, we discuss the security, cost, and utility of biometric systems and develop two major frameworks for improving them. First, we introduce a new framework for implementing biometric systems based on physical unclonable functions (PUFs) and hardware obfuscation that, unlike traditional software approaches, does not require nonvolatile storage of a biometric template/key. Aside from reducing the risk of compromising the biometric, the nature of obfuscation also provides protection against access control circumvention via malware and fault injection. The PUF provides non-invertibility and non-linkability. Second, a major requirement of the proposed PUF/obfuscation approach is that a reliable (robust) key be generated from the users input biometric. We propose a noiseaware biometric quantization framework capable of generating unique, reliable keys with reduced enrollment time and denoising costs. Finally, we conduct several case studies. In the first, the proposed noise-aware approach is compared to our previous approach for multiple biometric modalities, including popular ones (fingerprint and iris) and emerging cardiovascular ones (ECG and PPG). The results show that ECG provides the best tradeoff between reliability, key length, entropy, and cost. In the second and third case studies, we demonstrate how reliability, denoising costs, and enrollment times can be simultaneously improved by modeling subject intra-variations for ECG.
△ Less
Submitted 26 March, 2018;
originally announced March 2018.
-
Hardware Trojan Detection through Information Flow Security Verification
Authors:
Adib Nahiyan,
Mehdi Sadi,
Rahul Vittal,
Gustavo Contreras,
Domenic Forte,
Mark Tehranipoor
Abstract:
Semiconductor design houses are increasingly becoming dependent on third party vendors to procure intellectual property (IP) and meet time-to-market constraints. However, these third party IPs cannot be trusted as hardware Trojans can be maliciously inserted into them by untrusted vendors. While different approaches have been proposed to detect Trojans in third party IPs, their limitations have no…
▽ More
Semiconductor design houses are increasingly becoming dependent on third party vendors to procure intellectual property (IP) and meet time-to-market constraints. However, these third party IPs cannot be trusted as hardware Trojans can be maliciously inserted into them by untrusted vendors. While different approaches have been proposed to detect Trojans in third party IPs, their limitations have not been extensively studied. In this paper, we analyze the limitations of the state-of-the-art Trojan detection techniques and demonstrate with experimental results how to defeat these detection mechanisms. We then propose a Trojan detection framework based on information flow security (IFS) verification. Our framework detects violation of IFS policies caused by Trojans without the need of white-box knowledge of the IP. We experimentally validate the efficacy of our proposed technique by accurately identifying Trojans in the trust-hub benchmarks. We also demonstrate that our technique does not share the limitations of the previously proposed Trojan detection techniques.
△ Less
Submitted 11 March, 2018;
originally announced March 2018.