-
ASSURE: RTL Locking Against an Untrusted Foundry
Authors:
Christian Pilato,
Animesh Basak Chowdhury,
Donatella Sciuto,
Siddharth Garg,
Ramesh Karri
Abstract:
Semiconductor design companies are integrating proprietary intellectual property (IP) blocks to build custom integrated circuits (IC) and fabricate them in a third-party foundry. Unauthorized IC copies cost these companies billions of dollars annually. While several methods have been proposed for hardware IP obfuscation, they operate on the gate-level netlist, i.e., after the synthesis tools embed…
▽ More
Semiconductor design companies are integrating proprietary intellectual property (IP) blocks to build custom integrated circuits (IC) and fabricate them in a third-party foundry. Unauthorized IC copies cost these companies billions of dollars annually. While several methods have been proposed for hardware IP obfuscation, they operate on the gate-level netlist, i.e., after the synthesis tools embed the semantic information into the netlist. We propose ASSURE to protect hardware IP modules operating on the register-transfer level (RTL) description. The RTL approach has three advantages: (i) it allows designers to obfuscate IP cores generated with many different methods (e.g., hardware generators, high-level synthesis tools, and pre-existing IPs). (ii) it obfuscates the semantics of an IC before logic synthesis; (iii) it does not require modifications to EDA flows. We perform a cost and security assessment of ASSURE.
△ Less
Submitted 18 April, 2021; v1 submitted 11 October, 2020;
originally announced October 2020.
-
DAVE: Deriving Automatically Verilog from English
Authors:
Hammond Pearce,
Benjamin Tan,
Ramesh Karri
Abstract:
While specifications for digital systems are provided in natural language, engineers undertake significant efforts to translate them into the programming languages understood by compilers for digital systems. Automating this process allows designers to work with the language in which they are most comfortable --the original natural language -- and focus instead on other downstream design challenge…
▽ More
While specifications for digital systems are provided in natural language, engineers undertake significant efforts to translate them into the programming languages understood by compilers for digital systems. Automating this process allows designers to work with the language in which they are most comfortable --the original natural language -- and focus instead on other downstream design challenges. We explore the use of state-of-the-art machine learning (ML) to automatically derive Verilog snippets from English via fine-tuning GPT-2, a natural language ML system. We describe our approach for producing a suitable dataset of novice-level digital design tasks and provide a detailed exploration of GPT-2, finding encouraging translation performance across our task sets (94.8% correct), with the ability to handle both simple and abstract design tasks.
△ Less
Submitted 27 August, 2020;
originally announced September 2020.
-
Benchmarking at the Frontier of Hardware Security: Lessons from Logic Locking
Authors:
Benjamin Tan,
Ramesh Karri,
Nimisha Limaye,
Abhrajit Sengupta,
Ozgur Sinanoglu,
Md Moshiur Rahman,
Swarup Bhunia,
Danielle Duvalsaint,
R. D.,
Blanton,
Amin Rezaei,
Yuanqi Shen,
Hai Zhou,
Leon Li,
Alex Orailoglu,
Zhaokun Han,
Austin Benedetti,
Luciano Brignone,
Muhammad Yasin,
Jeyavijayan Rajendran,
Michael Zuzak,
Ankur Srivastava,
Ujjwal Guin,
Chandan Karfa,
Kanad Basu
, et al. (11 additional authors not shown)
Abstract:
Integrated circuits (ICs) are the foundation of all computing systems. They comprise high-value hardware intellectual property (IP) that are at risk of piracy, reverse-engineering, and modifications while making their way through the geographically-distributed IC supply chain. On the frontier of hardware security are various design-for-trust techniques that claim to protect designs from untrusted…
▽ More
Integrated circuits (ICs) are the foundation of all computing systems. They comprise high-value hardware intellectual property (IP) that are at risk of piracy, reverse-engineering, and modifications while making their way through the geographically-distributed IC supply chain. On the frontier of hardware security are various design-for-trust techniques that claim to protect designs from untrusted entities across the design flow. Logic locking is one technique that promises protection from the gamut of threats in IC manufacturing. In this work, we perform a critical review of logic locking techniques in the literature, and expose several shortcomings. Taking inspiration from other cybersecurity competitions, we devise a community-led benchmarking exercise to address the evaluation deficiencies. In reflecting on this process, we shed new light on deficiencies in evaluation of logic locking and reveal important future directions. The lessons learned can guide future endeavors in other areas of hardware security.
△ Less
Submitted 11 June, 2020;
originally announced June 2020.
-
A Survey of Cybersecurity of Digital Manufacturing
Authors:
Priyanka Mahesh,
Akash Tiwari,
Chenglu **,
Panganamala R. Kumar,
A. L. Narasimha Reddy,
Satish T. S. Bukkapatanam,
Nikhil Gupta,
Ramesh Karri
Abstract:
The Industry 4.0 concept promotes a digital manufacturing (DM) paradigm that can enhance quality and productivity, that reduces inventory and the lead-time for delivering custom, batch-of-one products based on achieving convergence of Additive, Subtractive, and Hybrid manufacturing machines, Automation and Robotic Systems, Sensors, Computing, and Communication Networks, Artificial Intelligence, an…
▽ More
The Industry 4.0 concept promotes a digital manufacturing (DM) paradigm that can enhance quality and productivity, that reduces inventory and the lead-time for delivering custom, batch-of-one products based on achieving convergence of Additive, Subtractive, and Hybrid manufacturing machines, Automation and Robotic Systems, Sensors, Computing, and Communication Networks, Artificial Intelligence, and Big Data. A DM system consists of embedded electronics, sensors, actuators, control software, and inter-connectivity to enable the machines and the components within them to exchange data with other machines, components therein, the plant operators, the inventory managers, and customers. This paper presents the cybersecurity risks in the emerging DM context, assesses the impact on manufacturing, and identifies approaches to secure DM.
△ Less
Submitted 15 October, 2020; v1 submitted 9 June, 2020;
originally announced June 2020.
-
Security of Cloud FPGAs: A Survey
Authors:
Chenglu **,
Vasudev Gohil,
Ramesh Karri,
Jeyavijayan Rajendran
Abstract:
Integrating Field Programmable Gate Arrays (FPGAs) with cloud computing instances is a rapidly emerging trend on commercial cloud computing platforms such as Amazon Web Services (AWS), Huawei cloud, and Alibaba cloud. Cloud FPGAs allow cloud users to build hardware accelerators to speed up the computation in the cloud. However, since the cloud FPGA technology is still in its infancy, the security…
▽ More
Integrating Field Programmable Gate Arrays (FPGAs) with cloud computing instances is a rapidly emerging trend on commercial cloud computing platforms such as Amazon Web Services (AWS), Huawei cloud, and Alibaba cloud. Cloud FPGAs allow cloud users to build hardware accelerators to speed up the computation in the cloud. However, since the cloud FPGA technology is still in its infancy, the security implications of this integration of FPGAs in the cloud are not clear. In this paper, we survey the emerging field of cloud FPGA security, providing a comprehensive overview of the security issues related to cloud FPGAs, and highlighting future challenges in this research area.
△ Less
Submitted 11 May, 2020;
originally announced May 2020.
-
HACK3D: Crowdsourcing the Assessment of Cybersecurity in Digital Manufacturing
Authors:
Michael Linares,
Nishant Aswani,
Gary Mac,
Chenglu **,
Fei Chen,
Nikhil Gupta,
Ramesh Karri
Abstract:
Digital manufacturing (DM) cyber-physical system is vulnerable to both cyber and physical attacks. HACK3D is a series of crowdsourcing red-team-blue-team events hosted by the NYU Center for Cybersecurity to assess the strength of the security methods embedded in designs using DM. This study summarizes the lessons learned from the past three offerings of HACK3D, including ingenious ways in which sk…
▽ More
Digital manufacturing (DM) cyber-physical system is vulnerable to both cyber and physical attacks. HACK3D is a series of crowdsourcing red-team-blue-team events hosted by the NYU Center for Cybersecurity to assess the strength of the security methods embedded in designs using DM. This study summarizes the lessons learned from the past three offerings of HACK3D, including ingenious ways in which skilled engineers can launch surprising attacks on DM designs not anticipated before. A key outcome is a taxonomy-guided creation of DM security benchmarks for use by the DM community.
△ Less
Submitted 16 April, 2021; v1 submitted 9 May, 2020;
originally announced May 2020.
-
Bias Busters: Robustifying DL-based Lithographic Hotspot Detectors Against Backdooring Attacks
Authors:
Kang Liu,
Benjamin Tan,
Gaurav Rajavendra Reddy,
Siddharth Garg,
Yiorgos Makris,
Ramesh Karri
Abstract:
Deep learning (DL) offers potential improvements throughout the CAD tool-flow, one promising application being lithographic hotspot detection. However, DL techniques have been shown to be especially vulnerable to inference and training time adversarial attacks. Recent work has demonstrated that a small fraction of malicious physical designers can stealthily "backdoor" a DL-based hotspot detector d…
▽ More
Deep learning (DL) offers potential improvements throughout the CAD tool-flow, one promising application being lithographic hotspot detection. However, DL techniques have been shown to be especially vulnerable to inference and training time adversarial attacks. Recent work has demonstrated that a small fraction of malicious physical designers can stealthily "backdoor" a DL-based hotspot detector during its training phase such that it accurately classifies regular layout clips but predicts hotspots containing a specially crafted trigger shape as non-hotspots. We propose a novel training data augmentation strategy as a powerful defense against such backdooring attacks. The defense works by eliminating the intentional biases introduced in the training data but does not require knowledge of which training samples are poisoned or the nature of the backdoor trigger. Our results show that the defense can drastically reduce the attack success rate from 84% to ~0%.
△ Less
Submitted 26 April, 2020;
originally announced April 2020.
-
Hardware Trojan Detection Using Controlled Circuit Aging
Authors:
Virinchi Roy Surabhi,
Prashanth Krishnamurthy,
Hussam Amrouch,
Kanad Basu,
Jörg Henkel,
Ramesh Karri,
Farshad Khorrami
Abstract:
This paper reports a novel approach that uses transistor aging in an integrated circuit (IC) to detect hardware Trojans. When a transistor is aged, it results in delays along several paths of the IC. This increase in delay results in timing violations that reveal as timing errors at the output of the IC during its operation. We present experiments using aging-aware standard cell libraries to illus…
▽ More
This paper reports a novel approach that uses transistor aging in an integrated circuit (IC) to detect hardware Trojans. When a transistor is aged, it results in delays along several paths of the IC. This increase in delay results in timing violations that reveal as timing errors at the output of the IC during its operation. We present experiments using aging-aware standard cell libraries to illustrate the usefulness of the technique in detecting hardware Trojans. Combining IC aging with over-clocking produces a pattern of bit errors at the IC output by the induced timing violations. We use machine learning to learn the bit error distribution at the output of a clean IC. We differentiate the divergence in the pattern of bit errors because of a Trojan in the IC from this baseline distribution. We simulate the golden IC and show robustness to IC-to-IC manufacturing variations. The approach is effective and can detect a Trojan even if we place it far off the critical paths. Results on benchmarks from the Trust-hub show a detection accuracy of $\geq$99%.
△ Less
Submitted 20 April, 2020; v1 submitted 6 April, 2020;
originally announced April 2020.
-
NNoculation: Catching BadNets in the Wild
Authors:
Akshaj Kumar Veldanda,
Kang Liu,
Benjamin Tan,
Prashanth Krishnamurthy,
Farshad Khorrami,
Ramesh Karri,
Brendan Dolan-Gavitt,
Siddharth Garg
Abstract:
This paper proposes a novel two-stage defense (NNoculation) against backdoored neural networks (BadNets) that, repairs a BadNet both pre-deployment and online in response to backdoored test inputs encountered in the field. In the pre-deployment stage, NNoculation retrains the BadNet with random perturbations of clean validation inputs to partially reduce the adversarial impact of a backdoor. Post-…
▽ More
This paper proposes a novel two-stage defense (NNoculation) against backdoored neural networks (BadNets) that, repairs a BadNet both pre-deployment and online in response to backdoored test inputs encountered in the field. In the pre-deployment stage, NNoculation retrains the BadNet with random perturbations of clean validation inputs to partially reduce the adversarial impact of a backdoor. Post-deployment, NNoculation detects and quarantines backdoored test inputs by recording disagreements between the original and pre-deployment patched networks. A CycleGAN is then trained to learn transformations between clean validation and quarantined inputs; i.e., it learns to add triggers to clean validation images. Backdoored validation images along with their correct labels are used to further retrain the pre-deployment patched network, yielding our final defense. Empirical evaluation on a comprehensive suite of backdoor attacks show that NNoculation outperforms all state-of-the-art defenses that make restrictive assumptions and only work on specific backdoor attacks, or fail on adaptive attacks. In contrast, NNoculation makes minimal assumptions and provides an effective defense, even under settings where existing defenses are ineffective due to attackers circumventing their restrictive assumptions.
△ Less
Submitted 15 November, 2021; v1 submitted 19 February, 2020;
originally announced February 2020.
-
Public Plug-in Electric Vehicles + Grid Data: Is a New Cyberattack Vector Viable?
Authors:
Samrat Acharya,
Yury Dvorkin,
Ramesh Karri
Abstract:
High-wattage demand-side appliances such as Plug-in Electric Vehicles (PEVs) are proliferating. As a result, information on the charging patterns of PEVs is becoming accessible via smartphone applications, which aggregate real-time availability and historical usage of public PEV charging stations. Moreover, information on the power grid infrastructure and operations has become increasingly availab…
▽ More
High-wattage demand-side appliances such as Plug-in Electric Vehicles (PEVs) are proliferating. As a result, information on the charging patterns of PEVs is becoming accessible via smartphone applications, which aggregate real-time availability and historical usage of public PEV charging stations. Moreover, information on the power grid infrastructure and operations has become increasingly available in technical documents and real-time dashboards of the utilities, affiliates, and the power grid operators. The research question that this study explores is: Can one combine high-wattage demand-side appliances with public information to launch cyberattacks on the power grid? To answer this question and report a proof of concept demonstration, the study scrapes data from public sources for Manhattan, NY using the electric vehicle charging station smartphone application and the power grid data circulated by the US Energy Information Administration, New York Independent System Operator, and the local utility in New York City. It then designs a novel data-driven cyberattack strategy using state-feedback based partial eigenvalue relocation, which targets frequency stability of the power grid. The study establishes that while such an attack is not possible at the current penetration level of PEVs, it will be practical once the number of PEVs increases.
△ Less
Submitted 27 February, 2020; v1 submitted 18 July, 2019;
originally announced July 2019.
-
Are Adversarial Perturbations a Showstopper for ML-Based CAD? A Case Study on CNN-Based Lithographic Hotspot Detection
Authors:
Kang Liu,
Haoyu Yang,
Yuzhe Ma,
Benjamin Tan,
Bei Yu,
Evangeline F. Y. Young,
Ramesh Karri,
Siddharth Garg
Abstract:
There is substantial interest in the use of machine learning (ML) based techniques throughout the electronic computer-aided design (CAD) flow, particularly those based on deep learning. However, while deep learning methods have surpassed state-of-the-art performance in several applications, they have exhibited intrinsic susceptibility to adversarial perturbations --- small but deliberate alteratio…
▽ More
There is substantial interest in the use of machine learning (ML) based techniques throughout the electronic computer-aided design (CAD) flow, particularly those based on deep learning. However, while deep learning methods have surpassed state-of-the-art performance in several applications, they have exhibited intrinsic susceptibility to adversarial perturbations --- small but deliberate alterations to the input of a neural network, precipitating incorrect predictions. In this paper, we seek to investigate whether adversarial perturbations pose risks to ML-based CAD tools, and if so, how these risks can be mitigated. To this end, we use a motivating case study of lithographic hotspot detection, for which convolutional neural networks (CNN) have shown great promise. In this context, we show the first adversarial perturbation attacks on state-of-the-art CNN-based hotspot detectors; specifically, we show that small (on average 0.5% modified area), functionality preserving and design-constraint satisfying changes to a layout can nonetheless trick a CNN-based hotspot detector into predicting the modified layout as hotspot free (with up to 99.7% success). We propose an adversarial retraining strategy to improve the robustness of CNN-based hotspot detection and show that this strategy significantly improves robustness (by a factor of ~3) against adversarial attacks without compromising classification accuracy.
△ Less
Submitted 25 June, 2019;
originally announced June 2019.
-
Opening the Doors to Dynamic Camouflaging: Harnessing the Power of Polymorphic Devices
Authors:
Nikhil Rangarajan,
Satwik Patnaik,
Johann Knechtel,
Ramesh Karri,
Ozgur Sinanoglu,
Shaloo Rakheja
Abstract:
The era of widespread globalization has led to the emergence of hardware-centric security threats throughout the IC supply chain. Prior defenses like logic locking, layout camouflaging, and split manufacturing have been researched extensively to protect against intellectual property (IP) piracy at different stages. In this work, we present dynamic camouflaging as a new technique to thwart IP rever…
▽ More
The era of widespread globalization has led to the emergence of hardware-centric security threats throughout the IC supply chain. Prior defenses like logic locking, layout camouflaging, and split manufacturing have been researched extensively to protect against intellectual property (IP) piracy at different stages. In this work, we present dynamic camouflaging as a new technique to thwart IP reverse engineering at all stages in the supply chain, viz., the foundry, the test facility, and the end-user. Toward this end, we exploit the multi-functionality, post-fabrication reconfigurability, and run-time polymorphism of spin-based devices, specifically the magneto-electric spin-orbit (MESO) device. Leveraging these unique properties, dynamic camouflaging is shown to be resilient against state-of-the-art analytical SAT-based attacks and test-data mining attacks. Such dynamic reconfigurability is not afforded in CMOS owing to fundamental differences in operation. For such MESO-based camouflaging, we also anticipate massive savings in power, performance, and area over other spin-based camouflaging schemes, due to the energy-efficient electric-field driven reversal of the MESO device. Based on thorough experimentation, we outline the promises of dynamic camouflaging in securing the supply chain end-to-end along with a case study, demonstrating the efficacy of dynamic camouflaging in securing error-tolerant image processing IP.
△ Less
Submitted 8 July, 2020; v1 submitted 14 November, 2018;
originally announced November 2018.
-
Optimal Checkpointing for Secure Intermittently-Powered IoT Devices
Authors:
Zahra Ghodsi,
Siddharth Garg,
Ramesh Karri
Abstract:
Energy harvesting is a promising solution to power Internet of Things (IoT) devices. Due to the intermittent nature of these energy sources, one cannot guarantee forward progress of program execution. Prior work has advocated for checkpointing the intermediate state to off-chip non-volatile memory (NVM). Encrypting checkpoints addresses the security concern, but significantly increases the checkpo…
▽ More
Energy harvesting is a promising solution to power Internet of Things (IoT) devices. Due to the intermittent nature of these energy sources, one cannot guarantee forward progress of program execution. Prior work has advocated for checkpointing the intermediate state to off-chip non-volatile memory (NVM). Encrypting checkpoints addresses the security concern, but significantly increases the checkpointing overheads. In this paper, we propose a new online checkpointing policy that judiciously determines when to checkpoint so as to minimize application time to completion while guaranteeing security. Compared to state-of-the-art checkpointing schemes that do not account for the overheads of encrypted checkpoints we improve execution time up to 1.4x.
△ Less
Submitted 4 November, 2017;
originally announced November 2017.
-
On the Difficulty of Inserting Trojans in Reversible Computing Architectures
Authors:
Xiaotong Cui,
Samah Saeed,
Alwin Zulehner,
Robert Wille,
Rolf Drechsler,
Kaijie Wu,
Ramesh Karri
Abstract:
Fabrication-less design houses outsource their designs to 3rd party foundries to lower fabrication cost. However, this creates opportunities for a rogue in the foundry to introduce hardware Trojans, which stay inactive most of the time and cause unintended consequences to the system when triggered. Hardware Trojans in traditional CMOS-based circuits have been studied and Design-for-Trust (DFT) tec…
▽ More
Fabrication-less design houses outsource their designs to 3rd party foundries to lower fabrication cost. However, this creates opportunities for a rogue in the foundry to introduce hardware Trojans, which stay inactive most of the time and cause unintended consequences to the system when triggered. Hardware Trojans in traditional CMOS-based circuits have been studied and Design-for-Trust (DFT) techniques have been proposed to detect them.
Different from traditional circuits in many ways, reversible circuits implement one-to-one, bijective input/output map**s. We will investigate the security implications of reversible circuits with a particular focus on susceptibility to hardware Trojans. We will consider inherently reversible circuits and non-reversible functions embedded in reversible circuits.
△ Less
Submitted 1 May, 2017;
originally announced May 2017.
-
Towards Reverse Engineering Reversible Logic
Authors:
Samah Mohamed Saeed,
Xiaotong Cui,
Robert Wille,
Alwin Zulehner,
Kaijie Wu,
Rolf Drechsler,
Ramesh Karri
Abstract:
Reversible logic has two main properties. First, the number of inputs is equal to the number of outputs. Second, it implements a one-to-one map**; i.e., one can reconstruct the inputs from the outputs. These properties enable its applications in building quantum computing architectures.
In this paper, we study reverse engineering of reversible logic circuits, including reverse engineering of n…
▽ More
Reversible logic has two main properties. First, the number of inputs is equal to the number of outputs. Second, it implements a one-to-one map**; i.e., one can reconstruct the inputs from the outputs. These properties enable its applications in building quantum computing architectures.
In this paper, we study reverse engineering of reversible logic circuits, including reverse engineering of non-reversible functions embedded into reversible circuits. We propose the number of embeddings of non-reversible functions into a reversible circuit as the security metric for reverse engineering. We analyze the security benefits of automatic synthesis of reversible circuits. We use our proposed security metric to show that the functional synthesis approaches yield reversible circuits that are more resilient to reverse engineering than the structural synthesis approaches. Finally, we propose scrambling of the inputs and outputs of a reversible circuit to thwart reverse engineering.
△ Less
Submitted 1 December, 2017; v1 submitted 26 April, 2017;
originally announced April 2017.