Pub Date : 2019-05-05DOI: 10.1109/HST.2019.8741026
Ge Li, Vishnuvardhan V. Iyer, M. Orshansky
A localized electromagnetic (EM) attack is a potent threat to security of embedded cryptographic implementations. The attack utilizes high resolution EM probes to localize and exploit information leakage in sub-circuits of a system, providing information not available in traditional EM and power attacks. In this paper, we propose a countermeasure based on randomizing the assignment of sensitive data to parallel datapath components in a high-performance implementation of AES. In contrast to a conventional design where each state register byte is routed to a fixed S-box, a permutation network, controlled by a transient random value, creates a dynamic random mapping between the state registers and the set of S-boxes. This randomization results in a significant reduction of exploitable leakage.We demonstrate the countermeasure’s effectiveness under two attack scenarios: a more powerful attack that assumes a fully controlled access to an attacked implementation for building a priori EM-profiles, and a generic attack based on the black-box model. Spatial randomization leads to a 150X increase of the minimum traces to disclosure (MTD) for the profiled attack and a 3.25X increase of MTD for the black-box model attack.
{"title":"Securing AES against Localized EM Attacks through Spatial Randomization of Dataflow","authors":"Ge Li, Vishnuvardhan V. Iyer, M. Orshansky","doi":"10.1109/HST.2019.8741026","DOIUrl":"https://doi.org/10.1109/HST.2019.8741026","url":null,"abstract":"A localized electromagnetic (EM) attack is a potent threat to security of embedded cryptographic implementations. The attack utilizes high resolution EM probes to localize and exploit information leakage in sub-circuits of a system, providing information not available in traditional EM and power attacks. In this paper, we propose a countermeasure based on randomizing the assignment of sensitive data to parallel datapath components in a high-performance implementation of AES. In contrast to a conventional design where each state register byte is routed to a fixed S-box, a permutation network, controlled by a transient random value, creates a dynamic random mapping between the state registers and the set of S-boxes. This randomization results in a significant reduction of exploitable leakage.We demonstrate the countermeasure’s effectiveness under two attack scenarios: a more powerful attack that assumes a fully controlled access to an attacked implementation for building a priori EM-profiles, and a generic attack based on the black-box model. Spatial randomization leads to a 150X increase of the minimum traces to disclosure (MTD) for the profiled attack and a 3.25X increase of MTD for the black-box model attack.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125663474","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-05DOI: 10.1109/HST.2019.8741029
Keyvan Ramezanpour, P. Ampadu, William Diehl
Authenticated ciphers are trending in secret key cryptography, since they combine confidentiality, integrity, and authentication into one algorithm, and offer potential efficiencies over the use of separate block ciphers and keyed hashes. Current cryptographic contests and standardization efforts are evaluating authenticated ciphers for weaknesses, to include implementation vulnerabilities, such as fault attacks. In this paper, we analyze fault attacks against the Ascon authenticated cipher, which was selected by CAESAR as the first choice for the lightweight use case. We propose a fault attack technique based on statistical ineffective fault analysis (SIFA) using double-fault injection and key dividing. Faults are injected at two selected S-boxes for every encryption during the last round of permutation in the Ascon Finalization stage. The correct tag values, resulting from ineffective fault inductions, are then used to analyze key hypotheses. The complexity of our attack method is a trade-off between the size of key hypothesis search space and the number of double-fault injections. The sufficient number of correct tag values needed to recover a key subset depends on the bias of fault distributions. We perform experiments on a software implementation of Ascon to show that between 12.5 to 2500 correct tag values (i.e., ineffective faults) are enough for key recovery for highly biased to more uniform fault distributions, respectively.
{"title":"A Statistical Fault Analysis Methodology for the Ascon Authenticated Cipher","authors":"Keyvan Ramezanpour, P. Ampadu, William Diehl","doi":"10.1109/HST.2019.8741029","DOIUrl":"https://doi.org/10.1109/HST.2019.8741029","url":null,"abstract":"Authenticated ciphers are trending in secret key cryptography, since they combine confidentiality, integrity, and authentication into one algorithm, and offer potential efficiencies over the use of separate block ciphers and keyed hashes. Current cryptographic contests and standardization efforts are evaluating authenticated ciphers for weaknesses, to include implementation vulnerabilities, such as fault attacks. In this paper, we analyze fault attacks against the Ascon authenticated cipher, which was selected by CAESAR as the first choice for the lightweight use case. We propose a fault attack technique based on statistical ineffective fault analysis (SIFA) using double-fault injection and key dividing. Faults are injected at two selected S-boxes for every encryption during the last round of permutation in the Ascon Finalization stage. The correct tag values, resulting from ineffective fault inductions, are then used to analyze key hypotheses. The complexity of our attack method is a trade-off between the size of key hypothesis search space and the number of double-fault injections. The sufficient number of correct tag values needed to recover a key subset depends on the bias of fault distributions. We perform experiments on a software implementation of Ascon to show that between 12.5 to 2500 correct tag values (i.e., ineffective faults) are enough for key recovery for highly biased to more uniform fault distributions, respectively.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126568985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-05DOI: 10.1109/HST.2019.8740837
Manaar Alam, Sarani Bhattacharya, Swastika Dutta, S. Sinha, Debdeep Mukhopadhyay, A. Chattopadhyay
Ransomware can produce direct and controllable economic loss making it one of the most prominent threats in cybersecurity. According to the latest statistics, more than half of the malwares reported in Q1 of 2017 are ransomwares, and there is a potential threat of novice cybercriminals accessing ransomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was first introduced in 1996. Since then, variants of ransomware emerged with different cryptosystems and larger key sizes; however, the underlying techniques remained the same. There are several works in the literature which propose a generic framework to detect these ransomwares; though, most of them target ransomwares having specific classes of the encryption algorithm. In addition to it, most of these methods either require Operating System (OS) kernel modification or have high detection latency. In this work, we present a generalized two-step unsupervised detection framework: RATAFIA which uses a Deep Neural Network architecture and Fast Fourier Transformation to develop a highly accurate, fast and reliable solution to ransomware detection using minimal tracepoints. The proposed method does not require any OS kernel modification making it adaptable to most of the modern-day system. We also introduce a special detection module for successful identification of benign disk encryption processes having similar characteristics like malicious ransomware programs but having a different intention. We provide a comprehensive study to evaluate the performance of RATAFIA in the presence of standard benchmark programs, disk encryption and regular high computational processes in the light of software security.
{"title":"RATAFIA: Ransomware Analysis using Time And Frequency Informed Autoencoders","authors":"Manaar Alam, Sarani Bhattacharya, Swastika Dutta, S. Sinha, Debdeep Mukhopadhyay, A. Chattopadhyay","doi":"10.1109/HST.2019.8740837","DOIUrl":"https://doi.org/10.1109/HST.2019.8740837","url":null,"abstract":"Ransomware can produce direct and controllable economic loss making it one of the most prominent threats in cybersecurity. According to the latest statistics, more than half of the malwares reported in Q1 of 2017 are ransomwares, and there is a potential threat of novice cybercriminals accessing ransomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was first introduced in 1996. Since then, variants of ransomware emerged with different cryptosystems and larger key sizes; however, the underlying techniques remained the same. There are several works in the literature which propose a generic framework to detect these ransomwares; though, most of them target ransomwares having specific classes of the encryption algorithm. In addition to it, most of these methods either require Operating System (OS) kernel modification or have high detection latency. In this work, we present a generalized two-step unsupervised detection framework: RATAFIA which uses a Deep Neural Network architecture and Fast Fourier Transformation to develop a highly accurate, fast and reliable solution to ransomware detection using minimal tracepoints. The proposed method does not require any OS kernel modification making it adaptable to most of the modern-day system. We also introduce a special detection module for successful identification of benign disk encryption processes having similar characteristics like malicious ransomware programs but having a different intention. We provide a comprehensive study to evaluate the performance of RATAFIA in the presence of standard benchmark programs, disk encryption and regular high computational processes in the light of software security.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"2018 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130139969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-05DOI: 10.1109/HST.2019.8741034
Chiou-Yng Lee, Jiafeng Xie
Fault detection is becoming more and more essential to the cryptographic circuits protection (for the purpose of fighting against both natural and malicious faults). While finite field multiplier is regarded as the bottleneck arithmetic unit for cryptosystems such as elliptic curve cryptography, efficient implementation of finite field multiplier with high fault detection capability is still missing in the literature. In this paper, therefore, we propose a novel fault detection scheme for finite field multipliers over GF(2m), where the proposed work aims at obtaining high fault detection performance for finite field multipliers and meanwhile maintain low-complexity implementation. To successfully carry out the proposed design strategy, we have used the modified shifted polynomial basis (MSPB) to represent the field and have conducted three coherent interdependent stages of efforts: (i) a novel 1-bit parity based detection scheme for bit-serial MSPB multiplier is presented after thorough mathematical derivation; (ii) a novel Toeplitz matrix-vector product (TMVP)-based multi-bit parity detection scheme for digit-serial MSPB multiplier is proposed then to obtain both high detection performance and low-complexity implementation; (iii) detailed complexity analysis and comparison show that the proposed designs have significantly better performance over the best of existing ones. For instance, for the bit-serial multipliers, the proposed design (using 1 parity bit) can achieve around 99.49% fault detection performance while the best existing one with 2-bit parity checking scheme achieves only 75.12% fault detection. The proposed scheme, because of its high fault detection capability and low-complexity, can be extended further in many cryptographic applications.
{"title":"High Capability and Low-Complexity: Novel Fault Detection Scheme for Finite Field Multipliers over GF(2m) based on MSPB","authors":"Chiou-Yng Lee, Jiafeng Xie","doi":"10.1109/HST.2019.8741034","DOIUrl":"https://doi.org/10.1109/HST.2019.8741034","url":null,"abstract":"Fault detection is becoming more and more essential to the cryptographic circuits protection (for the purpose of fighting against both natural and malicious faults). While finite field multiplier is regarded as the bottleneck arithmetic unit for cryptosystems such as elliptic curve cryptography, efficient implementation of finite field multiplier with high fault detection capability is still missing in the literature. In this paper, therefore, we propose a novel fault detection scheme for finite field multipliers over GF(2m), where the proposed work aims at obtaining high fault detection performance for finite field multipliers and meanwhile maintain low-complexity implementation. To successfully carry out the proposed design strategy, we have used the modified shifted polynomial basis (MSPB) to represent the field and have conducted three coherent interdependent stages of efforts: (i) a novel 1-bit parity based detection scheme for bit-serial MSPB multiplier is presented after thorough mathematical derivation; (ii) a novel Toeplitz matrix-vector product (TMVP)-based multi-bit parity detection scheme for digit-serial MSPB multiplier is proposed then to obtain both high detection performance and low-complexity implementation; (iii) detailed complexity analysis and comparison show that the proposed designs have significantly better performance over the best of existing ones. For instance, for the bit-serial multipliers, the proposed design (using 1 parity bit) can achieve around 99.49% fault detection performance while the best existing one with 2-bit parity checking scheme achieves only 75.12% fault detection. The proposed scheme, because of its high fault detection capability and low-complexity, can be extended further in many cryptographic applications.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129829486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-05DOI: 10.1109/HST.2019.8741032
Ujjwal Guin, Wendong Wang, Charles Harper, A. Singh
The rise of recycled ICs being sold as new through the global semiconductor supply chain is a serious threat due to their inferior quality, shorter remaining life, and potentially poorer performance, compared to their authentic counterparts. While solutions, such as on-chip age monitors, have been proposed for new designs, detecting the recycling of older legacy ICs already in use is much harder; no reliable solution currently exists. In this paper, we propose a new and highly effective approach for detecting recycled ICs by exploiting the powerup state of on-chip SRAMs to evaluate the age of the chip. Our methodology does not require the introduction of any special aging detection circuitry, nor the recording and saving of historical circuit performance data as a reference to detect degradation from use. Instead, we exploit the novel observation that in a new unused SRAM, an equal number of cells power up to the 0 and 1 logic states, and also that this distribution becomes skewed in time due to aging in operation. Since SRAMs exist in virtually all systems-on-chip (SoCs), this simple aging detection method is widely applicable to both old and new designs. It is also low cost since does not require any special test equipment. We present experimental results using commercial off-the-shelf SRAM chips to validate the effectiveness of the proposed approach.
{"title":"Detecting Recycled SoCs by Exploiting Aging Induced Biases in Memory Cells","authors":"Ujjwal Guin, Wendong Wang, Charles Harper, A. Singh","doi":"10.1109/HST.2019.8741032","DOIUrl":"https://doi.org/10.1109/HST.2019.8741032","url":null,"abstract":"The rise of recycled ICs being sold as new through the global semiconductor supply chain is a serious threat due to their inferior quality, shorter remaining life, and potentially poorer performance, compared to their authentic counterparts. While solutions, such as on-chip age monitors, have been proposed for new designs, detecting the recycling of older legacy ICs already in use is much harder; no reliable solution currently exists. In this paper, we propose a new and highly effective approach for detecting recycled ICs by exploiting the powerup state of on-chip SRAMs to evaluate the age of the chip. Our methodology does not require the introduction of any special aging detection circuitry, nor the recording and saving of historical circuit performance data as a reference to detect degradation from use. Instead, we exploit the novel observation that in a new unused SRAM, an equal number of cells power up to the 0 and 1 logic states, and also that this distribution becomes skewed in time due to aging in operation. Since SRAMs exist in virtually all systems-on-chip (SoCs), this simple aging detection method is widely applicable to both old and new designs. It is also low cost since does not require any special test equipment. We present experimental results using commercial off-the-shelf SRAM chips to validate the effectiveness of the proposed approach.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"252 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134277684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8740835
Fan Yao, Hongyu Fang, M. Doroslovački, Guru Venkataramani
Recent studies have shown how adversaries can exploit hardware cache structures to launch information leakage-based attacks. Among these attacks, timing channels are especially worrisome since adversaries communicate simply by modulating the timing of shared resource accesses, and do not leave any physical trace of the communication. Therefore, guarding the system against such attacks is critical. Unfortunately, most existing mitigation mechanisms either require non-trivial hardware modifications and/or incur high runtime overheads.In this paper, we propose COTSknight, a new framework that guards the system against several classes of cache timing channel attacks by making novel use of Commercial Off-The-Shelf (COTS) architectural support for cache resource monitoring and prioritization. We find that the adversary’s attempt to modulate cache access latency during attacks can be captured using cache occupancy patterns. COTSknight leverages efficient signal processing techniques on cache occupancy patterns to determine the potential for timing channel attacks. Once suspicious domains are identified, COTSknight disbands timing channels using dynamic cache partitioning schemes in hardware. We implement a prototype of our COTSknight framework on an Intel Xeon v4 server and evaluate its efficacy extensively using different spatial encoding schemes, as well as serial and parallel implementations of Last Level Cache (LLC) timing channels. Our results show that COTSknight can successfully thwart several classes of timing channel attacks by allocating disjoint LLC ways to malicious processes. Even in benign cache-intensive workloads, we observe a 6% cache partition trigger rate that results in a relatively small 5% worst-case performance degradation. Interestingly, for some benign applications, upon COTSknight’s cache partition, we observe an improved performance by up to 9.2% through eliminating cache interference.
{"title":"COTSknight: Practical Defense against Cache Timing Channel Attacks using Cache Monitoring and Partitioning Technologies","authors":"Fan Yao, Hongyu Fang, M. Doroslovački, Guru Venkataramani","doi":"10.1109/HST.2019.8740835","DOIUrl":"https://doi.org/10.1109/HST.2019.8740835","url":null,"abstract":"Recent studies have shown how adversaries can exploit hardware cache structures to launch information leakage-based attacks. Among these attacks, timing channels are especially worrisome since adversaries communicate simply by modulating the timing of shared resource accesses, and do not leave any physical trace of the communication. Therefore, guarding the system against such attacks is critical. Unfortunately, most existing mitigation mechanisms either require non-trivial hardware modifications and/or incur high runtime overheads.In this paper, we propose COTSknight, a new framework that guards the system against several classes of cache timing channel attacks by making novel use of Commercial Off-The-Shelf (COTS) architectural support for cache resource monitoring and prioritization. We find that the adversary’s attempt to modulate cache access latency during attacks can be captured using cache occupancy patterns. COTSknight leverages efficient signal processing techniques on cache occupancy patterns to determine the potential for timing channel attacks. Once suspicious domains are identified, COTSknight disbands timing channels using dynamic cache partitioning schemes in hardware. We implement a prototype of our COTSknight framework on an Intel Xeon v4 server and evaluate its efficacy extensively using different spatial encoding schemes, as well as serial and parallel implementations of Last Level Cache (LLC) timing channels. Our results show that COTSknight can successfully thwart several classes of timing channel attacks by allocating disjoint LLC ways to malicious processes. Even in benign cache-intensive workloads, we observe a 6% cache partition trigger rate that results in a relatively small 5% worst-case performance degradation. Interestingly, for some benign applications, upon COTSknight’s cache partition, we observe an improved performance by up to 9.2% through eliminating cache interference.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126783559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8740833
Suyuan Chen, R. Vemuri
Split Manufacturing (SM) was introduced as an effective countermeasure to reverse engineering of integrated circuits and as a potential deterrent to Trojan insertion and overproduction. In SM, some wires, assigned to the back-end-of-line (BEOL) layers and fabricated at a secure facility, are hidden from the attacker. However, proximity information based attacks use physical design hints such as wire-length, combinational cycles and routing directions obtained from the FEOL (front-end-of-line) netlist to recover some or all of the BEOL signals. In addition, a recently proposed satisfiability (SAT) based attack models the BEOL signal recovery problem as a problem of configuring a key-controlled interconnect network and solves for the key values using a SAT solver. While this method can recover 100% of the BEOL signals, it takes impractically long time for large circuits. In this paper, we propose an effective method to exploit proximity information extracted from the FEOL circuit to reduce the size of the interconnection network which models the missing BEOL layers which in turn significantly reduces the size of the resulting SAT problem. This leads to efficient recovery of 100% of the ‘hidden’ BEOL signals even for large circuits. Experimental results using circuits from ISCAS85, ISCAS89 and ITC99 benchmark suites show that the proposed method is up to 80x faster than the SAT-only attack (without proximity information) while maintaining the 100% attack correctness for all combinational and sequential benchmarks.
{"title":"Exploiting Proximity Information in a Satisfiability Based Attack Against Split Manufactured Circuits","authors":"Suyuan Chen, R. Vemuri","doi":"10.1109/HST.2019.8740833","DOIUrl":"https://doi.org/10.1109/HST.2019.8740833","url":null,"abstract":"Split Manufacturing (SM) was introduced as an effective countermeasure to reverse engineering of integrated circuits and as a potential deterrent to Trojan insertion and overproduction. In SM, some wires, assigned to the back-end-of-line (BEOL) layers and fabricated at a secure facility, are hidden from the attacker. However, proximity information based attacks use physical design hints such as wire-length, combinational cycles and routing directions obtained from the FEOL (front-end-of-line) netlist to recover some or all of the BEOL signals. In addition, a recently proposed satisfiability (SAT) based attack models the BEOL signal recovery problem as a problem of configuring a key-controlled interconnect network and solves for the key values using a SAT solver. While this method can recover 100% of the BEOL signals, it takes impractically long time for large circuits. In this paper, we propose an effective method to exploit proximity information extracted from the FEOL circuit to reduce the size of the interconnection network which models the missing BEOL layers which in turn significantly reduces the size of the resulting SAT problem. This leads to efficient recovery of 100% of the ‘hidden’ BEOL signals even for large circuits. Experimental results using circuits from ISCAS85, ISCAS89 and ITC99 benchmark suites show that the proposed method is up to 80x faster than the SAT-only attack (without proximity information) while maintaining the 100% attack correctness for all combinational and sequential benchmarks.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"262 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131847736","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8741030
Brice Colombier, A. Menu, J. Dutertre, Pierre-Alain Moëllic, J. Rigaud, J. Danger
Physical attacks are a known threat posed against secure embedded systems. Notable among these is laser fault injection, which is often considered as the most effective fault injection technique. Indeed, laser fault injection provides a high spatial accuracy, which enables an attacker to induce bit-level faults. However, experience gained from attacking 8-bit targets might not be relevant on more advanced micro-architectures, and these attacks become increasingly challenging on 32-bit microcontrollers. In this article, we show that the flash memory area of a 32-bit microcontroller is sensitive to laser fault injection. These faults occur during the instruction fetch process, hence the stored value remains unaltered. After a thorough characterisation of the induced faults and the associated fault model, we provide detailed examples of bit-level corruption of instructions and demonstrate practical applications in compromising the security of real-life codes. Based on these experimental results, we formulate a hypothesis about the underlying micro-architectural features that explain the observed fault model.
{"title":"Laser-induced Single-bit Faults in Flash Memory: Instructions Corruption on a 32-bit Microcontroller","authors":"Brice Colombier, A. Menu, J. Dutertre, Pierre-Alain Moëllic, J. Rigaud, J. Danger","doi":"10.1109/HST.2019.8741030","DOIUrl":"https://doi.org/10.1109/HST.2019.8741030","url":null,"abstract":"Physical attacks are a known threat posed against secure embedded systems. Notable among these is laser fault injection, which is often considered as the most effective fault injection technique. Indeed, laser fault injection provides a high spatial accuracy, which enables an attacker to induce bit-level faults. However, experience gained from attacking 8-bit targets might not be relevant on more advanced micro-architectures, and these attacks become increasingly challenging on 32-bit microcontrollers. In this article, we show that the flash memory area of a 32-bit microcontroller is sensitive to laser fault injection. These faults occur during the instruction fetch process, hence the stored value remains unaltered. After a thorough characterisation of the induced faults and the associated fault model, we provide detailed examples of bit-level corruption of instructions and demonstrate practical applications in compromising the security of real-life codes. Based on these experimental results, we formulate a hypothesis about the underlying micro-architectural features that explain the observed fault model.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114414022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8741036
M. Nabeel, M. Ashraf, E. Chielle, N. G. Tsoutsos, M. Maniatakos
The recent disclosure of the Spectre and Meltdown side-channel vulnerabilities offers yet another example of modern computer architectures prioritizing performance optimizations over security and privacy. The devastating impact of data leakage, however, emphasizes the need for new processor designs that provide native support for data privacy using cryptography. In this paper, we report on a year-long effort to design, implement, fabricate, and validate CoPHEE: a novel co-processor design that mitigates data leakage risks using partially homomorphic encrypted execution. ASIC designs for encrypted execution impose unique challenges, such as the need for non-traditional arithmetic units (modular inverse, greatest common divisor), very wide datapaths (2048 bits), and the requirement for secure multiplexer units enabling general-purpose execution on encrypted values. Our fully-functional co-processor chip is fabricated in 65nm CMOS technology, and communicates to a main processor via UART. This paper offers an elaborate overview of all steps and design techniques in the ASIC development process, ranging from RTL design to fabrication and validation. We evaluate our co-processor using data-oblivious C++ benchmarks, while our RTL files are available in an open-source repository.
{"title":"CoPHEE: Co-processor for Partially Homomorphic Encrypted Execution","authors":"M. Nabeel, M. Ashraf, E. Chielle, N. G. Tsoutsos, M. Maniatakos","doi":"10.1109/HST.2019.8741036","DOIUrl":"https://doi.org/10.1109/HST.2019.8741036","url":null,"abstract":"The recent disclosure of the Spectre and Meltdown side-channel vulnerabilities offers yet another example of modern computer architectures prioritizing performance optimizations over security and privacy. The devastating impact of data leakage, however, emphasizes the need for new processor designs that provide native support for data privacy using cryptography. In this paper, we report on a year-long effort to design, implement, fabricate, and validate CoPHEE: a novel co-processor design that mitigates data leakage risks using partially homomorphic encrypted execution. ASIC designs for encrypted execution impose unique challenges, such as the need for non-traditional arithmetic units (modular inverse, greatest common divisor), very wide datapaths (2048 bits), and the requirement for secure multiplexer units enabling general-purpose execution on encrypted values. Our fully-functional co-processor chip is fabricated in 65nm CMOS technology, and communicates to a main processor via UART. This paper offers an elaborate overview of all steps and design techniques in the ASIC development process, ranging from RTL design to fabrication and validation. We evaluate our co-processor using data-oblivious C++ benchmarks, while our RTL files are available in an open-source repository.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117170848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8740836
Karthikeyan Nagarajan, Mohammad Nasim Imtiaz Khan, Swaroop Ghosh
Hardware Trojans in the form of malicious modifications during the design and/or the fabrication process is a security concern due to globalization of the semiconductor production process. A Trojan is designed to evade structural and functional testing and trigger under certain conditions (e.g., after a number of clock ticks or assertion of a rare net) and deliver the payload (e.g., denial-of-service, information leakage). A wide variety of logic Trojans (both triggers and payloads) have been identified, however, very limited literature exists on memory Trojans in spite of their high likelihood. Emerging Non-Volatile Memories (NVMs) e.g., Resistive RAM (RRAM) possess unique characteristics e.g., non-volatility and gradual drift in resistance with pulsing voltage that make them a prime target to deploy a Hardware Trojan. In this paper, we present a delay and voltage-based Trojan trigger by exploiting the RRAM resistance drift under pulsing current. Simulation results indicate that these triggers can be activated by accessing a pre-selected address 2500–3000 times (varies with trigger designs) since the proposed trigger requires a large number of hammerings to evade test phase. Due to non-volatility, the hammering need not be consecutive and therefore can evade system-level techniques that can classify hammering as a potential security threat. We also propose a mechanism to reset the triggers. The maximum area and static/dynamic power overheads of the trigger circuit are 6.68μm2 and 104.24μW/0.426μW, respectively in PTM 65nm technology.
{"title":"ENTT: A Family of Emerging NVM-based Trojan Triggers","authors":"Karthikeyan Nagarajan, Mohammad Nasim Imtiaz Khan, Swaroop Ghosh","doi":"10.1109/HST.2019.8740836","DOIUrl":"https://doi.org/10.1109/HST.2019.8740836","url":null,"abstract":"Hardware Trojans in the form of malicious modifications during the design and/or the fabrication process is a security concern due to globalization of the semiconductor production process. A Trojan is designed to evade structural and functional testing and trigger under certain conditions (e.g., after a number of clock ticks or assertion of a rare net) and deliver the payload (e.g., denial-of-service, information leakage). A wide variety of logic Trojans (both triggers and payloads) have been identified, however, very limited literature exists on memory Trojans in spite of their high likelihood. Emerging Non-Volatile Memories (NVMs) e.g., Resistive RAM (RRAM) possess unique characteristics e.g., non-volatility and gradual drift in resistance with pulsing voltage that make them a prime target to deploy a Hardware Trojan. In this paper, we present a delay and voltage-based Trojan trigger by exploiting the RRAM resistance drift under pulsing current. Simulation results indicate that these triggers can be activated by accessing a pre-selected address 2500–3000 times (varies with trigger designs) since the proposed trigger requires a large number of hammerings to evade test phase. Due to non-volatility, the hammering need not be consecutive and therefore can evade system-level techniques that can classify hammering as a potential security threat. We also propose a mechanism to reset the triggers. The maximum area and static/dynamic power overheads of the trigger circuit are 6.68μm2 and 104.24μW/0.426μW, respectively in PTM 65nm technology.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"55 11","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114127906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: