Andreas Herkle, Holger Mandry, J. Becker, M. Ortmanns
Physical unclonable functions (PUFs) are excellent candidates to generate secret information on-chip without the need for secure storage. Ring-oscillator (RO) based PUFs have been receiving great attention over the years due to their easy design and superior statistical characteristics on field programmable gate arrays (FPGAs). Although previous work has improved their statistical measures and provided deeper insights, there are still gaps to be filled. Therefore, this work presents an in-depth analysis of RO-PUFs on Xilinx Zynq-7000 FPGAs with a framework based on partial reconfiguration. This approach allows for full-chip characterization of 100% of the targeted area. Based on the measured data and beforehand estimated routing delay, we will show how to identify and avoid potential bias in the final PUF placement. By utilizing DSP48 slices, an enhanced counter was designed for high-frequency measurements. A second feedback path was added to the ring-oscillators in order to avoid glitches at the counters input. In combination with a reference normalization, the frequency standard deviation could be reduced to 0.0229% at a much shorter evaluation time of 10μs compared to the state-of-the-art, while maintaining the maximum inter-hamming distance. An investigation on the influence of spatial distribution on different RO pairings was performed. The chip variations were found to have a much larger effect on the statistical measures than the difference between logic elements. The measurement data and the framework will be made accessible to interested researchers to provide them with a data basis for further research.
{"title":"In-depth Analysis and Enhancements of RO-PUFs with a Partial Reconfiguration Framework on Xilinx Zynq-7000 SoC FPGAs","authors":"Andreas Herkle, Holger Mandry, J. Becker, M. Ortmanns","doi":"10.18725/OPARU-14107","DOIUrl":"https://doi.org/10.18725/OPARU-14107","url":null,"abstract":"Physical unclonable functions (PUFs) are excellent candidates to generate secret information on-chip without the need for secure storage. Ring-oscillator (RO) based PUFs have been receiving great attention over the years due to their easy design and superior statistical characteristics on field programmable gate arrays (FPGAs). Although previous work has improved their statistical measures and provided deeper insights, there are still gaps to be filled. Therefore, this work presents an in-depth analysis of RO-PUFs on Xilinx Zynq-7000 FPGAs with a framework based on partial reconfiguration. This approach allows for full-chip characterization of 100% of the targeted area. Based on the measured data and beforehand estimated routing delay, we will show how to identify and avoid potential bias in the final PUF placement. By utilizing DSP48 slices, an enhanced counter was designed for high-frequency measurements. A second feedback path was added to the ring-oscillators in order to avoid glitches at the counters input. In combination with a reference normalization, the frequency standard deviation could be reduced to 0.0229% at a much shorter evaluation time of 10μs compared to the state-of-the-art, while maintaining the maximum inter-hamming distance. An investigation on the influence of spatial distribution on different RO pairings was performed. The chip variations were found to have a much larger effect on the statistical measures than the difference between logic elements. The measurement data and the framework will be made accessible to interested researchers to provide them with a data basis for further research.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126626882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8740831
M. Riazi, Mojan Javaheripi, S. Hussain, F. Koushanfar
Secure Multi-party Computation (MPC) is one of the most influential achievements of modern cryptography: it allows evaluation of an arbitrary function on private inputs from multiple parties without revealing the inputs. A crucial step of utilizing contemporary MPC protocols is to describe the function as a Boolean circuit. While efficient solutions have been proposed for special case of two-party secure computation, the general case of more than two-party is not addressed. This paper proposes MPCircuits, the first automated solution to devise the optimized Boolean circuit representation for any MPC function using hardware synthesis tools with new customized libraries that are scalable to multiple parties. MPCircuits creates a new end-to-end tool-chain to facilitate practical scalable MPC realization. To illustrate the practicality of MPCircuits, we design and implement a set of five circuits that represent real-world MPC problems. Our benchmarks inherently have different computational and communication complexities and are good candidates to evaluate MPC protocols. We also formalize the metrics by which a given protocol can be analyzed. We provide extensive experimental evaluations for these benchmarks; two of which are the first reported solutions in multi-party settings. As our experimental results indicate, MPCircuits reduces the computation time of MPC protocols by up to 4.2×.
{"title":"MPCircuits: Optimized Circuit Generation for Secure Multi-Party Computation","authors":"M. Riazi, Mojan Javaheripi, S. Hussain, F. Koushanfar","doi":"10.1109/HST.2019.8740831","DOIUrl":"https://doi.org/10.1109/HST.2019.8740831","url":null,"abstract":"Secure Multi-party Computation (MPC) is one of the most influential achievements of modern cryptography: it allows evaluation of an arbitrary function on private inputs from multiple parties without revealing the inputs. A crucial step of utilizing contemporary MPC protocols is to describe the function as a Boolean circuit. While efficient solutions have been proposed for special case of two-party secure computation, the general case of more than two-party is not addressed. This paper proposes MPCircuits, the first automated solution to devise the optimized Boolean circuit representation for any MPC function using hardware synthesis tools with new customized libraries that are scalable to multiple parties. MPCircuits creates a new end-to-end tool-chain to facilitate practical scalable MPC realization. To illustrate the practicality of MPCircuits, we design and implement a set of five circuits that represent real-world MPC problems. Our benchmarks inherently have different computational and communication complexities and are good candidates to evaluate MPC protocols. We also formalize the metrics by which a given protocol can be analyzed. We provide extensive experimental evaluations for these benchmarks; two of which are the first reported solutions in multi-party settings. As our experimental results indicate, MPCircuits reduces the computation time of MPC protocols by up to 4.2×.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132521741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8740840
Xiaolong Guo, R. Dutta, Jiaji He, M. Tehranipoor, Yier Jin
Hardware vulnerabilities are often due to design mistakes because the designer does not sufficiently consider potential security vulnerabilities at the design stage. As a result, various security solutions have been developed to protect ICs, among which the language-based hardware security verification serves as a promising solution. The verification process will be performed while compiling the HDL of the design. However, similar to other formal verification methods, the language-based approach also suffers from scalability issue. Furthermore, existing solutions either lead to hardware overhead or are not designed for vulnerable or malicious logic detection. To alleviate these challenges, we propose a new language based framework, QIF-Verilog, to evaluate the trustworthiness of a hardware system at register transfer level (RTL). This framework introduces a quantified information flow (QIF) model and extends Verilog type systems to provide more expressiveness in presenting security rules; QIF is capable of checking the security rules given by the hardware designer. Secrets are labeled by the new type and then parsed to data flow, to which a QIF model will be applied. To demonstrate our approach, we design a compiler for QIF-Verilog and perform vulnerability analysis on benchmarks from Trust-Hub and OpenCore. We show that Trojans or design faults that leak information from circuit outputs can be detected automatically, and that our method evaluates the security of the design correctly.
{"title":"QIF-Verilog: Quantitative Information-Flow based Hardware Description Languages for Pre-Silicon Security Assessment","authors":"Xiaolong Guo, R. Dutta, Jiaji He, M. Tehranipoor, Yier Jin","doi":"10.1109/HST.2019.8740840","DOIUrl":"https://doi.org/10.1109/HST.2019.8740840","url":null,"abstract":"Hardware vulnerabilities are often due to design mistakes because the designer does not sufficiently consider potential security vulnerabilities at the design stage. As a result, various security solutions have been developed to protect ICs, among which the language-based hardware security verification serves as a promising solution. The verification process will be performed while compiling the HDL of the design. However, similar to other formal verification methods, the language-based approach also suffers from scalability issue. Furthermore, existing solutions either lead to hardware overhead or are not designed for vulnerable or malicious logic detection. To alleviate these challenges, we propose a new language based framework, QIF-Verilog, to evaluate the trustworthiness of a hardware system at register transfer level (RTL). This framework introduces a quantified information flow (QIF) model and extends Verilog type systems to provide more expressiveness in presenting security rules; QIF is capable of checking the security rules given by the hardware designer. Secrets are labeled by the new type and then parsed to data flow, to which a QIF model will be applied. To demonstrate our approach, we design a compiler for QIF-Verilog and perform vulnerability analysis on benchmarks from Trust-Hub and OpenCore. We show that Trojans or design faults that leak information from circuit outputs can be detected automatically, and that our method evaluates the security of the design correctly.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128547816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8740838
Shijia Wei, Aydin Aysu, M. Orshansky, A. Gerstlauer, Mohit Tiwari
High-assurance embedded systems are deployed for decades and expensive to re-certify – hence, each new attack is an unpatchable problem that can only be detected by monitoring out-of-band channels such as the system’s power trace or electromagnetic emissions. Micro-Architectural attacks, for example, have recently come to prominence since they break all existing software-isolation based security – for example, by hammering memory rows to gain root privileges or by abusing speculative execution and shared hardware to leak secret data. This work is the first to use anomalies in an embedded system’s power trace to detect evasive micro-architectural attacks. To this end, we introduce power-mimicking micro-architectural attacks – including DRAM-rowhammer attacks, side/covert-channel and speculation-driven attacks – to study their evasiveness. We then quantify the operating range of the power-anomalies detector using the Odroid XU3 board – showing that rowhammer attacks cannot evade detection while covert channel and speculation-driven attacks can evade detection but are forced to operate at a 36× and 7× lower bandwidth. Our power-anomaly detector is efficient and can be embedded-of-band into (e.g.,) programmable batteries. While rowhammer, side-channel, and speculation-driven attack defenses require invasive code- and hardware-changes in general-purpose systems, we show that power-anomalies are a simple and effective defense for embedded systems. Power-anomalies can help future-proof embedded systems against vulnerabilities that are likely to emerge as new hardware like phase-change memories and accelerators become mainstream.
{"title":"Using Power-Anomalies to Counter Evasive Micro-Architectural Attacks in Embedded Systems","authors":"Shijia Wei, Aydin Aysu, M. Orshansky, A. Gerstlauer, Mohit Tiwari","doi":"10.1109/HST.2019.8740838","DOIUrl":"https://doi.org/10.1109/HST.2019.8740838","url":null,"abstract":"High-assurance embedded systems are deployed for decades and expensive to re-certify – hence, each new attack is an unpatchable problem that can only be detected by monitoring out-of-band channels such as the system’s power trace or electromagnetic emissions. Micro-Architectural attacks, for example, have recently come to prominence since they break all existing software-isolation based security – for example, by hammering memory rows to gain root privileges or by abusing speculative execution and shared hardware to leak secret data. This work is the first to use anomalies in an embedded system’s power trace to detect evasive micro-architectural attacks. To this end, we introduce power-mimicking micro-architectural attacks – including DRAM-rowhammer attacks, side/covert-channel and speculation-driven attacks – to study their evasiveness. We then quantify the operating range of the power-anomalies detector using the Odroid XU3 board – showing that rowhammer attacks cannot evade detection while covert channel and speculation-driven attacks can evade detection but are forced to operate at a 36× and 7× lower bandwidth. Our power-anomaly detector is efficient and can be embedded-of-band into (e.g.,) programmable batteries. While rowhammer, side-channel, and speculation-driven attack defenses require invasive code- and hardware-changes in general-purpose systems, we show that power-anomalies are a simple and effective defense for embedded systems. Power-anomalies can help future-proof embedded systems against vulnerabilities that are likely to emerge as new hardware like phase-change memories and accelerators become mainstream.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116064732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8741028
Prabuddha Chakraborty, Jonathan Cruz, S. Bhunia
To help protect hardware Intellectual Property (IP) blocks against piracy and reverse engineering, researchers have proposed various obfuscation techniques that aim at hiding design intent and making black-box usage difficult. A dominant form of obfuscation, referred to as logic locking, relies on the insertion of key gates (e.g., XOR/XNOR) at strategic locations in a design followed by logic synthesis. Recently, it has been shown that such an approach leaves predictable structural signatures, which make them susceptible to machine learning (ML) based structural attacks. These attacks are shown to deobfuscate a design by learning the deterministic nature of transformations incorporated by commercial synthesis tools. They are attractive for unraveling the design intent. However, they may not be able to provide a working design. In this paper, we introduce a novel attack on obfuscation techniques, called Structural Functional (SURF) attack, which, for the first time to our knowledge, accomplishes key extraction through scalable functional analysis while leveraging the output of structural attacks. We have developed complete flow and an automatic tool for the attack, which shows promising results. We are able to retrieve, on average, ~90% keybits for obfuscated ISCAS-85 benchmarks (100% in several cases) with > 98% output accuracy. We observe that SURF attack, unlike any known attack, can enable both discovering design intent as well as black-box usage. It is effective for all major variants of logic locking; scalable to large designs; and unlike SAT based attacks, is effective for all design types (e.g., multipliers, where SAT based attacks typically fail).
{"title":"SURF: Joint Structural Functional Attack on Logic Locking","authors":"Prabuddha Chakraborty, Jonathan Cruz, S. Bhunia","doi":"10.1109/HST.2019.8741028","DOIUrl":"https://doi.org/10.1109/HST.2019.8741028","url":null,"abstract":"To help protect hardware Intellectual Property (IP) blocks against piracy and reverse engineering, researchers have proposed various obfuscation techniques that aim at hiding design intent and making black-box usage difficult. A dominant form of obfuscation, referred to as logic locking, relies on the insertion of key gates (e.g., XOR/XNOR) at strategic locations in a design followed by logic synthesis. Recently, it has been shown that such an approach leaves predictable structural signatures, which make them susceptible to machine learning (ML) based structural attacks. These attacks are shown to deobfuscate a design by learning the deterministic nature of transformations incorporated by commercial synthesis tools. They are attractive for unraveling the design intent. However, they may not be able to provide a working design. In this paper, we introduce a novel attack on obfuscation techniques, called Structural Functional (SURF) attack, which, for the first time to our knowledge, accomplishes key extraction through scalable functional analysis while leveraging the output of structural attacks. We have developed complete flow and an automatic tool for the attack, which shows promising results. We are able to retrieve, on average, ~90% keybits for obfuscated ISCAS-85 benchmarks (100% in several cases) with > 98% output accuracy. We observe that SURF attack, unlike any known attack, can enable both discovering design intent as well as black-box usage. It is effective for all major variants of logic locking; scalable to large designs; and unlike SAT based attacks, is effective for all design types (e.g., multipliers, where SAT based attacks typically fail).","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"120 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122153364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8741025
Adam Duncan, Grant Skipper, Andrew Stern, Adib Nahiyan, Fahim Rahman, Andrew Lukefahr, M. Tehranipoor, D. M. Swany
Security-critical field programmable gate array (FPGA) designs traditionally rely on bitstream encryption and hashing to prevent bitstream modifications and provide design authentication. Recent attacks to extract bitstream encryption keys, and research in automated bitstream manipulation tools, have created a class of vulnerabilities involving post-synthesis low-level FPGA editing. Current authentication and tamper (e.g., malicious modification) detection approaches dependent upon hash-based comparison mechanisms and register transfer level safeguards are vulnerable to these post-synthesis exploits. In this paper, we propose FLATS, which provides filling logic and testing spatially to combat such vulnerability. FLATS fills unused lookup tables (LUTs) within the FPGA design and inserts infrared-emitting spatial watermarks into the partially used LUTs at the post-synthesis stage for physical authentication and tamper detection using backside infrared imaging. FLATS takes an existing synthesized design and re-purposes a portion of its LUT initialization to function as a watermark allowing for the detection of changes to the post-synthesis placement and initialization. Experimental results validate the FLATS architecture on a 28nm Xilinx FPGA with less than 12% look-up table utilization overhead and negligible compromises in power and speed.
{"title":"FLATS: Filling Logic and Testing Spatially for FPGA Authentication and Tamper Detection","authors":"Adam Duncan, Grant Skipper, Andrew Stern, Adib Nahiyan, Fahim Rahman, Andrew Lukefahr, M. Tehranipoor, D. M. Swany","doi":"10.1109/HST.2019.8741025","DOIUrl":"https://doi.org/10.1109/HST.2019.8741025","url":null,"abstract":"Security-critical field programmable gate array (FPGA) designs traditionally rely on bitstream encryption and hashing to prevent bitstream modifications and provide design authentication. Recent attacks to extract bitstream encryption keys, and research in automated bitstream manipulation tools, have created a class of vulnerabilities involving post-synthesis low-level FPGA editing. Current authentication and tamper (e.g., malicious modification) detection approaches dependent upon hash-based comparison mechanisms and register transfer level safeguards are vulnerable to these post-synthesis exploits. In this paper, we propose FLATS, which provides filling logic and testing spatially to combat such vulnerability. FLATS fills unused lookup tables (LUTs) within the FPGA design and inserts infrared-emitting spatial watermarks into the partially used LUTs at the post-synthesis stage for physical authentication and tamper detection using backside infrared imaging. FLATS takes an existing synthesized design and re-purposes a portion of its LUT initialization to function as a watermark allowing for the detection of changes to the post-synthesis placement and initialization. Experimental results validate the FLATS architecture on a 28nm Xilinx FPGA with less than 12% look-up table utilization overhead and negligible compromises in power and speed.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117132463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8741027
Tim Fritzmann, Martha Johanna Sepúlveda
Secure communication is being threatened by the foreseeable breakthrough of quantum computers. When a larger quantum computer is developed, traditional public key cryptography will be broken. Lattice-based cryptography appears as an alternative to protect the communications in the era of quantum computers. However, empowering current electronic devices with these new algorithms poses a challenging problem due to tight performance requirements as well as area and power constraints. Polynomial multiplication is the basic and most computationally intensive operation in lattice-based cryptosystems. The Number Theoretic Transform (NTT) is an attractive technique to perform polynomial multiplication efficiently. So far, previous works have focused on developing fast and compact forward and inverse NTT implementations. However, efficient and low-power NTT design has not been considered before although a low power consumption is crucial for many systems, such as battery-powered Internet of Things (IoT) devices. In this paper, we present the first low-power, fast and secure NTT ASIC design for lattice-based cryptography able to support different NTT parameters. The contribution of this work is three-fold. First, the implementation of a fast NTT through three optimization techniques. Second, utilization of methods for ASIC power minimization in the NTT design. Third, review of previously proposed side-channel attacks and discussion about countermeasures for our design. Our proposed architecture requires only n log(n) clock cycles for the forward and inverse NTT and can be implemented using a cheap single port RAM. The results of our work show that it is possible to decrease the power dissipation by more than 30% at nearly no cost.
{"title":"Efficient and Flexible Low-Power NTT for Lattice-Based Cryptography","authors":"Tim Fritzmann, Martha Johanna Sepúlveda","doi":"10.1109/HST.2019.8741027","DOIUrl":"https://doi.org/10.1109/HST.2019.8741027","url":null,"abstract":"Secure communication is being threatened by the foreseeable breakthrough of quantum computers. When a larger quantum computer is developed, traditional public key cryptography will be broken. Lattice-based cryptography appears as an alternative to protect the communications in the era of quantum computers. However, empowering current electronic devices with these new algorithms poses a challenging problem due to tight performance requirements as well as area and power constraints. Polynomial multiplication is the basic and most computationally intensive operation in lattice-based cryptosystems. The Number Theoretic Transform (NTT) is an attractive technique to perform polynomial multiplication efficiently. So far, previous works have focused on developing fast and compact forward and inverse NTT implementations. However, efficient and low-power NTT design has not been considered before although a low power consumption is crucial for many systems, such as battery-powered Internet of Things (IoT) devices. In this paper, we present the first low-power, fast and secure NTT ASIC design for lattice-based cryptography able to support different NTT parameters. The contribution of this work is three-fold. First, the implementation of a fast NTT through three optimization techniques. Second, utilization of methods for ASIC power minimization in the NTT design. Third, review of previously proposed side-channel attacks and discussion about countermeasures for our design. Our proposed architecture requires only n log(n) clock cycles for the forward and inverse NTT and can be implemented using a cheap single port RAM. The results of our work show that it is possible to decrease the power dissipation by more than 30% at nearly no cost.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130977043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8741031
Qihang Shi, Nidish Vashistha, Hangwei Lu, Haoting Shen, Bahar Tehranipoor, D. Woodard, N. Asadizanjani
Hardware Trojans are malicious modifications on integrated circuits (IC), which pose a grave threat to the security of modern military and commercial systems. Existing methods of detecting hardware Trojans are plagued by the inability of detecting all Trojans, reliance on golden chip that might not be available, high time cost, and low accuracy. In this paper, we present Golden Gates, a novel detection method designed to achieve a comparable level of accuracy to full reverse engineering, yet paying only a fraction of its cost in time. The proposed method inserts golden gate circuits (GGC) to achieve superlative accuracy in the classification of all existing gate footprints using rapid scanning electron microscopy (SEM) and backside ultra thinning. Possible attacks against GGC as well as malicious modifications on interconnect layers are discussed and addressed with secure built-in exhaustive test infrastructure. Evaluation with real SEM images demonstrate high classification accuracy and resistance to attacks of the proposed technique.
{"title":"Golden Gates: A New Hybrid Approach for Rapid Hardware Trojan Detection using Testing and Imaging","authors":"Qihang Shi, Nidish Vashistha, Hangwei Lu, Haoting Shen, Bahar Tehranipoor, D. Woodard, N. Asadizanjani","doi":"10.1109/HST.2019.8741031","DOIUrl":"https://doi.org/10.1109/HST.2019.8741031","url":null,"abstract":"Hardware Trojans are malicious modifications on integrated circuits (IC), which pose a grave threat to the security of modern military and commercial systems. Existing methods of detecting hardware Trojans are plagued by the inability of detecting all Trojans, reliance on golden chip that might not be available, high time cost, and low accuracy. In this paper, we present Golden Gates, a novel detection method designed to achieve a comparable level of accuracy to full reverse engineering, yet paying only a fraction of its cost in time. The proposed method inserts golden gate circuits (GGC) to achieve superlative accuracy in the classification of all existing gate footprints using rapid scanning electron microscopy (SEM) and backside ultra thinning. Possible attacks against GGC as well as malicious modifications on interconnect layers are discussed and addressed with secure built-in exhaustive test infrastructure. Evaluation with real SEM images demonstrate high classification accuracy and resistance to attacks of the proposed technique.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122035076","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/hst.2019.8740842
{"title":"HOST 2019 Front Matter","authors":"","doi":"10.1109/hst.2019.8740842","DOIUrl":"https://doi.org/10.1109/hst.2019.8740842","url":null,"abstract":"","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114754234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/HST.2019.8740843
Michael Tempelmeier, Maximilian Werner, G. Sigl
In this work, we present five optimised implementations on a Xilinx-Zynq7200 SoC for the high-speed and defence in depth finalists of the CAESAR competition for finding authenticated encryption ciphers. We eliminated the standard interfaces used during the competition. Through optimised interfaces between hardware and software, we were able to get both performance improvements as well as reduction in used programmable logic. The performance of our implementations is comparable to pure hardware implementations, but our implementations are 50% smaller. Compared to pure SW implementations we are 16 times faster. Comparing the different algorithms, we come to the conclusion that Colm allows the fastest implementation.
{"title":"Using Hardware Software Codesign for Optimised Implementations of High-Speed and Defence in Depth CAESAR Finalists","authors":"Michael Tempelmeier, Maximilian Werner, G. Sigl","doi":"10.1109/HST.2019.8740843","DOIUrl":"https://doi.org/10.1109/HST.2019.8740843","url":null,"abstract":"In this work, we present five optimised implementations on a Xilinx-Zynq7200 SoC for the high-speed and defence in depth finalists of the CAESAR competition for finding authenticated encryption ciphers. We eliminated the standard interfaces used during the competition. Through optimised interfaces between hardware and software, we were able to get both performance improvements as well as reduction in used programmable logic. The performance of our implementations is comparable to pure hardware implementations, but our implementations are 50% smaller. Compared to pure SW implementations we are 16 times faster. Comparing the different algorithms, we come to the conclusion that Colm allows the fastest implementation.","PeriodicalId":146928,"journal":{"name":"2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"187 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127357353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: