Secure computation is increasingly required, most notably when using public clouds. Many secure CPU architectures have been proposed, mostly focusing on single-threaded applications running on a single node. However, security for parallel and distributed computation is also needed, requiring the sharing of secret data among mutually trusting threads running in different compute nodes in an untrusted environment. We propose SDSM, a novel hardware approach for providing secure directory-based distributed shared memory. Unlike previously proposed schemes that cannot maintain reasonable performance beyond 32 cores, our approach allows secure parallel applications to scale efficiently to thousands of cores.
{"title":"SDSM: Fast and scalable security support for directory-based distributed shared memory","authors":"Ofir Shwartz, Y. Birk","doi":"10.1145/2928275.2933282","DOIUrl":"https://doi.org/10.1145/2928275.2933282","url":null,"abstract":"Secure computation is increasingly required, most notably when using public clouds. Many secure CPU architectures have been proposed, mostly focusing on single-threaded applications running on a single node. However, security for parallel and distributed computation is also needed, requiring the sharing of secret data among mutually trusting threads running in different compute nodes in an untrusted environment. We propose SDSM, a novel hardware approach for providing secure directory-based distributed shared memory. Unlike previously proposed schemes that cannot maintain reasonable performance beyond 32 cores, our approach allows secure parallel applications to scale efficiently to thousands of cores.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127264057","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495585
P. Samarin, Kerstin Lemke-Rust, C. Paar
This paper presents a new method for protecting netlist-based Intellectual Property (IP) cores in FPGAs by actively using voltage-controlled side-channel receivers. The receivers are realized by modulating the supply voltage of the chip, while at the same time detecting these changes from within the chip using a ring oscillator. The levels of the supply voltage can be determined by constantly monitoring the frequency of the ring oscillator. To prove authorship of an IP core, the verifier authenticates himself to the core over the voltage side-channel and sends commands that limit the core's functionality. By monitoring the regular outputs of the overall system, it is possible to detect illegitimately used cores after repeatedly turning them on and off. The working principle of our method is demonstrated by a case study, in which we protect several IP cores and place them on a Spartan 3 FPGA, and show the steps necessary for successful proof of ownership verification.
{"title":"IP core protection using voltage-controlled side-channel receivers","authors":"P. Samarin, Kerstin Lemke-Rust, C. Paar","doi":"10.1109/HST.2016.7495585","DOIUrl":"https://doi.org/10.1109/HST.2016.7495585","url":null,"abstract":"This paper presents a new method for protecting netlist-based Intellectual Property (IP) cores in FPGAs by actively using voltage-controlled side-channel receivers. The receivers are realized by modulating the supply voltage of the chip, while at the same time detecting these changes from within the chip using a ring oscillator. The levels of the supply voltage can be determined by constantly monitoring the frequency of the ring oscillator. To prove authorship of an IP core, the verifier authenticates himself to the core over the voltage side-channel and sends commands that limit the core's functionality. By monitoring the regular outputs of the overall system, it is possible to detect illegitimately used cores after repeatedly turning them on and off. The working principle of our method is demonstrated by a case study, in which we protect several IP cores and place them on a Spartan 3 FPGA, and show the steps necessary for successful proof of ownership verification.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126149264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495554
A. Kanuparthi, Jeyavijayan Rajendran, R. Karri
Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.
{"title":"Controlling your control flow graph","authors":"A. Kanuparthi, Jeyavijayan Rajendran, R. Karri","doi":"10.1109/HST.2016.7495554","DOIUrl":"https://doi.org/10.1109/HST.2016.7495554","url":null,"abstract":"Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122691668","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495590
M. Riazi, N. K. R. Dantu, L. N. V. Gattu, F. Koushanfar
We introduce GenMatch, a novel set of techniques based on hardware synthesis, for achieving efficient and scalable privacy-preserving genetic testing. Processing and handling sensitive genome data require methodologies to thwart possible attacks and data theft scenarios. The GenMatch secure genome testing method utilizes Yao's Garbled Circuit (GC) protocol and creates a formulation of the matching problem in a sequential GC format. Our formulation involves private matching of genome data by the GC protocol. Our method reduces the memory footprint of the secure computation such that it can be done in a resource-constrained devices like embedded platforms, rendering the method scalable and time-efficient. Proof-of-concept evaluations are performed on the application of matching Human Leukocyte Antigen (HLA) data for organ and tissue transplant compatibility between recipient and donors. This type of testing also has applications in ancestry testing and genetic matchmaking. HLA data of the recipient is matched with a database of possible donor HLA data while keeping the data from both parties private. Experimental results on real genome data demonstrate the practicability of GenMatch in terms of timing and communication complexity for HLA database in the order of million user profiles.
{"title":"GenMatch: Secure DNA compatibility testing","authors":"M. Riazi, N. K. R. Dantu, L. N. V. Gattu, F. Koushanfar","doi":"10.1109/HST.2016.7495590","DOIUrl":"https://doi.org/10.1109/HST.2016.7495590","url":null,"abstract":"We introduce GenMatch, a novel set of techniques based on hardware synthesis, for achieving efficient and scalable privacy-preserving genetic testing. Processing and handling sensitive genome data require methodologies to thwart possible attacks and data theft scenarios. The GenMatch secure genome testing method utilizes Yao's Garbled Circuit (GC) protocol and creates a formulation of the matching problem in a sequential GC format. Our formulation involves private matching of genome data by the GC protocol. Our method reduces the memory footprint of the secure computation such that it can be done in a resource-constrained devices like embedded platforms, rendering the method scalable and time-efficient. Proof-of-concept evaluations are performed on the application of matching Human Leukocyte Antigen (HLA) data for organ and tissue transplant compatibility between recipient and donors. This type of testing also has applications in ancestry testing and genetic matchmaking. HLA data of the recipient is matched with a database of possible donor HLA data while keeping the data from both parties private. Experimental results on real genome data demonstrate the practicability of GenMatch in terms of timing and communication complexity for HLA database in the order of million user profiles.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130521382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495578
David Whelihan, Kate Thurmer, M. Vai
We describe a novel key-centric processor architecture in which each piece of data or code can be protected by encryption while at rest, in transit, and in use. Using embedded key management for cryptographic key handling, our processor permits mutually distrusting software written by different entities to work closely together without divulging algorithmic parameters or secret program data. Since the architecture performs encryption, decryption, and key management deeply within the processor hardware, the attack surface is minimized without significant impact on performance or ease of use. The current prototype implementation is based on the Sparc architecture and is highly applicable to small to medium-sized processing loads.
{"title":"A key-centric processor architecture for secure computing","authors":"David Whelihan, Kate Thurmer, M. Vai","doi":"10.1109/HST.2016.7495578","DOIUrl":"https://doi.org/10.1109/HST.2016.7495578","url":null,"abstract":"We describe a novel key-centric processor architecture in which each piece of data or code can be protected by encryption while at rest, in transit, and in use. Using embedded key management for cryptographic key handling, our processor permits mutually distrusting software written by different entities to work closely together without divulging algorithmic parameters or secret program data. Since the architecture performs encryption, decryption, and key management deeply within the processor hardware, the attack surface is minimized without significant impact on performance or ease of use. The current prototype implementation is based on the Sparc architecture and is highly applicable to small to medium-sized processing loads.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126902029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Linear layers are crucial building blocks in the design of lightweight block ciphers, since they perform the dual task of providing the much needed diffusion, while also ensuring minimal hardware cost for implementation. Although a number of lightweight block ciphers with parsimoniously designed linear layers have been proposed in cryptographic literature, there is limited work on generic construction techniques for such linear layers, to the best of our knowledge. The challenge in designing a suitable linear layer, that combines the requirements of both cryptographic strength and lightweightedness, lies in the huge search space accompanying such a construction technique. In this paper, we propose a hierarchical linear layer construction technique that systematically combines the principles of block interleaving and wide trail design strategy to construct large linear layers from suitably chosen smaller linear layers that guarantee the necessary diffusion properties. Additionally, the smaller linear layers are realized by iterating linear layers which are extremely lightweight, thus providing us with a strategy to guarantee diffusion while ensuring that the gate count of the design is minimized. In order to demonstrate the efficiency of our proposed technique, we compare it with the general construction technique proposed for the design of the block cipher PRIDE. To the best of our knowledge, PRIDE offers the only other general construction technique that focuses specifically on the construction of lightweight linear layers. While the construction technique of PRIDE is efficient for software implementations, our technique provides 60% and 50% greater savings in terms of area footprint on ASIC and FPGA based designs respectively, with an overall area-time product reduction by 7.5%. The main contribution of this work lies in providing the cipher design community with a generic off-the-shelf technique for designing lightweight linear layers with high diffusion for hardware-oriented applications.
{"title":"Parsimonious design strategy for linear layers with high diffusion in block ciphers","authors":"Sikhar Patranabis, Debapriya Basu Roy, Yash Shrivastava, Debdeep Mukhopadhyay, Santosh K. Ghosh","doi":"10.1109/HST.2016.7495552","DOIUrl":"https://doi.org/10.1109/HST.2016.7495552","url":null,"abstract":"Linear layers are crucial building blocks in the design of lightweight block ciphers, since they perform the dual task of providing the much needed diffusion, while also ensuring minimal hardware cost for implementation. Although a number of lightweight block ciphers with parsimoniously designed linear layers have been proposed in cryptographic literature, there is limited work on generic construction techniques for such linear layers, to the best of our knowledge. The challenge in designing a suitable linear layer, that combines the requirements of both cryptographic strength and lightweightedness, lies in the huge search space accompanying such a construction technique. In this paper, we propose a hierarchical linear layer construction technique that systematically combines the principles of block interleaving and wide trail design strategy to construct large linear layers from suitably chosen smaller linear layers that guarantee the necessary diffusion properties. Additionally, the smaller linear layers are realized by iterating linear layers which are extremely lightweight, thus providing us with a strategy to guarantee diffusion while ensuring that the gate count of the design is minimized. In order to demonstrate the efficiency of our proposed technique, we compare it with the general construction technique proposed for the design of the block cipher PRIDE. To the best of our knowledge, PRIDE offers the only other general construction technique that focuses specifically on the construction of lightweight linear layers. While the construction technique of PRIDE is efficient for software implementations, our technique provides 60% and 50% greater savings in terms of area footprint on ASIC and FPGA based designs respectively, with an overall area-time product reduction by 7.5%. The main contribution of this work lies in providing the cipher design community with a generic off-the-shelf technique for designing lightweight linear layers with high diffusion for hardware-oriented applications.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115334450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495547
Ye Zhang, F. Koushanfar
This paper presents the first scalable, efficient, and reliable privacy-preserving fingerprint authentication based on minutiae representation. Our method is provably secure by leveraging the Yao's classic Garbled Circuit (GC) protocol. While the concept of using GC for secure fingerprint matching has been suggested earlier, to the best of our knowledge, no prior reliable method or implementation applicable to real fingerprint data has been available. Our technique achieves both accuracy and practicability by customizing a widely adopted minutiae-based fingerprint matching algorithm, Bozorth matcher, as our core authentication engine. We modify the Bozorth matcher and identify certain sensitive parts of this algorithm. For these critical parts, we create a sequential circuit description which can be efficiently synthesized and customized to GC using the TinyGarble framework. We show evaluations of our modified matching algorithm on a standard fingerprint database FVC2002 DB2 to demonstrate its reliability. The implementation of privacy-preserving fingerprint authentication using Synopsis Design Compiler on a commercial Intel processor shows the efficiency and scalability of the proposed methodologies.
{"title":"Robust privacy-preserving fingerprint authentication","authors":"Ye Zhang, F. Koushanfar","doi":"10.1109/HST.2016.7495547","DOIUrl":"https://doi.org/10.1109/HST.2016.7495547","url":null,"abstract":"This paper presents the first scalable, efficient, and reliable privacy-preserving fingerprint authentication based on minutiae representation. Our method is provably secure by leveraging the Yao's classic Garbled Circuit (GC) protocol. While the concept of using GC for secure fingerprint matching has been suggested earlier, to the best of our knowledge, no prior reliable method or implementation applicable to real fingerprint data has been available. Our technique achieves both accuracy and practicability by customizing a widely adopted minutiae-based fingerprint matching algorithm, Bozorth matcher, as our core authentication engine. We modify the Bozorth matcher and identify certain sensitive parts of this algorithm. For these critical parts, we create a sequential circuit description which can be efficiently synthesized and customized to GC using the TinyGarble framework. We show evaluations of our modified matching algorithm on a standard fingerprint database FVC2002 DB2 to demonstrate its reliability. The implementation of privacy-preserving fingerprint authentication using Synopsis Design Compiler on a commercial Intel processor shows the efficiency and scalability of the proposed methodologies.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125072642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495548
Kun Yang, Domenic Forte, M. Tehranipoor
While Radio Frequency Identification (RFID) has become popular for commodity and asset tracking and management, the relatively higher price of RFID tags limits its application in the supply chain of low-cost commodities. Recently, cost-effective chipless RFID tags that do not contain a microchip in the transponder have been gaining more attention from industry, academia, and government. Existing chipless RFID tags require removing or shorting of some resonators (i.e., spirals or patch slots) on the substrate to encode data, but this incurs a waste of tag area and increases the manufacturing time/cost of chipless RFID tags. In addition, the identifiers (IDs) generated by existing chipless RFID tags are small, deterministic, and clonable. To mitigate these shortcomings, we propose a new unclonable chipless RFID (UCR) tag that intrinsically generates a unique ID from manufacturing variations. UCR tag consists of a certain number of concentric ring slot resonators, whose resonance frequencies depend on slot parameters and substrate dielectric constant that are sensitive to manufacturing variations. The area of UCR tag is as small as regular quick response (QR) code. Simulation results based on CST Microwave Studio 2015 have verified the effectiveness and reliability of UCR tags. The non-overlapping margin between intra-tag and inter-tag Euclidian distance distributions reaches approximately 50 MHz in the presence of random white Gaussian noise (WGN) with a signal-to-noise ratio (SNR) of 10 dB.
射频识别技术(RFID)在商品和资产跟踪与管理方面的应用越来越广泛,但其相对较高的价格限制了其在低成本商品供应链中的应用。最近,在应答器中不包含微芯片的低成本无芯片RFID标签越来越受到工业界、学术界和政府的关注。现有的无芯片RFID标签需要移除或缩短基板上的一些谐振器(即螺旋或贴片槽)来编码数据,但这会浪费标签面积并增加无芯片RFID标签的制造时间/成本。此外,由现有无芯片RFID标签生成的标识符(id)很小,具有确定性和可克隆性。为了减轻这些缺点,我们提出了一种新的不可克隆的无芯片RFID (UCR)标签,该标签从制造变化中本质上产生唯一的ID。UCR标签由一定数量的同心圆槽谐振器组成,其谐振频率取决于槽参数和衬底介电常数,而槽参数和衬底介电常数对制造变化敏感。UCR标签的面积与普通QR码一样小。基于CST Microwave Studio 2015的仿真结果验证了UCR标签的有效性和可靠性。当随机高斯白噪声(WGN)存在时,标签内和标签间的欧氏距离分布的不重叠余量约为50 MHz,信噪比为10 dB。
{"title":"UCR: An unclonable chipless RFID tag","authors":"Kun Yang, Domenic Forte, M. Tehranipoor","doi":"10.1109/HST.2016.7495548","DOIUrl":"https://doi.org/10.1109/HST.2016.7495548","url":null,"abstract":"While Radio Frequency Identification (RFID) has become popular for commodity and asset tracking and management, the relatively higher price of RFID tags limits its application in the supply chain of low-cost commodities. Recently, cost-effective chipless RFID tags that do not contain a microchip in the transponder have been gaining more attention from industry, academia, and government. Existing chipless RFID tags require removing or shorting of some resonators (i.e., spirals or patch slots) on the substrate to encode data, but this incurs a waste of tag area and increases the manufacturing time/cost of chipless RFID tags. In addition, the identifiers (IDs) generated by existing chipless RFID tags are small, deterministic, and clonable. To mitigate these shortcomings, we propose a new unclonable chipless RFID (UCR) tag that intrinsically generates a unique ID from manufacturing variations. UCR tag consists of a certain number of concentric ring slot resonators, whose resonance frequencies depend on slot parameters and substrate dielectric constant that are sensitive to manufacturing variations. The area of UCR tag is as small as regular quick response (QR) code. Simulation results based on CST Microwave Studio 2015 have verified the effectiveness and reliability of UCR tags. The non-overlapping margin between intra-tag and inter-tag Euclidian distance distributions reaches approximately 50 MHz in the presence of random white Gaussian noise (WGN) with a signal-to-noise ratio (SNR) of 10 dB.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130445376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495564
Henrique Kawakami, David E. Ott, H. Wong, R. Dahab, R. Gallo
In this work we propose to enable the security analysis of hardware architecture independently of its physical implementation. This will help to discover vulnerabilities and flaws in a broad range of architectures, and to identify problems before the costly process of design and manufacturing. Our approach employs Assurance Cases, proposed in [1] as a flexible methodology that builds upon Safety Case approaches used in such mission-critical industries as aerospace, nuclear power, and national defense. More specifically, in this paper we present our research on software frameworks to aid security analysts in the development of assurance cases. We describe how our research prototype, ACBuilder, can be used to model hardware architectures, apply existing analysis patterns, develop analysis rules, and generate assurance cases. We then apply the methodology to an illustrative example for evaluation, and discuss avenues for developing the software framework further. This includes opportunities for automation and enabling community-based approaches for developing reusable patterns.
{"title":"ACBuilder: A tool for hardware architecture security evaluation","authors":"Henrique Kawakami, David E. Ott, H. Wong, R. Dahab, R. Gallo","doi":"10.1109/HST.2016.7495564","DOIUrl":"https://doi.org/10.1109/HST.2016.7495564","url":null,"abstract":"In this work we propose to enable the security analysis of hardware architecture independently of its physical implementation. This will help to discover vulnerabilities and flaws in a broad range of architectures, and to identify problems before the costly process of design and manufacturing. Our approach employs Assurance Cases, proposed in [1] as a flexible methodology that builds upon Safety Case approaches used in such mission-critical industries as aerospace, nuclear power, and national defense. More specifically, in this paper we present our research on software frameworks to aid security analysts in the development of assurance cases. We describe how our research prototype, ACBuilder, can be used to model hardware architectures, apply existing analysis patterns, develop analysis rules, and generate assurance cases. We then apply the methodology to an illustrative example for evaluation, and discuss avenues for developing the software framework further. This includes opportunities for automation and enabling community-based approaches for developing reusable patterns.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131178056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495565
A. Wild, G. Becker, T. Güneysu
Physical Unclonable Functions (PUFs) are a promising way to securely generate and store keys by using the inherent process variations of each chip as a source of randomness. One of the most promising PUFs for FPGAs is the Ring-Oscillator (RO) PUF. In this paper we take a closer look at RO PUFs and their open challenges. Starting from a reference design for a Spartan-6 FPGA based on PUFKY, we show how the RO design can be optimized by taking full advantage of the available resources, reducing the RO area by nearly 50%. Furthermore, we analyze the observed structural bias of the RO PUFs and show how the entropy of the RO PUF can be improved by taking the FPGA structure into account when extracting the PUF response bits. However, we also point out a very important problem of FPGA based RO PUFs that has not gained the needed attention: counter failures. We show that the frequency counter is a very crucial element in RO PUF design that itself is very susceptible to process variations. While the counters might work properly on most devices, in some they fail to count correctly. For example, in one experiment only one out of 22 FPGAs failed to count correctly. Our results therefore show that the correct functioning of the frequency counter is not only design-dependent, but also depends highly on process variations, i.e., on the individual FPGA. We argue that solving this issue is non-trivial, since the internal details of the FPGA are secret and hence circuit-level simulations of an FPGA design are not possible. However, the large security implications of such failures make it inevitable that this problem is solved before RO PUFs on FPGAs can be used in practice.
{"title":"On the problems of realizing reliable and efficient ring oscillator PUFs on FPGAs","authors":"A. Wild, G. Becker, T. Güneysu","doi":"10.1109/HST.2016.7495565","DOIUrl":"https://doi.org/10.1109/HST.2016.7495565","url":null,"abstract":"Physical Unclonable Functions (PUFs) are a promising way to securely generate and store keys by using the inherent process variations of each chip as a source of randomness. One of the most promising PUFs for FPGAs is the Ring-Oscillator (RO) PUF. In this paper we take a closer look at RO PUFs and their open challenges. Starting from a reference design for a Spartan-6 FPGA based on PUFKY, we show how the RO design can be optimized by taking full advantage of the available resources, reducing the RO area by nearly 50%. Furthermore, we analyze the observed structural bias of the RO PUFs and show how the entropy of the RO PUF can be improved by taking the FPGA structure into account when extracting the PUF response bits. However, we also point out a very important problem of FPGA based RO PUFs that has not gained the needed attention: counter failures. We show that the frequency counter is a very crucial element in RO PUF design that itself is very susceptible to process variations. While the counters might work properly on most devices, in some they fail to count correctly. For example, in one experiment only one out of 22 FPGAs failed to count correctly. Our results therefore show that the correct functioning of the frequency counter is not only design-dependent, but also depends highly on process variations, i.e., on the individual FPGA. We argue that solving this issue is non-trivial, since the internal details of the FPGA are secret and hence circuit-level simulations of an FPGA design are not possible. However, the large security implications of such failures make it inevitable that this problem is solved before RO PUFs on FPGAs can be used in practice.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131634798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: