Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495569
Xiaolong Guo, R. Dutta, P. Mishra, Yier Jin
The wide usage of hardware Intellectual Property (IP) cores and software programs from untrusted vendors have raised security concerns for system designers. Existing solutions for detecting and preventing software attacks do not usually consider the presence of malicious logic in hardware. Similarly, hardware solutions for detecting Trojans and/or design backdoors do not consider the software running on it. Formal methods provide powerful solutions in detecting malicious behaviors in both hardware and software. However, they suffer from scalability issues and cannot be easily used for large-scale computer systems. To alleviate the scalability challenge, we propose a new integrated formal verification framework to evaluate the trust of computer systems constructed from untrusted third-party software and hardware resources. This framework combines an automated model checker with an interactive theorem prover for proving system-level security properties. We evaluate a vulnerable program executed on a bare metal LEON3 SPARC V8 processor and prove system security with considerable reduction in effort. Our method systematically reduces the effort required for verifying the program running on the System-on-Chip (SoC) compared to traditional interactive theorem proving methods.
{"title":"Scalable SoC trust verification using integrated theorem proving and model checking","authors":"Xiaolong Guo, R. Dutta, P. Mishra, Yier Jin","doi":"10.1109/HST.2016.7495569","DOIUrl":"https://doi.org/10.1109/HST.2016.7495569","url":null,"abstract":"The wide usage of hardware Intellectual Property (IP) cores and software programs from untrusted vendors have raised security concerns for system designers. Existing solutions for detecting and preventing software attacks do not usually consider the presence of malicious logic in hardware. Similarly, hardware solutions for detecting Trojans and/or design backdoors do not consider the software running on it. Formal methods provide powerful solutions in detecting malicious behaviors in both hardware and software. However, they suffer from scalability issues and cannot be easily used for large-scale computer systems. To alleviate the scalability challenge, we propose a new integrated formal verification framework to evaluate the trust of computer systems constructed from untrusted third-party software and hardware resources. This framework combines an automated model checker with an interactive theorem prover for proving system-level security properties. We evaluate a vulnerable program executed on a bare metal LEON3 SPARC V8 processor and prove system security with considerable reduction in effort. Our method systematically reduces the effort required for verifying the program running on the System-on-Chip (SoC) compared to traditional interactive theorem proving methods.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129230120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495549
Rui Liu, Huaqiang Wu, Yachun Pang, H. Qian, Shimeng Yu
This work presents a highly reliable and tamper-resistant design of Physical Unclonable Function (PUF) exploiting Resistive Random Access Memory (RRAM). The RRAM PUF properties such as uniqueness and reliability are experimentally measured on 1 kb HfO2 based RRAM arrays. Firstly, our experimental results show that selection of the split reference and offset of the split sense amplifier (S/A) significantly affect the uniqueness. More dummy cells are able to generate a more accurate split reference, and relaxing transistor's sizes of the split S/A can reduce the offset, thus achieving better uniqueness. The average inter-Hamming distance (HD) of 40 RRAM PUF instances is ~42%. Secondly, we propose using the sum of the read-out currents of multiple RRAM cells for generating one response bit, which statistically minimizes the risk of early retention failure of a single cell. The measurement results show that with 8 cells per bit, 0% intra-HD can maintain more than 50 hours at 150 °C or equivalently 10 years at 69 °C by 1/kT extrapolation. Finally, we propose a layout obfuscation scheme where all the S/A are randomly embedded into the RRAM array to improve the RRAM PUF's resistance against invasive tampering. The RRAM cells are uniformly placed between M4 and M5 across the array. If the adversary attempts to invasively probe the output of the S/A, he has to remove the top-level interconnect and destroy the RRAM cells between the interconnect layers. Therefore, the RRAM PUF has the “self-destructive” feature. The hardware overhead of the proposed design strategies is benchmarked in 64 × 128 RRAM PUF array at 65 nm, while these proposed optimization strategies increase latency, energy and area over a naive implementation, they significantly improve the performance and security.
{"title":"A highly reliable and tamper-resistant RRAM PUF: Design and experimental validation","authors":"Rui Liu, Huaqiang Wu, Yachun Pang, H. Qian, Shimeng Yu","doi":"10.1109/HST.2016.7495549","DOIUrl":"https://doi.org/10.1109/HST.2016.7495549","url":null,"abstract":"This work presents a highly reliable and tamper-resistant design of Physical Unclonable Function (PUF) exploiting Resistive Random Access Memory (RRAM). The RRAM PUF properties such as uniqueness and reliability are experimentally measured on 1 kb HfO2 based RRAM arrays. Firstly, our experimental results show that selection of the split reference and offset of the split sense amplifier (S/A) significantly affect the uniqueness. More dummy cells are able to generate a more accurate split reference, and relaxing transistor's sizes of the split S/A can reduce the offset, thus achieving better uniqueness. The average inter-Hamming distance (HD) of 40 RRAM PUF instances is ~42%. Secondly, we propose using the sum of the read-out currents of multiple RRAM cells for generating one response bit, which statistically minimizes the risk of early retention failure of a single cell. The measurement results show that with 8 cells per bit, 0% intra-HD can maintain more than 50 hours at 150 °C or equivalently 10 years at 69 °C by 1/kT extrapolation. Finally, we propose a layout obfuscation scheme where all the S/A are randomly embedded into the RRAM array to improve the RRAM PUF's resistance against invasive tampering. The RRAM cells are uniformly placed between M4 and M5 across the array. If the adversary attempts to invasively probe the output of the S/A, he has to remove the top-level interconnect and destroy the RRAM cells between the interconnect layers. Therefore, the RRAM PUF has the “self-destructive” feature. The hardware overhead of the proposed design strategies is benchmarked in 64 × 128 RRAM PUF array at 65 nm, while these proposed optimization strategies increase latency, energy and area over a naive implementation, they significantly improve the performance and security.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"147 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121497694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-03DOI: 10.1109/HST.2016.7495568
A. Kulkarni, Youngok Pino, T. Mohsenin
Hardware Trojans inserted at the time of design or fabrication by untrustworthy design house or foundry, poses important security concerns. With the increase in attacker's resources and capabilities, we can anticipate an unexpected new attack from the attacker at run-time. Therefore, the challenge is not only to reduce hardware overhead of added security feature but also to secure design from new attacks introduced at real-time. In this work, we propose a Real-time Online Learning approach for Securing many-core design. In order to prevent unexpected attacks, many-core provides feed-back to online learning algorithm based on core information and its behavior to incoming data packet. The proposed Online Learning approach updates the model run-time at each data transfer based on feed-back from many-core. For demonstration, Online Machine Learning model is initially trained with two types of (known) attacks and Trojan free router packets and then unexpected attack is introduced later at run-time. The results show that, feedback based Online Machine Learning algorithm has 8% higher overall detection accuracy and an average of 3% higher accuracy for unexpected attacks at each interval of 1000 test records than Supervised Machine Learning algorithms. The proposed feed-back based Trojan detection framework is demonstrated using a custom many-core architecture integrated with “Modified Balanced Winnow” Online Machine Learning algorithm on Xilinx Virtex-7 FPGA. Post place and route implementation results show that, secured many-core architecture requires 4 extra cycles to complete data transfer. The proposed architecture achieves 56% reduction in area and 50% less latency overhead as compared to previous published work [1]. Furthermore, we evaluate our framework for many-core platform by employing seizure detection application as a case study.
{"title":"Adaptive real-time Trojan detection framework through machine learning","authors":"A. Kulkarni, Youngok Pino, T. Mohsenin","doi":"10.1109/HST.2016.7495568","DOIUrl":"https://doi.org/10.1109/HST.2016.7495568","url":null,"abstract":"Hardware Trojans inserted at the time of design or fabrication by untrustworthy design house or foundry, poses important security concerns. With the increase in attacker's resources and capabilities, we can anticipate an unexpected new attack from the attacker at run-time. Therefore, the challenge is not only to reduce hardware overhead of added security feature but also to secure design from new attacks introduced at real-time. In this work, we propose a Real-time Online Learning approach for Securing many-core design. In order to prevent unexpected attacks, many-core provides feed-back to online learning algorithm based on core information and its behavior to incoming data packet. The proposed Online Learning approach updates the model run-time at each data transfer based on feed-back from many-core. For demonstration, Online Machine Learning model is initially trained with two types of (known) attacks and Trojan free router packets and then unexpected attack is introduced later at run-time. The results show that, feedback based Online Machine Learning algorithm has 8% higher overall detection accuracy and an average of 3% higher accuracy for unexpected attacks at each interval of 1000 test records than Supervised Machine Learning algorithms. The proposed feed-back based Trojan detection framework is demonstrated using a custom many-core architecture integrated with “Modified Balanced Winnow” Online Machine Learning algorithm on Xilinx Virtex-7 FPGA. Post place and route implementation results show that, secured many-core architecture requires 4 extra cycles to complete data transfer. The proposed architecture achieves 56% reduction in area and 50% less latency overhead as compared to previous published work [1]. Furthermore, we evaluate our framework for many-core platform by employing seizure detection application as a case study.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115172460","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-05-01DOI: 10.1109/HST.2016.7495573
Arvind Singh, Monodeep Kar, Anand Rajan, V. De, S. Mukhopadhyay
Low-drop-out (LDO) voltage regulator modules are being increasingly integrated in the modern processors for efficient power management. This paper shows that an integrated All-Digital LDO (ADLDO) can also be used as a countermeasure against power measurement based side channel attacks. The current transformation introduced by integrated digital LDOs, coupled with the noise due to quantization and limited sampling rate in the control loop, helps suppress the side channel leakage. The ADLDO-based countermeasure is analyzed considering an Advanced Encryption Standard (AES) engine designed in 130nmCMOS. Correlation power analysis and signal-to-noise ratio of the current waveforms at the input of the ADLDO shows significant improvement in power attack resistance over the AES input current.
{"title":"Integrated all-digital low-dropout regulator as a countermeasure to power attack in encryption engines","authors":"Arvind Singh, Monodeep Kar, Anand Rajan, V. De, S. Mukhopadhyay","doi":"10.1109/HST.2016.7495573","DOIUrl":"https://doi.org/10.1109/HST.2016.7495573","url":null,"abstract":"Low-drop-out (LDO) voltage regulator modules are being increasingly integrated in the modern processors for efficient power management. This paper shows that an integrated All-Digital LDO (ADLDO) can also be used as a countermeasure against power measurement based side channel attacks. The current transformation introduced by integrated digital LDOs, coupled with the noise due to quantization and limited sampling rate in the control loop, helps suppress the side channel leakage. The ADLDO-based countermeasure is analyzed considering an Advanced Encryption Standard (AES) engine designed in 130nmCMOS. Correlation power analysis and signal-to-noise ratio of the current waveforms at the input of the ADLDO shows significant improvement in power attack resistance over the AES input current.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125938327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: