Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854432
Aayush Singla, Bernhard Lippmann, H. Graeb
Modern semiconductor products adopting worldwide distributed manufacturing face the threat of malicious manipulation. An efficient and correct proof of absence of any modification is targeted to be achieved through the comparison of original layout design data with the physical chip layout recovered by reverse engineering. This paper presents an algorithm for this task. It is validated on design and layout data from sample analysis results on 40 nm layers.
{"title":"Verification of Physical Chip Layouts Using GDSII Design Data","authors":"Aayush Singla, Bernhard Lippmann, H. Graeb","doi":"10.1109/IVSW.2019.8854432","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854432","url":null,"abstract":"Modern semiconductor products adopting worldwide distributed manufacturing face the threat of malicious manipulation. An efficient and correct proof of absence of any modification is targeted to be achieved through the comparison of original layout design data with the physical chip layout recovered by reverse engineering. This paper presents an algorithm for this task. It is validated on design and layout data from sample analysis results on 40 nm layers.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132654649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854428
Marc Merandat, Vincent Reynaud, E. Valea, J. Quévremont, Nicolas Valette, P. Maistri, R. Leveugle, M. Flottes, Sophie Dupuis, B. Rouzeyre, G. D. Natale
The testability of electronic devices is of critical importance and it is often supported by IEEE standards. The available methods, on the other hand, can be an entry point to a malicious attacker, if no proper countermeasure is adopted. In this paper, we report the latest results from the HADES project, presenting a portfolio of solution towards a secure test infrastructure.
{"title":"A Comprehensive Approach to a Trusted Test Infrastructure","authors":"Marc Merandat, Vincent Reynaud, E. Valea, J. Quévremont, Nicolas Valette, P. Maistri, R. Leveugle, M. Flottes, Sophie Dupuis, B. Rouzeyre, G. D. Natale","doi":"10.1109/IVSW.2019.8854428","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854428","url":null,"abstract":"The testability of electronic devices is of critical importance and it is often supported by IEEE standards. The available methods, on the other hand, can be an entry point to a malicious attacker, if no proper countermeasure is adopted. In this paper, we report the latest results from the HADES project, presenting a portfolio of solution towards a secure test infrastructure.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114302743","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854400
Haibo Su, Basel Halak, Mark Zwolinski
A Physical Unclonable Function provides a secure method for lightweight device authentication, in contrast to traditional encryption methods that are expensive in terms of resources. Unfortunately, they have proved to be vulnerable to modelling attacks. This work shows that two-stage structures improve the resilience against machine learning attacks. We have evaluated a number of two-stage structures using combinations of Arbiter PUFs (APUF), Current Mirror PUFs (CM-PUF) and Differential Comparator PUFs (DC-PUF). Of these, a DC-DC-PUF with an XOR at the output has a predictability of about 50% Additionally, it has a high reliability of 95.2% and only requires 26.1% of the area of the best existing approach.
{"title":"Two-Stage Architectures for Resilient Lightweight PUFs","authors":"Haibo Su, Basel Halak, Mark Zwolinski","doi":"10.1109/IVSW.2019.8854400","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854400","url":null,"abstract":"A Physical Unclonable Function provides a secure method for lightweight device authentication, in contrast to traditional encryption methods that are expensive in terms of resources. Unfortunately, they have proved to be vulnerable to modelling attacks. This work shows that two-stage structures improve the resilience against machine learning attacks. We have evaluated a number of two-stage structures using combinations of Arbiter PUFs (APUF), Current Mirror PUFs (CM-PUF) and Differential Comparator PUFs (DC-PUF). Of these, a DC-DC-PUF with an XOR at the output has a predictability of about 50% Additionally, it has a high reliability of 95.2% and only requires 26.1% of the area of the best existing approach.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129960549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854438
Yıldıran Yılmaz, Basel Halak
Authentication is a fundamental part of essential security operations and is a cornerstone for the Internet of Things (IoT) security. In this work an energy-efficient and secure mutual authentication protocol is proposed for constrained IoT devices wherein a combination of RC5 (Rivest Cipher) and ECC (Elliptic Curve Cryptography) cryptosystems are used. The protocol is implemented, and its functionality is verified on Zolertia RE-mote IoT devices. It supports secure data transmission along with authentication. Unlike existing schemes, mutual authentication in the proposed protocol is achieved with only two flights between client and server. The security against most common attacks is analysed, furthermore energy consumption of our protocol is evaluated and compared with existing protocol e.g. DTLS handshake. Our protocol saves up to 57% energy compared to the DTLS handshake protocol per authentication cycle.
{"title":"A Two-Flights Mutual Authentication for Energy-Constrained IoT Devices","authors":"Yıldıran Yılmaz, Basel Halak","doi":"10.1109/IVSW.2019.8854438","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854438","url":null,"abstract":"Authentication is a fundamental part of essential security operations and is a cornerstone for the Internet of Things (IoT) security. In this work an energy-efficient and secure mutual authentication protocol is proposed for constrained IoT devices wherein a combination of RC5 (Rivest Cipher) and ECC (Elliptic Curve Cryptography) cryptosystems are used. The protocol is implemented, and its functionality is verified on Zolertia RE-mote IoT devices. It supports secure data transmission along with authentication. Unlike existing schemes, mutual authentication in the proposed protocol is achieved with only two flights between client and server. The security against most common attacks is analysed, furthermore energy consumption of our protocol is evaluated and compared with existing protocol e.g. DTLS handshake. Our protocol saves up to 57% energy compared to the DTLS handshake protocol per authentication cycle.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116789088","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854399
Miao Yu, Basel Halak, Mark Zwolinski
Code reuse techniques can circumvent existing security measures. For example, attacks such as Return Oriented Programming (ROP) use fragments of the existing code base to create an attack. Since this code is already in the system, the Data Execution Prevention methods cannot prevent the execution of this reorganised code. Existing software-based Control Flow Integrity can prevent this attack, but the overhead is enormous. Most of the improved methods utilise reduced granularity in exchange for a small performance overhead. Hardware-based detection also faces the same performance overhead and accuracy issues. Benefit from HPC's large-area loading on modern CPU chips, we propose a detection method based on the monitoring of hardware performance counters, which is a lightweight system-level detection for malicious code execution to solve the restrictions of other software and hardware security measures, and is not as complicated as Control Flow Integrity.
{"title":"Using Hardware Performance Counters to Detect Control Hijacking Attacks","authors":"Miao Yu, Basel Halak, Mark Zwolinski","doi":"10.1109/IVSW.2019.8854399","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854399","url":null,"abstract":"Code reuse techniques can circumvent existing security measures. For example, attacks such as Return Oriented Programming (ROP) use fragments of the existing code base to create an attack. Since this code is already in the system, the Data Execution Prevention methods cannot prevent the execution of this reorganised code. Existing software-based Control Flow Integrity can prevent this attack, but the overhead is enormous. Most of the improved methods utilise reduced granularity in exchange for a small performance overhead. Hardware-based detection also faces the same performance overhead and accuracy issues. Benefit from HPC's large-area loading on modern CPU chips, we propose a detection method based on the monitoring of hardware performance counters, which is a lightweight system-level detection for malicious code execution to solve the restrictions of other software and hardware security measures, and is not as complicated as Control Flow Integrity.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131250506","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854389
Z. Takakis, Dimitrios Mangiras, C. Nicopoulos, G. Dimitrakopoulos
The importance of functional coverage during frontend verification is steadily increasing. Complete coverage statistics, possibly spanning from block- to top-level, are required as a proof of verification quality and project development status. In this work, we present a coverage-driven verification methodology that relies on coverage-directed stimulus generation, with the goal being to increase functional coverage and decrease test application time. The test application time given to each one of the available constrained-random test sequences is dynamically adjusted by a feedback-based mechanism that observes online the quality of each applied test. The higher the quality, the more cycles are assigned to this test for future trials. Misbehaving test sequences are automatically replaced by new ones, in order to spend verification cycles on other tests that actually improve functional coverage. The proposed methodology is successfully applied to the register renaming sub-system of a 2-way superscalar out-of-order RISC-V processor. The results demonstrate both increased functional coverage and reduced test application time, as compared to a purely random approach.
{"title":"Dynamic Adjustment of Test-Sequence Duration for Increasing the Functional Coverage","authors":"Z. Takakis, Dimitrios Mangiras, C. Nicopoulos, G. Dimitrakopoulos","doi":"10.1109/IVSW.2019.8854389","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854389","url":null,"abstract":"The importance of functional coverage during frontend verification is steadily increasing. Complete coverage statistics, possibly spanning from block- to top-level, are required as a proof of verification quality and project development status. In this work, we present a coverage-driven verification methodology that relies on coverage-directed stimulus generation, with the goal being to increase functional coverage and decrease test application time. The test application time given to each one of the available constrained-random test sequences is dynamically adjusted by a feedback-based mechanism that observes online the quality of each applied test. The higher the quality, the more cycles are assigned to this test for future trials. Misbehaving test sequences are automatically replaced by new ones, in order to spend verification cycles on other tests that actually improve functional coverage. The proposed methodology is successfully applied to the register renaming sub-system of a 2-way superscalar out-of-order RISC-V processor. The results demonstrate both increased functional coverage and reduced test application time, as compared to a purely random approach.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124431572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854418
A. Siddiqui, G. Shirley, S. Bendre, Girija Bhagwat, J. Plusquellic, F. Saqib
In the process of globalization, heterogeneous SoCs play an important role in an embedded application, security aspects of such a system are crucial. The system is susceptible to many attacks out of which we focus on two main attacks, namely, boot time attacks, where malware are injected to leak information and modify the functionality and run-time software attacks causing memory corruption. In this paper, we propose a hardware/software-based solution to secure the system integrity by providing secure boot which prevents malicious and unauthorized software during startup and Information Flow Tracking (IFT) technique to track the spurious data during run-time and preventing buffer overflow attacks. This proposed solution is implemented on the RISC-V and provides a self-authentication mechanism for FPGAs using TPM.
{"title":"Secure Design Flow of FPGA Based RISC-V Implementation","authors":"A. Siddiqui, G. Shirley, S. Bendre, Girija Bhagwat, J. Plusquellic, F. Saqib","doi":"10.1109/IVSW.2019.8854418","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854418","url":null,"abstract":"In the process of globalization, heterogeneous SoCs play an important role in an embedded application, security aspects of such a system are crucial. The system is susceptible to many attacks out of which we focus on two main attacks, namely, boot time attacks, where malware are injected to leak information and modify the functionality and run-time software attacks causing memory corruption. In this paper, we propose a hardware/software-based solution to secure the system integrity by providing secure boot which prevents malicious and unauthorized software during startup and Information Flow Tracking (IFT) technique to track the spurious data during run-time and preventing buffer overflow attacks. This proposed solution is implemented on the RISC-V and provides a self-authentication mechanism for FPGAs using TPM.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126427240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854402
Arash Nejat, Z. Kazemi, V. Beroulle, D. Hély, M. Fazeli
Nowadays due to economic reasons most of the semiconductor companies prefer to outsource the manufacturing part of their designs to third fabrication foundries, the so-called fabs. Untrustworthy fabs can extract circuit blocks, the called intellectual properties (IPs), from the layouts and then pirate them. Such fabs are suspected of hardware Trojan (HT) threat in which malicious circuits are added to the layouts for sabotage objectives. HTs lead up to increase power consumption in HT-infected circuits. However, due to process variations, the power of HTs including few gates in million-gate circuits is not detectable in power consumption analysis (PCA). Thus, such circuits should be considered as a collection of small sub-circuits, and PCA must be individually performed for each one of them. In this article, we introduce an approach facilitating PCA-based HT detection methods. Concerning this approach, we propose a new logic locking method and algorithm. Logic locking methods and algorithm are usually employed against IP piracy. They modify circuits such that they do not correctly work without applying a correct key to. Our experiments at the gate level and post-synthesis show that the proposed locking method and algorithm increase the proportion of HT activity and consequently HT power to circuit power.
{"title":"Restricting Switching Activity Using Logic Locking to Improve Power Analysis-Based Trojan Detection","authors":"Arash Nejat, Z. Kazemi, V. Beroulle, D. Hély, M. Fazeli","doi":"10.1109/IVSW.2019.8854402","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854402","url":null,"abstract":"Nowadays due to economic reasons most of the semiconductor companies prefer to outsource the manufacturing part of their designs to third fabrication foundries, the so-called fabs. Untrustworthy fabs can extract circuit blocks, the called intellectual properties (IPs), from the layouts and then pirate them. Such fabs are suspected of hardware Trojan (HT) threat in which malicious circuits are added to the layouts for sabotage objectives. HTs lead up to increase power consumption in HT-infected circuits. However, due to process variations, the power of HTs including few gates in million-gate circuits is not detectable in power consumption analysis (PCA). Thus, such circuits should be considered as a collection of small sub-circuits, and PCA must be individually performed for each one of them. In this article, we introduce an approach facilitating PCA-based HT detection methods. Concerning this approach, we propose a new logic locking method and algorithm. Logic locking methods and algorithm are usually employed against IP piracy. They modify circuits such that they do not correctly work without applying a correct key to. Our experiments at the gate level and post-synthesis show that the proposed locking method and algorithm increase the proportion of HT activity and consequently HT power to circuit power.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129583388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854401
Honorio Martín, E. Vatajelu, G. D. Natale, O. Keren
In this paper we study the reliability of ring oscillator PUFs. We correlate the reliability with the distance between the measured oscillation frequencies, for different operating conditions. We propose a reliability evaluation metric based on differential frequency threshold, which allows the design of a robust PUF. In addition, we evaluate the characteristics of the resulting PUF and we devise a scenario for guaranteeing the overall reliability by selecting appropriate error correcting codes.
{"title":"On the Reliability of the Ring Oscillator Physically Unclonable Functions","authors":"Honorio Martín, E. Vatajelu, G. D. Natale, O. Keren","doi":"10.1109/IVSW.2019.8854401","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854401","url":null,"abstract":"In this paper we study the reliability of ring oscillator PUFs. We correlate the reliability with the distance between the measured oscillation frequencies, for different operating conditions. We propose a reliability evaluation metric based on differential frequency threshold, which allows the design of a robust PUF. In addition, we evaluate the characteristics of the resulting PUF and we devise a scenario for guaranteeing the overall reliability by selecting appropriate error correcting codes.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122918395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1109/IVSW.2019.8854394
N. Du, M. Kiani, Xianyue Zhao, D. Bürger, O. Schmidt, R. Ecke, S. Schulz, H. Schmidt, I. Polian
Emerging memristive devices have been recently suggested for use in secret key generation and other hardware security applications. This position paper brings together the views of researchers from material science and hardware-oriented security. It discusses the question which types of memristors are better suitable for the construction of major hardware security primitives. Specifically, this paper points out the problems caused by electroforming, a necessary step for most of today's memristive devices, and advocates the usage of electroforming-free memristors. It discusses which security properties can be met by such devices and where more research is required.
{"title":"Electroforming-free Memristors for Hardware Security Primitives","authors":"N. Du, M. Kiani, Xianyue Zhao, D. Bürger, O. Schmidt, R. Ecke, S. Schulz, H. Schmidt, I. Polian","doi":"10.1109/IVSW.2019.8854394","DOIUrl":"https://doi.org/10.1109/IVSW.2019.8854394","url":null,"abstract":"Emerging memristive devices have been recently suggested for use in secret key generation and other hardware security applications. This position paper brings together the views of researchers from material science and hardware-oriented security. It discusses the question which types of memristors are better suitable for the construction of major hardware security primitives. Specifically, this paper points out the problems caused by electroforming, a necessary step for most of today's memristive devices, and advocates the usage of electroforming-free memristors. It discusses which security properties can be met by such devices and where more research is required.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122010178","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: