Pub Date : 2013-06-02DOI: 10.1109/HST.2013.6581567
David W. Palmer, P. K. Manna
For complex production hardware designs, a significant challenge is to decide where to look for security issues. Published approaches to information flow security analysis find all paths from signals for an asset to ports accessible by an adversary, such as a secret key to a point of disclosure. Although this can be beneficial in eliminating areas of the hardware designs that need not be reviewed, what is included is still overwhelmingly large for a proper review for security vulnerabilities. However, it is not necessary to review all of the paths, but instead to review access control mechanisms that limit information flow between adversary and asset. Our method of using multiple information flow paths allows us to identify access control mechanisms and evaluate whether they are used on every access to the asset. Our technique was used commercially in production hardware design to successfully find critical security issues before tape-in by pre-Si validation engineers at Intel.
{"title":"An efficient algorithm for identifying security relevant logic and vulnerabilities in RTL designs","authors":"David W. Palmer, P. K. Manna","doi":"10.1109/HST.2013.6581567","DOIUrl":"https://doi.org/10.1109/HST.2013.6581567","url":null,"abstract":"For complex production hardware designs, a significant challenge is to decide where to look for security issues. Published approaches to information flow security analysis find all paths from signals for an asset to ports accessible by an adversary, such as a secret key to a point of disclosure. Although this can be beneficial in eliminating areas of the hardware designs that need not be reviewed, what is included is still overwhelmingly large for a proper review for security vulnerabilities. However, it is not necessary to review all of the paths, but instead to review access control mechanisms that limit information flow between adversary and asset. Our method of using multiple information flow paths allows us to identify access control mechanisms and evaluate whether they are used on every access to the asset. Our technique was used commercially in production hardware design to successfully find critical security issues before tape-in by pre-Si validation engineers at Intel.","PeriodicalId":6337,"journal":{"name":"2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"283 1","pages":"61-66"},"PeriodicalIF":0.0,"publicationDate":"2013-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76825108","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-06-02DOI: 10.1109/HST.2013.6581576
Cyril Roscian, J. Dutertre, A. Tria
Laser fault injection through the front side (and consequently the metal-flls) of an IC is often performed with medium or small laser beams for the purpose of injecting bytewise faults. We have investigated in this paper the properties of fault injection with a larger laser beam (in the 100/im range). We have also checked whether the bit-set (or bit-reset) fault type still holds or whether the bit-fip fault type may be encountered. Laser injection experiments were performed during the last round of the Advanced Encryption Standard (AES) algorithm running on an ASIC. The gathered data allowed to investigate the obtained fault models, to conduct two usual Differencial Fault Attack (DFA) schemes and to propose a simple version of a third DFA.
{"title":"Frontside laser fault injection on cryptosystems - Application to the AES' last round -","authors":"Cyril Roscian, J. Dutertre, A. Tria","doi":"10.1109/HST.2013.6581576","DOIUrl":"https://doi.org/10.1109/HST.2013.6581576","url":null,"abstract":"Laser fault injection through the front side (and consequently the metal-flls) of an IC is often performed with medium or small laser beams for the purpose of injecting bytewise faults. We have investigated in this paper the properties of fault injection with a larger laser beam (in the 100/im range). We have also checked whether the bit-set (or bit-reset) fault type still holds or whether the bit-fip fault type may be encountered. Laser injection experiments were performed during the last round of the Advanced Encryption Standard (AES) algorithm running on an ASIC. The gathered data allowed to investigate the obtained fault models, to conduct two usual Differencial Fault Attack (DFA) schemes and to propose a simple version of a third DFA.","PeriodicalId":6337,"journal":{"name":"2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"40 1","pages":"119-124"},"PeriodicalIF":0.0,"publicationDate":"2013-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79177156","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-06-02DOI: 10.1109/HST.2013.6581568
Wenchao Li, Adrià Gascón, Pramod Subramanyan, W. Y. Tan, A. Tiwari, S. Malik, N. Shankar, S. Seshia
Systems are increasingly being constructed from off-the-shelf components acquired through a globally distributed and untrusted supply chain. Often only post-synthesis gate-level netlists or actual silicons are available for security inspection. This makes reasoning about hardware trojans particularly challenging given the enormous scale of the problem. Currently, there is no mature methodology that can provide visibility into a bit-level design in terms of high-level components to allow more comprehensive analysis. In this paper, we present a systemic way of automatically deriving word-level structures from the gate-level netlist of a digital circuit. Our framework also provides the possibility for a user to specify sequences of word-level operations and it can extract the collection of gates corresponding to those operations. We demonstrate the effectiveness of our approach on a system-on-a-chip (SoC) design consisting of approximately 400,000 IBM 12SOI cells and several open-source designs.
{"title":"WordRev: Finding word-level structures in a sea of bit-level gates","authors":"Wenchao Li, Adrià Gascón, Pramod Subramanyan, W. Y. Tan, A. Tiwari, S. Malik, N. Shankar, S. Seshia","doi":"10.1109/HST.2013.6581568","DOIUrl":"https://doi.org/10.1109/HST.2013.6581568","url":null,"abstract":"Systems are increasingly being constructed from off-the-shelf components acquired through a globally distributed and untrusted supply chain. Often only post-synthesis gate-level netlists or actual silicons are available for security inspection. This makes reasoning about hardware trojans particularly challenging given the enormous scale of the problem. Currently, there is no mature methodology that can provide visibility into a bit-level design in terms of high-level components to allow more comprehensive analysis. In this paper, we present a systemic way of automatically deriving word-level structures from the gate-level netlist of a digital circuit. Our framework also provides the possibility for a user to specify sequences of word-level operations and it can extract the collection of gates corresponding to those operations. We demonstrate the effectiveness of our approach on a system-on-a-chip (SoC) design consisting of approximately 400,000 IBM 12SOI cells and several open-source designs.","PeriodicalId":6337,"journal":{"name":"2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"127 ","pages":"67-74"},"PeriodicalIF":0.0,"publicationDate":"2013-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91519429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-06-02DOI: 10.1109/HST.2013.6581571
Bodhisatwa Mazumdar, Debdeep Mukhopadhyay, I. Sengupta
In this paper we propose a construction and implementation for a class of rotation-symmetric S-boxes (RSSBs) with good cryptographic properties and improved DPA resilience. The S-boxes are constructed from rotation symmetric Boolean functions (RSBFs) and these RSBFs were searched to avoid any fixed points in the RSSB maps. In literature, search of RSSBs included those consisting of fixed points which is considered to be a weakness in the S-box constructions. We present some new properties of RSSBs and find that the search space of RSSBs with fixed points is of exponential order. We also present the hardware architecture of the RSSBs with no fixed points and the corresponding implementations on Xilinx Virtex-5 FPGA device on SASEBO-GII development board and perform a correlation analysis DPA of AES which include these RSSBs. The RSSBs from the proposed class when incorporated in AES, required more power traces compared to the AES containing Rijndael S-box which indicates that the DPA resilience of the proposed RSSBs is higher than that of the AES Rijndael S-box. Also we present the correlation analysis DPA results on the look-up table, distributed memory and block memory based implementations of some of the RSSBs from the proposed class and compare the results with those of the respective implementations of AES-128 Rijndael S-box.
{"title":"Design and implementation of rotation symmetric S-boxes with high nonlinearity and high DPA resilience","authors":"Bodhisatwa Mazumdar, Debdeep Mukhopadhyay, I. Sengupta","doi":"10.1109/HST.2013.6581571","DOIUrl":"https://doi.org/10.1109/HST.2013.6581571","url":null,"abstract":"In this paper we propose a construction and implementation for a class of rotation-symmetric S-boxes (RSSBs) with good cryptographic properties and improved DPA resilience. The S-boxes are constructed from rotation symmetric Boolean functions (RSBFs) and these RSBFs were searched to avoid any fixed points in the RSSB maps. In literature, search of RSSBs included those consisting of fixed points which is considered to be a weakness in the S-box constructions. We present some new properties of RSSBs and find that the search space of RSSBs with fixed points is of exponential order. We also present the hardware architecture of the RSSBs with no fixed points and the corresponding implementations on Xilinx Virtex-5 FPGA device on SASEBO-GII development board and perform a correlation analysis DPA of AES which include these RSSBs. The RSSBs from the proposed class when incorporated in AES, required more power traces compared to the AES containing Rijndael S-box which indicates that the DPA resilience of the proposed RSSBs is higher than that of the AES Rijndael S-box. Also we present the correlation analysis DPA results on the look-up table, distributed memory and block memory based implementations of some of the RSSBs from the proposed class and compare the results with those of the respective implementations of AES-128 Rijndael S-box.","PeriodicalId":6337,"journal":{"name":"2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"9 1","pages":"87-92"},"PeriodicalIF":0.0,"publicationDate":"2013-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86221536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-06-02DOI: 10.1109/HST.2013.6581578
Philip Hodgers, Neil Hanley, Máire O’Neill
As cryptographic implementations are increasingly subsumed as functional blocks within larger systems on chip, it becomes more difficult to identify the power consumption signatures of cryptographic operations amongst other unrelated processing activities. In addition, at higher clock frequencies, the current decay between successive processing rounds is only partial, making it more difficult to apply existing pattern matching techniques in side-channel analysis. We show however, through the use of a phase-sensitive detector, that power traces can be pre-processed to generate a filtered output which exhibits an enhanced round pattern, enabling the identification of locations on a device where encryption operations are occurring and also assisting with the re-alignment of power traces for side-channel attacks.
{"title":"Pre-processing power traces with a phase-sensitive detector","authors":"Philip Hodgers, Neil Hanley, Máire O’Neill","doi":"10.1109/HST.2013.6581578","DOIUrl":"https://doi.org/10.1109/HST.2013.6581578","url":null,"abstract":"As cryptographic implementations are increasingly subsumed as functional blocks within larger systems on chip, it becomes more difficult to identify the power consumption signatures of cryptographic operations amongst other unrelated processing activities. In addition, at higher clock frequencies, the current decay between successive processing rounds is only partial, making it more difficult to apply existing pattern matching techniques in side-channel analysis. We show however, through the use of a phase-sensitive detector, that power traces can be pre-processed to generate a filtered output which exhibits an enhanced round pattern, enabling the identification of locations on a device where encryption operations are occurring and also assisting with the re-alignment of power traces for side-channel attacks.","PeriodicalId":6337,"journal":{"name":"2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"41 21 1","pages":"131-136"},"PeriodicalIF":0.0,"publicationDate":"2013-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88759978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: