Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383909
S. Banik, A. Bogdanov, F. Regazzoni, Takanori Isobe, Harunaga Hiwatari, T. Akishita
In this paper we explore the technique of “inverse gating” which is a significant improvement over the “round gating” technique introduced in HOST 2016. Round gating worked by generating timing signals to separate glitch propagation from one circuit element to the next. Inverse gating generates the same timing signals required to segregate transient round signals, in a manner that incurs less delay and hence lesser switching activity in the circuits. We also show that energy-wise, inverse gated circuits outperform round gated circuits by a margin of around 30 %. In the second part of the paper, we further explore the efficiency of the energy reduction by tuning some of the design parameters. The most natural candidate for this was the delay of the buffer used for creating the timing signals. We found that the optimal energy consumption for any round and inverse gated unrolled block cipher occurs at a particular range of this delay value. We try to explain the optimality of this particular choice of design parameter with the help of the implementation of the AES-128 block cipher.
{"title":"Inverse gating for low energy encryption","authors":"S. Banik, A. Bogdanov, F. Regazzoni, Takanori Isobe, Harunaga Hiwatari, T. Akishita","doi":"10.1109/HST.2018.8383909","DOIUrl":"https://doi.org/10.1109/HST.2018.8383909","url":null,"abstract":"In this paper we explore the technique of “inverse gating” which is a significant improvement over the “round gating” technique introduced in HOST 2016. Round gating worked by generating timing signals to separate glitch propagation from one circuit element to the next. Inverse gating generates the same timing signals required to segregate transient round signals, in a manner that incurs less delay and hence lesser switching activity in the circuits. We also show that energy-wise, inverse gated circuits outperform round gated circuits by a margin of around 30 %. In the second part of the paper, we further explore the efficiency of the energy reduction by tuning some of the design parameters. The most natural candidate for this was the delay of the buffer used for creating the timing signals. We found that the optimal energy consumption for any round and inverse gated unrolled block cipher occurs at a particular range of this delay value. We try to explain the optimality of this particular choice of design parameter with the help of the implementation of the AES-128 block cipher.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"1 1","pages":"173-176"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83144845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383903
M. Majumder, Md. Sakib Hasan, Mesbah Uddin, G. Rose
Chaos computing is an unconventional paradigm for computing where chaotic oscillators are used for computation. As chaotic oscillators dynamically produce a large number of unique patterns over time, a single oscillator can be configured to produce different logic gates. Even the same logic functionality can be implemented using the same chaos gate but with different configurations. Chaotic implementations of logic thus provides opportunities for building instances of computing system with similar hardware but different configurations of operation, thus being capable of mitigating side channel based reverse engineering attack. In this paper, we explore the opportunities of mitigating side channel power attack vulnerabilities of conventional digital computing systems using chaos based logic. We perform an instruction classification attack using side channel power profiles on arithmetic logic units (ALU), considered for different proportions of conventional logic gates and chaotic logic gates. Quantitative analysis based on a classification algorithm shows that an ALU implemented with even a small proportion of chaotic gates can be classified with significantly lower accuracy compared to conventional alternatives.
{"title":"Chaos computing for mitigating side channel attack","authors":"M. Majumder, Md. Sakib Hasan, Mesbah Uddin, G. Rose","doi":"10.1109/HST.2018.8383903","DOIUrl":"https://doi.org/10.1109/HST.2018.8383903","url":null,"abstract":"Chaos computing is an unconventional paradigm for computing where chaotic oscillators are used for computation. As chaotic oscillators dynamically produce a large number of unique patterns over time, a single oscillator can be configured to produce different logic gates. Even the same logic functionality can be implemented using the same chaos gate but with different configurations. Chaotic implementations of logic thus provides opportunities for building instances of computing system with similar hardware but different configurations of operation, thus being capable of mitigating side channel based reverse engineering attack. In this paper, we explore the opportunities of mitigating side channel power attack vulnerabilities of conventional digital computing systems using chaos based logic. We perform an instruction classification attack using side channel power profiles on arithmetic logic units (ALU), considered for different proportions of conventional logic gates and chaotic logic gates. Quantitative analysis based on a classification algorithm shows that an ALU implemented with even a small proportion of chaotic gates can be classified with significantly lower accuracy compared to conventional alternatives.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"96 1","pages":"143-146"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80623044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383910
P. Cronin, Chengmo Yang
As mobile phones become more ubiquitous in our daily lives, many malware creators have shifted their focus to these mobile platforms. While a plethora of work exists to try and detect malware as it is uploaded to app stores and when it is downloaded to user devices, malware still slips through. A lesser body of work has suggested that Hardware Performance Counters (HPCs) can provide an insight into detecting malware as it runs. While these works have been successful, they typically require thread-level sampling rates every tens of thousands of instructions and hundreds of KB/s to MB/s of bus bandwidth, resulting in high power overhead in battery constrained mobile devices. Unlike previous works, this paper proposes a coarser grained approach, requiring system-wide sampling rates in the hundreds of Hz and less than 10 KB/s of bandwidth, all while achieving similar accuracy to previous works and identification of zero-day attacks. The proposed method focuses purely on background detection, that is, detection of malware when its parent application is inactive. This technique relies upon a multi-layer neural network to extract the higher order dependencies between different HPCs as processes are executed on multiple cores. Experiments are conducted on a Motorola G4 platform, and classifiers are trained with multiple families of malware and a multitude of clean system states.
{"title":"Lowering the barrier to online malware detection through low frequency sampling of HPCs","authors":"P. Cronin, Chengmo Yang","doi":"10.1109/HST.2018.8383910","DOIUrl":"https://doi.org/10.1109/HST.2018.8383910","url":null,"abstract":"As mobile phones become more ubiquitous in our daily lives, many malware creators have shifted their focus to these mobile platforms. While a plethora of work exists to try and detect malware as it is uploaded to app stores and when it is downloaded to user devices, malware still slips through. A lesser body of work has suggested that Hardware Performance Counters (HPCs) can provide an insight into detecting malware as it runs. While these works have been successful, they typically require thread-level sampling rates every tens of thousands of instructions and hundreds of KB/s to MB/s of bus bandwidth, resulting in high power overhead in battery constrained mobile devices. Unlike previous works, this paper proposes a coarser grained approach, requiring system-wide sampling rates in the hundreds of Hz and less than 10 KB/s of bandwidth, all while achieving similar accuracy to previous works and identification of zero-day attacks. The proposed method focuses purely on background detection, that is, detection of malware when its parent application is inactive. This technique relies upon a multi-layer neural network to extract the higher order dependencies between different HPCs as processes are executed on multiple cores. Experiments are conducted on a Motorola G4 platform, and classifiers are trained with multiple families of malware and a multitude of clean system states.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"6 1","pages":"177-180"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76435275","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383908
Kai Yang, Jungmin Park, M. Tehranipoor, S. Bhunia
Field programmable gate arrays (FPGAs) are being increasingly used in diverse Internet of Things (IoT) application space. Poor programmability of FPGAs compared to their processor counterparts remains an important challenge amidst their wide-spread usage. On the other hand, security of FPGA-based systems against physical attacks, in particular, side-channel attacks (SCAs) has emerged as a critical concern. Hardware virtualization, where instead of directly mapping a design to FPGA, it is mapped on top of a generic architecture, called overlay, has been shown to address the programmability challenge, leading to significantly higher productivity and several orders of magnitude reductions in compile time as well as bitstream size. However, unlike software or network virtualization, FPGA virtualization has not been studied with respect to its security benefits. In this paper, for the first time to our knowledge, we propose to utilize the properties of virtualization to address the FPGA security issues against a dominant mode of SCA, namely, power analysis attack. We note that while virtualization shows many intrinsic security benefits, we can efficiently implement masking approaches in novel ways onto this architecture to achieve high level of protection. Extensive security analysis is done to show large side-channel resistance improvement for a set of evaluation metrics.
{"title":"Hardware virtualization for protection against power analysis attack","authors":"Kai Yang, Jungmin Park, M. Tehranipoor, S. Bhunia","doi":"10.1109/HST.2018.8383908","DOIUrl":"https://doi.org/10.1109/HST.2018.8383908","url":null,"abstract":"Field programmable gate arrays (FPGAs) are being increasingly used in diverse Internet of Things (IoT) application space. Poor programmability of FPGAs compared to their processor counterparts remains an important challenge amidst their wide-spread usage. On the other hand, security of FPGA-based systems against physical attacks, in particular, side-channel attacks (SCAs) has emerged as a critical concern. Hardware virtualization, where instead of directly mapping a design to FPGA, it is mapped on top of a generic architecture, called overlay, has been shown to address the programmability challenge, leading to significantly higher productivity and several orders of magnitude reductions in compile time as well as bitstream size. However, unlike software or network virtualization, FPGA virtualization has not been studied with respect to its security benefits. In this paper, for the first time to our knowledge, we propose to utilize the properties of virtualization to address the FPGA security issues against a dominant mode of SCA, namely, power analysis attack. We note that while virtualization shows many intrinsic security benefits, we can efficiently implement masking approaches in novel ways onto this architecture to achieve high level of protection. Extensive security analysis is done to show large side-channel resistance improvement for a set of evaluation metrics.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"1 1","pages":"167-172"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83193213","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383902
Athanassios Moschos, A. Fournaris, O. Koufopavlou
Leakage Assessment and Side Channel Attacks (SCA) leakage trace acquisition tools and platforms require a considerable amount of time to collect millions of traces and rely on custom, hard to change or handle acquisition control mechanisms. To match these problems, in this paper, a flexible and scalable architecture for leakage trace collection is proposed, providing a fast, reconfigurable and flexible control mechanism that can be easily scaled to a wide variety of Devices Under Test (DUT). The proposed system migrates test vector generation, control and transmission, from off-board Personal Computer (PC) to an on-board embedded-system hardware control mechanism. The proposed solution provides a toolset that can be used to structure various leakage assessment scenarios, regardless of the DUT's implemented cryptographic algorithm. The proposed approach enables single, multiple encryption per control loop round and DUT clock frequency adjustment to achieve accurate and fast leakage trace collection even for low-mid range oscilloscopes.
{"title":"A flexible leakage trace collection setup for arbitrary cryptographic IP cores","authors":"Athanassios Moschos, A. Fournaris, O. Koufopavlou","doi":"10.1109/HST.2018.8383902","DOIUrl":"https://doi.org/10.1109/HST.2018.8383902","url":null,"abstract":"Leakage Assessment and Side Channel Attacks (SCA) leakage trace acquisition tools and platforms require a considerable amount of time to collect millions of traces and rely on custom, hard to change or handle acquisition control mechanisms. To match these problems, in this paper, a flexible and scalable architecture for leakage trace collection is proposed, providing a fast, reconfigurable and flexible control mechanism that can be easily scaled to a wide variety of Devices Under Test (DUT). The proposed system migrates test vector generation, control and transmission, from off-board Personal Computer (PC) to an on-board embedded-system hardware control mechanism. The proposed solution provides a toolset that can be used to structure various leakage assessment scenarios, regardless of the DUT's implemented cryptographic algorithm. The proposed approach enables single, multiple encryption per control loop round and DUT clock frequency adjustment to achieve accurate and fast leakage trace collection even for low-mid range oscilloscopes.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"39 1","pages":"138-142"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88455142","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383920
Tao Liu, Wujie Wen, Yier Jin
Deep Neural Network (DNN) has recently become the “de facto” technique to drive the artificial intelligence (AI) industry. However, there also emerges many security issues as the DNN based intelligent systems are being increasingly prevalent. Existing DNN security studies, such as adversarial attacks and poisoning attacks, are usually narrowly conducted at the software algorithm level, with the misclassification as their primary goal. The more realistic system-level attacks introduced by the emerging intelligent service supply chain, e.g. the third-party cloud based machine learning as a service (MLaaS) along with the portable DNN computing engine, have never been discussed. In this work, we propose a low-cost modular methodology-Stealth Infection on Neural Network, namely “SIN2”, to demonstrate the novel and practical intelligent supply chain triggered neural Trojan attacks. Our “SIN2” well leverages the attacking opportunities built upon the static neural network model and the underlying dynamic runtime system of neural computing framework through a bunch of neural Trojaning techniques. We implement a variety of neural Trojan attacks in Linux sandbox by following proposed “SIN2”. Experimental results show that our modular design can rapidly produce and trigger various Trojan attacks that can easily evade the existing defenses.
{"title":"SIN2: Stealth infection on neural network — A low-cost agile neural Trojan attack methodology","authors":"Tao Liu, Wujie Wen, Yier Jin","doi":"10.1109/HST.2018.8383920","DOIUrl":"https://doi.org/10.1109/HST.2018.8383920","url":null,"abstract":"Deep Neural Network (DNN) has recently become the “de facto” technique to drive the artificial intelligence (AI) industry. However, there also emerges many security issues as the DNN based intelligent systems are being increasingly prevalent. Existing DNN security studies, such as adversarial attacks and poisoning attacks, are usually narrowly conducted at the software algorithm level, with the misclassification as their primary goal. The more realistic system-level attacks introduced by the emerging intelligent service supply chain, e.g. the third-party cloud based machine learning as a service (MLaaS) along with the portable DNN computing engine, have never been discussed. In this work, we propose a low-cost modular methodology-Stealth Infection on Neural Network, namely “SIN2”, to demonstrate the novel and practical intelligent supply chain triggered neural Trojan attacks. Our “SIN2” well leverages the attacking opportunities built upon the static neural network model and the underlying dynamic runtime system of neural computing framework through a bunch of neural Trojaning techniques. We implement a variety of neural Trojan attacks in Linux sandbox by following proposed “SIN2”. Experimental results show that our modular design can rapidly produce and trigger various Trojan attacks that can easily evade the existing defenses.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"53 1","pages":"227-230"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77881713","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383917
M. Alam, Sreeja Chowdhury, M. Tehranipoor, Ujjwal Guin
The continuous growth of recycled integrated circuits (ICs) poses a serious threat to our critical infrastructures due to their inferior quality and has become one of the major concerns to the government and the industry. Detection of these ICs is challenging especially when they have been used for a short period of time, as the process variations (especially in lower technology nodes) could outpace the degradation caused by aging. In this paper, we propose a robust, accurate, and low-cost solution for efficient detection of recycled ICs, even if they have been used for a very short period of time. The proposed solution utilizes a ring oscillator (RO), and a nonvolatile memory. It stores the RO frequency, conditions (e.g., supply voltage, temperature, and duration) for the frequency measurement, and a digital signature. The simulation and silicon results demonstrate that we can effectively detect recycled ICs used as low as one day.
{"title":"Robust, low-cost, and accurate detection of recycled ICs using digital signatures","authors":"M. Alam, Sreeja Chowdhury, M. Tehranipoor, Ujjwal Guin","doi":"10.1109/HST.2018.8383917","DOIUrl":"https://doi.org/10.1109/HST.2018.8383917","url":null,"abstract":"The continuous growth of recycled integrated circuits (ICs) poses a serious threat to our critical infrastructures due to their inferior quality and has become one of the major concerns to the government and the industry. Detection of these ICs is challenging especially when they have been used for a short period of time, as the process variations (especially in lower technology nodes) could outpace the degradation caused by aging. In this paper, we propose a robust, accurate, and low-cost solution for efficient detection of recycled ICs, even if they have been used for a very short period of time. The proposed solution utilizes a ring oscillator (RO), and a nonvolatile memory. It stores the RO frequency, conditions (e.g., supply voltage, temperature, and duration) for the frequency measurement, and a digital signature. The simulation and silicon results demonstrate that we can effectively detect recycled ICs used as low as one day.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"40 1","pages":"209-214"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89583980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383907
Zhiming Zhang, Qiaoyan Yu, L. Njilla, C. Kamhoua
The imbalance relationship between FPGA hardware/software providers and FPGA users challenges the assurance of secure design on FPGAs. Existing efforts on FPGA security primarily focus on reverse engineering the downloaded FPGA configuration, retrieving the authentication code or crypto key stored on the embedded memory in FPGAs, and countermeasures for the security threats above. In this work, we investigate new security threats from malicious FPGA tools, and identify stealthy attacks that could occur during FPGA deployment. To address those attacks, we exploit the principles of moving target defense (MTD) and propose a FPGA-oriented MTD (FOMTD) method. Our method is composed of three defense lines, which are formed by an improved user constraint file, random selection of design replicas, and runtime submodule assembling, respectively. The FPGA emulation results show that the proposed FOMTD method reduces the hardware Trojan hit rate by 60% over the baseline, at the cost of 10.76% more power consumption.
{"title":"FPGA-oriented moving target defense against security threats from malicious FPGA tools","authors":"Zhiming Zhang, Qiaoyan Yu, L. Njilla, C. Kamhoua","doi":"10.1109/HST.2018.8383907","DOIUrl":"https://doi.org/10.1109/HST.2018.8383907","url":null,"abstract":"The imbalance relationship between FPGA hardware/software providers and FPGA users challenges the assurance of secure design on FPGAs. Existing efforts on FPGA security primarily focus on reverse engineering the downloaded FPGA configuration, retrieving the authentication code or crypto key stored on the embedded memory in FPGAs, and countermeasures for the security threats above. In this work, we investigate new security threats from malicious FPGA tools, and identify stealthy attacks that could occur during FPGA deployment. To address those attacks, we exploit the principles of moving target defense (MTD) and propose a FPGA-oriented MTD (FOMTD) method. Our method is composed of three defense lines, which are formed by an improved user constraint file, random selection of design replicas, and runtime submodule assembling, respectively. The FPGA emulation results show that the proposed FOMTD method reduces the hardware Trojan hit rate by 60% over the baseline, at the cost of 10.76% more power consumption.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"40 1","pages":"163-166"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85003436","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the globalization of semiconductor industry, hardware security issues have been gaining increasing attention. Among all hardware security threats, the insertion of hardware Trojans is one of the main concerns. Meanwhile, many current Trojan detection solutions follow the assumption that the hardware Trojan itself should be composed of digital logic. This assumption is invalidated by recently proposed analog Trojans which are extremely small and can detect rare events. This paper proposes a runtime hardware Trojan detection method which is geared towards detecting such advanced Trojans. The principle of this method is to guard a set of concerned signals, and initiate a hardware interrupt request when abnormal toggling events occur in these guarded signals. To prove the effectiveness of this method, we design a processor based on ARMv7-A&R ISA, and insert an analog Trojan into the processor. We fabricated the design in the SMIC 130 nm process and demonstrate the effectiveness of the proposed methodology.
{"title":"R2D2: Runtime reassurance and detection of A2 Trojan","authors":"Yumin Hou, Hu He, Kaveh Shamsi, Yier Jin, Dong Wu, Huaqiang Wu","doi":"10.1109/HST.2018.8383914","DOIUrl":"https://doi.org/10.1109/HST.2018.8383914","url":null,"abstract":"With the globalization of semiconductor industry, hardware security issues have been gaining increasing attention. Among all hardware security threats, the insertion of hardware Trojans is one of the main concerns. Meanwhile, many current Trojan detection solutions follow the assumption that the hardware Trojan itself should be composed of digital logic. This assumption is invalidated by recently proposed analog Trojans which are extremely small and can detect rare events. This paper proposes a runtime hardware Trojan detection method which is geared towards detecting such advanced Trojans. The principle of this method is to guard a set of concerned signals, and initiate a hardware interrupt request when abnormal toggling events occur in these guarded signals. To prove the effectiveness of this method, we design a processor based on ARMv7-A&R ISA, and insert an analog Trojan into the processor. We fabricated the design in the SMIC 130 nm process and demonstrate the effectiveness of the proposed methodology.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"49 1","pages":"195-200"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80325640","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383896
P. Mohan, N. E. C. Akkaya, B. Erbagci, K. Mai
Protecting hardware IP from reverse engineering threats is becoming increasingly challenging with advances in reverse engineering techniques. Different camouflaged logic families based on multi-Vt transistors have been recently proposed to combat reverse engineering threats. While multi-Vt based camouflaged logic gates offer cells that have an identical layout with multiple functionalities, they typically incur significant overheads in power, area, and delay. Moreover, amplifying the threshold voltage difference to logic levels while maintaining the noise margins needs careful analysis of PVT variations and mismatch. In this paper, a Pseudo-Static Camouflaged (PS-CAMO) logic family is proposed to improve the energy overheads of camouflaged logic gates while maintaining the reliability and yields of static CMOS logic gates. Post-layout simulations of a high-performance fully camouflaged S-box in a 65nm industrial CMOS process shows a 42% reduction in energy and a 26% reduction in area compared to a previously proposed Threshold Voltage Defined (TVD) camouflaged logic family.
{"title":"A compact energy-efficient pseudo-static camouflaged logic family","authors":"P. Mohan, N. E. C. Akkaya, B. Erbagci, K. Mai","doi":"10.1109/HST.2018.8383896","DOIUrl":"https://doi.org/10.1109/HST.2018.8383896","url":null,"abstract":"Protecting hardware IP from reverse engineering threats is becoming increasingly challenging with advances in reverse engineering techniques. Different camouflaged logic families based on multi-Vt transistors have been recently proposed to combat reverse engineering threats. While multi-Vt based camouflaged logic gates offer cells that have an identical layout with multiple functionalities, they typically incur significant overheads in power, area, and delay. Moreover, amplifying the threshold voltage difference to logic levels while maintaining the noise margins needs careful analysis of PVT variations and mismatch. In this paper, a Pseudo-Static Camouflaged (PS-CAMO) logic family is proposed to improve the energy overheads of camouflaged logic gates while maintaining the reliability and yields of static CMOS logic gates. Post-layout simulations of a high-performance fully camouflaged S-box in a 65nm industrial CMOS process shows a 42% reduction in energy and a 26% reduction in area compared to a previously proposed Threshold Voltage Defined (TVD) camouflaged logic family.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"1 1","pages":"96-102"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82207726","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: