Ryan Kastner (University of California San Diego, United States)
Property Driven Hardware Security
ABSTRACT. This tutorial looks at the elements of a property driven hardware security design methodology. A property driven hardware security design methodology starts with expressive security models that enable one to specify safety and security properties related to confidentiality, integrity, availability, separation, isolation, side channels, real-time operation, and Trojans. These models provide a formal way to specify the desired security of the hardware. Hardware security verification tools evaluate that the hardware design meets these security properties. These tools help the hardware designer find the source of security flaws and provide an assessment of their potential risks. Information flow and statistical models provide the necessary expressive power for specifying these properties, while also leveraging existing hardware verification tools for formal analysis, simulation, and emulation.
Circuit Techniques for Energy-efficient Hardware Security
ABSTRACT. Power consumption is the key constraint for modern System-on-Chip (SoC) design. After decades of research and development, low-power circuit techniques are maturing. But now SoCs face a new but critical design challenge: how to keep them secure – and techniques are being investigated in software and hardware to achieve this goal. This creates the need to understand the critical, but often complex, interplay between circuit techniques for security primitives and low-power designs. This tutorial will introduce the recent advancements in circuit design to understand and navigate the design space for security and power - a new challenge for both low-power and security professionals. The first talk will discuss the challenges associated with designing power-/area- constrained security primitives, critical for low-power Internet-of-Things (IoT) platforms. The second talks will discuss how recent advancements in low-power circuit techniques can be leveraged to enhance side-channel security of encryption engines. The tutorial will conclude with discussions on need and opportunities for future research in this challenging area.
Sandip Ray (University of Florida, United States) Swarup Bhunia (University of Florida, United States)
System-on-Chip Platform Security Assurance: Architecture, Implementation, Validation, and Deployment
ABSTRACT. The tutorial provides a broad overview of System-on-Chip (SoC) security assurance, including fundamental concepts, challenges, and state of the industry practices in design-for-security, architecture, test/debug, and security validation. Application of these concepts into the internet of things and embedded system applications will be covered. Next, it will provide a case study on application of SoC security design and validation solutions to automotive systems. The tutorial is based on over a decade of research and development experience for both presenters in working on diverse aspects of SoC security and test/debug/validation in close collaboration with major industry.
Jim Plusquellic (University of New Mexico, United States) Fareena Saqib (University of North Carolina, Charlotte, United States)
Side Channel Attacks and Countermeasures
ABSTRACT. This tutorial covers side channel attacks that target the theft of secret information, e.g., keys for encryption, as a microprocessor, an FPGA or an ASIC executes software or hardware versions of the encryption algorithm. We discuss the characteristics of side-channel leakage that occurs on the power rails and from electromagnetic (EM) emanations, as well as a broad range of software and hardware countermeasures that have been developed over the last 15 years. We expose the audience to the implementation details of side-channel attacks to give them the best possible perspective for future hands-on work in this area. Techniques that mitigate side-channel leakage continues to be an active research area and of high interest to government agencies and industry. The objective of this tutorial is to provide the audience with a comprehensive survey of side-channel attacks and leakage mitigation strategies, using both lecture material and a live hardware demonstration of a correlation power analysis (CPA) attack carried out on an instance of the Advanced Encryption Standard (AES) engine running on a FPGA board.
Enabling a Secure Development Lifecycle for Hardware
ABSTRACT. In the software domain, following a Secure Development Lifecycle (SDL) is a standard practice that reduces the likelihood of a successful exploit. By having a well-defined process and set of proven technologies to employ, software developers can reliably create code that is significantly more secure than versions created without an SDL. Unfortunately, the hardware domain has yet to adopt an SDL, rather employing several inadequate techniques and methods instead such as manual review or use of conventional functional verification platforms. This has resulted in many chips being released into the wild with security vulnerabilities baked into the silicon itself. Security verification is necessary at every stage of the hardware design lifecycle to prevent future exploits.
Broadly speaking, modern system-on-chip (SoC) design falls into these broad categories:
1. Architectural Design
2. RTL Design and Development
3. RTL Verification
4. Embedded SW development (often in parallel with prior stages)
5. HW/SW Verification
6. Full system verification
7. Tape-out
Each of these steps requires different approaches to in the SDL:
1. Architectural Design - Architectural review, threat model planning, design for security
2. RTL Design and Development - Design for security, early threat model verification
3. RTL Verification - block-level verification of threat models (formal security verification platforms and UVM/regression-based security verification)
4. Embedded SW development (often in parallel with prior stages) - Leverage static analysis tools, fuzz testing, etc. based on threat models
5. HW/SW Verification - Large security verification regressions based on threat models. Potential use of hardware emulation in the security verification
6. Full system verification - Full scale security emulation/prototyping for system boot up and identify security violations as close as possible to final implementation
7. Tape-out - Post-silicon threat verification including hardware fuzz testing, side-channel analysis, and tamper resistance.
Secure Processor Architectures in the Era of Spectre and Meltdown
ABSTRACT. The objective of this tutorial is to present the principles that processor architects and designers should use to ensure their processor architectures are secure, especially given side-channel attack threats which have re-emerged as a significant threat to security since Spectre and Meltdown (and their variants) have been publicized over the last year. First, the tutorial will overview the so-called “secure processor architectures”, present design patterns that can be gleaned from the existing research works, and will derive the principles that inform design of the secure processor architectures. Second, the tutorial will present details of Spectre and Meltdown attacks (and their various variants presented to date) and hardware defenses (and estimations of performance impact of each). Third, the tutorial will present details of the various secure cache architectures which have been developed in academia (and industry), their resistance to various side-channels, and performance impact of each. This tutorial will thus cover the three main contemporary research areas of secure processor architectures: the architectures themselves, speculation and side-channel attacks, and secure caches.
ABSTRACT. The goal of this tutorial is to present (i) the threat posed by each entity in the SoC supply chain, (ii) vulnerabilities during design process / life-cycle, (iii) CAD tools and methodologies for security assessment, (iv) Countermeasure tools and methodologies for each vulnerability, and (vi) challenges and research roadmap ahead.