HOST 2019: INTERNATIONAL SYMPOSIUM ON HARDWARE-ORIENTED SECURITY AND TRUST
PROGRAM FOR TUESDAY, MAY 7TH
Days:
previous day
next day
all days

View: session overviewtalk overview

07:30-08:30Registration and Continental Breakfast
08:30-10:15 Session 5: Plenary Session - Opening Remarks, Keynote Address I, Invited Visionary Talk I

Opening Remarks: HOST General and Program Chairs

 

KEYNOTE I 

Speaker: Greg Akers, Consultative Technology Executive, Greg Akers Consulting 

Title: Hardware Anchored Trust in a Software Defined World

Abstract: We will explore the composition of hardware derived trust, privacy and security in a world of untrusted software defined components. Looking at historical precedence and the likely future. We will explore the needs in a world of Quantum Computing, pervasive AI, and entirely a cloud world. As the world evolves to Not, in most aspects of our lives, we compose increasingly complex and intertwined systems that have limited verifiably robust security and trust. We will explore how critically position hardware roots of trust may improve these systems posture.

 

VISIONARY TALK I

Speaker: Ingrid Verbauwhede, Professor, KU Leuven - COSIC

Title: The Need for Hardware Roots of Trust

Abstract: Software security and cryptographic security protocols rely on hardware roots of trust. Software designers assume that cryptographic keys, random initial values, nonces, freshness, hardware isolation, or secure storage is simply available to them. At the same time, electronics shrink: sensor nodes, IOT devics, smart devices are becoming more and more available. Adding security and cryptography to these often very resource constraint devices is a challenge. This presentation will focus design methods for hardware roots of trustor and more specifically on Physically Unclonable Functions (PUFs) and True Random Number Generators (TRNG), two essential roots of trust.

Chair:
Yousef Iskander (Cisco, United States)
10:15-12:30 Session 6: Demo Session I
Chair:
Fareena Saqib (UNC Charlotte, United States)
Location: Atrium/Foyer
10:15
Yutian Gui (UNC Charlotte, United States)
Suyash Mohan Tamore (UNC Charlotte, United States)
Ali Shuja Siddiqui (UNC Charlotte, United States)
Nahome Bete (Google, United States)
Jim Plusquellic (University of New Mexico, United States)
Fareena Saqib (UNC Charlotte, United States)
156: A SCA-resilient Design Based on Dynamic Reconfiguration

ABSTRACT. As two typical representatives of Side-Channel Attack (SCA), power analysis attack and electromagnetic attack show a very high efficiency to extract cryptographic keys and other secret information from the device non-invasively.

In this work, we first investigate the and the effectiveness of CPA and EMA on the FPGA based AES encryption to show the vulnerability of the side-channel attack. Then we present a novel scheme to reduce the risk of CPA based on the dynamic reconfigurability of the up-to-date FPGA chip.

10:23
Vivek Venugopalan (University of Southern California ISI, United States)
Gaurav Kolhe (University of Southern California ISI, United States)
Andrew Schmidt (University of Southern California ISI, United States)
Joshua Monson (University of Southern California ISI, United States)
Matthew French (University of Southern California ISI, United States)
Yinghua Hu (University of Southern California, United States)
Peter Beerel (University of Southern California, United States)
Pierluigi Nuzzo (University of Southern California, United States)
157: MIRAGE: A System-Level Framework for Inserting and Evaluating Logic Obfuscation

ABSTRACT. The hardware demo will highlight the use of MIRAGE, a system-level framework that can accept a benchmark circuit from the user in the form of a synthesized netlist; insert the desired logic obfuscation method; and evaluate the obfuscation method in terms of attack resiliency time and area, power, and timing overheads. The main goal of the demo is to provide obfuscation researchers with access to a common framework, so that they can develop more uniform, meaningful metrics reporting their results on standard, larger benchmarks such as CEP, and arbitrary designs. Attack researchers can plug into it to show the effectiveness of their attacks over the state of practice. Metrics developers can extend MAT to explore the effectiveness of various metrics. Moreover, the demo will highlight the overview of the APIs whereby these researchers can plug into and extend MIRAGE for their research.

10:31
Jonas Krautter (Karlsruhe Institute of Technology, Germany)
Dennis Gnad (Karlsruhe Institute of Technology, Germany)
Falk Schellenberg (Ruhr-Universität, Germany)
Amir Moradi (Ruhr-Universität, Germany)
Mehdi Tahoori (Karlsruhe Institute of Technology, Germany)
155: Software-based Fault and Power Side-Channel Attacks inside Multi-Tenant FPGAs

ABSTRACT. FPGAs are getting increasingly adopted as accelerators in clouds and data centers. In many of such emerging applications of FPGAs, multi-tenant usage of a single FPGA through virtualization is envisioned. This mandates the security and proper isolation at logical level. However, as shown recently, FPGA primitives can be re-used for attacks on the underlying electrical level. Previously, such attacks typically relied on expensive test and measurement equipment which mandated physical access to the system under attack. We could show that FPGA primitives can be re-used for sensors and fault injection on the electrical level, sufficient to remotely deploy power analysis side channel and fault analysis attacks, on Intel, Xilinx and Lattice FPGAs. In this demo, we will present such attacks using a low-cost Lattice iCE40-HX8K board, since all attacks were ported to this platform already.

10:39
Shuwen Deng (Yale, United States)
Wenjie Xiong (Yale, United States)
Jakub Szefer (Yale, United States)
154: RISC-V Secure Caches Demo on FPGA

ABSTRACT. We will present a demo showing RISC-V secure caches on the FPGA board, to defend timing-based cache side-channel attacks. This is a microarchitecture level secure cache framework design based on RISC-V Rocket Chip generator using Chisel hardware construction language.

We will present Partition Locked cache (PL cache) [10] and other secure caches, which we realized in FPGA hardware to show their security and performance.

10:47
Alexander Scholz (University of Applied Sciences Offenburg, Karlsruhe Institute of Technology, Germany)
Lukas Zimmermann (University of Applied Sciences Offenburg, Karlsruhe Institute of Technology, Germany)
Axel Sikora (University of Applied Sciences Offenburg, Karlsruhe Institute of Technology, Germany)
Mehdi Tahoori (Karlsruhe Institute of Technology, Germany)
Jasmin Aghassi-Hagmann (University of Applied Sciences Offenburg, Karlsruhe Institute of Technology, Germany)
153: Demonstration of Differential Circuit (DiffC)-PUF Addressing and Readout Platform

ABSTRACT. For this demonstration we present a system that allows to generate unique physical keys within a generic hardware-/software framework that exploits intrinsic variations in the manner of analog differential PUF structures. Analog PUF structures, realized as stand-alone integrated chips are complex and costly systems with limited direct access for the research community. DiffC-PUF's discrete design enables access to a reliable PUF in a full system including software for HW/SW security analysis in R&D settings. The design and fabrication costs of the discrete PUF are far lower than for integrated PUFs. The DiffC-PUF architecture shown in the demo is intended to be used in board-level security without developing an IC. In comparison to typical PUF implementations such as ring oscillator (RO)-PUFs, DiffC-PUF is much less complex when it is assembled with discrete components, while allowing the same non-linear growth of response bit width scaling. Another major advantage of the herein presented discrete PUF is that it is possible to access and measure all parts of the PUF circuit and to explore the underlying effects that cause the variations, used for digital PUF response generation, as well as the negative effects arising from real environmental operation. Therefore, the modular architecture is highly suitable for research and academic purposes in laboratories to measure and analyze a real hardware PUF and tackle questions coming up from a software security side. With an average reliability of 99.20% and an uniqueness of 48.84% the proposed system shows values close to ideal.

10:55
Luca Piccolboni (Columbia University, United States)
Giuseppe Di Guglielmo (Columbia University, United States)
Luca Carloni (Columbia University, United States)
152: Securing Accelerators with Dynamic Information Flow Tracking

ABSTRACT. Systems-on-chip (SoCs) are becoming heterogeneous: they combine general-purpose processor cores with application- specific hardware components, also known as accelerators, to improve performance and energy efficiency. The advan- tages of heterogeneity, however, come at a price of threaten- ing security. The architectural dissimilarities of processors and accelerators require revisiting the current security tech- niques. With this hardware demo, we show how accelerators can break dynamic information flow tracking (DIFT), a well-known security technique that protects systems against software-based attacks. We also describe how the security guarantees of DIFT can be re-established with a hardware solution that has low performance and area penalties.

11:03
Ibrahim Taştan (TÜBİTAK BİLGEM (Informatics and Information Security Research Center), Turkey)
Salih Ergün (TÜBİTAK BİLGEM (Informatics and Information Security Research Center), Turkey)
151: Experimental Cryptanalysis : Case study on chaotic random number generators

ABSTRACT. In this study, break of a chaos-based RNG is experimentally proven. A proposed attack system is set up and the security problem in the chaos-based RNG is revealed. Master-slave synchronization scheme is established for proving the convergence of the attack system. Experimental results confirming the achievability of the attack system are given.

11:11
Burak Acar (TUBİTAK, Turkey)
Salih Ergun (TUBİTAK, Turkey)
150: Security analysis of chaos-based no-equilibrium chaotic system

ABSTRACT. Chaotic systems are usually preferred in random bit generation. Although a small difference in initial condition of a chaotic system produces too different results at the output of a chaotic system, it should be taken in mind that chaotic systems without any noise source implement deterministic equations. Therefore, they are vulnerable to possible attacks. In this demo, a three dimensional chaotic system without any equilibrium points, in other words hidden attractors, is implemented on an FPGA. A clone attack system is proposed to break the target system in terms of predicting next random bits generated by the target system. The master slave synchronization method is utilized to exhibit the security vulnerabilities of the “novel” no-equilibrium chaotic system with hidden attractors.

11:19
Joshua Monson (USC -- Information Sciences Institute, United States)
Travis Haroldsen (USC -- Information Sciences Institute, United States)
Matthew French (USC -- Information Sciences Institute, United States)
149: The Hardened Adversarial VET Challenge

ABSTRACT. The objective of this hardware demo is to introduce the academic community to the Hardened Adversarial VET Challenge (HAVoC). HAVoC is a series of hardware trojan benchmarks presented as a challenge and was developed over three years under the DARPA VET program to stress test and stimulate development of hardware trojan detection tools. Now that the DARPA VET program has ended we have been granted permission to release HAVoC on the world! In other words, academic researchers and others can now test their hardware trojan detection techniques and tools against HAVoC. This hardware demonstration will introduce HAVoC and show live operation of a hardware trojan from one of the HAVoC test articles.

11:27
Fan Zhang (Zhejiang University, China)
Yiran Zhang (Zhejiang University, China)
Xiaofei Dong (Zhejiang University, China)
Xinjie Zhao (Institute of North Electronic Equipment, China)
Bolin Yang (Zhejiang University, China)
Guorui Xu (Zhejiang University, China)
148: Portable Power Tracer for USIM with Smart Analyzer

ABSTRACT. The traditional side channel attacks are normally considered as quite difficult to launch in practice as it heavily relies upon laboratory equipments such as oscilloscopes and sophisticated expertise in the area. The objective of this hardware demo is to design a portable power tracer which can collect the power dissipation of standard 3G/4G USIM cards and extract the secret key inside with an offline analyzer, showing a practical side-channel threat to daily life with extremely low cost (around 50 USD).

The design principles include: (1) The hardware should be lightweight, stealthy, cheap and portable; (2) The collection process should be efficient, fast, and fully automated; (3) The collected traces are good enough for the offline power analysis such as Differential Power Analysis (DPA) and Correlation Power Analysis (CPA).

The highlighted contributions of our work include: (1) Redesign the lightweight PCB; (2) Automatically generate the customized APDU commands for different USIMs; (3) Automatically generate hardware trigger to improve accuracy; (4) Corresponding power analysis for mutual authentication for both MILENAGE and TUAK.

11:35
Carson Labrado (University of Kentucky, United States)
Himanshu Thapliyal (University of Kentucky, United States)
147: Hardware Demo of a Piezoelectric Based PUF for Hardware Security in IoT Devices

ABSTRACT. In our previous work published in IEEE Internet of Things Journal DOI: 10.1109/JIOT.2018.2874626, we proposed a design of a physically unclonable function (PUF) that was specifically targeted for use in Internet of Things (IoT) Applications. The PUF was created from components that are commonly found in IoT applications, specifically piezo sensors and a microcontroller. Our PUF works by comparing the total voltages of two different groups of three sensors. By using a microcontroller we were able to easily change the combinations of sensors that are being compared. Thanks to this, our PUF design only requires eight piezo sensors to perform 128 comparisons. Our demonstration will show the challenge response interface of our PUF as it generates responses when supplied an appropriate challenge.

11:43
Jubayer Mahmod (Auburn University, United States)
Ujjwal Guin (Auburn University, United States)
146: Remote Authentication of Low-Cost Devices using Unclonable IDs

ABSTRACT. Ensuring the authenticity of IoT devices is of great concern since an adversary can create a backdoor either to bypass the security and/or to leak secret information over an unsecured communication channel. It is of prime importance to design and develop solutions for authenticating such edge devices. In this demo, we will present a hardware implementation of a novel low-cost solution for authenticating edge devices. We will show how we can exploit the built-in SRAM to generate unique ``digital fingerprints'' for every device and authenticate a resource constraint IoT edge device at a cost of only 3.65% code overhead.

11:51
Arvind Singh (Georgia Institute of Technology, United States)
Monodeep Kar (Intel, United States)
Sanu Mathew (Intel, United States)
Anand Rajan (Intel, United States)
Vivek De (Intel, United States)
Saibal Mukhopadhyay (Georgia Institute of Technology, United States)
145: A 128-bit AES Engine with Higher Resistance to Power & Electromagnetic Side-Channel Attacks Enabled by a Security-Aware Integrated All-Digital Low Dropout Regulator

ABSTRACT. This demonstration presents on-chip integrated digital low-dropout (DLDO) regulator based countermeasures for encryption engines against side channel analysis (SCA) attacks. DLDOs, a critical power management circuits, are increasingly integrated with modern SoC systems for fine-grained power management and point of load regulation. This demonstration for the first time leverages DLDOs along with some circuit techniques to enhance SCA resistance of advanced encryption standard (AES) engines and presents experimental results and analysis. Our poster will show the motivation behind the proposed work, overall architecture and details about measurement setup, analysis techniques and side channel attack results with CPA/CEMA for both encryption engines (P-AES, S-AES).

11:59
Ali Shuja Siddiqui (University of North Carolina Charlotte, United States)
Yutian Gui (UNC Charlotte, United States)
Jim Plusquellic (University of New Mexico, United States)
Fareena Saqib (UNC Charlotte, United States)
158: Boot and Runtime Bitstream Authentication for FPGAs

ABSTRACT. Major commercial Field Programmable Gate Arrays (FPGAs) vendors provide encryption and authentication for programmable logic fabric (PL) bitstream using AES and RSA respectively. They are limited in scope of security that they provide and have proven to be vulnerable to different attacks. As-such, in-field deployed devices are susceptible to attacks where either a configuration bitstream, application software or dynamically reconfigurable bitstreams can be maliciously replaced. This hardware demo presents a framework for secure boot and runtime authentication for FPGAs. The presented system employs on-board cryptographic mechanisms and third-party established architectures such as Trusted Platform Module (TPM) and ARM TrustZone. The scope of this hardware demo is of systems level.

12:07
Jiaji He (Tianjin University, China)
Xiaolong Guo (University of Florida, United States)
Yiqiang Zhao (Tianjin University, China)
Yier Jin (University of Florida, United States)
144: An On-Chip Electromagnetic Sensor Network for Analog Trojan Detection

ABSTRACT. Hardware level modifications to the integrated systems are referred to as hardware Trojans. Recently, a novel Trojan that is enhanced by analog design techniques is proposed and is proved to be a huge threat to the security of microprocessors and microprocessor-based system-on-chips (SoCs). Although there are solutions based on monitoring the internal signals, it may not be able to cover all the Trojan-affected signals. An on-chip electromagnetic (EM) sensor network is proposed as a demo targeting analog hardware Trojans detection through analyzing the EM side-channel spectral signatures at integrated circuit level.

12:15
Andrew Stern (University of Florida, United States)
Kun Yang (University of Flroida, United States)
Jason Vosatka (University of Florida, United States)
Adam Duncan (Indiana University Bloomington, NAVSEA Crane, United States)
Jungmin Park (University of Florida, United States)
Domenic Forte (University of Florida, United States)
Mark Tehranipoor (University of Florida, United States)
Yunkai Bai (University of Florida, United States)
143: RASC: Enabling Remote Access to Side-Channels

ABSTRACT. Today, computing systems are being implemented into nearly every aspect of daily life. Integrating electronics into critical systems introduces new opportunities along with risks. To protect these systems, maintaining proper operating characteristics is essential, but it is difficult to remotely monitor them after the system is deployed. A system will often utilize its own resources to monitor itself which can impede optimal functionality and security. Hence, we have developed a standalone embedded platform, termed RASC, to be placed near the critical system. RASC was designed to recreate an environment that can mirror the functionality of a typical electronics lab test setup, but in the size of approximately 2 cubic centimeters. Our demonstration will show our custom RASC platform monitoring a host system and reporting back it's collected data. Here we will demonstrate how side-channels can be used to defend systems throughout their lifetimes and the benefits to remote side-channel access.

12:23
Adam Duncan (Indiana University Bloomington, United States)
Andrew Stern (University of Florida, United States)
Grant Skipper (Indiana University Bloomington, United States)
Adib Nahiyan (University of Florida, United States)
Fahim Rahman (University of Florida, United States)
Andrew Lukefahr (Indiana University Bloomington, United States)
Mark Tehranipoor (University of Florida, United States)
Martin Swany (Indiana University Bloomington, United States)
142: Infrared Applications of FLATS: Filling Logic and Testing Spatially for FPGA Authentication and Tamper Detection

ABSTRACT. This demo will provide a real-time application of using the Filling Logic and Testing Spatially (FLATS) architecture for perform an authentication operation on third party intellectual property (3PIP) running in an FPGA. A run-time tamper operation will be executed on 3PIP running on an FPGA. Our technique will detect the tamper event and will perform authentication operations before and after the tamper event to demonstrate authentication.

11:45-13:00Lunch Break
13:00-14:40 Session 7: Fault and Side Channel Technical Session

** denotes HOST 2019 Best Paper and Best Student Paper Nominee

## denotes HOST 2019 Best Paper Nominee

Chair:
Aydin Aysu (NCSU, United States)
13:00
Brice Colombier (CEA Tech, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne, France)
Alexandre Menu (IMT, Mines Saint-Etienne, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne, France)
Jean-Max Dutertre (IMT, Mines Saint-Etienne, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne, France)
Pierre-Alain Moëllic (CEA Tech, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne, France)
Jean-Baptiste Rigaud (IMT, Mines Saint-Etienne, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne, France)
Jean-Luc Danger (LTCI – CNRS, Télécom ParisTech, Université Paris-Saclay, France)
Laser-induced Single-bit Faults in Flash Memory: Instructions Corruption on a 32-bit Microcontroller

ABSTRACT. Physical attacks are a known threat to secure embedded systems. Notable among these is laser fault injection, which is probably the most powerful fault injection technique. Indeed, powerful injection techniques like laser fault injection provide a high spatial accuracy, which enables an attacker to induce bit level faults. However, experience gained from attacking 8-bit targets might not be relevant on more advanced micro-architectures and these attacks become increasingly challenging on 32-bit microcontrollers. In this article, we show that the flash memory area of a 32-bit microcontroller is sensitive to laser fault injection. These faults occur during the instruction fetch process, hence the stored value remains unaltered. After a thorough characterisation of the induced faults and the associated fault model, we provide detailed examples of bit-level corruptions of instruction and demonstrate practical applications in compromising the security of real-life codes. Based on these experimental results, we formulate a hypothesis about the underlying micro-architectural features that could explain the observed fault model.

13:20
Debayan Das (Purdue University, United States)
Mayukh Nath (Purdue University, United States)
Baibhab Chatterjee (Purdue University, United States)
Santosh Ghosh (Intel Labs, Intel Corporation, Hillsboro, 97124, Oregon, USA, United States)
Shreyas Sen (Purdue University, United States)
STELLAR: A Generic EM Side-Channel Attack Protection through Ground-Up Root-cause Analysis **

ABSTRACT. The threat of side-channels is becoming increasingly prominent for resource-constrained internet-connected devices. While numerous power side-channel countermeasures have been proposed, a promising approach to protect the non-invasive electromagnetic side-channel attacks has been relatively scarce. Today's availability of high-resolution electromagnetic (EM) probes mandates the need for a low-overhead solution to protect EM side-channel analysis (SCA) attacks. This work, for the first time, performs a white-box analysis to root-cause the origin of the EM leakage from an integrated circuit. System-level EM simulations with Intel 32 nm CMOS technology interconnect stack, as an example, reveals that the EM leakage from metals above layer 8 can be detected by an external non-invasive attacker with the commercially available state-of-the-art EM probes. Equipped with this 'white-box' understanding, this work proposes STELLAR: Signature aTtenuation Embedded CRYPTO with Low-Level metAl Routing, which is a two-stage solution to eliminate the critical signal radiation from the higher-level metal layers. Firstly, we propose routing of the entire cryptographic cores power traces using the local lower-level metal layers, whose leakage cannot be picked up by an external attacker. Then, the entire crypto IP is embedded within a Signature Attenuation Hardware (SAH) which in turn suppresses the critical encryption signature before it routes the current signature to the highly radiating top-level metal layers. System-level implementation of the STELLAR hardware with local lower-level metal routing in TSMC 65 nm CMOS technology, with an AES-128 encryption engine (as an example cryptographic block) operating at 40 MHz, shows that the system remains secure against EM SCA attack even after 1 M encryptions, with 67% energy-efficiency compared to the unprotected AES.

13:40
Chiou-Yng Lee (Lunghwa University of Science and Technology, Taiwan)
Jiafeng Xie (Villanova University, United States)
High Capability and Low-Complexity: Novel Fault Detection Scheme for Finite Field Multipliers over $GF(2^m)$ based on MSPB ##

ABSTRACT. Fault detection is becoming more and more essential to the cryptographic circuits protection (for the purpose of fighting against both natural and malicious faults). While finite field multiplier is regarded as the bottleneck arithmetic unit for cryptosystems such as elliptic curve cryptography, efficient implementation of finite field multiplier with high fault detection capability is still missing in the literature. In this paper, therefore, we propose a novel fault detection scheme for finite field multipliers over $GF(2^m)$, where the proposed work aims at obtaining high fault detection performance for finite field multipliers and meanwhile maintain low-complexity implementation. To successfully carry out the proposed design strategy, we have used the modified shifted polynomial basis (MSPB) to represent the field and have conducted three coherent interdependent stages of efforts: (i) a novel 1-bit parity based detection scheme for bit-serial MSPB multiplier is presented after thorough mathematical derivation; (ii) a novel Toeplitz matrix-vector product (TMVP)-based multi-bit parity prediction\&checking scheme for digit-serial MSPB multiplier is proposed then to obtain both high detection performance and low-complexity implementation; (iii) detailed complexity analysis and comparison show that the proposed designs have significantly better performance over the best of existing ones. For instance, for the bit-serial multipliers, the proposed design (using 1 parity bit) can achieve around 99.49\% fault detection performance while the best existing one with 2-bit parity checking scheme achieves only 75.12\% fault detection. The proposed scheme, because of its high fault detection capability and low-complexity, can be extended further in many cryptographic applications.

14:00
Nikhil Chawla (Georgia Institute of Technology, United States)
Arvind Singh (Georgia Institute of Technology, United States)
Nael Mizanur Rahman (Georgia Institute of Technology, United States)
Monodeep Kar (Intel, United States)
Saibal Mukhopadhyay (Georgia Institute of Technology, United States)
Extracting side-channel leakage from round unrolled implementations of lightweight ciphers

ABSTRACT. Energy efficiency and security is a critical requirement for computing at edge nodes. Unrolled architectures for lightweight cryptographic algorithms have been shown to be energy-efficient, providing higher performance while meeting the resource constraints. FPGA implementations of unrolled datapaths have also been shown to be secure against side channel analysis (SCA) attacks due to reduction in signal-to-noise ratio (SNR) and increased leakage model complexity. This paper demonstrates optimal leakage models and an improved CFA attack which makes it feasible to extract first-order side-channel leakages from combinational logic in the initial rounds of unrolled datapaths. Several leakage models targeting initial rounds are explored and 1-bit hamming weight (HW) based leakage model is shown to be an optimal choice. Additionally, narrow bandpass filtering techniques in conjunction with correlation frequency analysis (CFA) are demonstrated to improve SNR by up to 4× attributed to removal of misalignment effect in combinational logic and signal isolation. Next, improved CFA is performed on side channel signatures acquired for 7-round unrolled SIMON datapath implemented on Sakura-G (XILINX spartan 6, 45nm) based FPGA platform and 24× improvement in minimum-traces-to-disclose (MTD) to reveal 80% key bits is demonstrated with respect to baseline wide-band post-processing method and time domain correlation power analysis (CPA). Finally, the proposed methodology is successfully applied to a fully-unrolled datapath for PRINCE and a parallel round-based datapath for advanced encryption standard (AES) algorithm to demonstrate general applicability of proposed methods.

14:20
Keyvan Ramezanpour (Virginia Tech, United States)
Paul Ampadu (Virginia Tech, United States)
William Diehl (Virginia Tech, United States)
A Statistical Fault Analysis Methodology for the Ascon Authenticated Cipher

ABSTRACT. Authenticated ciphers are trending in secret key cryptography, since they combine confidentiality, integrity, and authentication into one algorithm, and offer potential efficiencies over the use of separate block ciphers and keyed hashes. Current cryptographic contests and standardization efforts (e.g., CAESAR and NIST) are evaluating authenticated ciphers for weaknesses, to include implementation vulnerabilities, such as fault attacks. In this paper, we analyze fault attacks against the Ascon authenticated cipher, which is a CAESAR lightweight category finalist. We propose a fault attack technique based on statistical ineffective fault analysis (SIFA) using double-fault injection and key dividing. Faults are injected at two selected S-boxes for every encryption, during the last round of permutation in the Ascon Finalization stage. The correct tag values, resulting from ineffective fault inductions, are then used to analyze key hypotheses. The complexity of our attack method is a trade-off between the size of key hypothesis search space and the number of double-fault injections. The sufficient number of correct tag values needed to recover a key subset depends on the bias of fault distributions. We perform experiments on a software implementation of Ascon to show that between 12.5 to 2500 correct tag values (i.e., ineffective faults) are enough for key recovery for highly biased to more uniform fault distributions, respectively.

14:40-15:00Break
15:00-16:40 Session 8: IP Trust and Anti-Counterfeit Technical Session

## denotes HOST 2019 Best Paper Nominee

Chair:
Xiaolin Xu (University of Illinois at Chicago, United States)
15:00
Karthikeyan Nagarajan (The Pennsylvania State University, United States)
Mohammad Nasim Imtiaz Khan (The Pennsylvania State University, United States)
Swaroop Ghosh (The Pennsylvania State University, United States)
ENTT: A Family of Emerging NVM-based Trojan Triggers

ABSTRACT. Hardware Trojans in the form of malicious modifications during the design and/or the fabrication process is a security concern due to the globalization of semiconductor production process. The Trojan would be designed to evade structural and functional testing and would activate under certain conditions and cause read/write failures. Very limited literature exists on memory Trojans in spite of their high likelihood. Emerging Non-Volatile Memories (NVMs) possess unique characteristics that make them the prime targets to deploy a Hardware Trojan. In this paper, we have designed two NVM-based trigger circuits that are activated after the test phase of the fabrication process.

15:20
Qihang Shi (University of Florida, United States)
Nidish Vashistha (University of Florida, United States)
Hangwei Lu (University of Florida, United States)
Bahar Tehranipoor (Buchholz High School, United States)
Haoting Shen (University of Florida, United States)
Damon Woodard (University of Florida, United States)
Navid Asadizanjani (University of Florida, United States)
Golden Gates: A New hybrid Approach for Rapid Hardware Trojan Detection using Testing and Imaging ##

ABSTRACT. Hardware Trojans are malicious modifications on integrated circuits (IC), which pose a grave threat to security of modern military and commercial systems. Existing methods to detect hardware Trojan are plagued by inability to detect all Trojans, reliance on golden chip that might not be available, high time cost, and low accuracy. In this paper, we present Golden Gates, a novel detection method designed to achieve comparable level of accuracy as full reverse engineering yet paying only a fraction of its cost in time. The proposed method inserts golden gate circuits (GGC) to achieve superlative accuracy in classification of scanning electron microscopy (SEM) images of thinned backside footprints of all existing gates. Possible attacks against GGC as well as malicious modifications on interconnect layers are discussed and addressed with secure built-in exhaustive test infrastructure. Evaluation with real SEM images demonstrate high classification accuracy and resistance to attacks of the proposed technique.

15:40
Ujjwal Guin (Auburn University, United States)
Wendong Wang (Auburn University, United States)
Charles Harper (Auburn University, United States)
Adit Singh (Auburn University, United States)
Detecting Recycled SoCs by Exploiting Aging Induced Biases in SRAM Cells

ABSTRACT. The rise of recycled ICs being sold as new through the global semiconductor supply chain is a serious threat to critical infrastructure due to their inferior quality, shorter remaining life, and potentially poorer performance, compared to their authentic counterparts. While solutions, such as age monitors, have been proposed for new designs, detecting the recycling of older legacy ICs already in use is much harder; no reliably effective solution currently exist. In this paper, we propose a new and highly effective approach for detecting recycled ICs by exploiting the power-up state of on-chip SRAM to evaluate the age of the chip. Our methodology does not require the introduction of any special aging detection circuitry, nor the recording and saving of historical circuit performance data to detect degradation from use. It is also low cost since does not require any special test equipment. Since SRAMs exist in virtually all system on chips (SoC), the approach is widely applicable to both old and new designs. We present experimental results using commercial off-the-shelf SRAM chips to validate the effectiveness of the proposed approach.

16:00
Adam Duncan (Indiana University Bloomington, United States)
Grant Skipper (Indiana University Bloomington, United States)
Andrew Stern (University of Florida, United States)
Adib Nahiyan (University of Florida, United States)
Fahim Rahman (University of Florida, United States)
Andrew Lukefahr (Indiana University Bloomington, United States)
Mark Tehranipoor (University of Florida, United States)
Martin Swany (Indiana University Bloomington, United States)
FLATS: Filling Logic and Testing Spatially for FPGA Authentication and Tamper Detection

ABSTRACT. Security-critical field programmable gate array (FPGA) designs traditionally rely on bitstream encryption and hashing to prevent bitstream modifications and provide design authentication. Recent attacks to extract bitstream encryption keys, and research in automated bitstream manipulation tools, have created a class of vulnerabilities involving post-synthesis low-level FPGA editing. Current authentication and tamper (e.g., malicious modification) detection approaches dependent upon hash-based comparison mechanisms and register transfer level safeguards are vulnerable to these post-synthesis exploits. In this paper, we propose FLATS, which provides filling logic and testing spatially to combat such vulnerability. FLATS fills unused configurable logic blocks (CLBs) within a FPGA design and inserts infrared-emitting spatial watermarks into the partially used CLBs at the post-synthesis stage for physical authentication and tamper detection using backside infrared imaging. FLATS takes an existing synthesized design and re-purposes a portion of its LUT initialization to function as a watermark allowing for the detection of changes to the post-synthesis placement and initialization. Experimental results validate the FLATS architecture on a 28nm Xilinx FPGA with less than 12% lookup table utilization overhead and negligible compromises in power and speed.

16:20
Xiaolong Guo (University of Florida, United States)
Raj Gautam Dutta (University of Central Florida, United States)
Jiaji He (Tianjin University, China)
Mark M. Tehranipoor (University of Florida, United States)
Yier Jin (University of Florida, United States)
QIF-Verilog: Quantitative Information-Flow based Hardware Description Languages for Pre-Silicon Security Assessment

ABSTRACT. Hardware vulnerabilities are often due to design mistakes because the designer does not sufficiently consider potential security vulnerabilities at the design stage. As a result, various security solutions have been developed to protect IC, among which the language-based hardware security verification serves as a promising solution. The verification process will be performed while compiling the HDL of the design. However, similar to other formal verification methods, the language-based approach also suffers from scalability issue. Furthermore, existing solutions either lead to hardware overhead or are not designed for vulnerable or malicious logic detection. To alleviate these challenges, we propose a new language based framework, QIF-Verilog, to evaluate the trustworthiness of a hardware system at register transfer level (RTL). This framework introduces a quantified information flow (QIF) model and extends Verilog type system to provide more expressiveness in presenting security rules; QIF is capable of checking the security rules given by the hardware designer. Secrets are labeled by the new type and then parsed to data flow, to which QIF model will be applied. To demonstrate our approach, we design a compiler for QIF-Verilog and perform vulnerability analysis on benchmarks from Trust-Hub and OpenCore. We show that Trojans or design faults that leak information from circuit outputs can be detected automatically and we show that our method evaluates the security of the design correctly.

16:40-17:00Break
17:00-18:30 Session 9: Panel I: Hardware Security Beyond the Digital Domain

Abstract: The majority of hardware security research has been focused on critical digital circuits. This represents a portion of the actual system that is being developed for an application. This panel will discuss the other spaces such as analog, RF, package, and board. The goal is to identify some new areas of research that can help with protection of the overall hardware systems.

Panelists

  • Vipul Patel, AFRL
  • Adam Sherer, Cadence
  • Yiorgos Makris, UTDallas
  • Thomas Collins, BAE

Moderator: Saverio Fazzari (Booz Allen Hamilton)

Chair:
Saverio Fazzari (Booz Allen Hamilton, United States)