ABSTRACT. Modern processors have used various types of ways to increase performance, such as speculative execution, branch prediction, and prefetching, to name a few. While these enhancements provide excellent performance benefits, many of them also leak privileged information via side channels, or can be utilized to communicate surreptitiously via covert channel. This paper presents a new covert channel within the modern Intel processor, found in the oft overlooked hardware prefetcher. The discovered channel allows two processes scheduled on the same core to communicate without any need of accessing data that should be mapped to the same set. Experimental results on Intel Core i7 6700 show that the channel is able to achieve a 34.8 KBps transmission speed with low error rates. It is also shown that state-of-the-art side and covert channel detection schemes have little impact on this prefetcher-based covert channel.

ABSTRACT. High-assurance embedded systems are deployed for decades and expensive to re-certify – hence, each new attack is an unpatchable problem that can only be detected by monitoring out-of-band channels such as the system’s power trace or electromagnetic emissions. Micro-architectural attacks, for example, have recently come to prominence since they break all existing software-isolation based security – for example, by hammering memory rows to gain root privileges or by abusing speculative execution and shared hardware to leak secret data. This work is the first to use anomalies in an embedded system’s power trace to detect evasive micro-architectural attacks. To this end, we introduce power-mimicking micro-architectural attacks – including DRAM-rowhammer attacks, side/covert-channel and speculationdriven attacks – to study their evasiveness. We then quantify the operating range of the power-anomalies detector using an Android (Odroid XU3) board – showing that rowhammer attacks cannot evade detection while covert channel attacks can evade detection but are forced to operate at a 36× lower bandwidth. Our power-anomaly detector is efficient and can be embedded out-of-band into (e.g.,) programmable batteries. While rowhammer and sidechannel defenses require invasive code- and hardware-changes in general-purpose systems, we show that power-anomalies are a simple and effective defense for embedded systems. Power-anomalies can help future-proof embedded systems against vulnerabilities that are likely to emerge as new hardware like phase-change memories and accelerators become mainstream.

ABSTRACT. Recent studies have shown how adversaries can exploit hardware cache structures to launch information leakage- based attacks. Among these attacks, timing channels are es- pecially worrisome since adversaries communicate simply by modulating the timing of shared resource accesses, and do not leave any physical trace of the communication. Therefore, guard- ing the system against such attacks is critical. Unfortunately, most existing mitigation mechanisms either require non-trivial hardware modifications and/or incur high runtime overheads. In this paper, we propose COTSknight, a new framework that guards the system against several classes of cache timing channel attacks by making novel use of Commercial Off-The- Shelf (COTS) architectural support for cache resource monitor- ing and prioritization. We find that the adversary’s attempt to modulate cache access latency during attacks can be captured using cache occupancy patterns. COTSknight leverages efficient signal processing techniques on cache occupancy patterns to de- termine the potential for timing channel attacks. Once suspicious domains are identified, COTSknight disbands timing channels using performance-friendly dynamic cache partitioning schemes. We implement a prototype of our COTSknight framework on an Intel Xeon v4 server and evaluate its efficacy extensively using different spatial encoding schemes, as well as serial and parallel implementations of timing channels. Our results show that COTSknight can successfully thwart several classes of timing channel attacks by allocating disjoint cache ways to malicious processes. Even in benign cache-intensive workloads, we observe a 6% cache partition trigger rate that results in 5% worst- case performance degradation. Interestingly, for some benign applications, upon COTSknight’s cache partition, we observe an improved performance by up to 9.2% through eliminating cache interference.

ABSTRACT. The recent disclosure of the Spectre and Meltdown side-channel vulnerabilities offers yet another example of modern computer architectures prioritizing performance optimizations over security and privacy. The devastating impact of data leakage, however, emphasizes the need for new processor designs that provide native support for data privacy using cryptography. In this paper, we report on a year-long effort to design, implement, fabricate, and validate CoPHEE: a novel co-processor design that mitigates data leakage risks using partially homomorphic encrypted execution. ASIC designs for encrypted execution impose unique challenges, such as the need for non-traditional arithmetic units (modular inverse, greatest common divisor), very wide datapaths (2048 bits), and the requirement for secure multiplexer units enabling general-purpose execution on encrypted values. Our fully-functional co-processor chip is fabricated in 65nm CMOS technology, and communicates to a main processor via UART. This paper offers an elaborate overview of all steps and design techniques in the ASIC development process, ranging from RTL design to fabrication and validation. We evaluate our co-processor using privacy-preserving C++ benchmarks, while our RTL files are available in an open-source repository.

ABSTRACT. Secure communication is being threatened by the foreseeable breakthrough of quantum computers. When a larger quantum computer is developed, traditional public key cryptography will be broken. Lattice-based cryptography appears as an alternative to protect the communications in the era of quantum computers. However, empowering current electronic devices with these new algorithms poses a challenging problem due to tight performance requirements as well as area and power constraints. Polynomial multiplication is the basic and most computationally intensive operation in lattice-based cryptosystems. The Number Theoretic Transform (NTT) is an attractive technique to perform polynomial multiplication efficiently. So far, previous works have focused on developing fast and compact forward and inverse NTT implementations. However, efficient and low-power NTT design has not been considered before although a low power consumption is crucial for many systems, such as battery-powered Internet of Things (IoT) devices. In this paper, we present the first low-power, fast and secure NTT ASIC design for lattice-based cryptography able to support different NTT parameters. The contribution of this work is three-fold. First, the implementation of a fast NTT through three optimization techniques. Second, utilization of methods for ASIC power minimization in the NTT design. Third, the security analysis of our NTT ASIC. Our proposed architecture requires only n log(n) clock cycles for the forward and inverse NTT and can be implemented using a cheap single port RAM. The results of our work show that it is possible to decrease the power dissipation by more than 30% at nearly no cost.

ABSTRACT. In the past years, new hardware reverse engineering methods for sequential gate-level netlists have been developed to detect Hardware Trojans and counteract Design Piracy. A critical part of sequential gate-level netlist reverse engineering is the identification of state registers. A promising method to solve this problem, RELIC, proposed by T. Meade et al., is based on input structure similarities of registers to differentiate between state and non-state registers. We propose an improvement to this method, fastRELIC: it outperforms RELIC in terms of speed and computational complexity. A complexity analysis shows the upper bound of O(R^2) (R: # registers) for both methods, but a linear lower bound Ω(R) for fastRELIC. Empirical results with fastRELIC provide a speedup of up to 100x. This allowed us to analyze real-life designs with more than 4,000 registers and 50,000 gates.

ABSTRACT. Logic locking, and Integrated Circuit (IC) Camouflaging, are techniques that try to hide the design of an IC from a malicious foundry or end-user by introducing ambiguity into the netlist of the circuit. While over the past decade an array of such techniques have been proposed their security has been constantly challenged by algorithmic attacks. This may in part be due to a lack of formally defined notions of security in the first place, and hence a lack of security guarantees based on long standing hardness assumptions.

In this paper we take a formal approach. We define the problem of \textit{circuit locking} ($\CL$) as transforming an original circuit to a locked one which is ``unintelligable'' without a secret key (this can model camouflaging and split-manufacturing in addition logic locking). We define several notions of security for $\CL$ under different adversary models. Using long standing results from computational learning theory we show the impossibility of exponentially approximation-resilient locking in the presence of an oracle for large classes of Boolean circuits. We then show how exact-recovery-resiliency and a more relaxed notion of security that we coin ``best-possible'' approximation-resiliency can be provably guaranteed with polynomial overhead. Our theoretical analysis directly results in stronger attacks and defenses which we demonstrate through experimental results on benchmark circuits.

ABSTRACT. Split Manufacturing (SM) was introduced as an effective countermeasure to reverse engineering of integrated circuits and as a potential deterrent to Trojan insertion and overproduction. In SM, some wires, assigned to the back-end of line (BEOL) layers and fabricated at a secure facility are hidden from the attacker. However, proximity information based attacks use physical design hints such as wire-length, combinational cycles and routing directions obtained from the FEOL (front-end of the line)net-list to recover some or all of the BEOL signals. In addition, a recently proposed satisfiability based attack models the BEOL signal recovery problem as a problem configuring a key-controlled interconnect network and solves for the key values using a satisfiability (SAT) solver.While this method can recover 100% of the BEOL signals, it takes impractically long time for large circuits. In this paper, we propose an effective method to exploit proximity information extracted from the FEOL circuit to reduce the size of the interconnection network which models the missing BEOL layers which in turn significantly reduces the size of the resulting SAT problem. This leads to efficient recovery of 100% of the ‘hidden’ BEOL signals even for large circuits. Experimental results using circuits from ISCAS85, ISCAS89 and ITC99 benchmark suites show that the proposed method is up to 80x faster than the SAT-only attack (without proximity information)while maintaining the 100% attack correctness for all combinational and sequential benchmarks

ABSTRACT. To help protect hardware Intellectual property (IP) against piracy and counterfeits, researchers have proposed obfuscation techniques that aim at hiding design intent and making reverse engineering difficult. A dominant form of obfuscation techniques, referred to as, logic locking, relies on insertion of key gates (e.g., XOR/XNOR) at strategic locations in a design followed by logic synthesis. Recently, it has been shown that such an approach leaves predictable structural signature, which make them susceptible to machine learning (ML) based structural attacks. These attacks are shown to deobfuscate the design by learning the deterministic nature of commercial synthesis tools and provide local snapshots of the original design. Unfortunately, ML based statistical approaches often suffer from the inability to guarantee 100% precision, even with very high prediction accuracy. Further, while they are attractive to unraveling design intent, they may not lead to a working design. To address this limitation, in this paper, we introduce SURF, a hybrid attack for the first time to our knowledge, which leverages the output of structural analysis to augment functional heuristic-based optimization techniques for partial or full key extraction of an obfuscated design. Using SURF attack, we are able to retrieve an average of 86% keybits with near 100% precision for obfuscated ISCAS-85 benchmarks. In several cases, we are able to completely recover all key bits with high confidence.

ABSTRACT. A localized electromagnetic (EM) attack is a potent threat to security of embedded cryptographic implementations. The attack utilizes high resolution EM probes to localize and exploit information leakage in sub-circuits of a system, providing information not available in traditional EM and power attacks. In this paper, we propose a countermeasure based on randomizing the assignment of sensitive data to parallel datapath components in a high-performance implementation of AES. In contrast to a conventional design where each state register byte is routed to a fixed S-box, a permutation network, controlled by a transient random value, creates a dynamic random mapping between the state registers and the set of S-boxes. This randomization results in a significant reduction of exploitable leakage.

We demonstrate the countermeasure's effectiveness under two attack scenarios: a more powerful attack that assumes a fully controlled access to an attacked implementation for building a priori EM-profiles, and a generic attack based on the black-box model. Spatial randomization leads to a 150X increase of the minimum traces to disclosure (MTD) for the profiled attack and a 3.25X increase of MTD for the black-box model attack.

ABSTRACT. The objective of this demo is to present a machine learning CAD framework to detect hardware Trojans in untrusted hardware intellectual property (IP) cores. The demo illustrates the use of a supervised learning-based detection method that includes the process of Trojan inserted benchmark generation, extraction of feature data from both training and testing (untrusted IP) benchmarks, training of machine learning classifiers, and verification of untrusted soft IPs using the trained models.

ABSTRACT. Internet of Things has become one of the important and most useful invention. But the security of these Internet of Things is not considered that important. In this proposal we will show how the lack of authentication in BLE protocol can be misused to exfilterate the data from the secured network.

ABSTRACT. Dynamic voltage and frequency scaling (DVFS) is broadly exploited on modern processors for energy saving by dynamically updating frequency and voltage of processor cores. Because of electrical specifications, the lower frequency one core owns, the lower voltage is requested to supply the minimum power. Hardware faults will be induced if core voltage is less than the least demand. DVFS manages several discrete frequencies and thus forming required voltage differentials. In this demo, we demonstrate the risk of voltage differentials combined with multiple cores and present a software-controlled voltage-based hardware fault attack. During the attack, attack core possesses a low frequency and victim core is assigned with a high frequency. Attack procedure provides determined period of malicious core voltage that is benign for the low frequency but dangerous for the high frequency. The demo deploys the attack method on normal world to acquire the encryption key of advanced encryption standard (AES) and guide rivest–shamir–adleman (RSA) decryption to output desired plaintext. Moreover, we demonstrate that our attack is efficient to attack AES executed in TrustZone and break RSA-based verification chain when loading trustlets.

ABSTRACT. The objective of our demo is to demonstrate 5 system level attacks on the HaHa (Hardware Hacking) platform. The topics of the attacks include secure boot, memory corruption attack, man-in-the-middle attack, JTAG/SWD interface and finally, a combination of all. With the 5 experiments, we show that the updated version of HaHa platform is not only capable of conducting hardware level hacking experiments, but also be able to combine hardware and software to demonstrate system level experiments.

ABSTRACT. IoT devices are numerous and widespread. They pose a high vulnerabilities to networks. Several methods such as IoT fingerprinting, and manufacturer usages description(MUD) have been proposed as a mean of mitigating the risk these devices incur on the network. these method however, either rely on guessing or some form of human interaction. Blockchain technology allow for IoT devices to be treated as nodes in the chain this provide security from masses instead of single entities. This work test the feasibility of blockchain technology, and its transaction in physical implementation.

ABSTRACT. The proliferation of Internet connected devices or IoT is upon us. Ever increasing attacks that utilize botnets has made policing these lightweight devices an issue of National Security. Manufacturer Usage Description or MUD is an embedded software standard that secures the weakest link, the IoT endpoint on the network chain. MUD, backed by Cisco, functions as the authoritative identifier for IoT devices and facilitates a layer of trust and security by using the Manufacturer as the authority to provide instructions for context-specific network access policies. This Demo will present a real world implementation of an upcoming IETF standard.

ABSTRACT. Computing hardware systems are becoming more vulnerable as they are designed in a globalized environment. Security threats start from the production stage of a computing system and continues to the end user level. In this demo, we demonstrate a logic locked RISC-V processor. The processor also exhibits unclonability due to process variation. Correct execution of a code in this processor requires correct activation key. Since the system is unclonable, a key results in different behaviors from the same program on different instances of this processor. Activation key of each processor is unique. We demonstrate two security aspects of this processor: 1. Robustness of locking scheme 2. Uniqueness of the behavior of a code executed on different instances of the processor.

ABSTRACT. Correlation power analysis (CPA) as a group of side-channel attacks exploits the correlation between measured power traces and estimated power consumption of a target crypto system. The correlation coefficient obtained by analyzing the two groups of data can help attackers reveal confidential crypto information to break the system. Many works have been done in 2D field to mitigate CPA attacks. However, limited efforts are paid on investigating the potential CPA threats in 3D chips. Although existing researches have demonstrated that some 3D architectures, such as the stacking structure or the intense internal noise [1], [2], can act as natural defense against power analysis attacks, very few physical experiments or quantitative analyses about the defense are provided by current literatures.

In 2D area, current defense mechanisms are usually based on modifying the power consumption of crypto system by either blurring or balancing power profile [3]-[5]. However, most of them bring in significant overhead in either total power consumption or hardware cost due to the extra logic induced. In this demo, we introduce a low cost CPA-attack countermeasure for 3D chips. In the countermeasure [6], the internal power distribution network (PDN) noise is leveraged to break the correlation between captured power traces and predicated power profile. More specifically, the PDN noise from nearby 3D tiers will be induced to the crypto unit located in the middle tier through through-silicon vias (TSVs). The correlation needed by adversaries can be effectively interrupted and the overhead is low because only very small amount of extra logic is added.

ABSTRACT. The global food supply chain has been becoming more complicated and less secure; food and food substance fraud is estimated to be a 40 billion problem per year. Customers are increasingly concerned about food quality but cannot entirely trust the food they eat due to the limited information provided by food producers to guarantee the provenance of their products. One of the biggest challenges preventing traceability is the fragmented form of the supply chain. To address the pressing need for integrity check of diverse food and dietary supplement products as they move through the supply chain, we will present a novel portable hardware-enabled authentication. It relies on applying nuclear quadrupole resonance (NQR) spectroscopy to authenticate the contents of packaged food products based on intrinsic signature of its chemical composition. NQR is a non-invasive, non-destructive, and quantitative radio frequency (RF) spectroscopic technique. It is sensitive to subtle features of the solid-state chemical environment such that signal properties are influenced by the manufacturing process, thus generating a manufacturer-specific watermark or intrinsic tag for the product. Such tags enable us to uniquely characterize and authenticate products of identical composition but from different manufacturers based on their NQR signal parameters. These intrinsic tags can be used to verify the integrity of a product and trace it through the supply chain. We apply a support vector machine (SVM)-based classification approach that trains the SVM with measured NQR parameters and then authenticates food products by checking their test responses. Measurement on an example substance using semi-custom hardware shows promising results (95% classification accuracy) which can be further improved with improved instrumentation. Previously, it was difficult to practically use this technology on field due to its bench-top setup. Now, supply chain management as well as consumers can use the portable setup for authentication.

ABSTRACT. This hardware demonstration investigates a novel anonymous, e-money transaction protocol based on physical unclonable functions (PUFs) and blind signatures. The PUF's privacy-preserving property is leveraged to create blind signatures for transaction anonymity while its hardware-based challenge-response-pair authentication scheme provides a secure solution that is highly robust to impersonation and other types of protocol attacks. The scheme is inspired from Chaum's Digicash work in the 1980s and subsequent improvements. Unlike Chaum's scheme which relies on RSA's multiplicative homomorphic property to provide anonymity, the PUF-based anonymity scheme proposed in this paper leverages the random and unique statistical properties of synthesized integrated circuits. A PUF-based e-money transaction protocol, called PUF-Cash, will be demonstrated using a set of Xilinx Zynq FPGAs.

ABSTRACT. This hardware demonstration investigates countermeasures to side- channel-based attack mechanisms. In particular, a dynamic partial reconfiguration (DPR) method is proposed for FPGAs to make techniques such as differential power analysis (DPA) difficult and/ or ineffective. We call the technique SPREAD, for Side-channel Power Resistance for Encryption Algorithms using DPR. SPREAD is designed to introduce diversity, and uncertainty, in the analysis of power supply transient signals. The proposed technique involves frequently changing the implementation characteristics of compo- nents of the Advanced Encryption Standard (AES) algorithm (while preserving the functionality) using DPR methods. Replicated prim- itives within AES, in particular, the SBOX, are synthesized to multi- ple implementations. During encryption/decryption, SBOX components are randomly selected and replaced dynamically with one of these implementations. The implementations are stored within FPGA Block RAM resources and a state machine coordi- nates with AES to carry out periodic DPR. The diversity of the implementations changes their delay characteristics and removes correlations in the power traces, making it difficult to identify the correct key.

ABSTRACT. In this demonstration, we will present a novel mechanism for obfuscating critical parts of a design through post-fabrication TRAnsistor-level Programming (TRAP). Through our hardware setup and the accompanying poster, we will accomplish the following objectives: (i) Introduce the TRAP fabric and its unique advantages towards design obfuscation. (ii) Present a customized CAD framework for seamlessly integrating TRAP within the ASIC design flow. (iii) Discuss the complexity of attacking TRAP-obfuscated designs through both brute-force and intelligent SAT-based attacks. (iv) Demonstrate a successful implementation of the proposed scheme with our prototype 65nm TRAP chip and a custom-built hardware testbed.

ABSTRACT. This demo demonstrates a novel method of detecting hardware Trojans using backscattering as a new physical side channel. The backscattering side channel that is created by transmitting a signal toward an integrated circuit (IC), where the internal impedance changes caused by on-chip switching activity modulate the signal that is backscattered (reflected) from the IC.

ABSTRACT. Electromagnetic emissions(EM) have shown to reveal information about program running on device or as a defense mechanism to identify malicious code. It is shown to compromise security of many computing devices but only recently researchers have started exploring the interactions of DVFS and security. DVFS is integral part of modern system on chips to improve energy efficiency and battery lif.e The use of DVFS has been demonstrated as a countermeasure to power side channel attack on encryption engines. The use of fast DVFS enabled by on-chip regulator and adaptive clocking has been shown to deter extraction of encryption key in hardware accelerators. Similarly, authors have shown that by performing unconstrained overclocking/under-volting, faults could be injected during encryption to recover the secret key. We experimentally demonstrate (on a Snapdragon 820 development board) DVFS as a source of information leakage in software and utilized supervised machine learning (ML) based classification models to exploit the relationship between time-varying EM-emissions and DVFS states with applications characteristics to identify applications running on processor. Altogether, we are profiling legitimate applications so as to protect against untrusted application that can infer activities on a device through eavesdropping software events by hiding in the background