2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)最新文献

{"title":"Advanced Covert-Channels in Modern SoCs","authors":"L. Bossuet, Carlos Andres Lara-Nino","doi":"10.1109/HOST55118.2023.10133626","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133626","url":null,"abstract":"Modern SoCs can be protected against software attacks under the paradigm of secure enclaves, which are built employing technologies like ARM TrustZone. These protections are meant to enforce access policies so that the interaction between untrusted/trusted applications and hardware components is limited. However, the possibility of creating covert channels within the SoC threatens these isolation models. Among other approaches, it has been shown that it is possible to create covert channels by exploiting the frequency-modulation technology available in these platforms. These attacks are devastating, since digital circuits generally use a single power distribution network. This provides the medium for the implementation of such covertchannels. Heterogeneous SoCs are particularly vulnerable in this regard, as under these platforms multiple operating ecosystems coalesce. The problem is exacerbated because these systems have become more prevalent with each new generation. In this paper, we explore the implementation of frequency-based covert-channels using Zynq Ultrascale+SoCs as case study. Our findings demonstrate that it is possible to exchange information between Linux-based applications, bare metal applications, and hardware modules, achieving transmission rates up to 750 Kbps.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"323 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122216766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Lightweight Countermeasures Against Original Linear Code Extraction Attacks on a RISC-V Core","authors":"Théophile Gousselot, Olivier Thomas, J. Dutertre, O. Potin, J. Rigaud","doi":"10.1109/HOST55118.2023.10133316","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133316","url":null,"abstract":"Linear Code Extraction (LCE) is an invasive attack aiming at fully extracting a code from a device’s memory for reverse engineering purposes. The core instruction bus is identified and microprobed using Failure Analysis tools. Meanwhile, other microprobes force internal nodes of the core to logic states which allow a full memory linear extraction. This paper demonstrates the first assessment of a RISC-V core vulnerability to LCE. It evaluates the complexity to extract the code in the right order by freezing the instruction register or by editing the incoming instructions. This paper introduces three original countermeasures to detect an ongoing LCE by monitoring symptoms such as the lack of branch instruction execution. These hardware countermeasures are lightweight and adaptable to other core architectures. We develop an experimental setup based on a functional simulation framework and an FPGA-based demonstration. This setup made it possible to study and assess the LCE vulnerabilities of our RISC-V target and to validate the effectiveness of our proposed countermeasures. The area overhead was measured between 0.52% and 1.47% of the cv32e40p RISC-V core. Depending on the detection latency target, the clock cycle overhead using the EmbenchTM benchmarks can be null or kept below 1%.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133412691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Dual-Leak: Deep Unsupervised Active Learning for Cross-Device Profiled Side-Channel Leakage Analysis","authors":"H. Yu, Shuo Wang, Haoqi Shan, Max Panoff, Michael Lee, Kaichen Yang, Yier Jin","doi":"10.1109/HOST55118.2023.10133491","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133491","url":null,"abstract":"Deep Learning (DL)-based side-channel analysis (SCA), as a new branch of SCA attacks, poses a significant privacy and security threat to implementations of cryptographic algorithms. Despite their impacts on hardware security, existing DL-based SCA attacks have not fully leveraged the potential of DL algorithms. Therefore, previously proposed DL-based SCA attacks may not show the real capability to extract sensitive information from target designs. In this paper, we propose a novel cross-device SCA method, named Dual-Leak, that applies Deep Unsupervised Active Learning to create a DL model for breaking cryptographic implementations, even with countermeasures deployed. The experimental results on both the local dataset and publicly available dataset show that our Dual-Leak attack significantly outperforms state-of-the-art works while no labeled traces are required from victim devices (i.e., unsupervised learning). Countermeasures are also discussed to assure hardware security against new attacks.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127278080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Generating Lower-Cost Garbled Circuits: Logic Synthesis Can Help","authors":"Mingfei Yu, G. Micheli","doi":"10.1109/HOST55118.2023.10133215","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133215","url":null,"abstract":"Garbled circuit (GC)-based frameworks are the cornerstone of advanced secure multi-party computation (MPC) protocols in various domains. These applications, such as secure network inference, require both scalability and real-time computation. However, the data communication among parties required by GC is currently a bottleneck of its runtime performance. Most existing works focus on minimizing the number of ANDs in logic networks over the basis {AND, XOR, NOT}, represented by XOR-AND graphs (XAG). AND is the only logic primitive among the three that contributes to providing the necessary multiplicative complexity (MC) of the desired logic function but causes communication costs. Inspired by the garbling gadget technique, we conduct a thorough study on the plausibility of adopting XAGs as the underneath logic representation to generate low-cost GCs and make two proposals: (1) merging small-fanin-size ANDs in XAGs, and (2) adopting OneHot gate, rather than AND, as the logic primitive to express MC, in order to reduce garbling costs. The first proposal optimizes GCs within a shorter runtime, whereas the second reduces garbling costs more. To validate our ideas, we propose a XAG-targeted merging algorithm and a logic synthesis flow for XOR-OneHot graphs (X1G). Compared to best-known results, our XAG- and X1Gtargeted implementations achieve reductions in garbling cost by up to 25.27% and 35.48% respectively.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"109 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115837099","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"OMT: A Run-time Adaptive Architectural Framework for Bonsai Merkle Tree-Based Secure Authentication with Embedded Heterogeneous Memory","authors":"Rakin Muhammad Shadab, Yu Zou, Sanjay Gandham, Mingjie Lin","doi":"10.1109/HOST55118.2023.10133074","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133074","url":null,"abstract":"Prospects of novel flash-based, crash-tolerant, non-volatile memory (NVM) such as Intel’s Optane DC memory [17] and future CXL-based persistent memory [28] bring about new and exciting usage scenarios for both general-purpose and embedded computing systems involving FPGA-enabled Trusted Execution Environment (TEE) [35], [43]. However, the NVM modules demonstrate high write latency and limited write endurance and therefore, are more suitable for a hybrid NVM + volatile DRAM setup [15]. Furthermore, different memory-based adversaries in NVM including integrity-based attacks demand the use of a robust authentication method such as Bonsai Merkle Tree (BMT) [4]. Conventional BMT authentication schemes should not be directly applied to such hybrid, embedded NVM platforms as the typical frequent update process of a BMT affects runtime performance even when persistence is unnecessary. On the contrary, the latest intermittent BMT update techniques can provide better run-time throughput, but lack crash-consistency [27]. Therefore, a heterogeneous memory-based system would greatly benefit from an authentication mechanism that can change its update method on-the-fly and provide a good balance between the persistence and run-time performance.In this paper, we propose a unified and hardware-friendly BMT framework called opportunistic Merkle tree (OMT). OMT is both modular and run-time adaptive by 1) merging the logic for two different BMT update schemes while still allowing for parallel updates through separate update cores and 2) streamlining the BMT read/verification for both of the update methods with a common datapath to support both recovery-critical and general data, therefore eliminating the need for individual authentication subsystems for different memory modules in a heterogeneous memory platform. Most interestingly, through the use of its adaptive Data and Address Management Unit (DAMU), OMT allows for a run-time switch between the update methods depending on the request type (persistent/intermittent). Extensive testing of OMT in a heterogeneous embedded memory system provides 44% lower memory overhead & up to 22% faster execution in synthetic benchmarks compared to a baseline.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132295629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"TripletPower: Deep-Learning Side-Channel Attacks over Few Traces","authors":"Chenggang Wang, Jimmy Dani, S. Reilly, Austen Brownfield, Boyang Wang, J. Emmert","doi":"10.1109/HOST55118.2023.10133495","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133495","url":null,"abstract":"Deep learning has been utilized as a promising technique in side-channel attacks. However, to recover keys successfully, deep-learning side-channel attacks often require thousands of training traces, which could be challenging for an attacker to obtain in the real world. This paper proposes a new deep-learning side-channel attack which only requires hundreds of training traces. Our proposed method, referred to as TripletPower, trains a triplet network, which learns a robust embedding for side-channel attacks with few traces. We demonstrate the advantage of our method in profiling attacks over power traces collected from AVR XMEGA and ARM STM32 microcontrollers using ChipWhisperer. Specffically, experimental results show that our method only needs as low as 250 training traces to train a classffier successfully recovering keys of unmasked AES on XMEGA (or STM32) while a Convolutional Neural Network needs at least 4,000 training traces in profiling attacks. In addition, we extend our method to non-profiling attacks with on-the-fly labeling. Experimental results suggest that our method can effectively recover keys of unmasked AES on XMEGA with only 525 unlabeled power traces in non-profiling attacks. Our method is also effective over power traces collected from masked AES and traces generated with random delay.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115037468","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CIFER: Code Integrity and control Flow verification for programs Executed on a RISC-V core","authors":"Anthony Zgheib, O. Potin, J. Rigaud, J. Dutertre","doi":"10.1109/HOST55118.2023.10133542","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133542","url":null,"abstract":"Fault Injection Attacks (FIA) are powerful threats that can modify the intended behavior of a program running on a processor. Control Flow Integrity (CFI) is used to check at runtime that a program’s execution path follows its corresponding Control Flow Graph (CFG) and is not altered by these attacks. Recent works have stated that developers do not sufficiently consider hardware specifications while designing software countermeasures. Moreover, most hardware and codesign CFI solutions do not cover the integrity of the processor microarchitecture. This paper presents CIFER, a Code Integrity and control Flow verification system for programs Executed on a RISC-V core. It ensures instruction execution in the core while checking the microarchitectural control signals. This is known as a Control Flow and Execution Integrity (CFEI) approach. Our solution is built upon the RISC-V Trace Encoder (TE) which provides information about the execution path of the user’s program. CIFER proposes an evolution of the TE standard and an analysis of the targeted core’s architecture to monitor the pipeline control signals. The average hardware area overheads of our solution range from 35.2% to 55%. Compared to existing CFI and CFEI countermeasures, CIFER presents no performance costs. It does not modify the RISC-V Instruction Set Architecture (ISA), the compilation process nor the user code.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123673658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Uprooting Trust: Learnings from an Unpatchable Hardware Root-of-Trust Vulnerability in Siemens S7-1500 PLCs","authors":"Yuanzhe Wu, Grant Skipper, Ang Cui","doi":"10.1109/HOST55118.2023.10133438","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133438","url":null,"abstract":"Over the past decade, low-cost hardware crypto-coprocessors have become an attractive solution for improving device security on embedded systems. Relying on dedicated components to offload security operations, however, presents unique challenges to overall system security. When implemented incorrectly, these components may be abused by adversaries to infiltrate Root-of-Trust (RoT) protections and compromise the greater system. Unlike software-based RoT, when a hardware-based RoT is found vulnerable to tampers there are few remedies to ‘patch’ or defend against attacks. This work presents a case study for addressing realworld security practices related to implementing hardware RoT for embedded systems via discrete co-processing components. Furthermore, we identify design fallacies, which we have encountered with increasing frequency in commercial embedded systems. Through this investigation, we provide practical mitigating solutions for integrating secure RoT peripherals for use on embedded hardware. Specifically, this assessment is conducted by uncovering novel vulnerabilities related to the discrete RoT implementation on the Siemens S7-1500 series Programmable Logic Controllers (PLCs). Our findings are cautionary evidence of how tlawed assumptions related to RoT implementation may allow malicious actors to spoof authentication credentials, re-encrypt firmware, and ultimately gain covert, privileged control over these devices without invasive or destructive practices.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127440392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Low-Latency Masking with Arbitrary Protection Order Based on Click Elements","authors":"M. Simoes, L. Bossuet, Nicolas Bruneau, Vincent Grosso, Patrick Haddad, Thomas Sarno","doi":"10.1109/HOST55118.2023.10133813","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133813","url":null,"abstract":"Masking is the main countermeasure against side-channel attacks due to its sound formal proof of security and the scalability of its protection parameters. However, effective masking increases the implementation complexity by requiring additional silicon area, random number generators and higher latency. Thus, reducing the masking implementation costs while conserving its robustness under side-channel attacks is a relevant branch of research in hardware security applications. Relying on the two-phase bundled-data protocol, this work presents a low-latency masking implementation with arbitrary protection order. In particular, we base our approach on the click elements to control the handshake logic, allowing us to implement asynchronous circuits using conventional synthesis tools. In this manner, we are able to obtain an effective single-cycle and protected implementation of the AES S-box requiring smaller silicon area and potentially lower power consumption compared to the state-of-the-art. Additionally, we detail the asynchronous design methodology that can be applied in different scenarios to improve the latency of secure hardware designs. Finally, we assess leakages to evaluate the robustness of our approach against side-channel attacks.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130289181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Low-Randomness First-Order Masked Xoodyak","authors":"Shuohang Peng, Bohan Yang, Shuying Yin, Hang Zhao, Cankun Zhao, Shaojun Wei, Leibo Liu","doi":"10.1109/HOST55118.2023.10133290","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133290","url":null,"abstract":"Xoodyak, a finalist in the Round 3 of the Lightweight Cryptography Standardization Process, is a compact and efficient lightweight cryptographic algorithm. Resistance to side-channel attacks is an important evaluation metric of this Process. In this work, we dedicatedly analyze and realize the domainoriented masking implementation of Xoodyak. We first perform a security evaluation for the domain-oriented masking in Xoodyak’s implementation. Moreover, we propose a randomness reduction technique for domain-oriented masking implementation of Xoodyak, where existing techniques are inapplicable. Finally, our protected design is implemented on FPGA and evaluated on ASIC. Potential side-channel leakage is evaluated using Test Vector Leakage Assessment. Results show that our implementation is compact, side-channel leakage-free, and only consumes 33% of the originally required randomness.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":" 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131978022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}