2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)最新文献

A new maskless debiasing method for lightweight physical unclonable functions 一种轻量级物理不可克隆函数的无掩模去偏新方法

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951812

Aydin Aysu, Ye Wang, P. Schaumont, M. Orshansky

{"title":"A new maskless debiasing method for lightweight physical unclonable functions","authors":"Aydin Aysu, Ye Wang, P. Schaumont, M. Orshansky","doi":"10.1109/HST.2017.7951812","DOIUrl":"https://doi.org/10.1109/HST.2017.7951812","url":null,"abstract":"An ideal Physical Unclonable Function produces a string of static random bits. Noise causes these bits to be unstable over subsequent readings and biases cause these bits to have a tendency towards a fixed value. Although the debiasing of random strings is a well-studied problem, the combined problem of noise and bias is unique to PUF design. This paper proposes a new lightweight noise-aware debiasing method superior to earlier techniques. The method is based on identifying an m-to-l encoding that compresses m-bit noisy and biased PUF outputs into l-bit strings which have a reduced combined effect of bias and noise. We describe a methodology for deriving an efficient encoding based on the bias and noise level of the input string. Notably, the method does not require intermediate storage or transmission of PUF-specific mask (debiasing helper) data for reconstruction. We test our method on PUFs with a range of bias and noise levels, and demonstrate its advantages over two debiasing approaches published at CHES 2015 which are based on XOR operation and Von Neumann corrector. The results quantify that the proposed method can achieve up to 76% reduction over the previous method in the number of PUF bits required to establish an authentication system with an error rate of one part in a million and a security level of 80-bits.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"216 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114677215","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 19

When good protections go bad: Exploiting anti-DoS measures to accelerate rowhammer attacks 当好的保护失效时:利用反dos措施加速恶意攻击

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951730

Misiker Tadesse Aga, Zelalem Birhanu Aweke, T. Austin

{"title":"When good protections go bad: Exploiting anti-DoS measures to accelerate rowhammer attacks","authors":"Misiker Tadesse Aga, Zelalem Birhanu Aweke, T. Austin","doi":"10.1109/HST.2017.7951730","DOIUrl":"https://doi.org/10.1109/HST.2017.7951730","url":null,"abstract":"The rowhammer vulnerability, where repeated accesses to a DRAM row can speed the discharge of neighboring bits, has emerged as a significant security concern in the computing industry. To address the problem, computer and software vendors have: i) doubled DRAM refresh rates, ii) restricted access to virtual-to-physical page mappings, and iii) disabled access to cache-flush operations in sandboxed environments. While recent efforts have shown how to overcome each of these protections individually, machines today are protected from rowhammer attacks if they employ all three of these protections simultaneously. In this paper, we demonstrate the first rowhammer attack that overcomes all three of these protections when used in tandem. Our attack is a virtual-memory based cache-flush free attack that is sufficiently fast to rowhammer with double rate refresh. The most astonishing aspect of our attack is that it is enabled by the recently introduced Cache Allocation Technology, a mechanism designed in part to protect virtual machines from inter-VM denial-of-service attacks. The subtext of this paper asks the question: “Is there any hope for system security, when the protections for one attack enable yet another?” We claim that the solution to this conundrum lies in the approach taken to protecting systems. Adopting a subtractive approach to secure systems, in contrast to additive measures, could go a long way toward building provably secure systems.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116958785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 40

Fabrication security and trust of domain-specific ASIC processors 特定领域ASIC处理器的制造安全性和信任度

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951816

M. Vai, K. Gettings, T. Lyszczarz

{"title":"Fabrication security and trust of domain-specific ASIC processors","authors":"M. Vai, K. Gettings, T. Lyszczarz","doi":"10.1109/HST.2017.7951816","DOIUrl":"https://doi.org/10.1109/HST.2017.7951816","url":null,"abstract":"Application specific integrated circuits (ASICs) are commonly used to implement high-performance signal-processing systems for high-volume applications, but their high development costs and inflexible nature make ASICs inappropriate for algorithm development and low-volume DoD applications. In addition, the intellectual property (IP) embedded in the ASIC is at risk when fabricated in an untrusted foundry. Lincoln Laboratory has developed a flexible signal-processing architecture to implement a wide range of algorithms within one application domain, for example radar signal processing. In this design methodology, common signal processing kernels such as digital filters, fast Fourier transforms (FFTs), and matrix transformations are implemented as optimized modules, which are interconnected by a programmable wiring fabric that is similar to the interconnect in a field programmable gate array (FPGA). One or more programmable microcontrollers are also embedded in the fabric to sequence the operations. This design methodology, which has been termed a coarse-grained FPGA, has been shown to achieve a near ASIC level of performance. In addition, since the signal processing algorithms are expressed in firmware that is loaded at runtime, the important application details are protected from an unscrupulous foundry.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127507765","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Creating security primitive by nanoscale manipulation of carbon nanotubes 通过碳纳米管的纳米级操作创建安全原语

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951733

Zhaoying Hu, Shu-Jen Han

{"title":"Creating security primitive by nanoscale manipulation of carbon nanotubes","authors":"Zhaoying Hu, Shu-Jen Han","doi":"10.1109/HST.2017.7951733","DOIUrl":"https://doi.org/10.1109/HST.2017.7951733","url":null,"abstract":"Developing novel security devices using nanotechnology has emerged as a promising new area since they offer higher reliability, small form factor, and anti-tampering features. Single-walled carbon nanotube (CNT) is promising to replace silicon as the future transistor channel material due to its superb electrical properties and intrinsic ultrathin body. However, several imperfections of this nanomaterial such as the presence of metallic CNTs and imprecise assembly remain to be overcome to realize high-performance electronics. Here we show that by actually utilizing these inherent imperfections, an unclonable electronic random structure can be constructed at very low cost. Two-dimensional random bits array with over 2000 bits were fabricated by the ion-exchange chemistry method to assemble nanotubes into patterned HfO2 trenches, with the optimized trench width that maximizes the entropy. The low temperature, substrate agnostic processes during fabrication make CNT based crypto primitive an ideal technology for monolithic integration with both silicon and future non-silicon chips for on-chip key generation and authentication.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132317752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Analyzing security vulnerabilities of three-dimensional integrated circuits 三维集成电路安全漏洞分析

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951820

Jaya Dofe, Qiaoyan Yu

引用次数: 0

Exploiting safe error based leakage of RFID authentication protocol using hardware Trojan horse 利用硬件木马开发基于安全错误的RFID认证协议泄漏

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951831

Krishna Bagadia, Urbi Chatterjee, Debapriya Basu Roy, Debdeep Mukhopadhyay, R. Chakraborty

{"title":"Exploiting safe error based leakage of RFID authentication protocol using hardware Trojan horse","authors":"Krishna Bagadia, Urbi Chatterjee, Debapriya Basu Roy, Debdeep Mukhopadhyay, R. Chakraborty","doi":"10.1109/HST.2017.7951831","DOIUrl":"https://doi.org/10.1109/HST.2017.7951831","url":null,"abstract":"Radio-Frequency Identification tags are used for several applications requiring authentication mechanisms, which if subverted can lead to dire consequences. Many of these devices are based on low-cost Integrated Circuits which are designed in off-shore fabrication facilities, raising concerns about their trust. Recently, a lightweight entity authentication protocol called LCMQ was proposed, which is based on Learning Parity with Noise, Circulant Matrix, and Multivariate Quadratic problems. This protocol was proven to be secure against Man-in-the-middle attack and cipher-text only attacks. In this paper, we show that in the standard setting, although the authentication uses two m bit keys, Ki and K2, knowledge of only K2 is sufficient to forge the authentication. Based on this observation, we design a stealthy malicious modification to the circuitry based on the idea of Safe-Errors to leak K2 which can be henceforth used to forge the entire authentication mechanism. We develop an extremely lightweight Field Programmable Gate Array prototype of the design. The malicious modification is implemented using only four Lookup Tables which leads to insignificant increase in the power, time and slice registers overhead.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"393 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126747893","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

A stochastic all-digital weak physically unclonable function for analog/mixed-signal applications 模拟/混合信号应用的随机全数字弱物理不可克隆函数

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951813

Troy Bryant, Sreeja Chowdhury, Domenic Forte, M. Tehranipoor, N. Maghari

{"title":"A stochastic all-digital weak physically unclonable function for analog/mixed-signal applications","authors":"Troy Bryant, Sreeja Chowdhury, Domenic Forte, M. Tehranipoor, N. Maghari","doi":"10.1109/HST.2017.7951813","DOIUrl":"https://doi.org/10.1109/HST.2017.7951813","url":null,"abstract":"Physically Unclonable Functions (PUFs) are a promising security technique which utilize the random process variation in silicon fabrication in order to create unique identifiers and other security features that are impossible to recreate exactly. This paper builds upon and evaluates a weak PUF which employs dynamic latched comparators and their random input offset voltages to create a chip-specific identifier. The proposed PUF can be used in analog/mixed-signal (AMS) chips due to the analog characteristics of the comparators employed. Because comparators are a fundamental block in AMS applications, the proposed PUF can reuse comparators in an AMS chip to generate unique identifiers with minimal hardware overhead. Additionally, the comparators tested in this work can be created with digital components, making this PUF suitable for use in digital chips as well. The proposed PUF is fabricated using a 0.13 μm CMOS process. Measurements show that the PUF achieves a normalized intra-Hamming Distance (HD) of less than 0.15% and 0.96% across 0°C–80°C and 0.8V–1.4 V, respectively. The normalized inter-HD is 48.5% for a 64-bit PUF output key. The power consumption of the PUF is 1.5 nJ/bit with a throughput of 4Mb/s.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126864059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 5

INFECT: INconspicuous FEC-based Trojan: A hardware attack on an 802.11a/g wireless network 感染:不显眼的基于fec的木马:对802.11a/g无线网络的硬件攻击

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951804

K. S. Subramani, A. Antonopoulos, A. Abotabl, Aria Nosratinia, Y. Makris

{"title":"INFECT: INconspicuous FEC-based Trojan: A hardware attack on an 802.11a/g wireless network","authors":"K. S. Subramani, A. Antonopoulos, A. Abotabl, Aria Nosratinia, Y. Makris","doi":"10.1109/HST.2017.7951804","DOIUrl":"https://doi.org/10.1109/HST.2017.7951804","url":null,"abstract":"We discuss the threat that hardware Trojans (HTs) impose on wireless networks, along with possible remedies for mitigating the risk. We first present an HT attack on an 802.11a/g transmitter (TX), which exploits Forward Error Correction (FEC) encoding. While FEC seeks to protect the transmitted signal against channel noise, it often offers more protection than needed by the actual channel. This margin is precisely where our HT finds room to stage an attack. We, then, introduce a Trojan-agnostic method which can be applied at the receiver (RX) to detect such attacks. This method monitors the noise distribution, to identify systematic inconsistencies which may be caused by an HT. Lastly, we describe a Wireless open-Access Research Platform (WARP) based experimental setup to investigate the feasibility and effectiveness of the proposed attack and defense. More specifically, we evaluate (i) the ability of a rogue RX to extract the leaked information, while an unsuspecting, legitimate RX accurately recovers the original message and remains oblivious to the attack, and (ii) the ability of channel noise profiling to detect the presence of the HT.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120886683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 11

AppSAT: Approximately deobfuscating integrated circuits AppSAT:近似去混淆集成电路

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951805

Kaveh Shamsi, Meng Li, Travis Meade, Zheng Zhao, D. Pan, Yier Jin

{"title":"AppSAT: Approximately deobfuscating integrated circuits","authors":"Kaveh Shamsi, Meng Li, Travis Meade, Zheng Zhao, D. Pan, Yier Jin","doi":"10.1109/HST.2017.7951805","DOIUrl":"https://doi.org/10.1109/HST.2017.7951805","url":null,"abstract":"In today's diversified semiconductor supply-chain, protecting intellectual property (IP) and maintaining manufacturing integrity are important concerns. Circuit obfuscation techniques such as logic encryption and IC camouflaging can potentially defend against a majority of supply-chain threats such as stealthy malicious design modification, IP theft, overproduction, and cloning. Recently, a Boolean Satisfiability (SAT) based attack, namely the SAT attack has been able to deobfuscate almost all traditional circuit obfuscation schemes, and as a result, a number of defense solutions have been proposed in literature. All these defenses are based on the implicit assumption that the attacker needs a perfect deobfuscation accuracy which may not be true in many practical cases. Therefore, in this paper by relaxing the exactness constraint on deobfuscation, we propose the AppSAT attack, an approximate deobfuscation algorithm based on the SAT attack and random testing. We show how the AppSAT attack can deobfuscate 68 out of the 71 benchmark circuits that were obfuscated with state-of-the-art SAT attack defenses with an accuracy of, n being the number of inputs. AppSAT shows that with current SAT attack defenses there will be a trade-off between exact-attack resiliency and approximation resiliency.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115337751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 235

Platform agnostic, scalable, and unobtrusive FPGA network processor design of moving target defense over IPv6 (MT6D) over IEEE 802.3 Ethernet 基于ieee802.3以太网的MT6D移动目标防御的FPGA网络处理器设计，与平台无关，可扩展且不显眼

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951829

Joseph Sagisi, J. Tront, R. Marchany

{"title":"Platform agnostic, scalable, and unobtrusive FPGA network processor design of moving target defense over IPv6 (MT6D) over IEEE 802.3 Ethernet","authors":"Joseph Sagisi, J. Tront, R. Marchany","doi":"10.1109/HST.2017.7951829","DOIUrl":"https://doi.org/10.1109/HST.2017.7951829","url":null,"abstract":"This work presents the proof of concept implementation for the first hardware-based design of Moving Target Defense over IPv6 (MT6D) in full Register Transfer Level (RTL) logic, with future sights on an embedded Application-Specified Integrated Circuit (ASIC) implementation. Contributions are an IEEE 802.3 Ethernet stream-based in-line network packet processor with a specialized Complex Instruction Set Computer (CISC) instruction set architecture, RTL-based Network Time Protocol v4 synchronization, and a modular crypto engine. Traditional static network addressing allows attackers the incredible advantage of taking time to plan and execute attacks against a network. To counter, MT6D provides a network host obfuscation technique that offers network-based keyed access to specific hosts without altering existing network infrastructure and is an excellent technique for protecting the Internet of Things, IPv6 over Low Power Wireless Personal Area Networks, and high value globally routable IPv6 interfaces. This is done by crypto-graphically altering IPv6 network addresses every few seconds in a synchronous manner at all endpoints. A border gateway device can be used to intercept select packets to unobtrusively perform this action. Software driven implementations have posed many challenges, namely, constant code maintenance to remain compliant with all library and kernel dependencies, the need for a host computing platform, and less than optimal throughput. This work seeks to overcome these challenges in a lightweight system to be developed for practical wide deployment.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129869540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1