2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)最新文献

{"title":"A Novel Cross-Platform Physically Unclonable Function for Emerging FPGA-based IoT Devices","authors":"Dipnarayan Das, Sourav Roy, Mahabub Hasan Mahalat, B. Sen","doi":"10.1109/AsianHOST56390.2022.10022185","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022185","url":null,"abstract":"Physically Unclonable Function (PUF) has been proven as a promising hardware-specific security primitive. The physical structure of PUF is considered to be easy to manufacture but hard to replicate due to intrinsic physical variation of silicon. Nevertheless, FPGA-based PUFs are still mostly infancy from the perspective of technology adoption due to platform dependence properties in the PUF design. In this context, this paper presents a novel platform-independent FPGA-based PUF architecture that eliminates the requirement of placement constraints in delay-based PUF implementation. Additionally, the proposed Cross-Platform RO (CPRO) PUF design need not be validated after implementation in new FPGA families, making it more promising for technology transfer. The design has been implemented and tested in Xilinx FPGA families of 90 nm, 45 nm, and 28 nm technology. In contrast to earlier findings, it is observable that the proposed PUF is highly flexible, leveraging a lower footprint. Experimental results show a close to the ideal performance of the implementation while keeping the desired security intact.","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123769771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"gr-tempest: an open-source GNU Radio implementation of TEMPEST","authors":"Federico Larroca, Pablo Bertrand, Felipe Carrau, Victoria Severi","doi":"10.1109/AsianHOST56390.2022.10022149","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022149","url":null,"abstract":"Like all time-varying voltage and current, a video interface connecting a PC to its monitor emits electromagnetic waves. The attack commonly known as TEMPEST (or Van Eck Phreaking) consists in receiving this signal and inferring the image being displayed on the monitor; that is to say, pointing an antenna to a PC and spying the monitor. This is a particularly interesting application for Software Defined Radio (SDR), as it requires modeling the signal and implementing a custom receiver. However, and although the first public demonstrations date back to the mid-80s by Wim Van Eck, no open-source implementation was available until Martin Marinov's TempestSDR was published in 2014. TempestSDR consists of a module written in C that takes care of the signal processing, plug-ins for various models of SDR hardware, and a Java-based GUI. This results in a multi-platform software that, although functional, it is difficult to extend or tweak. For instance, new plug-ins have to be written for new SDR hardware, or including filters or other DSP blocks in the signal's flow is not straightforward at all. To remedy this we developed gr-tempest, an open-source GNU Radio-based implementation of TEMPEST (available at https://github.com/git-artes/gr-tempest). This is an on-going project whose objective is to enable simpler experimentation by taking advantage of GNU Radio's functionalities and support. We describe the mathematical principles behind the TEMPEST attack and present how grtempest works. Furthermore, we show several real-world examples including both VGA and HDMI, and the fundamental differences between both types of signals. Finally, some of the advantages of using GNU Radio's framework are showcased by introducing modifications to the DSP chain that allows significant improvements of the resulting image with respect to the original method used in TempestSDR.","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126202780","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Machine Learning Based Automatic Hardware Trojan Attack Space Exploration and Benchmarking Framework","authors":"Jonathan Cruz, Pravin Gaikwad, Abhishek Nair, Prabuddha Chakraborty, S. Bhunia","doi":"10.1109/AsianHOST56390.2022.10022234","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022234","url":null,"abstract":"Due to the current horizontal business model that promotes increasing reliance on untrusted third-party Intellectual Properties (IPs), Computer-Aided-Design (CAD) tools, and design facilities, hidden malicious functionalities, also known as hardware Trojan attacks, have become a serious threat to the semiconductor industry. Development of effective countermeasures against hardware Trojan attacks require: (1) fast and reliable exploration of the viable Trojan attack space for a given design and (2) a suite of high-quality Trojan-inserted benchmarks that meet specific standards. The latter has become essential for the development and evaluation of design/verification solutions to achieve quantifiable assurance against Trojan attacks. While existing static benchmarks provide a baseline for comparing different countermeasures, they only enumerate a limited number of hand-crafted Trojans from the complete Trojan design space. To accomplish these dual objectives, in this paper, we present MIMIC, a novel machine learning guided framework for automatic Trojan insertion, which can create a large and targeted population of valid Trojans for a given design by mimicking the properties of a small set of known Trojans. While there exist tools to automatically insert Trojan instances using fixed Trojan templates, they cannot analyze known Trojan attacks for creating new instances that accurately capture the threat model. MIMIC works in two major steps: (1) it analyzes structural and functional features of existing Trojan populations in a multi-dimensional space to train machine learning models and generate a large number of “virtual Trojans” of the given design, (2) next, it binds them into the design by matching their functional/structural properties with suitable nets of the internal logic structure. We have developed a complete tool flow for MIMIC, evaluated the framework, and quantified its effectiveness to demonstrate highly promising results.","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129779035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Incremental Linear Regression Attack","authors":"Juncheng Chen, Jun-Sheng Ng, Nay Aung Kyaw, Zhili Zou, Kwen-Siong Chong, Zhiping Lin, B. Gwee","doi":"10.1109/AsianHOST56390.2022.10022167","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022167","url":null,"abstract":"Linear Regression Attack (LRA) is an effective Side-Channel Analysis (SCA) distinguisher designed to overcome the inaccuracies in leakage models (e.g, Hamming Weight). However, the implementation of the original LRA (termed as baseline LRA) involves many matrix arithmetic operations. The sizes of these matrices are determined by the scale of the Physical Leakage Information (PLI) traces. When processing large-scale PLI traces, extremely high memory capacity is required to execute the baseline LRA. In this paper, we propose a new implementation of LRA coined as incremental LRA. Theoretically, we reformulate the process of baseline LRA to break down the large dataset and process smaller batches of the dataset iteratively. Experimentally, we first validate that our proposed incremental LRA provides flexible choice of batch size and enables a progressive increase on the PLI traces to present attack results incrementally. Second, our proposed incremental LRA reduces execution memory and time significantly as compared to the baseline LRA. We demonstrate that the best execution performance of our incremental LRA requires only 0.65% of memory requirement (154x smaller) and takes only 3.37% of the processing time (30x speed-up) of the baseline LRA while attacking the same amount of traces.","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130227203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the Limitations of Logic Locking the Approximate Circuits","authors":"Kartik Nayak, Devanshi Upadhyaya, F. Regazzoni, I. Polian","doi":"10.1109/AsianHOST56390.2022.10022175","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022175","url":null,"abstract":"Approximate Computing (AxC) is an emerging architectural paradigm, which promises improvements in area, performance or power consumption at the expense of limited and tolerable inaccuracies of computations. Circuits designed in typical AxC-friendly applications, such as neural network accelerators, visual computing and high-bandwidth communication, are vulnerable to supply-chain attacks. In this paper, we investigate logic locking-a protective technique against counterfeiting and overbuilding-in the context of AxC arithmetic primitives. We discuss a threat model that can hinder the adoption of logic locking on AxC based ICs. We show that modern SAT-resilient locking techniques are unsuitable for approximate circuits because of the low output corruption problem. Moreover, we explore the resistance of logic locking against an attacker who managed to obtain a subset of the correct locking key's bits. We show that an incorrectly unlocked circuit can still produce acceptable results, experimentally verifying this both at the level of primitives (adders and multipliers) and in a full application (neural network inference with approximate multiply-accumulate units).","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133993854","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Lightweight M_TRNG Design based on MUX Cell Entropy using Multiphase Sampling","authors":"Liang Yao, Huaguo Liang, Hong Zhang, Tianming Ni, Maoxiang Yi, Yingchun Lu","doi":"10.1109/AsianHOST56390.2022.10022099","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022099","url":null,"abstract":"True Random Number Generator (TRNG) is built on hardware-based non-deterministic noise for generating keys, initialization vectors, and random numbers in a variety of applications requiring cryptographic protection. In this paper, through the research of frequency jitter mechanism, a true random number generator based on multi-phase sampling of MUX unit is proposed. The scheme is based on the “soft macro” design of the MUX unit, which replaces the traditional look-up table entropy scheme. It completes high-precision jitter sampling on the basis of ensuring the fairness of the TRNG entropy source, and can be well transplanted to a series of FPGAs. The proposed TRNG is verified on three FPGAs of Xilinx Virtex-6, Artix-7 and Virtex-7. The experimental results show that the generated random sequences are of good quality, passing the NIST SP800-22 tests with higher p-value and passing NIST SP 800-90B tests with higher minimum entropy, while achieving 100Mbps throughput. It is worth mentioning that the resource overhead consumed by the proposed TRNG is small and single, only consuming 4 MUX units, 4 DFFs and one LUT unit, which has a good application prospect.","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125832782","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MRCO: A Multi-ring Convergence Oscillator-based High-Efficiency True Random Number Generator","authors":"Tianming Ni, Qingsong Peng, Jingchang Bian, Liang Yao, Zhengfeng Huang, Aibin Yan, X. Wen","doi":"10.1109/AsianHOST56390.2022.10022291","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022291","url":null,"abstract":"The entropy source structure with embedded XOR gates in a ring oscillator (RO) as a true random number generator (TRNG) can improve the speed of accumulating jitter in the oscillator. However, the XOR gate has a certain response time to the input change, and when the potential at the input flips too fast, the XOR gate will output short pulses. In this paper, we propose a TRNG design based on a multi-ring convergence oscillator (MRCO) making use of the characteristics of short pulses propagating in the circuit. We study the effect of jitter on the output of the XOR gate when the XOR gate has high-speed changing inputs. Excessively small short pulses will be eliminated in the circuit and suppresses the accumulation of jitter in the oscillator. Our proposed TRNG cleverly avoids the concatenation of the short pulses with the inverter so that the short pulses are only input to the XOR gate, affecting the oscillation of the circuit by interfering with the change of the XOR gate output by another input change. The proposed TRNG design is implemented in Xilinx Virtex-6 FPGA, making it comparable to the state-of-the-art TRNG also implemented on FPGAs. The results show that this TRNG has the highest ratio of throughput rate to hardware resources. The generated random sequence pass both NIST SP800-22 test and NIST SP800-90B test.","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131443387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Structural and SAT Analysis of SANSCrypt","authors":"James Geist, Shaojie Zhang, Yier Jin, Travis Meade","doi":"10.1109/AsianHOST56390.2022.10022024","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022024","url":null,"abstract":"As IP theft remains an important problem, and attacks against logic locking mechanisms are becoming more sophisticated, the complexity of proposed encryption schemes are also becoming more complex. One goal of adding complexity is to increase the required time to perform an attack by forcing the required SAT problems to become so unwieldy, or require so many individual solves, that it is infeasible to break the encryption in reasonable time. In this paper, by discussing an attack against one such scheme, we demonstrate a combination of structural and SAT instances can break a design.","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123214297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Novel Machine Learning Attack Resistant APUF with Dual-Edge Acquisition","authors":"Hui Li, Gang Li, Pengjun Wang, Xilong Shao","doi":"10.1109/AsianHOST56390.2022.10022247","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022247","url":null,"abstract":"This paper presents a novel arbiter Physical Unclonable Function (APUF) to overcome the shortcomings of traditional arbiter PUF, such as high hardware cost, low utilization of entropy source and weak anti-attack ability. By shorting the CMOS gate-source, a novel dual-edge acquisition switching component with a full-custom area of 4.292 µm2 is designed to reduce the PUF area and to enhance the deviation-delay time as well as the resistance to machine learning attack. The proposed PUF was full-custom designed in TSMC 65nm CMOS process. Post-layout simulations results show that the proposed PUF has excellent properties of uniqueness, independence and randomness. Specifically, the inter-Puf Hamming Distance at the rising edge, falling edge and between the two edges are 49.863 %, 49.793%, and 50.166% respectively. The PUF output probability of producing “1” at the rising edge (falling edge) is 50.15% (50.03 %). In addition, the attack prediction under 5K training sets at the rising edge (falling edge) is only 50.62% (50.53%) indicating an good resistance to machine learning attack.","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124895406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analysis of Hardware Trojan Resilience Enabled through Logic Locking","authors":"Jonathan Cruz, Pravin Gaikwad, S. Bhunia","doi":"10.1109/AsianHOST56390.2022.10022237","DOIUrl":"https://doi.org/10.1109/AsianHOST56390.2022.10022237","url":null,"abstract":"Emerging threats to hardware Intellectual Property (IP) confidentiality due to the horizontal business model have come in the form of piracy, reverse engineering, and extraction of design secrets. These threats have led to the development of promising IP protection solutions, which include logic locking and hardware obfuscation. While logic locking has been mainly developed for protecting confidentiality of hardware IPs, it may also provide other security benefits that extend beyond IP theft and into defending design integrity against malicious design modifications, referred to as hardware Trojan attacks. Hardware Trojan attacks are realized through insertion of stealthy malicious logic in a design, often activated under rare conditions, so as to evade detection. Existing countermeasures against Trojan attacks primarily focus on detection of an attack through targeted verification approach or its prevention through design solutions. In this paper, we present an investigation on the role of state-of-the-art logic locking methods for protecting against hardware Trojan attacks. We discuss beneficial attributes of logic locking that can contribute to Trojan prevention and significant reduction in its efficacy. We introduce metrics to describe and quantify these phenomena. Through extensive experimental validation and practical Trojan insertion, we show that on average effective logic locking can offer around 87% reduction in Trojan activation success and around 1000x increase in Trojan activation probability of those successfully inserted.","PeriodicalId":207435,"journal":{"name":"2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)","volume":"128 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130361497","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}