Security Against Hardware Trojan Attacks Using Key-Based Design Obfuscation

Malicious modification of hardware in untrusted fabrication facilities, referred to as hardware Trojan, has emerged as a major security concern. Comprehensive detection of these Trojans during post-manufacturing test has been shown to be extremely difficult. Hence, it is important to develop design techniques that provide effective countermeasures against hardware Trojans by either preventing Trojan attacks or facilitating detection during test. Obfuscation is a technique that is conventionally employed to prevent piracy of software and hardware intellectual property (IP). In this work, we propose a novel application of key-based circuit structure and functionality obfuscation to achieve protection against hardware Trojans triggered by rare internal circuit conditions. The proposed obfuscation scheme is based on judicious modification of the state transition function, which creates two distinct functional modes: normal and obfuscated. A circuit transitions from the obfuscated to the normal mode only upon application of a specific input sequence, which defines the key. We show that it provides security against Trojan attacks in two ways: (1) it makes some inserted Trojans benign, i.e. they become effective only in the obfuscated mode; and (2) it prevents an adversary from exploiting the true rare events in a circuit to insert hard-to-detect Trojans. The proposed design methodology can thus achieve simultaneous protection from hardware Trojans and hardware IP piracy. Besides protecting ICs against Trojan attacks in foundry, we show that it can also protect against malicious modifications by untrusted computer-aided design (CAD) tools in both SoC and FPGA design flows. Simulation results for a set of benchmark circuits show that the scheme is capable of achieving high levels of security against Trojan attacks at modest area, power and delay overhead.     

基于状态映射的AES算法硬件混淆设计

代码混淆利用系统自身逻辑来保护内部重要信息和关键算法,常用于软件代码的安全防护,确保开发者和用户的利益。如何在硬件电路上实现混淆、保护硬件IP核的知识产权,也是亟待解决的问题。该文通过对硬件混淆和AES算法的研究,提出一种基于状态映射的AES算法硬件混淆方案。该方案首先利用冗余和黑洞两种状态相结合的状态映射方式,实现有限状态机的混淆;然后,采用比特翻转的方法,实现组合逻辑电路的混淆;最后,在SMIC 65 nm CMOS工艺下设计基于状态映射的AES算法硬件混淆电路,并采用Toggle、数据相关性和代码覆盖率等评价硬件混淆的效率和有效性。实验结果表明,基于状态映射的AES算法硬件混淆电路面积和功耗分别增加9%和16%,代码覆盖率达到93%以上。     

基于正交混淆的多硬件IP核安全防护设计

为了解决集成电路设计中多方合作的成员信息泄漏问题,该文提出一种基于正交混淆的多硬件IP核安全防护方案。该方案首先利用正交混淆矩阵产生正交密钥数据,结合硬件特征的物理不可克隆函数(PUF)电路,产生多硬件IP核的混淆密钥;然后,在正交混淆状态机的基础上,实现多硬件IP核的正交混淆安全防护算法;最后,利用ISCAS-85基准电路和密码算法,验证正交混淆方法的有效性。在台湾积体电路制造股份有限公司(TSMC) 65 nm工艺下测试正交混淆的多硬件IP核方案,正确密钥和错误密钥下的Toggle翻转率小于5%,在较大规模的测试电路中面积和功耗开销占比小于2%。实验结果表明,采用正交混淆的方式能够提高多硬件IP核的安全性,可以有效防御成员信息泄漏、状态翻转率分析等攻击。     

基于多级协同混淆的硬件IP核安全防护设计

传统硬件混淆从物理级、逻辑级、行为级等进行单层次混淆,没有发挥多级协同优势,存在安全隐患。该文通过对物理版图、电路逻辑和状态跳变行为的关系研究,提出多级协同混淆的硬件IP核防护方法。该方案首先在自下而上协同混淆中,采用虚拟孔设计版图级伪装门的方式进行物理-逻辑级混淆,采用过孔型物理不可克隆函数(PUF)控制状态跳变的方式实现物理-行为级混淆;然后,在自上而下协同混淆中,利用密钥控制密钥门进行行为-逻辑级混淆,利用并行-支路混淆线的方法完成行为-物理级混淆;最后提出混淆电路在网表的替换机制,设计物理-逻辑-行为的3级协同混淆,实现多级协同混淆的IP核安全防护。ISCAS-89基准电路测试结果表明,在TSMC 65 nm工艺下,多级协同混淆IP核在较大规模测试电路中的面积开销占比平均为11.7%,功耗开销占比平均为5.1%,正确密钥和错误密钥下的寄存器翻转差异低于10%,所提混淆方案可有效抵御暴力攻击、逆向工程、SAT等攻击。     

HHT-Based Security Enhancement Approach with Low Overhead for Coding-Based Reprogramming Protocols in Wireless Sensor Networks

Coding-based reprogramming protocols can effectively and remotely disseminate a new code image to all sensor nodes via wireless channels in wireless sensor networks. However, security service is crucial to these protocols when sensor nodes are deployed in adversarial environments. Existing security schemes can resist Pollution Attack, but the overheads are excessive. In this paper, a security enhancement approach with low overhead based on Hierarchical Hash Tree is proposed to enhance the security of the protocols. Our scheme is composed of two layers of Merkle Tree based on the ideas of hierarchy and aggregation. Then, the security of proposed approach is proven and the overheads of that are analyzed. Furthermore, our scheme is used to implement page authentication of Sreluge protocol, which is a representative reprogramming protocol based on random linear codes. Experimental results show that our scheme can cut authentication overhead by at least 43 % that of Merkle Tree and other overheads have been reduced markedly with the size of code image growing.     

SecureDL: A privacy preserving deep learning model for image recognition over cloud

The key benefits of cloud services such as low cost, access flexibility, and mobility have attracted worldwide users to utilize deep learning algorithms for computer vision. These cloud servers are maintained by third parties, where users are always concerned about sharing their confidential data with them. In this paper, we addressed these concerns for by developing SecureDL, a privacy-preserving image recognition model for encrypted data over cloud. The proposed block-based image encryption scheme is well designed to protect image’s visual information. The scheme constitutes an order-preserving permutation ordered binary number system and pseudo-random matrices. The proposed method is proved to be secure in a probabilistic viewpoint, and using various cryptographic attacks. Experiments are conducted over several image recognition datasets, and the trade-off analytics between the achieved recognition accuracy and data encryption is well described. SecureDL overcomes the storage and computational overheads that occur with fully-homomorphic and multi-party computation based secure recognition schemes.     

Tracing cyber attacks from the practical perspective

The integrity of the Internet is severely impaired by rampant denial of service and distributed DoS attacks. It is by no means trivial to devise a countermeasure to address these attacks because of their anonymous and distributed nature. This article presents a brief survey of the most promising recently proposed schemes for tracing cyber attacks: IP traceback. Since IP traceback technology is evolving rapidly, for the community to better comprehend and capture the properties of disparate traceback approaches, we first classify these schemes from multiple aspects. From the perspective of practicality and feasibility, we then analyze and explore the advantages and disadvantages of these schemes in depth so that shortcomings and possible enhancements of each scheme are highlighted. Finally, open problems and future work are discussed, and concluding remarks are drawn.     

Design Methodology and Validity Verification for a Reactive Countermeasure Against EM Attacks

This paper presents a standard-cell-based semiautomatic design methodology for a new conceptual countermeasure against electromagnetic (EM) analysis and fault-injection attacks. The countermeasure, called the EM attack sensor, utilizes LC oscillators that react to variations in the EM field around a cryptographic LSI caused by a microprobe brought near the LSI. A dual-coil sensor architecture with digital calibration based on lookup table programming can prevent various microprobe-based EM attacks that cannot be thwarted by conventional countermeasures. All components of the sensor core are semiautomatically designed by standard electronic design automation tools with a fully digital standard cell library and hence minimum design cost. This sensor can therefore be scaled together with the cryptographic LSI to be protected. The sensor prototype is designed based on the proposed methodology together with a 128-bit-key composite AES processor in 0.18-\(\upmu \hbox {m}\) CMOS with overheads of only 2 % in area, 9 % in power, and 0.2 % in performance, respectively. The countermeasure has been validated against a variety of EM attack scenarios. In particular, some further experimental results are shown for a detailed discussion.     

Efficient and secure business model for content centric network using elliptic curve cryptography

Initially, Internet has evolved as a resource sharing model where resources are identified by IP addresses. However, with rapid technological advancement, resources/hardware has become cheap and thus, the need of sharing hardware over Internet is reduced. Moreover, people are using Internet mainly for information exchange and hence, Internet has gradually shifted from resource sharing to information sharing model. To meet the recent growing demand of information exchange, Content Centric Network (CCN) is envisaged as a clean‐slate future network architecture which is specially destined for smooth content distribution over Internet. In CCN, content is easily made available using network caching mechanism which is misaligned with the existing business policy of content providers/publishers in IP‐based Internet. Hence, the transition from contemporary IP‐based Internet to CCN demands attention for redesigning the business policy of the content publishers/providers. In this paper, we have proposed efficient and secure communication protocols for flexible CCN business model to protect the existing business policies of the content publisher while maintaining the salient CCN features like in‐network content caching and Interest packet aggregation. To enhance the efficiency and security, the Elliptic Curve Cryptography (ECC) is used. The proposed ECC‐based scheme is analyzed to show that it is resilient to relevant existing cryptographic attacks. The performance analysis in terms of less computation and communication overheads and increased efficiency is given. Moreover, a formal security verification of the proposed scheme is done using widely used AVISPA simulator and BAN logic that shows our scheme is well secured.     

Delay‐aware privacy‐preserving location‐based services under spatiotemporal constraints

The ubiquitous use of location‐based services (LBS) through smart devices produces massive amounts of location data. An attacker, with an access to such data, can reveal sensitive information about users. In this paper, we study location inference attacks based on the probability distribution of historical location data, travel time information between locations using knowledge of a map, and short and long‐term observation of privacy‐preserving queries. We show that existing privacy‐preserving approaches are vulnerable to such attacks. In this context, we propose a novel location privacy‐preserving approach, called KLAP, based on the three fundamental obfuscation requirements: minimum k ‐locations, l ‐diversity, and privacy a rea p reservation. KLAP adopts a personalized privacy preference for sporadic, frequent, and continuous LBS use cases. Specifically, it generates a secure concealing region (CR) to obfuscate the user's location and directs that CR to the service provider. The main contribution of this work is twofold. First, a CR pruning technique is devised to establish a balance between privacy and delay in LBS usage. Second, a new attack model called a long‐term obfuscated location tracking attack, and its countermeasure is proposed and evaluated both theoretically and empirically. We assess KLAP with two real‐world datasets. Experimental results show that it can achieve better privacy, reduced delay, and lower communication costs than existing state‐of‐the‐art methods.     

Predistribution and local collaboration-based group rekeying for wireless sensor networks

When a sensor network is deployed in a hostile environment, an adversary may launch such attacks as eavesdropping the communications and compromising sensor nodes. Using the compromised nodes, he may inject false sensing reports or modify the reports sent by other nodes. To defend against these attacks, researchers have proposed symmetric group key-based schemes. In these schemes, however, if a large number of nodes are compromised, many (sub)group keys will be revealed. This greatly endangers the filtering schemes, making them very ineffective or even useless. To address this problem, we propose a family of predistribution and local collaboration-based group rekeying (PCGR) schemes, which update the compromised group keys to prevent the compromised nodes from understanding the communications between noncompromised nodes or injecting false data. These schemes are designed based on a simple while controversial idea – preload future group keys into sensor nodes before their deployment. To protect the preloaded keys from being disclosed by compromised nodes, we propose a novel technique that requires neighboring nodes to collaborate to derive the future group keys. To the best of our knowledge, our schemes are the first set of distributed group rekeying schemes for sensor networks without involving online key servers. Extensive analysis and simulations are conducted to evaluate the proposed schemes, and the results show that the proposed schemes can achieve a good level of security, outperform several previous group rekeying schemes, and significantly improve the effectiveness of false data filtering.     

Preserving Data Privacy During Data Transfer in MANETs

Mobile adhoc networks consists of large number of mobile nodes, and is usually deployed to transfer data from a sender to a receiver using multi-hop routing. The data being transmitted may contain sensitive information, and undesired disclosure of information can lead to launching of various attacks, thus breaching the data privacy. Earlier works achieve data privacy by using approaches such as data transformation and data perturbation. However, these approaches introduce higher overheads and delays. We propose a computational intelligence based data privacy preserving scheme, where rough set theory is used to anonymize the data during data transfer. Data packets are enclosed within capsules that can be opened only by the designated node, thus preventing the undesired leakage of the data. Also, route between a sender and a receiver is changed dynamically by selecting more than one trusted 1-hop neighbor nodes in each routing step. The proposed data privacy preserving scheme is tested by considering different case studies in a MANET deployed for stock market. Theoretical analysis for data privacy is presented in terms of Information Gain by an attacker and Attacker Overhead, and the performance of proposed scheme against some of the attacks is also discussed. The simulation results show the effectiveness of proposed scheme.

     

New Mix codes for multiple bit upsets mitigation in fault-secure memories

Nowadays, multibit error correction codes (MECCs) are effective approaches to mitigate multiple bit upsets (MBUs) in memories. As technology scales, combinational circuits have become more susceptible to radiation induced single event transient (SET). Therefore, transient faults in encoding and decoding circuits are more frequent than before. Firstly, this paper proposes a new MECC, which is called Mix code, to mitigate MBUs in fault-secure memories. Considering the structure characteristic of MECC, Euclidean Geometry Low Density Parity Check (EG-LDPC) codes and Hamming codes are combined in the proposed Mix codes to protect memories against MBUs with low redundancy overheads. Then, the fault-secure scheme is presented, which can tolerate transient faults in both the storage cell and the encoding and decoding circuits. The proposed fault-secure scheme has remarkably lower redundancy overheads than the existing fault-secure schemes. Furthermore, the proposed scheme is suitable for ordinary accessed data width (e.g., 2ⁿ bits) between system bus and memory. Finally, the proposed scheme has been implemented in Verilog and validated through a wide set of simulations. The experiment results reveal that the proposed scheme can effectively mitigate multiple errors in whole memory systems. They can not only reduce the redundancy overheads of the storage array but also improve the performance of MECC circuits in fault-secure memory systems.     

Practical Cryptanalysis of Bluetooth Encryption with Condition Masking

In this paper, we study the security of a general two-level E0-like encryption model and its instance, the real-world Bluetooth encryption scheme. Both unconditional and conditional correlation properties of the two-level model are investigated in theory and a key-recovery framework based on condition masking, that studies how to choose the condition to get better tradeoffs on the time/memory/data complexity curve, is refined. A novel design criterion to resist the attack is proposed and analyzed. Inspired by these cryptanalytic principles, we describe more threatening and real time attacks on two-level E0. It is shown that only the latest four inputs going into the FSM play the most important role in determining the magnitude of the conditional correlation and the data complexity analysis of the previous practical attacks on two-level E0 are inaccuracy. A new decoding method to improve the data complexity is provided. In the known-IV scenario, if the first 24 bits of \(2^{24}\) frames are available, the secret key can be reliably found with \(2^{25}\) on-line computations, \(2^{21.1}\) off-line computations and 4 MB memory. Then, we convert the attack into a ciphertext-only attack, which needs the first 24 bits of \(2^{26}\) frames and all the complexities are under \(2^{26}\). This is the first practical ciphertext-only attack on the real Bluetooth encryption scheme so far. A countermeasure is suggested to strengthen the security of Bluetooth encryption in practical applications.     

Securely Obfuscating Re-Encryption

We present a positive obfuscation result for a traditional cryptographic functionality. This positive result stands in contrast to well-known impossibility results (Barak et al. in Advances in Cryptology??CRYPTO??01, 2002), for general obfuscation and recent impossibility and implausibility (Goldwasser and Kalai in 46th IEEE Symposium on Foundations of Computer Science (FOCS), pp.?553?C562, 2005) results for obfuscation of many cryptographic functionalities. Whereas other positive obfuscation results in the standard model apply to very simple point functions (Canetti in Advances in Cryptology??CRYPTO??97, 1997; Wee in 37th ACM Symposium on Theory of Computing (STOC), pp.?523?C532, 2005), our obfuscation result applies to the significantly more complex and widely-used re-encryption functionality. This functionality takes a ciphertext for message m encrypted under Alice??s public key and transforms it into a ciphertext for the same message m under Bob??s public key. To overcome impossibility results and to make our results meaningful for cryptographic functionalities, our scheme satisfies a definition of obfuscation which incorporates more security-aware provisions.     

Defense-in-depth: A recipe for logic locking to prevail

Logic locking/obfuscation has emerged as an auspicious solution for protecting the semiconductor intellectual property (IP) from the untrusted entities in the design and fabrication process. Logic locking disguises the implementation and functionality of the IP by implanting additional key-gates in the circuit. The right output of the locked chip is produced, once the correct key value is available at the input of the key-gates. The confidentiality of the key is imperative for the security of the locked IP as it stands as the lone barrier against IP infringement. Therefore, the logic locking is considered as a broken scheme once the key value is exposed. The logic locking techniques have shown vulnerability to different classes of attacks, such as Oracle-guided and physical attacks. Although the research community has proposed a number of countermeasures against such attacks, none of them is simultaneously unbreakable against Oracle-guided, Oracle-less, and physical attacks. Under such circumstances, a defense-in-depth mechanism can be considered as a feasible approach in addressing the vulnerabilities of logic locking. Defense-in-depth is a multilayer defense strategy where several independent countermeasures are implemented in the device to provide aggregated protection against different attack vectors.Introducing such a multilayer shielding model in logic locking is the major contribution of this paper. With regard to this, we first identify the core components of logic locking schemes, which need to be protected. Afterwards, we categorize the vulnerabilities of core components according to potential threats for the locking key in logic locking schemes. Furthermore, we propose several defense layers and countermeasures to protect the device from those vulnerabilities. In conclusion, we believe that a logic locking technique with a layered defense mechanism can be a possible solution against IP piracy.     

A lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment

The advent of Voice over IP (VoIP) has offered numerous advantages but, at the same time, it has introduced security threats not previously encountered in networks with a closed architecture like the Public Switch Telephone Networks (PSTN). One of these threats is that of signaling attacks. This paper examines the signaling attacks in VoIP environments based on the Session Initiation Protocol (SIP), focusing on the design of a robust lightweight protection mechanism against them. The proposed scheme introduces a new SIP header, namely the Integrity-Auth header, which is utilized for protecting the SIP-based VoIP services from signaling attacks while ensuring authenticity and integrity.     

A Secure Path Selection Scheme for Mobile Ad Hoc Network

Mobile ad hoc network is open medium, infrastructure-less and easy to install. Despite these features, mobile ad hoc network is vulnerable to various security attacks. Black hole and gray hole security attacks outrank among all security attacks. This paper proposes a distributed delegation-based scheme, namely, a secure path selection scheme. The proposed scheme identifies and allows only trusted nodes to become part of active path. The simulation results revealed that proposed scheme improved the packet delivery ratio, packet loss rate, throughput by 8% and routing overhead by 5% as compared to other system.

     

A survey on attack vectors in stack cache memory

Over past few decades, various ways have been conducted through side channel attacks to steal information for a computer system. Unlike conventional hardware-based methods, i.e. power-based side channel, side channel on micro-architecture does not require any physical access to the devices under interest. Instead, only compromised programs need to be co-located on the same machine as the victim. For some other scenarios, malicious users can form side channel information leveraging the timing of program execution. In this survey, we are presenting a comprehensive taxonomy of attack vectors in stack cache memory modules, which mostly are the points of attack by side channel. Due to the significance of side channel attacks, the challenges and overheads of these attack vectors are described through the course of this study. We discuss what side channel attacks are, how they are used, and how they can be prevented through the use of obfuscation techniques. To accomplish this, we introduce the findings of a number of relevant works. These include successful attacks on systems using novel variations of side channel attacks and preventative measures against the attacks.     

A table masking countermeasure for low-energy secure embedded systems

Future wireless embedded devices will be increasingly powerful, supporting many more applications, including one of the most crucial, which is security. Although many embedded devices offer more resistance to bus probing attacks due to their compact size, susceptibility to power or electromagnetic analysis attacks must be analyzed. This paper presents a table masking countermeasure to resist differential power analysis (DPA) and differential electromagnetic analysis (DEMA). Real power and EM measurements are used to verify the countermeasure using second- and third-order DPA and DEMA attacks on a popular low-energy embedded ARM processor. Results show that the new table masking countermeasure provides increased security without large overheads of energy dissipation compared with previous countermeasures. With the emergence of security applications personal digital assistants, cellphones, and other embedded devices, low-energy countermeasures for resistance to DPA/DEMA are crucial for supporting future wireless embedded systems.