Robust bitstream protection in FPGA-based systems through low-overhead obfuscation

Karam, Robert; Hoque, Tamzidul; Sandip, Ray; Tehranipoor, Mohammad; Bhunia, Swarup

doi:10.1109/reconfig.2016.7857187

Cited by 44 publications

(19 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, in our threat model, the chip manufacturer is trusted and therefore this problem is out-of-scope. It can be solved by applying obfuscation techniques proposed previously [37,46,79].…”

Section: Loading and Attesting Trustmodmentioning

confidence: 99%

TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA

Ahmad

Park

et al. 2020

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Intel SGX is a security solution promising strong and practical security guarantees for trusted computing. However, recent reports demonstrated that such security guarantees of SGX are broken due to access pattern based side-channel attacks, including page fault, cache, branch prediction, and speculative execution. In order to stop these side-channel attackers, Oblivious RAM (ORAM) has gained strong attention from the security community as it provides cryptographically proven protection against access pattern based side-channels. While several proposed systems have successfully applied ORAM to thwart side-channels, those are severely limited in performance and its scalability due to notorious performance issues of ORAM. This paper presents TrustOre, addressing these issues that arise when using ORAM with Intel SGX. TrustOre leverages an external device, FPGA, to implement a trusted storage service within a completed isolated environment secure from side-channel attacks. TrustOre tackles several challenges in achieving such a goal: extending trust from SGX to FPGA without imposing architectural changes, providing a verifiably-secure connection between SGX applications and FPGA, and seamlessly supporting various access operations from SGX applications to FPGA. We implemented TrustOre on the commodity Intel Hybrid CPU-FPGA architecture. Then we evaluated with three state-of-the-art ORAM-based SGX applications, ZeroTrace, Obliviate, and Obfuscuro, as well as an endto-end key-value store application. According to our evaluation, TrustOre-based applications outperforms ORAM-based original applications ranging from 10× to 43×, while also showing far better scalability than ORAM-based ones. We emphasize that since TrustOre can be deployed as a simple plug-in to SGX machine's PCIe slot, it is readily used to thwart side-channel attacks in SGX, arguably one of the most cryptic and critical security holes today. CCS CONCEPTS • Security and privacy → Side-channel analysis and countermeasures; Security services; Security protocols.

show abstract

Section: Loading and Attesting Trustmodmentioning

confidence: 99%

TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA

Ahmad

Park

et al. 2020

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…This has inspired researchers to develop newer and more sophisticated security protocols, including protocols that are inspired by biology and species diversity. There have been many research endeavors that propose bio-inspired security protocols for the secure deployment of hardware [26,37,59,40] and software [11,4,28], as well as security protocols to protect networks and cyberspace [44,15] and to ensure data privacy and security [22,12]. In general, diversity of a species at the genetic level is necessary for the overall survival of that species.…”

Section: Bio-diversity Inspired Securitymentioning

confidence: 99%

Diverse, Neural Trojan Resilient Ecosystem of Neural Network IP

Olney

Karam

2022

J. Emerg. Technol. Comput. Syst.

Self Cite

View full text Add to dashboard Cite

Adversarial machine learning is a prominent research area aimed towards exposing and mitigating security vulnerabilities in AI/ML algorithms and their implementations. Data poisoning and neural Trojans enable an attacker to drastically change the behavior and performance of a Convolutional Neural Network (CNN) merely by altering some of the input data during training. Such attacks can be catastrophic in the field, e.g. for self-driving vehicles. In this paper, we propose deploying a CNN as an ecosystem of variants , rather than a singular model. The ecosystem is derived from the original trained model, and though every derived model is structurally different, they are all functionally equivalent to the original and each other. We propose two complementary techniques: stochastic parameter mutation , where the weights θ of the original are shifted by a small, random amount, and a delta-update procedure which functions by XOR’ing all of the parameters with an update file containing the Δθ values. This technique is effective against transferability of a neural Trojan to the greater ecosystem by amplifying the Trojan’s malicious impact to easily detectable levels; thus, deploying a model as an ecosystem can render the ecosystem more resilient against a neural Trojan attack.

show abstract

“…AES-GCM and RSA are used in Xilinx high end FPGA boards in order to provide protection and authentication of bitstream [22,23]. In [24], Karam proposes an obfuscation based approach for protecting the bitstream. Swierczynski et.al [25] shows how an encrypted bitstream can be reverse engineered so that an attacker can insert Trojans on to bitstream and goes undetected.…”

Section: Fig 1 Overall View Of Hardware Acceleration Processmentioning

confidence: 99%

Improving Correctness of Logic Circuit using Self-Healing Built-In Logic Test Module in FPGA using Dynamic Partial Reconfiguration

C¹

2019

IJRTE

View full text Add to dashboard Cite

As cloud servers continue to receive more and more applications and data, it starts using ASIC and FPGAs as accelerators for processor intensive applications. Because of the reconfiguration nature of FPGAs, it become a good choice rather than ASIC on cloud. Encryption is an application which happens frequently on cloud and takes lot of processor cycles which can be shifted to hardware accelerator for execution. The security of hardware circuit which is transferred as bitstream to the FPGA board is of major concern for security critical applications. The article proposes a novel logic authentication module that can check the authentication or correctness of selected parts of logic circuit any time after the circuit is burned into FPGA. In the proposed work, Advanced Encryption Standard (AES) circuit parts are checked for correctness by using in-built Secure Hash Algorithm (SHA) and corrected by Dynamic Partial Reconfiguration (DPR). After the bitstream is burned into FPGA, a proposed software module can select a part or entire circuit for checking authentication with multiple sample inputs. Without the proposed method, any error after the circuit creation cannot be identified or corrected. Additionally, small faults in the circuit is corrected by DPR without loading the entire module. Totally 16 Benchmarks were created to check the correctness of the proposed system. Usage of DPR for circuit correction saves about 97% of time compared to reconfiguring the entire module.

show abstract

Robust bitstream protection in FPGA-based systems through low-overhead obfuscation

Cited by 44 publications

References 8 publications

TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA

TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA

Diverse, Neural Trojan Resilient Ecosystem of Neural Network IP

Improving Correctness of Logic Circuit using Self-Healing Built-In Logic Test Module in FPGA using Dynamic Partial Reconfiguration

Contact Info

Product

Resources

About