Towards Secure Composition of Integrated Circuits and Electronic Systems: On the Role of EDA

Knechtel, Johann; Regazzoni, Francesco; Heuser, Annelie; Chattopadhyay, Anupam; Mukhopadhyay, Debdeep; Dey, Soumyajit; Fei, Yunsi; Belenky, Yaacov; Levi, Itamar; Güneysu, Tim; Schaumont, Patrick; Polian, Ilia

doi:10.23919/date48585.2020.9116483

Cited by 23 publications

(10 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Replicating these abstracted flows for SCA security verification is strongly discouraged, though very attractive. Physical design characteristics such as the ones that need to be evaluated for hardware security are not fully covered by digital views to date [4]. Even if some parameters are characterized, e.g., standard cells current models, they are not specifically tailored to reflect security-related sensitivities nor are provided with the required resolution.…”

Section: Motivation: the Cost Of Being Lazy Or Non-exhaustivementioning

confidence: 99%

How Bad Are Bad Templates? Optimistic Design-Stage Side-Channel Security Evaluation and its Cost

Breuer

Levi

2020

Cryptography

Self Cite

View full text Add to dashboard Cite

Cryptographic designs are vulnerable to side-channel analysis attacks. Evaluating their security during design stages is of crucial importance. The latter is achieved by very expensive (slow) analog transient-noise simulations over advanced fabrication process technologies. The main challenge of such rigorous security-evaluation analysis lies in the fact that technologies are becoming more and more complex and the physical properties of manufactured devices vary significantly due to process variations. In turn, a detailed security evaluation process imposes exponential time complexity with the circuit-size, the number of physical implementation corners (statistical variations) and the accuracy of the circuit-simulator. Given these circumstances, what is the cost of not exhausting the entire implementation space? In terms of simulation-time complexity, the benefits would clearly be significant; however, we are interested in evaluating the security implications. This question can be formulated for many other interesting side-channel contexts such as for example, how would an attack-outcome vary when the adversary is building a leakage template over one device, i.e., one physical corner, and it performs an evaluation (attack) phase of a device drawn from a different statistical corner? Alternatively, is it safe to assume that a typical (average) corner would represent the worst case in terms of security evaluation or would it be advisable to perform a security evaluation over another specific view? Finally, how would the outcome vary concretely? We ran in-depth experiments to answer these questions in the hope of finding a nice tradeoff between simulation efforts and expertise, and security-evaluation degradation. We evaluate the results utilizing methodologies such as template-attacks with a clear distinction between profiling and attack-phase statistical views. This exemplary view of what an adversary might capture in these scenarios is followed by a more complete statistical evaluation analysis utilizing tools such as the Kullback–Leibler (KL) divergence and the Jensen-Shannon (JS) divergence to draw conclusions.

show abstract

Section: Motivation: the Cost Of Being Lazy Or Non-exhaustivementioning

confidence: 99%

How Bad Are Bad Templates? Optimistic Design-Stage Side-Channel Security Evaluation and its Cost

Breuer

Levi

2020

Cryptography

Self Cite

View full text Add to dashboard Cite

show abstract

“…This motivates a security-aware design flow starting from the choice of security primitives, protocols and architecture. Knechtel et al [22] provide a comprehensive analysis about the role of EDA on hardware security. They identify the challenges yet to be resolved in effective compilation of security assumptions and constraints across different levels of abstraction, modeling and evaluation of hardware security metrics and holistic synthesis of security countermeasures without causing side-effects.…”

Section: B Security Driven Hardware Design Toolsmentioning

confidence: 99%

“…Proactive hardware information flow analyses facilitate vulnerability shielding and on-site monitoring. For example, unintentional hardware flaws and potential security vulnerabilities can be detected early by the recent security-driven hardware design flow [20]- [22]. As the rally of attacks and countermeasures is a neverending recursion, it is important to keep abreast of its latest development to continuously close the productivity gap of secure hardware design.…”

Section: Introductionmentioning

confidence: 99%

An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools

Chang

Sengupta

et al. 2021

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

show abstract

“…Still, without any further efforts, the scale and persuasiveness of such obfuscations are subject alone to the synthesis tool, whose objectives and metrics are not focused toward security. These and other risks incurred by design tools during the implementation of secure schemes have been acknowledged, e.g., see [8], [9]. Fig.…”

Section: Key-gatementioning

confidence: 99%

UNSAIL: Thwarting Oracle-Less Machine Learning Attacks on Logic Locking

Alrahis,

Patnaik,

Knechtel

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Logic locking aims to protect the intellectual property (IP) of integrated circuit (IC) designs throughout the globalized supply chain. The SAIL attack, based on tailored machine learning (ML) models, circumvents combinational logic locking with high accuracy and is amongst the most potent attacks as it does not require a functional IC acting as an oracle. In this work, we propose UNSAIL, a logic locking technique that inserts key-gate structures with the specific aim to confuse ML models like those used in SAIL. More specifically, UNSAIL serves to prevent attacks seeking to resolve the structural transformations of synthesis-induced obfuscation, which is an essential step for logic locking. Our approach is generic; it can protect any local structure of key-gates against such ML-based attacks in an oracle-less setting. We develop a reference implementation for the SAIL attack and launch it on both traditionally locked and UNSAIL-locked designs. For SAIL, two ML models have been proposed (which we implement accordingly), namely a change-prediction model and a reconstruction model; the changeprediction model is used to determine which key-gate structures to restore using the reconstruction model. Our study on benchmarks ranging from the ISCAS-85 and ITC-99 suites to the OpenRISC Reference Platform System-on-Chip (ORPSoC) confirms that UNSAIL degrades the accuracy of the changeprediction model and the reconstruction model by an average of 20.13 and 17 percentage points (pp), respectively. When the aforementioned models are combined, which is the most powerful scenario for SAIL, UNSAIL reduces the attack accuracy of SAIL by an average of 11pp. We further demonstrate that UNSAIL thwarts other oracle-less attacks, i.e., SWEEP and the redundancy attack, indicating the generic nature and strength of our approach. Detailed layout-level evaluations illustrate that UNSAIL incurs minimal area and power overheads of 0.26% and 0.61%, respectively, on the million-gate ORPSoC design.

show abstract

Towards Secure Composition of Integrated Circuits and Electronic Systems: On the Role of EDA

Cited by 23 publications

References 49 publications

How Bad Are Bad Templates? Optimistic Design-Stage Side-Channel Security Evaluation and its Cost

How Bad Are Bad Templates? Optimistic Design-Stage Side-Channel Security Evaluation and its Cost

An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools

UNSAIL: Thwarting Oracle-Less Machine Learning Attacks on Logic Locking

Contact Info

Product

Resources

About