On the (In)security of Approximate Computing Synthesis

The broad landscape of new applications requires minimal hardware resources without any sacrifice in Quality-of-Results. Approximate Computing (AC) has emerged to meet the demands of data-rich applications. Although AC applies techniques to improve the energy efficiency of error-tolerant applications at the cost of computational accuracy, new challenges in security threats of AC should be simultaneously addressed. In this paper, we introduce the security vulnerability of the concurrent AC synthesis. We analyze the threat landscape and provide a broader view of the attack and defense strategy. As a case study, we utilize AC synthesis technique to perform malicious modifications in the synthesized approximate netlist. Similarly, we provide a scalable defense framework for trustworthy AC synthesis

An Automated Framework for Board-level Trojan Benchmarking

Economic and operational advantages have led the supply chain of printed circuit boards (PCBs) to incorporate various untrusted entities. Any of the untrusted entities are capable of introducing malicious alterations to facilitate a functional failure or leakage of secret information during field operation. While researchers have been investigating the threat of malicious modification within the scale of individual microelectronic components, the possibility of a board-level malicious manipulation has essentially been unexplored. In the absence of standard benchmarking solutions, prospective countermeasures for PCB trust assurance are likely to utilize homegrown representation of the attacks that undermines their evaluation and does not provide scope for comparison with other techniques. In this paper, we have developed the first-ever benchmarking solution to facilitate an unbiased and comparable evaluation of countermeasures applicable to PCB trust assurance. Based on a taxonomy tailored for PCB-level alterations, we have developed high-level Trojan models. From these models, we have generated a custom pool of board-level Trojan designs of varied complexity and functionality. We have also developed a tool-flow for automatically inserting these Trojans into various PCB designs and generate the Trojan benchmarks (i.e., PCB designs with Trojan). The tool-based Trojan insertion facilitate a comprehensive evaluation against large number of diverse Trojan implementations and application of data mining for trust verification. Finally, with experimental measurements from a fabricated PCB, we analyze the stealthiness of the Trojan designs.Comment: 7 pages, 9 figure

Analytical Estimation and Localization of Hardware Trojan Vulnerability in RTL Designs

Offshoring the proprietary Intellectual property (IP) has recently increased the threat of malicious logic insertion in the form of Hardware Trojan (HT). A potential and stealthy HT is triggered with nets that switch rarely during regular circuit operation. Detection of HT in the host design requires exhaustive simulation to activate the HT during pre- and postsilicon. Although the nets with variable switching probability less than a threshold are primarily chosen as a good candidate for Trojan triggering, there is no systematic fine-grained approach for earlier detection of rare nets from word-level measures of input signals. In this paper, we propose a high-level technique to estimate the nets with the rare activity of arithmetic modules from word-level information. Specifically, for a given module, we use the knowledge of internal construction of the architecture to detect "low activity" and "local regions" without resorting to expensive RTL and other low-level simulations. The presented heuristic method abstracts away from the low-level details of design and describes the rare activity of bits (modules) in a word (architecture) as a function of signal statistics. The resulting quick estimates of nets in rare regions allows a designer to develop a compact test generation algorithm without the knowledge of the bit-level activity. We determine the effect of different positions of the breakpoint in the input signal to calculate the accuracy of the approach. We conduct a set of experiments on six adder architectures and four multiplier architectures. The average error to calculate the rare nets between RTL simulation and estimated values are below 2% in all architectures.Comment: Accepted to be Published in: Proceedings of the 21st International Symposium on Quality Electronic Design (ISQED 2020), Mar. 25-26, 2020, Santa Clara, C

Boosting the Bounds of Symbolic QED for Effective Pre-Silicon Verification of Processor Cores

Existing techniques to ensure functional correctness and hardware trust during pre-silicon verification face severe limitations. In this work, we systematically leverage two key ideas: 1) Symbolic Quick Error Detection (Symbolic QED or SQED), a recent bug detection and localization technique using Bounded Model Checking (BMC); and 2) Symbolic starting states, to present a method that: i) Effectively detects both "difficult" logic bugs and Hardware Trojans, even with long activation sequences where traditional BMC techniques fail; and ii) Does not need skilled manual guidance for writing testbenches, writing design-specific assertions, or debugging spurious counter-examples. Using open-source RISC-V cores, we demonstrate the following: 1. Quick (<5 minutes for an in-order scalar core and <2.5 hours for an out-of-order superscalar core) detection of 100% of hundreds of logic bug and hardware Trojan scenarios from commercial chips and research literature, and 97.9% of "extremal" bugs (randomly-generated bugs requiring ~100,000 activation instructions taken from random test programs). 2. Quick (~1 minute) detection of several previously unknown bugs in open-source RISC-V designs.Comment: 16 Pages, 6 Figures; Re-organize Table

Circuit Masking: From Theory to Standardization, A Comprehensive Survey for Hardware Security Researchers and Practitioners

Side-channel attacks extracting sensitive data from implementations have been considered a major threat to the security of cryptographic schemes. This has elevated the need for improved designs by embodying countermeasures, with masking being the most prominent example. To formally verify the security of a masking scheme, numerous attack models have been developed to capture the physical properties of the information leakage as well as the capabilities of the adversary. With regard to these models, extensive research has been performed to realize masking schemes. These research efforts have led to significant progress in the development of security assessment methodologies and further initiated standardization activities. However, since the majority of this work is theoretical, it is challenging for the more practice-oriented hardware security community to fully grasp and contribute to. To bridge the gap, these advancements are reviewed and discussed in this survey, mainly from the perspective of hardware security. In doing so, a clear taxonomy is provided that is helpful for a systematic treatment of the masking-related topics. By giving an extensive overview of the existing methods, this survey (1) provides a research landscape of circuit masking for newcomers to the field, (2) offers guidelines on which attack model and verification tool to choose when designing masking schemes, and (3) identifies interesting new research directions where masking models and assessment tools can be applied. Thus, this survey serves as an essential reference for hardware security practitioners interested in the theory behind masking techniques, the tools useful to verify the security of masked circuits, and their potential applications