5 research outputs found
On the (In)security of Approximate Computing Synthesis
The broad landscape of new applications requires minimal hardware resources
without any sacrifice in Quality-of-Results. Approximate Computing (AC) has
emerged to meet the demands of data-rich applications. Although AC applies
techniques to improve the energy efficiency of error-tolerant applications at
the cost of computational accuracy, new challenges in security threats of AC
should be simultaneously addressed. In this paper, we introduce the security
vulnerability of the concurrent AC synthesis. We analyze the threat landscape
and provide a broader view of the attack and defense strategy. As a case study,
we utilize AC synthesis technique to perform malicious modifications in the
synthesized approximate netlist. Similarly, we provide a scalable defense
framework for trustworthy AC synthesis
An Automated Framework for Board-level Trojan Benchmarking
Economic and operational advantages have led the supply chain of printed
circuit boards (PCBs) to incorporate various untrusted entities. Any of the
untrusted entities are capable of introducing malicious alterations to
facilitate a functional failure or leakage of secret information during field
operation. While researchers have been investigating the threat of malicious
modification within the scale of individual microelectronic components, the
possibility of a board-level malicious manipulation has essentially been
unexplored. In the absence of standard benchmarking solutions, prospective
countermeasures for PCB trust assurance are likely to utilize homegrown
representation of the attacks that undermines their evaluation and does not
provide scope for comparison with other techniques. In this paper, we have
developed the first-ever benchmarking solution to facilitate an unbiased and
comparable evaluation of countermeasures applicable to PCB trust assurance.
Based on a taxonomy tailored for PCB-level alterations, we have developed
high-level Trojan models. From these models, we have generated a custom pool of
board-level Trojan designs of varied complexity and functionality. We have also
developed a tool-flow for automatically inserting these Trojans into various
PCB designs and generate the Trojan benchmarks (i.e., PCB designs with Trojan).
The tool-based Trojan insertion facilitate a comprehensive evaluation against
large number of diverse Trojan implementations and application of data mining
for trust verification. Finally, with experimental measurements from a
fabricated PCB, we analyze the stealthiness of the Trojan designs.Comment: 7 pages, 9 figure
Analytical Estimation and Localization of Hardware Trojan Vulnerability in RTL Designs
Offshoring the proprietary Intellectual property (IP) has recently increased
the threat of malicious logic insertion in the form of Hardware Trojan (HT). A
potential and stealthy HT is triggered with nets that switch rarely during
regular circuit operation. Detection of HT in the host design requires
exhaustive simulation to activate the HT during pre- and postsilicon. Although
the nets with variable switching probability less than a threshold are
primarily chosen as a good candidate for Trojan triggering, there is no
systematic fine-grained approach for earlier detection of rare nets from
word-level measures of input signals. In this paper, we propose a high-level
technique to estimate the nets with the rare activity of arithmetic modules
from word-level information. Specifically, for a given module, we use the
knowledge of internal construction of the architecture to detect "low activity"
and "local regions" without resorting to expensive RTL and other low-level
simulations. The presented heuristic method abstracts away from the low-level
details of design and describes the rare activity of bits (modules) in a word
(architecture) as a function of signal statistics. The resulting quick
estimates of nets in rare regions allows a designer to develop a compact test
generation algorithm without the knowledge of the bit-level activity. We
determine the effect of different positions of the breakpoint in the input
signal to calculate the accuracy of the approach. We conduct a set of
experiments on six adder architectures and four multiplier architectures. The
average error to calculate the rare nets between RTL simulation and estimated
values are below 2% in all architectures.Comment: Accepted to be Published in: Proceedings of the 21st International
Symposium on Quality Electronic Design (ISQED 2020), Mar. 25-26, 2020, Santa
Clara, C
Boosting the Bounds of Symbolic QED for Effective Pre-Silicon Verification of Processor Cores
Existing techniques to ensure functional correctness and hardware trust
during pre-silicon verification face severe limitations. In this work, we
systematically leverage two key ideas: 1) Symbolic Quick Error Detection
(Symbolic QED or SQED), a recent bug detection and localization technique using
Bounded Model Checking (BMC); and 2) Symbolic starting states, to present a
method that: i) Effectively detects both "difficult" logic bugs and Hardware
Trojans, even with long activation sequences where traditional BMC techniques
fail; and ii) Does not need skilled manual guidance for writing testbenches,
writing design-specific assertions, or debugging spurious counter-examples.
Using open-source RISC-V cores, we demonstrate the following: 1. Quick (<5
minutes for an in-order scalar core and <2.5 hours for an out-of-order
superscalar core) detection of 100% of hundreds of logic bug and hardware
Trojan scenarios from commercial chips and research literature, and 97.9% of
"extremal" bugs (randomly-generated bugs requiring ~100,000 activation
instructions taken from random test programs). 2. Quick (~1 minute) detection
of several previously unknown bugs in open-source RISC-V designs.Comment: 16 Pages, 6 Figures; Re-organize Table
Circuit Masking: From Theory to Standardization, A Comprehensive Survey for Hardware Security Researchers and Practitioners
Side-channel attacks extracting sensitive data from implementations have been
considered a major threat to the security of cryptographic schemes. This has
elevated the need for improved designs by embodying countermeasures, with
masking being the most prominent example. To formally verify the security of a
masking scheme, numerous attack models have been developed to capture the
physical properties of the information leakage as well as the capabilities of
the adversary. With regard to these models, extensive research has been
performed to realize masking schemes. These research efforts have led to
significant progress in the development of security assessment methodologies
and further initiated standardization activities. However, since the majority
of this work is theoretical, it is challenging for the more practice-oriented
hardware security community to fully grasp and contribute to. To bridge the
gap, these advancements are reviewed and discussed in this survey, mainly from
the perspective of hardware security. In doing so, a clear taxonomy is provided
that is helpful for a systematic treatment of the masking-related topics. By
giving an extensive overview of the existing methods, this survey (1) provides
a research landscape of circuit masking for newcomers to the field, (2) offers
guidelines on which attack model and verification tool to choose when designing
masking schemes, and (3) identifies interesting new research directions where
masking models and assessment tools can be applied. Thus, this survey serves as
an essential reference for hardware security practitioners interested in the
theory behind masking techniques, the tools useful to verify the security of
masked circuits, and their potential applications