29,053 research outputs found
Design Protection Using Logic Encryption and Scan-Chain Obfuscation Techniques
Due to increase in threats posed by offshore foundries, the companies outsourcing IPs are forced to protect their designs from the threats posed by the foundries. Few of the threats are IP piracy, counterfeiting and reverse engineering. To overcome these, logic encryption has been observed to be a leading countermeasure against the threats faced. It introduces extra gates in the design, known as key gates which hide the functionality of the design unless correct keys are fed to them. The scan tests are used by various designs to observe the fault coverage. These scan chains can become vulnerable to side-channel attacks. The potential solution for protection of this vulnerability is obfuscation of the scan output of the scan chain. This involves shuffling the working of the cells in the scan chain when incorrect test key is fed. In this paper, we propose a method to overcome the threats posed to scan design as well as the logic circuit. The efficiency of the secured design is verified on ISCAS’89 circuits and the results prove the security of the proposed method against the threats posed
Reusing Logic Masking to Facilitate Hardware Trojan Detection
Hardware Trojan (HT) and Integrated Circuit
(IC)/ Intellectual Property (IP) piracy are important threats
which may happen in untrusted fabrication foundries. Modifying
structurally the ICs/IPs design to counter the HT threats has
been proposed, and it is known as Design-For-Hardware-Trust
(DFHT). DFHT methods are used in order to facilitate HT
detection methods. In addition, logic masking methods modify
the IPs/ICs design to harden them against the IP/IC piracy.
These methods modify a circuit such that it does not work
correctly without applying the correct key. In this paper, we
propose DFHT methods leveraging logic masking approach
On the security of software-defined next-generation cellular networks
In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable
appropriate levels of security
Advancing Hardware Security Using Polymorphic and Stochastic Spin-Hall Effect Devices
Protecting intellectual property (IP) in electronic circuits has become a
serious challenge in recent years. Logic locking/encryption and layout
camouflaging are two prominent techniques for IP protection. Most existing
approaches, however, particularly those focused on CMOS integration, incur
excessive design overheads resulting from their need for additional circuit
structures or device-level modifications. This work leverages the innate
polymorphism of an emerging spin-based device, called the giant spin-Hall
effect (GSHE) switch, to simultaneously enable locking and camouflaging within
a single instance. Using the GSHE switch, we propose a powerful primitive that
enables cloaking all the 16 Boolean functions possible for two inputs. We
conduct a comprehensive study using state-of-the-art Boolean satisfiability
(SAT) attacks to demonstrate the superior resilience of the proposed primitive
in comparison to several others in the literature. While we tailor the
primitive for deterministic computation, it can readily support stochastic
computation; we argue that stochastic behavior can break most, if not all,
existing SAT attacks. Finally, we discuss the resilience of the primitive
against various side-channel attacks as well as invasive monitoring at runtime,
which are arguably even more concerning threats than SAT attacks.Comment: Published in Proc. Design, Automation and Test in Europe (DATE) 201
Securing the Internet of Things Infrastructure - Standards and Techniques
The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed
Running off-site software middleboxes at third-party service providers has
been a popular practice. However, routing large volumes of raw traffic, which
may carry sensitive information, to a remote site for processing raises severe
security concerns. Prior solutions often abstract away important factors
pertinent to real-world deployment. In particular, they overlook the
significance of metadata protection and stateful processing. Unprotected
traffic metadata like low-level headers, size and count, can be exploited to
learn supposedly encrypted application contents. Meanwhile, tracking the states
of 100,000s of flows concurrently is often indispensable in production-level
middleboxes deployed at real networks.
We present LightBox, the first system that can drive off-site middleboxes at
near-native speed with stateful processing and the most comprehensive
protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox
is the product of our systematic investigation of how to overcome the inherent
limitations of secure enclaves using domain knowledge and customization. First,
we introduce an elegant virtual network interface that allows convenient access
to fully protected packets at line rate without leaving the enclave, as if from
the trusted source network. Second, we provide complete flow state management
for efficient stateful processing, by tailoring a set of data structures and
algorithms optimized for the highly constrained enclave space. Extensive
evaluations demonstrate that LightBox, with all security benefits, can achieve
10Gbps packet I/O, and that with case studies on three stateful middleboxes, it
can operate at near-native speed.Comment: Accepted at ACM CCS 201
- …