Design Protection Using Logic Encryption and Scan-Chain Obfuscation Techniques

Due to increase in threats posed by offshore foundries, the companies outsourcing IPs are forced to protect their designs from the threats posed by the foundries. Few of the threats are IP piracy, counterfeiting and reverse engineering. To overcome these, logic encryption has been observed to be a leading countermeasure against the threats faced. It introduces extra gates in the design, known as key gates which hide the functionality of the design unless correct keys are fed to them.  The scan tests are used by various designs to observe the fault coverage. These scan chains can become vulnerable to side-channel attacks. The potential solution for protection of this vulnerability is obfuscation of the scan output of the scan chain. This involves shuffling the working of the cells in the scan chain when incorrect test key is fed. In this paper, we propose a method to overcome the threats posed to scan design as well as the logic circuit. The efficiency of the secured design is verified on ISCAS’89 circuits and the results prove the security of the proposed method against the threats posed

Reusing Logic Masking to Facilitate Hardware Trojan Detection

Hardware Trojan (HT) and Integrated Circuit (IC)/ Intellectual Property (IP) piracy are important threats which may happen in untrusted fabrication foundries. Modifying structurally the ICs/IPs design to counter the HT threats has been proposed, and it is known as Design-For-Hardware-Trust (DFHT). DFHT methods are used in order to facilitate HT detection methods. In addition, logic masking methods modify the IPs/ICs design to harden them against the IP/IC piracy. These methods modify a circuit such that it does not work correctly without applying the correct key. In this paper, we propose DFHT methods leveraging logic masking approach

On the security of software-defined next-generation cellular networks

In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable appropriate levels of security

Advancing Hardware Security Using Polymorphic and Stochastic Spin-Hall Effect Devices

Protecting intellectual property (IP) in electronic circuits has become a serious challenge in recent years. Logic locking/encryption and layout camouflaging are two prominent techniques for IP protection. Most existing approaches, however, particularly those focused on CMOS integration, incur excessive design overheads resulting from their need for additional circuit structures or device-level modifications. This work leverages the innate polymorphism of an emerging spin-based device, called the giant spin-Hall effect (GSHE) switch, to simultaneously enable locking and camouflaging within a single instance. Using the GSHE switch, we propose a powerful primitive that enables cloaking all the 16 Boolean functions possible for two inputs. We conduct a comprehensive study using state-of-the-art Boolean satisfiability (SAT) attacks to demonstrate the superior resilience of the proposed primitive in comparison to several others in the literature. While we tailor the primitive for deterministic computation, it can readily support stochastic computation; we argue that stochastic behavior can break most, if not all, existing SAT attacks. Finally, we discuss the resilience of the primitive against various side-channel attacks as well as invasive monitoring at runtime, which are arguably even more concerning threats than SAT attacks.Comment: Published in Proc. Design, Automation and Test in Europe (DATE) 201

Securing the Internet of Things Infrastructure - Standards and Techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed

LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed

Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security concerns. Prior solutions often abstract away important factors pertinent to real-world deployment. In particular, they overlook the significance of metadata protection and stateful processing. Unprotected traffic metadata like low-level headers, size and count, can be exploited to learn supposedly encrypted application contents. Meanwhile, tracking the states of 100,000s of flows concurrently is often indispensable in production-level middleboxes deployed at real networks. We present LightBox, the first system that can drive off-site middleboxes at near-native speed with stateful processing and the most comprehensive protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox is the product of our systematic investigation of how to overcome the inherent limitations of secure enclaves using domain knowledge and customization. First, we introduce an elegant virtual network interface that allows convenient access to fully protected packets at line rate without leaving the enclave, as if from the trusted source network. Second, we provide complete flow state management for efficient stateful processing, by tailoring a set of data structures and algorithms optimized for the highly constrained enclave space. Extensive evaluations demonstrate that LightBox, with all security benefits, can achieve 10Gbps packet I/O, and that with case studies on three stateful middleboxes, it can operate at near-native speed.Comment: Accepted at ACM CCS 201