33 research outputs found
Multi-Tenant Cloud FPGA: A Survey on Security
With the exponentially increasing demand for performance and scalability in
cloud applications and systems, data center architectures evolved to integrate
heterogeneous computing fabrics that leverage CPUs, GPUs, and FPGAs. FPGAs
differ from traditional processing platforms such as CPUs and GPUs in that they
are reconfigurable at run-time, providing increased and customized performance,
flexibility, and acceleration. FPGAs can perform large-scale search
optimization, acceleration, and signal processing tasks compared with power,
latency, and processing speed. Many public cloud provider giants, including
Amazon, Huawei, Microsoft, Alibaba, etc., have already started integrating
FPGA-based cloud acceleration services. While FPGAs in cloud applications
enable customized acceleration with low power consumption, it also incurs new
security challenges that still need to be reviewed. Allowing cloud users to
reconfigure the hardware design after deployment could open the backdoors for
malicious attackers, potentially putting the cloud platform at risk.
Considering security risks, public cloud providers still don't offer
multi-tenant FPGA services. This paper analyzes the security concerns of
multi-tenant cloud FPGAs, gives a thorough description of the security problems
associated with them, and discusses upcoming future challenges in this field of
study
Lightweight Digital Hardware Random Number Generators
Abstract â Random Number Generator (RNG) plays an essential role in many sensor network systems and applications, such as security and robust communication. We have developed the first digital hardware random number generator (DHRNG). DHRNG has a small footprint and requires ultra-low energy. It uses a new recursive structure that directly targets efficient FPGA implementation. The core idea is to place or extract random values in FPGA configuration bits and randomly connect the building blocks. We present our architecture, introduce accompanying protocols for secure public key communication, and adopt the NIST randomness test on the DHRNGâs output stream. I
Proceedings of the 5th International Workshop on Reconfigurable Communication-centric Systems on Chip 2010 - ReCoSoC\u2710 - May 17-19, 2010 Karlsruhe, Germany. (KIT Scientific Reports ; 7551)
ReCoSoC is intended to be a periodic annual meeting to expose and discuss gathered expertise as well as state of the art research around SoC related topics through plenary invited papers and posters. The workshop aims to provide a prospective view of tomorrow\u27s challenges in the multibillion transistor era, taking into account the emerging techniques and architectures exploring the synergy between flexible on-chip communication and system reconfigurability
Techniques for Improving Security and Trustworthiness of Integrated Circuits
The integrated circuit (IC) development process is becoming increasingly vulnerable to malicious activities because untrusted parties could be involved in this IC development flow. There are four typical problems that impact the security and trustworthiness of ICs used in military, financial, transportation, or other critical systems: (i) Malicious inclusions and alterations, known as hardware Trojans, can be inserted into a design by modifying the design during GDSII development and fabrication. Hardware Trojans in ICs may cause malfunctions, lower the reliability of ICs, leak confidential information to adversaries or even destroy the system under specifically designed conditions. (ii) The number of circuit-related counterfeiting incidents reported by component manufacturers has increased significantly over the past few years with recycled ICs contributing the largest percentage of the total reported counterfeiting incidents. Since these recycled ICs have been used in the field before, the performance and reliability of such ICs has been degraded by aging effects and harsh recycling process. (iii) Reverse engineering (RE) is process of extracting a circuitâs gate-level netlist, and/or inferring its functionality. The RE causes threats to the design because attackers can steal and pirate a design (IP piracy), identify the device technology, or facilitate other hardware attacks. (iv) Traditional tools for uniquely identifying devices are vulnerable to non-invasive or invasive physical attacks. Securing the ID/key is of utmost importance since leakage of even a single device ID/key could be exploited by an adversary to hack other devices or produce pirated devices. In this work, we have developed a series of design and test methodologies to deal with these four challenging issues and thus enhance the security, trustworthiness and reliability of ICs. The techniques proposed in this thesis include: a path delay fingerprinting technique for detection of hardware Trojans, recycled ICs, and other types counterfeit ICs including remarked, overproduced, and cloned ICs with their unique identifiers; a Built-In Self-Authentication (BISA) technique to prevent hardware Trojan insertions by untrusted fabrication facilities; an efficient and secure split manufacturing via Obfuscated Built-In Self-Authentication (OBISA) technique to prevent reverse engineering by untrusted fabrication facilities; and a novel bit selection approach for obtaining the most reliable bits for SRAM-based physical unclonable function (PUF) across environmental conditions and silicon aging effects
Security Aspects of Printed Electronics Applications
Gedruckte Elektronik (Printed Electronics (PE)) ist eine neu aufkommende Technologie welche komplementĂ€r zu konventioneller Elektronik eingesetzt wird. Dessen einzigartigen Merkmale fĂŒhrten zu einen starken Anstieg von Marktanteilen, welche 2010 \$6 Milliarden betrugen, \$41 Milliarden in 2019 und in 2027 geschĂ€tzt \$153 Milliarden. Gedruckte Elektronik kombiniert additive Technologien mit funktionalen Tinten um elektronische Komponenten aus verschiedenen Materialien direkt am Verwendungsort, kosteneffizient und umweltfreundlich herzustellen. Die dabei verwendeten Substrate können flexibel, leicht, transparent, groĂflĂ€chig oder implantierbar sein. Dadurch können mit gedruckter Elektronik (noch) visionĂ€re Anwendungen wie Smart-Packaging, elektronische Einmalprodukte, Smart Labels oder digitale Haut realisiert werden.
Um den Fortschritt von gedruckten Elektronik-Technologien voranzutreiben, basierten die meisten Optimierungen hauptsĂ€chlich auf der Erhöhung von Produktionsausbeute, ReliabilitĂ€t und Performance. Jedoch wurde auch die Bedeutung von Sicherheitsaspekten von Hardware-Plattformen in den letzten Jahren immer mehr in den Vordergrund gerĂŒckt. Da realisierte Anwendungen in gedruckter Elektronik vitale FunktionalitĂ€ten bereitstellen können, die sensible Nutzerdaten beinhalten, wie zum Beispiel in implantierten GerĂ€ten und intelligenten Pflastern zur GesundheitsĂŒberwachung, fĂŒhren SicherheitsmĂ€ngel und fehlendes Produktvertrauen in der Herstellungskette zu teils ernsten und schwerwiegenden Problemen. Des Weiteren, wegen den charakteristischen Merkmalen von gedruckter Elektronik, wie zum Beispiel additive Herstellungsverfahren, hohe StrukturgröĂe, wenige Schichten und begrenzten Produktionsschritten, ist gedruckte Hardware schon per se anfĂ€llig fĂŒr hardware-basierte Attacken wie Reverse-Engineering, ProduktfĂ€lschung und Hardware-Trojanern. DarĂŒber hinaus ist die Adoption von GegenmaĂnahmen aus konventionellen Technologien unpassend und ineffizient, da solche zu extremen MehraufwĂ€nden in der kostengĂŒnstigen Fertigung von gedruckter Elektronik fĂŒhren wĂŒrden. Aus diesem Grund liefert diese Arbeit eine Technologie-spezifische Bewertung von Bedrohungen auf der Hardware-Ebene und dessen GegenmaĂnahmen in der Form von Ressourcen-beschrĂ€nkten Hardware-Primitiven, um die Produktionskette und FunktionalitĂ€ten von gedruckter Elektronik-Anwendungen zu schĂŒtzen.
Der erste Beitrag dieser Dissertation ist ein vorgeschlagener Ansatz um gedruckte Physical Unclonable Functions (pPUF) zu entwerfen, welche SicherheitsschlĂŒssel bereitstellen um mehrere sicherheitsrelevante GegenmaĂnahmen wie Authentifizierung und FingerabdrĂŒcke zu ermöglichen. ZusĂ€tzlich optimieren wir die multi-bit pPUF-Designs um den FlĂ€chenbedarf eines 16-bit-SchlĂŒssels-Generators um 31\% zu verringern. AuĂerdem entwickeln wir ein Analyse-Framework basierend auf Monte Carlo-Simulationen fĂŒr pPUFs, mit welchem wir Simulationen und Herstellungs-basierte Analysen durchfĂŒhren können. Unsere Ergebnisse haben gezeigt, dass die pPUFs die notwendigen Eigenschaften besitzen um erfolgreich als Sicherheitsanwendung eingesetzt zu werden, wie Einzigartigkeit der Signatur und ausreichende Robustheit. Der Betrieb der gedruckten pPUFs war möglich bis zu sehr geringen Betriebsspannungen von nur 0.5 V.
Im zweiten Beitrag dieser Arbeit stellen wir einen kompakten Entwurf eines gedruckten physikalischen Zufallsgenerator vor (True Random Number Generator (pTRNG)), welcher unvorhersehbare SchlĂŒssel fĂŒr kryptographische Funktionen und zufĂ€lligen "Authentication Challenges" generieren kann. Der pTRNG Entwurf verbessert Prozess-Variationen unter Verwendung von einer Anpassungsmethode von gedruckten WiderstĂ€nden, ermöglicht durch die individuelle Konfigurierbarkeit von gedruckten Schaltungen, um die generierten Bits nur von Zufallsrauschen abhĂ€ngig zu machen, und damit ein echtes Zufallsverhalten zu erhalten. Die Simulationsergebnisse legen nahe, dass die gesamten Prozessvariationen des TRNGs um das 110-fache verbessert werden, und der zufallsgenerierte Bitstream der TRNGs die "National Institute of Standards and Technology Statistical Test Suit"-Tests bestanden hat. Auch hier können wir nachweisen, dass die Betriebsspannungen der TRNGs von mehreren Volt zu nur 0.5 V lagen, wie unsere Charakterisierungsergebnisse der hergestellten TRNGs aufgezeigt haben.
Der dritte Beitrag dieser Dissertation ist die Beschreibung der einzigartigen Merkmale von Schaltungsentwurf und Herstellung von gedruckter Elektronik, welche sehr verschieden zu konventionellen Technologien ist, und dadurch eine neuartige Reverse-Engineering (RE)-Methode notwendig macht. HierfĂŒr stellen wir eine robuste RE-Methode vor, welche auf Supervised-Learning-Algorithmen fĂŒr gedruckte Schaltungen basiert, um die VulnerabilitĂ€t gegenĂŒber RE-Attacken zu demonstrieren. Die RE-Ergebnisse zeigen, dass die vorgestellte RE-Methode auf zahlreiche gedruckte Schaltungen ohne viel KomplexitĂ€t oder teure Werkzeuge angewandt werden kann.
Der letzte Beitrag dieser Arbeit ist ein vorgeschlagenes Konzept fĂŒr eine "one-time programmable" gedruckte Look-up Table (pLUT), welche beliebige digitale Funktionen realisieren kann und GegenmaĂnahmen unterstĂŒtzt wie Camouflaging, Split-Manufacturing und Watermarking um Attacken auf der Hardware-Ebene zu verhindern. Ein Vergleich des vorgeschlagenen pLUT-Konzepts mit existierenden Lösungen hat gezeigt, dass die pLUT weniger FlĂ€chen-bedarf, geringere worst-case Verzögerungszeiten und Leistungsverbrauch hat. Um die Konfigurierbarkeit der vorgestellten pLUT zu verifizieren, wurde es simuliert, hergestellt und programmiert mittels Tintenstrahl-gedruckter elektrisch leitfĂ€higer Tinte um erfolgreich Logik-Gatter wie XNOR, XOR und AND zu realisieren. Die Simulation und Charakterisierungsergebnisse haben die erfolgreiche FunktionalitĂ€t der pLUT bei Betriebsspannungen von nur 1 V belegt
Rethinking Watermark: Providing Proof of IP Ownership in Modern SoCs
Intellectual property (IP) cores are essential to creating modern system-on-chips (SoCs). Protecting the IPs deployed in modern SoCs has become more difficult as the IP houses have been established across the globe over the past three decades. The threat posed by IP piracy and overuse has been a topic of research for the past decade or so and has led to creation of a field called watermarking. IP watermarking aims of detecting unauthorized IP usage by embedding excess, nonfunctional circuitry into the SoC. Unfortunately, prior work has been built upon assumptions that cannot be met within the modern SoC design and verification processes. In this paper, we first provide an extensive overview of the current state-of-the-art IP watermarking. Then, we challenge these dated assumptions and propose a new path for future effective IP watermarking approaches suitable for today\u27s complex SoCs in which IPs are deeply embedded
Design Automation and Application for Emerging Reconfigurable Nanotechnologies
In the last few decades, two major phenomena have revolutionized the electronic industry â the ever-increasing dependence on electronic circuits and the Complementary Metal Oxide Semiconductor (CMOS) downscaling. These two phenomena have been complementing each other in a way that while electronics, in general, have demanded more computations per functional unit, CMOS downscaling has aptly supported such needs. However, while the computational demand is still rising exponentially, CMOS downscaling is reaching its physical limits. Hence, the need to explore viable emerging nanotechnologies is more imperative than ever. This thesis focuses on streamlining the existing design automation techniques for a class of emerging reconfigurable nanotechnologies. Transistors based on this technology exhibit duality in conduction, i.e. they can be configured dynamically either as a p-type or an n-type device on the application of an external bias. Owing to this dynamic reconfiguration, these transistors are also referred to as Reconfigurable Field-Effect Transistors (RFETs).
Exploring and developing new technologies just like CMOS, require tackling two main challenges â first, design automation flow has to be modified to enable tailor- made circuit designs. Second, possible application opportunities should be explored where such technologies can outsmart the existing CMOS technologies. This thesis targets the above two objectives for emerging reconfigurable nanotechnologies by proposing approaches for enabling an Electronic Design Automation (EDA) flow for circuits based on RFETs and exploring hardware security as an application that exploits the transistor-level dynamic reconfiguration offered by this technology.
This thesis explains the bottom-up approach adopted to propose a logic synthesis flow by identifying new logic gates and circuit design paradigms that can particularly exploit the dynamic reconfiguration offered by these novel nanotechnologies. This led to the subsequent need of finding natural Boolean logic abstraction for emerging reconfigurable nanotechnologies as it is shown that the existing abstraction of negative unate logic for CMOS technologies is sub-optimal for RFETs-based circuits. In this direction, it has been shown that duality in Boolean logic is a natural abstraction for this technology and can truly represent the duality in conduction offered by individual transistors. Finding this abstraction paved the way for defining suitable primitives and proposing various algorithms for logic synthesis and technology mapping.
The following step is to explore compatible physical synthesis flow for emerging reconfigurable nanotechnologies. Using silicon nanowire-based RFETs, .lef and .lib files have been provided which can provide an end-to-end flow to generate .GDSII file for circuits exclusively based on RFETs. Additionally, new approaches have been explored to improve placement and routing for circuits based on reconfigurable nanotechnologies. It has been demonstrated how these approaches led to superior results as compared to the native flow meant for CMOS.
Lastly, the unique property of transistor-level reconfiguration offered by RFETs is utilized to implement efficient Intellectual Property (IP) protection schemes against adversarial attacks. The ability to control the conduction of individual transistors can be argued as one of the impactful features of this technology and suitably fits into the paradigm of security measures. Prior security schemes based on CMOS technology often come with large overheads in terms of area, power, and delay. In contrast, RFETs-based hardware security measures such as logic locking, split manufacturing, etc. proposed in this thesis, demonstrate affordable security solutions with low overheads.
Overall, this thesis lays a strong foundation for the two main objectives â design automation, and hardware security as an application, to push emerging reconfigurable nanotechnologies for commercial integration. Additionally, contributions done in this thesis are made available under open-source licenses so as to foster new research directions and collaborations.:Abstract
List of Figures
List of Tables
1 Introduction
1.1 What are emerging reconfigurable nanotechnologies?
1.2 Why does this technology look so promising?
1.3 Electronics Design Automation
1.4 The game of see-saw: key challenges vs benefits for emerging reconfigurable nanotechnologies
1.4.1 Abstracting ambipolarity in logic gate designs
1.4.2 Enabling electronic design automation for RFETs
1.4.3 Enhanced functionality: a suitable fit for hardware security applications
1.5 Research questions
1.6 Entire RFET-centric EDA Flow
1.7 Key Contributions and Thesis Organization
2 Preliminaries
2.1 Reconfigurable Nanotechnology
2.1.1 1D devices
2.1.2 2D devices
2.1.3 Factors favoring circuit-flexibility
2.2 Feasibility aspects of RFET technology
2.3 Logic Synthesis Preliminaries
2.3.1 Circuit Model
2.3.2 Boolean Algebra
2.3.3 Monotone Function and the property of Unateness
2.3.4 Logic Representations
3 Exploring Circuit Design Topologies for RFETs
3.1 Contributions
3.2 Organization
3.3 Related Works
3.4 Exploring design topologies for combinational circuits: functionality-enhanced logic gates
3.4.1 List of Combinational Functionality-Enhanced Logic Gates based on RFETs
3.4.2 Estimation of gate delay using the logical effort theory
3.5 Invariable design of Inverters
3.6 Sequential Circuits
3.6.1 Dual edge-triggered TSPC-based D-flip flop
3.6.2 Exploiting RFETâs ambipolarity for metastability
3.7 Evaluations
3.7.1 Evaluation of combinational logic gates
3.7.2 Novel design of 1-bit ALU
3.7.3 Comparison of the sequential circuit with an equivalent CMOS-based design
3.8 Concluding remarks
4 Standard Cells and Technology Mapping
4.1 Contributions
4.2 Organization
4.3 Related Work
4.4 Standard cells based on RFETs
4.4.1 Interchangeable Pull-Up and Pull-Down Networks
4.4.2 Reconfigurable Truth-Table
4.5 Distilling standard cells
4.6 HOF-based Technology Mapping Flow for RFETs-based circuits
4.6.1 Area adjustments through inverter sharings
4.6.2 Technology Mapping Flow
4.6.3 Realizing Parameters For The Generic Library
4.6.4 Defining RFETs-based Genlib for HOF-based mapping
4.7 Experiments
4.7.1 Experiment 1: Distilling standard-cells from a benchmark suite
4.7.2 Experiment 2A: HOF-based mapping .
4.7.3 Experiment 2B: Using the distilled standard-cells during mapping
4.8 Concluding Remarks
5 Logic Synthesis with XOR-Majority Graphs
5.1 Contributions
5.2 Organization
5.3 Motivation
5.4 Background and Preliminaries
5.4.1 Terminologies
5.4.2 Self-duality in NPN classes
5.4.3 Majority logic synthesis
5.4.4 Earlier work on XMG
5.4.5 Classification of Boolean functions
5.5 Preserving Self-Duality
5.5.1 During logic synthesis
5.5.2 During versatile technology mapping
5.6 Advanced Logic synthesis techniques
5.6.1 XMG resubstitution
5.6.2 Exact XMG rewriting
5.7 Logic representation-agnostic Mapping
5.7.1 Versatile Mapper
5.7.2 Support of supergates
5.8 Creating Self-dual Benchmarks
5.9 Experiments
5.9.1 XMG-based Flow
5.9.2 Experimental Setup
5.9.3 Synthetic self-dual benchmarks
5.9.4 Cryptographic benchmark suite
5.10 Concluding remarks and future research directions
6 Physical synthesis flow and liberty generation
6.1 Contributions
6.2 Organization
6.3 Background and Related Work
6.3.1 Related Works
6.3.2 Motivation
6.4 Silicon Nanowire Reconfigurable Transistors
6.5 Layouts for Logic Gates
6.5.1 Layouts for Static Functional Logic Gates
6.5.2 Layout for Reconfigurable Logic Gate
6.6 Table Model for Silicon Nanowire RFETs
6.7 Exploring Approaches for Physical Synthesis
6.7.1 Using the Standard Place & Route Flow
6.7.2 Open-source Flow
6.7.3 Concept of Driver Cells
6.7.4 Native Approach
6.7.5 Island-based Approach
6.7.6 Utilization Factor
6.7.7 Placement of the Island on the Chip
6.8 Experiments
6.8.1 Preliminary comparison with CMOS technology
6.8.2 Evaluating different physical synthesis approaches
6.9 Results and discussions
6.9.1 Parameters Which Affect The Area
6.9.2 Use of Germanium Nanowires Channels
6.10 Concluding Remarks
7 Polymporphic Primitives for Hardware Security
7.1 Contributions
7.2 Organization
7.3 The Shift To Explore Emerging Technologies For Security
7.4 Background
7.4.1 IP protection schemes
7.4.2 Preliminaries
7.5 Security Promises
7.5.1 RFETs for logic locking (transistor-level locking)
7.5.2 RFETs for split manufacturing
7.6 Security Vulnerabilities
7.6.1 Realization of short-circuit and open-circuit scenarios in an RFET-based inverter
7.6.2 Circuit evaluation on sub-circuits
7.6.3 Reliability concerns: A consequence of short-circuit scenario
7.6.4 Implication of the proposed security vulnerability
7.7 Analytical Evaluation
7.7.1 Investigating the security promises
7.7.2 Investigating the security vulnerabilities
7.8 Concluding remarks and future research directions
8 Conclusion
8.1 Concluding Remarks
8.2 Directions for Future Work
Appendices
A Distilling standard-cells
B RFETs-based Genlib
C Layout Extraction File (.lef) for Silicon Nanowire-based RFET
D Liberty (.lib) file for Silicon Nanowire-based RFET
Mitigating Differential Power Analysis Attacks on AES using NeuroMemristive Hardware
Cryptographic algorithms such as the Advanced Encryption Standard (AES) are vulnerable to side channel attacks. AES was once thought to be impervious to attacks, but this proved to be true only for a mathematical model of AES, not a physical realization. Hard- ware implementations leak side channel information such as power dissipation. One of the practical SCA attacks is the Differential power analysis (DPA) attack, which statistically analyzes power measurements to ïŹnd data-dependent correlations.
Several countermeasures against DPA have been proposed at the circuit and logic level in conventional technologies. These techniques generally include masking the data inside the algorithm or hiding the power proïŹle. Next generation processors bring in additional challenges to mitigate DPA attacks, by way of heterogeneity of the devices used in the hardware realizations. Neuromemristive systems hold potential in this domain and also bring new challenges to the hardware security of cryptosystems.
In this exploratory work, a neuromemristive architecture was designed to compute an AES transformation and mitigate DPA attacks. The random power proïŹle of the neuromemristive architecture reduces the correlations between data and power consumption. Hardware primitives, such as neuron and synapse circuits were developed along with a framework to generate neural networks in hardware.
An attack framework was developed to run DPA attacks using different leakage models. A baseline AES cryptoprocessor using only CMOS technology was attacked successfully.
The SubBytes transformation was replaced by a neuromemristive architecture, and the proposed designs were more resilient against DPA attacks at the cost of increased power consumption