VMEO: Vector Modeling Errors and Operands for Approximate adders

Approximate computing techniques are extensively used in computationally intensive applications. Addition architecture being the basic component of computational unit, has received a lot of interest from approximate computing community. Approximate adders are designed with the motivation to reduce area, power and delay of their accurate versions at the cost of bounded loss in accuracy. A major class of approximate adders are implemented using binary logic circuits that operate with a high degree of predictability and speculation. This paper is one of the early attempt to vector model error values that occur in approximate architectures and the inputs fed to them. In this paper, we propose two vectors namely Error Vectors (EVs) and the Input Conditioning Vectors (ICVs) that will form the mathematical foundation of several probabilistic error evaluation methodologies. In other words, the suggested vectors can be used to develop assessment methods to measure the performance of approximate circuits. Our proposed vectors when utilised to analyze approximate circuits, will provide a descriptive idea about (i) chances of error generation and propagation, (ii) the amount of error at specific bit locations and its impact on overall result. This is however not conceivable with existing state-of-the-art methodologies

B2T: The Third Logical Value of a Bit

Modern computing systems predominantly operate on the binary number system that accepts only ‘0’ or ‘1’ as logical values leading to computational homogeneity. But this helps in creating leakage patterns that can be exploited by adversaries to carry out hardware and software-level attacks. Recent research has shown that ternary systems, operating on three logical values (‘0′, ‘1\u27, and ‘z\u27) can surpass binary systems in terms of performance and security. In this paper, we first propose a novel approach that assigns logical values based on the direction of current flow within a conducting element, rather than relying on the voltage scale. Furthermore, we also present the mathematical models for each ternary gate

Sorting Attacks Resilient Authentication Protocol for CMOS Image Sensor Based PUF

Physically Unclonable Functions (PUFs) have emerged as a viable and cost-effective method for device authentication and key generation. Recently, CMOS image sensors have been exploited as PUF for hardware fingerprinting in mobile devices. As CMOS image sensors are readily available in modern devices such as smartphones, laptops etc., it eliminates the need for additional hardware for implementing a PUF structure. In ISIC2014, an authentication protocol has been proposed to generate PUF signatures using a CMOS image sensor by leveraging the fixed pattern noise (FPN) of certain pixel values. This makes the PUF candidate an interesting target for adversarial attacks. In this work, we testify that a simple sorting attack and a win-rate (WR) based sorting attack can be launched in this architecture to predict the PUF response for given a challenge. We also propose a modified authentication protocol as a countermeasure to make it resilient against simple sorting and WR sorting attacks. The proposed work reduces the accuracy of prediction due to simple sorting attack and WR sorting attack by approximately 14% compared to the existing approach

On the Validity of Spoofing Attack Against Safe is the New Smart

Recently, a light-weight authenticated key-exchange (AKE) scheme has been proposed. The scheme provides mutual authentication. It is asymmetric in nature by delegating complex cryptographic operations to resource-equipped servers, and carefully managing the workload on resource-constrained Smart meter nodes by using Physically Unclonable Functions. The prototype Smart meter built using commercial-off-the-shelf products is enabled with a low-cost countermeasure against load-modification attacks, which goes side-by-side with the proposed protocol. An attack against this AKE scheme has been recently proposed claiming that the server can be breached to mount spoofing attacks. It relies on the assumption that the result of an attack against authenticated key-exchange protocol is determined before the attacker learns the session key. In this short paper, we discuss the attack’s validity and describe the misinterpretation of the AKE protocol’s security definition

CheckShake: Passively Detecting Anomaly in Wi-Fi Security Handshake using Gradient Boosting based Ensemble Learning

Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN. As the firmware of the WLAN devices in the context of IoT, industrial systems, and medical devices is often not patched, detecting and preventing such attacks is challenging. In this paper, we design and implement a system, called CheckShake, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an access point using COTS radios. Our proposed system works without decrypting any traffic. It passively monitors multiple wireless channels in parallel in the neighborhood and uses a state machine model to characterize and detect the attacks. In particular, we develop a state machine model for grouping Wi-Fi handshake packets and then perform deep packet inspection to identify the symptoms of the anomaly in specific stages of a handshake session. Our implementation of CheckShake does not require any modification to the firmware of the client or the access point or the COTS devices, it only requires to be physically placed within the range of the access point and its clients. We use both the publicly available dataset and our own data set for performance analysis of CheckShake. Using gradient boosting-based supervised machine learning models, we show that an accuracy around 93.39% and a false positive rate of 5.08% can be achieved using CheckShak

A PUF-based Secure Communication Protocol for IoT

Security features are of paramount importance for IoT, and implementations are challenging given the resource-constrained IoT set-up. We have developed a lightweight identity-based cryptosystem suitable for IoT, to enable secure authentication and message exchange among the devices. Our scheme employs Physically Unclonable Function (PUF), to generate the public identity of each device, which is used as the public key for each device for message encryption. We have provided formal proofs of security in the Session Key security and Universally Composable Framework of the proposed protocol, which demonstrates the resilience of the scheme against passive as well as active attacks. We have demonstrated the set up required for the protocol implementation and shown that the proposed protocol implementation incurs low hardware and software overhead

Open Sesame: A Novel Non-SAT-Attack against CAS-Lock

CAS-Lock (proposed in CHES2020), is an advanced logic locking technique that harnesses the concept of single-point function in providing SAT-attack resiliency. It is claimed to be powerful and efficient enough in mitigating state-of-the-art attacks against logic locking techniques. Despite the security robustness of CAS-Lock as claimed by the authors, we expose a serious vulnerability by exploiting the same and device a novel attack algorithm. The proposed attack can reveal the correct key by extracting the Distinguishing Input Patterns (DIPs) pertaining to a carefully chosen key simulation of the locked design. The correct key is obtained from the combination of elements from the set of extracted DIPs. Our attack is successful against various AND/OR cascaded-chain configurations of CAS-Lock and reports a 100% success rate in recovering the correct key

Physically Related Functions: A New Paradigm for Light-weight Key-Exchange

In this paper, we propose a novel concept named Physically Related Function(PReF) which are devices with hardware roots of trust. It enables secure key-exchange with no pre-established/embedded secret keys. This work is motivated by the need to perform key-exchange between lightweight resource-constrained devices. We present a proof-of-concept realization of our contributions in hardware using FPGAs

A Tale of Twin Primitives: Single-chip Solution for PUFs and TRNGs

Physically Unclonable Functions (PUFs) and True Random Number Generators (TRNGs) are two highly useful hardware primitives to build up the root-of-trust for an embedded device. PUFs are designed to offer repetitive and instance-specific randomness, whereas TRNGs are expected to be invariably random. In this paper, we present a dual-mode PUF-TRNG design that utilises two different hardware-intrinsic properties, i.e. oscillation frequency of the Transition Effect Ring Oscillator (TERO) cell and the propagation delay of a buffer within the cell to serve the purpose of both PUF and TRNG depending on the exact requirement of the application. The PUF design is also proposed to have a built-in resistance to machine learning (ML) and deep learning (DL) attacks, whereas the TRNG exhibits sufficient randomness

Exploiting Safe Error based Leakage of RFID Authentication Protocol using Hardware Trojan Horse

Radio-Frequency Identification tags are used for several applications requiring authentication mechanisms, which if subverted can lead to dire consequences. Many of these devices are based on low-cost Integrated Circuits which are designed in off-shore fabrication facilities and thus raising concerns about their trust. Recently, a lightweight entity authentication protocol called LCMQ was proposed, which is based on Learning Parity with Noise, Circulant Matrix, and Multivariate Quadratic problems. This protocol was proven to be secure against Man-in-the-middle attack and cipher-text only attacks. In this paper, we show that in the standard setting, although the authentication uses two $m$ bit keys, $\mathbf{K_1}$ and $\mathbf{K_2}$, knowledge of only $\mathbf{K_2}$ is sufficient to forge the authentication. Based on this observation, we design a stealthy malicious modification to the circuitry based on the idea of Safe-errors to leak $\mathbf{K_2}$ and thus can be used to forge the entire authentication mechanism. We develop a Field Programmable Gate Array prototype of the design which is extremely lightweight and can be implemented using four Lookup tables