61 research outputs found
An End-to-End Bitstream Tamper Attack Against Flip-Chip FPGAs
FPGA bitstream encryption and authentication can be defeated by various techniques and it is critical to understand how these vulnerabilities enable extraction and tampering of commercial FPGA bitstreams. We exploit the physical vulnerability of bitstream encryption keys to readout using failure analysis equipment and conduct an end-to-end bitstream tamper attack. Our work underscores the feasibility of supply chain bitstream tampering and the necessity of guarding against such attacks in critical systems
SoC Security Properties and Rules
A system-on-chip (SoC) security can be weakened by exploiting the potential vulnerabilities of the
intellectual property (IP) cores used to implement the
design and interaction among the IPs. These vulnerabilities
not only increase the security verification effort but also
can increase design complexity and time-to-market. The
design and verification engineers should be knowledgeable about potential vulnerabilities and threat models at
the early SoC design life cycle to protect their designs
from potential attacks. However, currently, there is no
publicly available repository that can be used as a base
to develop such knowledge in practice. In this paper, we
develop ‘SoC Security Property/Rule Database’ and make
it available publicly to all researchers to facilitate and
extend security verification effort to address this need. The
database gathers a comprehensive security vulnerability
and property list. It also provides all the corresponding
design behavior that should be held in the design to
ensure such vulnerabilities do not exist. The database
contains 67 different vulnerability scenarios for which 105
corresponding security properties have been developed till
now. This paper reviews the existing database and presents
the methodologies we used to gather vulnerabilities and
develop such comprehensive security properties. Additionally, this paper discusses the challenges for security
verification and the utilization of this database to overcome
the research challenges
What is All the FaaS About? - Remote Exploitation of FPGA-as-a-Service Platforms
Field Programmable Gate Arrays (FPGAs) used as hardware accelerators in the cloud domain allow end-users to accelerate their custom applications while ensuring minimal dynamic power consumption. Cloud infrastructures aim to maximize profit by achieving optimized resource sharing among its cloud users. However, the FPGAs\u27 reconfigurable nature poses unique security and privacy challenges in a shared cloud environment. In this paper, we aim to understand the interactions between FPGA and the host servers on the cloud to analyze FaaS platforms\u27 security. We propose a vulnerability taxonomy based on the runtime attributes of the FaaS platforms. The taxonomy aims to assist the identification of critical sources of vulnerabilities in the platform in allowing focused security verification. We demonstrate the proof-of-concept by characterizing the potential source of vulnerabilities in the Stratix-10 FaaS platforms. We then focused on only one major source to perform more focused verification. The proof-of-concept is demonstrated by identifying the potential source of vulnerabilities in the Stratix-10 FaaS platforms. Then, to conduct more focused verification, we narrowed our focus to only one major source. It aided in the identification of several low-level software vulnerabilities. The discovered vulnerabilities could be remotely exploited to cause denial-of-service and information leakage attacks. The concerned entities have released software updates to address the vulnerabilities
Defeating CAS-Unlock
Recently, a logic locking approach termed `CAS-Lock\u27 was proposed to simultaneously counter Boolean satisfiability (SAT) and bypass attacks. The technique modifies the AND/OR tree structure in Anti-SAT to achieve non-trivial output corruptibility while maintaining resistance to both SAT and bypass attacks. An attack against CAS-Lock (dubbed `CAS-Unlock\u27) was also recently proposed on a naive implementation of CAS-Lock. It relies on setting key values to all 1\u27s or 0\u27s to break CAS-Lock. In this short paper, we evaluate this attack\u27s ineffectiveness and describe a misinterpretation of CAS-Lock\u27s implementation
LLM for SoC Security: A Paradigm Shift
As the ubiquity and complexity of system-on-chip (SoC) designs increase
across electronic devices, the task of incorporating security into an SoC
design flow poses significant challenges. Existing security solutions are
inadequate to provide effective verification of modern SoC designs due to their
limitations in scalability, comprehensiveness, and adaptability. On the other
hand, Large Language Models (LLMs) are celebrated for their remarkable success
in natural language understanding, advanced reasoning, and program synthesis
tasks. Recognizing an opportunity, our research delves into leveraging the
emergent capabilities of Generative Pre-trained Transformers (GPTs) to address
the existing gaps in SoC security, aiming for a more efficient, scalable, and
adaptable methodology. By integrating LLMs into the SoC security verification
paradigm, we open a new frontier of possibilities and challenges to ensure the
security of increasingly complex SoCs. This paper offers an in-depth analysis
of existing works, showcases practical case studies, demonstrates comprehensive
experiments, and provides useful promoting guidelines. We also present the
achievements, prospects, and challenges of employing LLM in different SoC
security verification tasks.Comment: 42 page
A Comprehensive Survey on Non-Invasive Fault Injection Attacks
Non-invasive fault injection attacks have emerged as significant threats to a spectrum of microelectronic systems ranging from commodity devices to high-end customized processors. Unlike their invasive counterparts, these attacks are more affordable and can exploit system vulnerabilities without altering the hardware physically. Furthermore, certain non-invasive fault injection strategies allow for remote vulnerability exploitation without the requirement of physical proximity. However, existing studies lack extensive investigation into these attacks across diverse target platforms, threat models, emerging attack strategies, assessment frameworks, and mitigation approaches. In this paper, we provide a comprehensive overview of contemporary research on non-invasive fault injection attacks. Our objective is to consolidate and scrutinize the various techniques, methodologies, target systems susceptible to the attacks, and existing mitigation mechanisms advanced by the research community. Besides, we categorize attack strategies based on several aspects, present a detailed comparison among the categories, and highlight research challenges with future direction. By underlining and discussing the landscape of cutting-edge, non-invasive fault injection, we hope more researchers, designers, and security professionals examine the attacks further and take such threats into consideration while developing effective countermeasures
- …