Berk Sunar

Trojan Detection using IC Fingerprinting

Hardware manufacturers are increasingly outsourcing their IC fabrication work overseas due to their much lower cost structure. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication. We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling to construct a set of fingerprints/or an IC family utilizing side- channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints. We describe the theoretical framework and present preliminary experimental results to show that this approach is viable by presenting results obtained by using power simulations performed on representative circuits with several different Trojan circuitry. These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques. While scaling our technique to detect even smaller Trojans in complex ICs with tens or hundreds of millions of transistors would require certain modifications to the IC design process, our results provide a starting point to address this important problem.

A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks

This paper is a contribution to the theory of true random number generators based on sampling phase jitter in oscillator rings. After discussing several misconceptions and apparently insurmountable obstacles, we propose a general model which, under mild assumptions, will generate provably random bits with some tolerance to adversarial manipulation and running in the megabit-per-second range. A key idea throughout the paper is the fill rate, which measures the fraction of the time domain in which the analog output signal is arguably random. Our study shows that an exponential increase in the number of oscillators is required to obtain a constant factor improvement in the fill rate. Yet, we overcome this problem by introducing a postprocessing step which consists of an application of an appropriate resilient function. These allow the designer to extract random samples only from a signal with only moderate fill rate and, therefore, many fewer oscillators than in other designs. Last, we develop fault-attack models and we employ the properties of resilient functions to withstand such attacks. All of our analysis is based on rigorous methods, enabling us to develop a framework in which we accurately quantify the performance and the degree of resilience of the design

Public key cryptography in sensor networks—revisited

The common perception of public key cryptography is that it is complex, slow and power hungry, and as such not at all suitable for use in ultra-low power environments like wireless sensor networks. It is therefore common practice to emulate the asymmetry of traditional public key based cryptographic services through a set of protocols [1] using symmetric key based message authentication codes (MACs). Although the low computational complexity of MACs is advantageous, the protocol layer requires time synchronization between devices on the network and a significant amount of overhead for communication and temporary storage. The requirement for a general purpose CPU to implement these protocols as well as their complexity makes them prone to vulnerabilities and practically eliminates all the advantages of using symmetric key techniques in the first place. In this paper we challenge the basic assumptions about public key cryptography in sensor networks which are based on a traditional software based approach. We propose a custom hardware assisted approach for which we claim that it makes public key cryptography feasible in such environments, provided we use the right selection of algorithms and associated parameters, careful optimization, and low-power design techniques. In order to validate our claim we present proof of concept implementations of two different algorithms—Rabin’s Scheme and NtruEncrypt—and analyze their architecture and performance according to various established metrics like power consumption, area, delay, throughput, level of security and energy per bit. Our implementation of NtruEncrypt in ASIC standard cell logic uses no more than 3,000 gates with an average power consumption of less than 20 μW. We envision that our public key core would be embedded into a light-weight sensor node architecture.

Low-complexity bit-parallel canonical and normal basis multipliers for a class of finite fields

We present a new low-complexity bit-parallel canonical basis multiplier for the field GF(2m) generated by an all-one-polynomial. The proposed canonical basis multiplier requires m/sup 2/-1 XOR gates and m/sup 2/ AND gates. We also extend this canonical basis multiplier to obtain a new bit-parallel normal basis multiplier.

Mastrovito multiplier for all trinomials

An efficient algorithm for the multiplication in GF(2/sup m/) was introduced by Mastrovito. The space complexity of the Mastrovito multiplier for the irreducible trinomial x/sup m/+x+1 was given as m/sup 2/-1 XOR and m/sup 2/ AND gales. In this paper, we describe an architecture based on a new formulation of the multiplication matrix and show that the Mastrovito multiplier for the generating trinomial x/sup m/+x/sup n/+1, where m/spl ne/2n, also requires m/sup 2/-1 XOR and m/sup 2/ AND gates, However, m/sup 2/-x/sup m/2/ XOR gates are sufficient when the generating trinomial is of the form x/sup m/+x/sup m/2/+1 for an even m. We also calculate the time complexity of the proposed Mastrovito multiplier and give design examples for the irreducible trinomials x/sup 7/+x/sup 4/+1 and x/sup 6/+x/sup 3/+1.

An efficient optimal normal basis type II multiplier

This paper presents a new parallel multiplier for the Galois field GF(2/sup m/) whose elements are represented using the optimal normal basis of type II. The proposed multiplier requires 1.5(m/sup 2/-m) XOR gates, as compared to 2(m/sup 2/-m) XOR gates required by the Massey-Omura multiplier. The time complexities of the proposed and the Massey-Omura multipliers are similar.

Energy comparison of AES and SHA-1 for ubiquitous computing

Wireless sensor networks and Radio Frequency Identifiers are becoming mainstream applications of ubiquitous computing. They are slowly being integrated into our infrastructure and therefore must incorporate a certain level of security. However, both applications are severely resource constrained. Energy scavenger powered sensor nodes and current RFID tags provide only 20 μ W to 50 μ W of power to the digital component of their circuits. This makes complex cryptography a luxury. In this paper we present a novel ultra-low power SHA-1 design and an energy efficient ultra-low power AES design. Both consume less than 30 μ W of power and can therefore be used to provide the basic security services of encryption and authentication. Furthermore, we analyze their energy consumption based on the TinySec protocol and come to the somewhat surprising result, that SHA-1 based authentication and encryption is more energy efficient than using AES for payload sizes of 17 bytes or larger.

S

The cloud computing infrastructure relies on virtualized servers that provide isolation across guest OSs through sand boxing. This isolation was demonstrated to be imperfect in past work which exploited hardware level information leakages to gain access to sensitive information across co-located virtual machines (VMs). In response virtualization companies and cloud services providers have disabled features such as deduplication to prevent such attacks. In this work, we introduce a fine-grain cross-core cache attack that exploits access time variations on the last level cache. The attack exploits huge pages to work across VM boundaries without requiring deduplication. No configuration changes on the victim OS are needed, making the attack quite viable. Furthermore, only machine co-location is required, while the target and victim OS can still reside on different cores of the machine. Our new attack is a variation of the prime and probe cache attack whose applicability at the time is limited to L1 cache. In contrast, our attack works in the spirit of the flush and reload attack targeting the shared L3 cache instead. Indeed, by adjusting the huge page size our attack can be customized to work virtually at any cache level/size. We demonstrate the viability of the attack by targeting an Open SSL1.0.1f implementation of AES. The attack recovers AES keys in the cross-VM setting on Xen 4.1 with deduplication disabled, being only slightly less efficient than the flush and reload attack. Given that huge pages are a standard feature enabled in the memory management unit of OSs and that besides co-location no additional assumptions are needed, the attack we present poses a significant risk to existing cloud servers.

A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES

Low cost devices such as RFIDs, sensor network nodes, and smartcards are crucial for building the next generation pervasive and ubiquitous networks. The inherent power and footprint limitations of such networks, prevent us from employing standard cryptographic techniques for authentication which were originally designed to secure high end systems with abundant power. Furthermore, the sharp increase in the number, diversity and strength of physical attacks which directly target the implementation may have devastating consequences in a network setting creating a single point of failure. A compromised node may leak a master key, or may give the attacker an opportunity for injecting faulty messages. In this paper we present a lightweight challenge response authentication scheme based on noisy physical unclonable functions (PUF) that allows for extremely efficient implementations. Furthermore, the inherent properties of PUFs provide cryptographically strong tamper resilience. In a network setting this means that a tampered device will no longer authenticate and in a sense will be isolated from the network.

Towards Robust Low Cost Authentication for Pervasive Devices

Physical attacks on cryptographic implementations and devices have become crucial. In this context a recent line of research on a new class of side-channel attacks, called memory attacks , has received increasingly more attention. These attacks allow an adversary to measure a significant fraction of secret key bits directly from memory, independent of any computational side-channels. Physically Unclonable Functions (PUFs) represent a promising new technology that allows to store secrets in a tamper-evident and unclonable manner. PUFs enjoy their security from physical structures at submicron level and are very useful primitives to protect against memory attacks. In this paper we aim at making the first step towards combining and binding algorithmic properties of cryptographic schemes with physical structure of the underlying hardware by means of PUFs. We introduce a new cryptographic primitive based on PUFs, which we call PUF-PRFs. These primitives can be used as a source of randomness like pseudorandom functions (PRFs). We construct a block cipher based on PUF-PRFs that allows simultaneous protection against algorithmic and physical attackers, in particular against memory attacks. While PUF-PRFs in general differ in some aspects from traditional PRFs, we show a concrete instantiation based on established SRAM technology that closes these gaps.