Bodhisatwa Mazumdar

SARLock: SAT attack resistant logic locking

Logic locking is an Intellectual Property (IP) protection technique that thwarts IP piracy, hardware Trojans, reverse engineering, and IC overproduction. Researchers have taken multiple attempts in breaking logic locking techniques and recovering its secret key. A Boolean Satisfiability (SAT) based attack has been recently presented that breaks all the existing combinational logic locking techniques. In this paper, we develop a lightweight countermeasure against this and other attacks that aim at gradually pruning the key search space. Our proposed logic locking technique, referred to as SARLock, maximizes the required number of distinguishing input patterns to recover the secret key. SARLock thwarts the SAT attack by rendering the attack effort exponential in the number of bits in the secret key, while its overhead grows only linearly.

CamoPerturb: secure IC camouflaging for minterm protection

Integrated circuit (IC) camouflaging is a layout-level technique that thwarts reverse engineering attacks on ICs by introducing camouflaged cells that look alike, but can implement one of many possible Boolean functions. Existing camouflaging techniques have been broken by a recent decamouflaging attack, which uses Boolean satisfiability (SAT) techniques to compute specialized discriminating input patterns that prune the functionality search space quickly. This paper presents CamoPerturb, a countermeasure to thwart the decamouflaging attack by integrating logic perturbation with IC camouflaging. CamoPerturb, contrary to all the existing camouflaging schemes, perturbs the functionality of the given design minimally, i.e., adds/removes one minterm, rather than camouflaging the design. A separate camouflaged block CamoFix restores the perturbed minterm, recovering the functionality of the design. The perturbed minterm is the designers secret and is incorporated into CamoFix using camouflaged cells. CamoPerturb renders the decamouflaging attack effort exponentially harder in the number of camouflaged gates while its overhead grows linearly. The paper presents formal proofs for the security of CamoPerturb along with experimental results.

Security analysis of Anti-SAT

Logic encryption protects integrated circuits (ICs) against intellectual property (IP) piracy and overbuilding attacks by encrypting the IC with a key. A Boolean satisfiability (SAT) based attack breaks all existing logic encryption technique within few hours. Recently, a defense mechanism known as Anti-SAT was presented that protects against SAT attack, by rendering the SAT-attack effort exponential in terms of the number of key gates. In this paper, we highlight the vulnerabilities of Anti-SAT and propose signal probability skew (SPS) attack against Anti-SAT block. SPS attack leverages the structural traces in Anti-SAT block to identify and isolate Anti-SAT block. The attack is 100% successful on all variants of Anti-SAT block. SPS attack is scalable to large circuits, as it breaks circuits with up to 22K gates within two minutes.

Design and implementation of rotation symmetric S-boxes with high nonlinearity and high DPA resilience

In this paper we propose a construction and implementation for a class of rotation-symmetric S-boxes (RSSBs) with good cryptographic properties and improved DPA resilience. The S-boxes are constructed from rotation symmetric Boolean functions (RSBFs) and these RSBFs were searched to avoid any fixed points in the RSSB maps. In literature, search of RSSBs included those consisting of fixed points which is considered to be a weakness in the S-box constructions. We present some new properties of RSSBs and find that the search space of RSSBs with fixed points is of exponential order. We also present the hardware architecture of the RSSBs with no fixed points and the corresponding implementations on Xilinx Virtex-5 FPGA device on SASEBO-GII development board and perform a correlation analysis DPA of AES which include these RSSBs. The RSSBs from the proposed class when incorporated in AES, required more power traces compared to the AES containing Rijndael S-box which indicates that the DPA resilience of the proposed RSSBs is higher than that of the AES Rijndael S-box. Also we present the correlation analysis DPA results on the look-up table, distributed memory and block memory based implementations of some of the RSSBs from the proposed class and compare the results with those of the respective implementations of AES-128 Rijndael S-box.

Modified Transparency Order Property: Solution or Just Another Attempt

S-boxes are usual targets of side-channel attacks and it is an open problem to develop design techniques for S-boxes with improved DPA resistance. One result along that line is the transparency order, a property that attempts to characterize the resilience of S-boxes against DPA attacks. Recently, it was shown there exist flaws with the original definition of transparency, which resulted in the new definition - modified transparency order. This paper develops techniques for constructions using the modified transparency as a guiding metric. For the 4×4 size, we significantly improve modified transparency order while remaining in the optimal classes. Experimental results are provided assuming a noisy HW leakage model to show the proposed S-boxes are more resistant than the original one of the PRESENT algorithm. We conclude with reports on 4×4 and 8×8 S-boxes where the results indicate that the modified transparency order could be a more useful metric than the transparency order. However, both measures are far from definitive solution on how to improve the DPA resistance.

Design for Security of Block Cipher S-Boxes to Resist Differential Power Attacks

This paper proposes an S-box construction of AES-128 block cipher which is more robust to differential power analysis (DPA) attacks than that of AES-128 implemented with Rijndael S-box while having similar cryptographic properties. The proposed S-box avoids use of countermeasures for thwarting DPA attacks thus consuming lesser area and power in the embedded hardware and still being more DPA resistive compared to Rijndael S-box. The design has been prototyped on Xilinx FPGA Spartan device XC3S400-4PQ208 and the power traces of the two different running AES-128 algorithms with the proposed and Rijndael S-boxes have been analyzed separately. The experimental results of the FPGA implementations show a lesser gate count consumption and increased throughput for the AES-128 with proposed S-box as that when implemented with Rijndael S-box on the same FPGA device. The requirement of higher number of power traces to perform DPA analysis on AES-128 with RAIN S-box as compared to that implemented with Rijndael S-box is an experimental validation of the theoretical claim of lower transparency order computed for RAIN S-box as being more DPA resistant than that of Rijndael S-box.

Security analysis of logic encryption against the most effective side-channel attack: DPA

Logic encryption has recently gained interest as a countermeasure against IP piracy and reverse engineering attacks. A secret key is used to lock/encrypt an IC such that the IC will not be functional without being activated with the correct key. Existing attacks against logic encryption are of theoretical and/or algorithmic nature. In this paper, we evaluate for the first time the security of logic encryption against side-channel attacks. We present a differential power analysis attack against random and strong logic encryption techniques. The proposed attack is highly effective against random logic encryption, revealing more than 70% of the key bits correctly in 50% of the circuits. However, in the case of strong logic encryption, which exhibits an inherent DPA-resistance, the attack could reveal more than 50% of the key bits in only 25% of the circuits.

Removal Attacks on Logic Locking and Camouflaging Techniques

With the adoption of a globalized and distributed IC design flow, IP piracy, reverse engineering, and counterfeiting threats are becoming more prevalent. Logic obfuscation techniques including logic locking and IC camouflaging have been developed to address these emergent challenges. A major challenge for logic locking and camouflaging techniques is to resist Boolean satisfiability (SAT) based attacks that can circumvent state-of-the-art solutions within minutes. Over the past year, multiple SAT attack resilient solutions such as Anti-SAT and AND-tree insertion (ATI) have been presented. In this paper, we perform a security analysis of these countermeasures and show that they leave structural traces behind in their attempts to thwart the SAT attack. We present three attacks, namely “signal probability skew” (SPS) attack, “AppSAT guided removal (AGR) attack, and “sensitization guided SAT” (SGS) attack”, that can break Anti-SAT and ATI, within minutes.

Power analysis attacks on ARX: An application to Salsa20

In this paper, we analyze the vulnerability of Salsa20 stream cipher against power analysis attacks, especially against correlation power analysis (CPA), which is the strongest form of power analysis attacks. In recent literature, a rigorous study of optimal differential characteristics is presented, but an analysis of the resistance of the cipher against power analysis side-channel attacks remains absent. Our technique targets the three subrounds of the first round of Salsa20. The overall correlation based differential power analysis (DPA) has an attack complexity of 219. From extensive experiments on a reduced area implementation of Salsa20, we demonstrate that two key words k0, k7 of a block in Salsa20 are extremely vulnerable to CPA while a combination of two key words k2, k4 produced a very low success rate of 0.2, which shows a high resilience against correlation-analysis DPA. This varying resilience of the key words towards correlation-analysis DPA has not been observed in any stream or block cipher in present literature, which makes the architecture of this stream cipher interesting from the side-channel analysis perspective.

Construction of Rotation Symmetric S-Boxes with High Nonlinearity and Improved DPA Resistivity

In this paper, we provide an n × n bijective rotation symmetric S-box (RSSB) construction with improved resistance to differential power analysis (DPA) using rotation-symmetric Boolean functions (RSBFs). The RSSB class is generated from an instance of a proposed RSSB construction and then iteratively applying a simulated annealing algorithm in the respective neighborhood of the RSSB followed by a hill climbing algorithm to obtain a good tradeoff of cryptographic properties. The constructed 8 × 8 RSSBs have a nonlinearity of 102 and transparency order value 7.709 whereas the Rijndael S-box has a higher transparency order of 7.86. The evaluation of security metric called guessing entropy on the constructed RSSBs shows that a side-channel adversary requires more effort to exploit information leakage from the simulated power traces. In comparison to Rijndael S-box, the correlation based DPA on RSSBs which when incorporated in AES-128, shows requirement of significantly more power traces when implemented on Xilinx Virtex-5 FPGA device on SASEBO-GII development board. While the distributed memory and block memory implementations of the Rijndael S-box required 500 and 2,000 power traces to extract the last round key, our proposed RSSBs required 2,000 and 12,000 power traces respectively.