Deniz Karakoyunlu

Trojan Detection using IC Fingerprinting

Hardware manufacturers are increasingly outsourcing their IC fabrication work overseas due to their much lower cost structure. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication. We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling to construct a set of fingerprints/or an IC family utilizing side- channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints. We describe the theoretical framework and present preliminary experimental results to show that this approach is viable by presenting results obtained by using power simulations performed on representative circuits with several different Trojan circuitry. These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques. While scaling our technique to detect even smaller Trojans in complex ICs with tens or hundreds of millions of transistors would require certain modifications to the IC design process, our results provide a starting point to address this important problem.

Differential template attacks on PUF enabled cryptographic devices

In this paper we provide the first practical attacks on software implementations of fuzzy extractors (FEs). The significance of these attacks stem from the fact that FEs are becoming an essential building block in the implementations of physical unclonable function (PUF) enabled devices. In fact, almost every single implementation of PUFs heavily relies on using a FE. Our attacks exploit the information leaked through the power side-channel in the initial stages of error correction and can be used to recover the FE input which would essentially mean cloning the PUF device. More specifically, our attacks target the initial step in the syndrome decoding phase of BCH and Reed-Solomon (RS) decoder implementations where the input (PUF response) is read. We report two attacks: a simple power analysis (SPA) attack where we make use of conditional checks in a naive implementation to recover the PUF response by simply observing time shifts in the power consumption profile. In our second attack, we assume all conditional executions are removed making the device secure against SPA attacks. Instead, we mount a new kind of template attack on a two instruction sequence to recover the FE input (or PUF output).

Improving the Robustness of Ring Oscillator TRNGs

A ring oscillator-based true-random number generator design (Rings design) was introduced in Sunar et al. [2007]. The design was rigorously analyzed under a simple mathematical model and its performance characteristics were established. In this article we focus on the practical aspects of the Rings design on a reconfigurable logic platform and determine their implications on the earlier analysis framework. We make recommendations for avoiding pitfalls in real-life implementations by considering ring interaction, transistor-level effects, narrow signal rejection, transmission line attenuation, and sampler bias. Furthermore, we present experimental results showing that changing operating conditions such as the power supply voltage or the operating temperature may affect the output quality when the signal is subsampled. Hence, an attacker may shift the operating point via a simple noninvasive influence and easily bias the TRNG output. Finally, we propose modifications to the design which significantly improve its robustness against attacks, alleviate implementation-related problems, and simultaneously improve its area, throughput, and power performance.

Efficient and side-channel-aware implementations of elliptic curve cryptosystems over prime fields

Elliptic curve cryptosystems (ECCs) are utilised as an alternative to traditional public-key cryptosystems, and are more suitable for resource-limited environments because of smaller parameter size. In this study, the authors carry out a thorough investigation of side-channel attack aware ECC implementations over finite fields of prime characteristic including the recently introduced Edwards formulation of elliptic curves. The Edwards formulation of elliptic curves is promising in performance with built-in resiliency against simple side-channel attacks. To our knowledge the authors present the first hardware implementation for the Edwards formulation of elliptic curves. The authors also propose a technique to apply non-adjacent form (NAF) scalar multiplication algorithm with side-channel security using the Edwards formulation. In addition, the authors implement Joyes highly regular add-always scalar multiplication algorithm both with the Weierstrass and Edwards formulation of elliptic curves. Our results show that the Edwards formulation allows increased area-time performance with projective coordinates. However, the Weierstrass formulation with affine coordinates results in the simplest architecture, and therefore has the best area-time performance as long as an efficient modular divider is available.

An emerging threat: eve meets a robot

In this work, we study the emerging security threats in a quickly proliferating field: robotics. The next generation robots embody most of the networking and computing components we normally use for everyday computing. Thus, the next generation robots virtually inherit all of the security weaknesses we are struggling with today. To make things worse, vulnerabilities in robots are much more significant, as they physically interact with their surroundings which include human beings. In this paper, we first provide a classification of potential physical attacks on robots. In addition, we outline a concrete active attack and propose a countermeasure.

Non-linear error detection for elliptic curve cryptosystems

The authors propose applying systematic non-linear error-detection codes to protect elliptic curve point addition and doubling operations against active fault attacks. These codes provide nearly perfect error-detection capability (except with exponentially small probability) at reasonable overhead. The proposed technique is applied to secure point addition and doubling operations for both Weierstrass and Edwards curves using different coordinate systems (i.e. affine and projective). The authors observe that the Weierstrass-based elliptic curve systems can be protected with reasonable area overhead. However, due to its balanced normal form, Edwards formulation is more appropriate for the non-linear error-detection technique proposed here. In addition, the proposed technique is compared with the method discussed by Gaubatz et al. (2006), where an error-detection technique is proposed for robust public key arithmetic. When compared with their method, the proposed technique provides approximately the same level of security with much less overhead. For Edwards curves, the overhead of the proposed scheme is less than half (42–46%) of the overhead of scheme proposed by Gaubatz et al. (2006). In addition, the overhead of the proposed scheme is 52–81% of the overhead of scheme proposed by Gaubatz et al. (2006) for different versions of the Weierstrass curves.