Jaya Dofe

Hardware Security Threats and Potential Countermeasures in Emerging 3D ICs

New hardware security threats are identified in emerging three-dimensional (3D) integrated circuits (ICs) and potential counter-measures are introduced. Trigger and payload mechanisms for future 3D hardware Trojans are predicted. Furthermore, a novel, network-on-chip based 3D obfuscation method is proposed to block the direct communication between two commercial dies in a 3D structure, thus thwarting reverse engineering attacks on the vertical dimension. Simulation results demonstrate that the proposed method effectively obfuscates the cross-plane communication by increasing the reverse engineering time by approximately 5× as compared to using direct through silicon via (TSV) connections. The proposed method consumes approximately one fifth the area and power of a typical network-on-chip designed in a 65 nm technology, exhibiting limited overhead.

Assessing CPA resistance of AES with different fault tolerance mechanisms

Countermeasures for Advanced Encryption Standard (AES) to thwart side-channel attack and fault attack are typically investigated in a separate fashion. There is lack of thorough investigation on how one countermeasure specifically for one attack affects the efficiency of another attack. In this work, we consider three different fault detection (FD) methods - double modular redundancy (DMR), inverse function (inverse), and even parity check code (parity). We perform FPGA-based systematic analysis to investigate the impact of FD schemes on the correlation power analysis (CPA) resistance of a complete AES implementation. Moreover, the power model used in the existing work is Hamming weight rather than the powerful Hamming distance one. Our experimental results show that, in some scenarios, the use of fault detection mechanisms in AES improves the resistance against CPA. For instance, applying a parity FD to the AESs S-Box makes it harder to retrieve the key than the case without any FD protection.

Hardware security assurance in emerging IoT applications

The Internet of Things (IoT) offers a more advanced service than a single device or an isolated system, as IoT connects diverse components, such as sensors, actuators, and embedded devices through the internet. As predicted by Cisco, there will be 50 billion IoT connected devices by 2020. Integration of such a tremendous number of devices into IoT potentially brings in a new concern, system security. In this work, we review two typical hardware attacks that can harm the emerging IoT applications. As IoT devices typically have limited computation power and need to be energy efficient, sophisticated cryptographic algorithms and authentication protocols are not suitable for every IoT device. To simultaneously thwart hardware Trojan and side-channel analysis attacks, we propose a low-cost dynamic permutation method for IoT devices. Experimental results show that the proposed method achieves 5.8X higher accumulated partial guessing entropy than the baseline, thus strengthening the IoT processing unit against hardware attacks.

Efficient hardware trojan detection with differential cascade voltage switch logic

Offshore fabrication, assembling and packaging challenge chip security, as original chip designs may be tampered by malicious insertions, known as hardware Trojans (HTs). HT detection is imperative to guarantee the chip performance and safety. Existing HT detection methods have limited capability to detect small-scale HTs and are further challenged by the increased process variation. To increase HT detection sensitivity and reduce chip authorization time, we propose to exploit the inherent feature of differential cascade voltage switch logic (DCVSL) to detect HTs at runtime. In normal operation, a system implemented with DCVSL always produces complementary logic values in internal nets and final outputs. Noncomplementary values on inputs and internal nets in DCVSL systems potentially result in abnormal power behavior and even system failures. By examining special power characteristics of DCVSL systems upon HT insertion, we can detect HTs, even if the HT size is small. Simulation results show that the proposed method achieves up to 100% HT detection rate. The evaluation on ISCAS benchmark circuits shows that the proposed method obtains a HT detection rate in the range of 66% to 98%.

Fault-tolerant methods for a new lightweight cipher SIMON

We propose three fault-tolerant methods for a new lightweight block cipher SIMON, which has the potential to be a hardware-efficient security primitive for embedded systems. As a single fault in the encryption (decryption) process can completely change the ciphertext (received plaintext), it is critical to ensure the reliability of encryption and decryption modules. We explore double-modular redundancy (DMR), reverse function, and a parity check code combined with a non-linear compensation function (EPC) to detect faults in SIMON. The proposed fault-tolerant methods were implemented in iterative and pipelined SIMON architectures. The corresponding hardware cost, power consumption, and fault detection failure rate were assessed. Simulation results show that EPC-SIMON consumes less area and power than DMR-SIMON and Reversed-SIMON but yields a higher fault detection failure rate as the number of concurrent faults increases. Moreover, our experiments show that the impact of fault location on the fault-detection failure rates for different methods is not consistent.

Strengthening SIMON Implementation Against Intelligent Fault Attacks

Driven by malicious intent, attackers are impelled to extract the cipher key and thus compromise the cryptosystem through fault attacks. Existing fault-detection methods can effectively detect random faults in the cipher implementation, but yield a high fault bypass rate (FBR) under intelligent fault attacks. To address this limitation, we propose a new microarchitecture to thwart fault attacks that place mathematically symmetric faults on the two encryption data paths. To further reduce the FBR for a new lightweight cipher SIMON, we propose a new countermeasure that integrates operand permutation and masking techniques. Closed-form expressions for depermutation and demasking in SIMON are provided in this letter. Our method was assessed under two fault attack scenarios (random and symmetric fault injections) with bit-flip, stuck-at-0, and stuck-at-1 fault models. Simulation results show that our method minimizes the FBR to zero with the fault attack scenarios of symmetric fault location and stuck-at-0 fault injections. Overall, the proposed method outperforms the existing fault-detection methods in multiple fault attack conditions, at the cost of 5% more area overhead than the most hardware-efficient fault detection method.

Impact of Power Distribution Network on Power Analysis Attacks in Three-Dimensional Integrated Circuits

Correlation power analysis (CPA) attacks on the hardware implementation of cryptographic algorithms can retrieve the cipher key by analyzing the correlation between hypothesized keys and the power measurement of that crypto hardware. The existing CPA attacks and the countermeasures are mainly for two-dimensional (2D) integrated circuits (ICs). There is a lack of study on CPA in the context of three dimensional(3D) ICs. To fill in this gap, this work investigates the impact of a 3D power distribution network (PDN) on the efficiency of CPA mounted on a cryptographic module, which is in one of the 3D planes. The Pearson correlation coefficient is used as a metric to assess the impact of different PDN types, circuit loads, and switching activities of the neighboring planes on the CPA efficiency.

Exploiting hardware obfuscation methods to prevent and detect hardware Trojans

Due to the globalized semiconductor supply chain, integrated circuits suffer from hardware security attacks. Among various attacks, hardware Trojan insertions have emerged as a major security concern. An adversary modifies the original circuit to accomplish the malicious intentions through the hardware Trojan. Hardware obfuscation has been demonstrated as a promising technique to strengthen hardware implementation against hardware Trojan insertion in the late stage of the supply chain. This work reviews the state-of-the-art hardware obfuscation methods, with the special emphasis on the corresponding efforts made for hardware Trojan prevention and detection. Furthermore, we summarize the evaluation metrics utilized in literature to assess the effectiveness of hardware obfuscation methods. Future directions for hardware obfuscation against hardware Trojans are discussed in this work, as well.

Hardware Hardening Approaches Using Camouflaging, Encryption, and Obfuscation

Due to the trend of globalized semiconductor supply chain, integrated circuits (IC) and hardware intellectual property (IP) are prone to serious security threats such as reverse engineering and IP piracy. In addition to the post-fabrication authentication techniques (e.g., IP metering), various hardware hardening approaches have emerged to resist reverse engineering and IP piracy. This chapter reviews three representable security hardening approaches—camouflaging, logic encryption/locking, and design obfuscation—that are applied to ICs at layout, gate, and register transfer levels. Particularly, this chapter presents a dynamic state-deflection-based obfuscation method, which deflects the state transition from the original transition path to a black hole cluster if an invalid key is applied to the hardware IP. This obfuscation method can successfully thwart the reverse engineering attack that exploits the code analysis support from electronic design automation (EDA) tools. Furthermore, this chapter extends the idea of design obfuscation for two-dimensional IC to emerging three-dimensional (3D) IC design technology. The proposed method is based on the insertion of a Network-on-Chip (NoC)-based shielding plane between two commercial dies to build the secure 3D ICs without involvement of trustworthy foundries.

Exploiting PDN noise to thwart correlation power analysis attacks in 3D ICs

Three-dimensional (3D) integration is envisioned as a natural defense to thwart side-channel analysis (SCA) attacks. However, there lack extensive studies on the unique feature of 3D power distribution network (PDN) noise and its impact on the efficiency of SCA attacks in 3D chips. This work fills the gap. Our experiments based on the real PDN and through-silicon via (TSV) models indicate that the noise from the other 3D planes is additive, which can significantly change the power profile of the crytpo unit in a 3D chip. We exploit the cross-plane PDN noise to develop a new countermeasure against the correlation power analysis (CPA) attacks in 3D integrated circuits (ICs). Simulation results show that the proposed method successfully improves the system resilience against CPA attacks and enhances the correlation difference by 29.1% and 18.7% over 2D and 3D baseline, respectively.