Mohammad Moradi Shahmiri; Bijan Alizadeh
Abstract
The growing popularity of the fabless manufacturing model and the resulting threats have increased the importance of Logic locking as a key-based method for intellectual property (IP) protection. Recently, machine learning (ML)-based attacks have broken most existing locks by exploiting structural traces ...
Read More
The growing popularity of the fabless manufacturing model and the resulting threats have increased the importance of Logic locking as a key-based method for intellectual property (IP) protection. Recently, machine learning (ML)-based attacks have broken most existing locks by exploiting structural traces or undoing optimizations that obfuscate them. A common limitation of these attacks, however, is their reliance on the correlation between the locked circuit structure and the correct key value. In this paper, we introduce structural fuzzing as a simple, nondeterministic, non-optimizing heuristic algorithm that can obfuscate the lock against learning-based attacks, preventing the attacker from predicting the key. We proceed to apply structural fuzzing to multiplexer-based logic locking and propose HyLock, a logic lock with improved resilience against learning-based attacks. In common benchmarks, when compared with a state of the art logic lock, there is on average a 17% decrease in the number of correctly predicted key bits.
Maryam Tabaeifard; Ali Jahanian
Abstract
Side-channel Analysis (SCA) attacks are effective methods for extracting encryption keys, and with deep learning (DL) techniques, much stronger attacks have been carried out on victim devices. However, carrying out this kind of attack is much more challenging in cross-device attacks when the profiling ...
Read More
Side-channel Analysis (SCA) attacks are effective methods for extracting encryption keys, and with deep learning (DL) techniques, much stronger attacks have been carried out on victim devices. However, carrying out this kind of attack is much more challenging in cross-device attacks when the profiling device and target device are similar but not the same, which can cause the attack to fail. We also reached this conclusion when using only DL-SCA attack on our cross-devise (Atmega microcontroller devices). Due to different processes that lead to significant device-to-device variations, the accuracy of the attack was, on average, only 23%. In this paper, we proposed a method for a real attack on cross-devices using pre-processing methods based on a combination of DL-based Autoencoder and Gaussian low-pass filter (GLPF). According to our analysis results, the accuracy of the attack using only deep learning-based Autoencoder increased to 70% on average, and it improved up to 82% by adding the GLPF technique. The results also showed that combining DL-based autoencoder and GLPF can lead to a successful attack with a maximum of 300 power traces from the victim device.
Mansoureh Labafniya; Shahram Etemadi Borujeni
Abstract
There are many different ways of securing FPGAs to prevent successful reverse engineering. One of the common forms is obfuscation methods. In this paper, we proposed an approach based on obfuscation to prevent FPGAs from successful reverse engineering and, as a result, Hardware Trojan Horses (HTHs) insertion. ...
Read More
There are many different ways of securing FPGAs to prevent successful reverse engineering. One of the common forms is obfuscation methods. In this paper, we proposed an approach based on obfuscation to prevent FPGAs from successful reverse engineering and, as a result, Hardware Trojan Horses (HTHs) insertion. Our obfuscation method is using ConFiGurable Look Up Tables (CFGLUTs). We suggest to insert CFGLUTs randomly or based on some optional parameters in the design. In this way, some parts of the design are on a secure memory, which contains the bitstream of the CFGLUTs so that the attacker does not have any access to it. We program the CFGLUTs in run-time to complete the bitstream of the FPGA and functionality of the design. If an attacker can reverse engineer the bitstream of the FPGA, he cannot detect the design because some part of it is composed of CFGLUTs, which their bitstream is on a secure memory. The first article uses CFGLUTs for securing FPGAs against HTHs insertion, which are results of reverse engineering. Our methods do not have any power and hardware overhead but 32 clock cycles time overhead.
Sh. Zamanzadeh; A. Jahanian
Abstract
Fab-less business model in semiconductor industry has led to serious concerns about trustworthy hardware. In untrusted foundries and manufacturing companies, submitted layout may be analyzed and reverse engineered to steal the information of a design or insert malicious Trojans. Understanding the netlist ...
Read More
Fab-less business model in semiconductor industry has led to serious concerns about trustworthy hardware. In untrusted foundries and manufacturing companies, submitted layout may be analyzed and reverse engineered to steal the information of a design or insert malicious Trojans. Understanding the netlist topology is the ultimate goal of the reverse engineering process. In this paper, we propose a netlist encryption mechanism to hide the interconnect topology inside an IC. Moreover, new special standard cells (Wire Scrambling cells) are designed to play the role of netlist encryption. Furthermore, a design ow is proposed to insert the WS-cells inside the netlist with the aim of maximum obfuscation and minimum overhead. It is worth noting that this mechanism is fully automated with no need to detail information of the functionality and structure of the design. Our proposed mechanism is implemented in an academic physical design framework (EduCAD). Experimental results show that reverse engineering can be hindered considerably in cost of negligible overheads by 23% in area, 3.25% in delay and 14.5% in total wire length. Reverse engineering is evaluated by brute-force attack, and the learned information is 0% and the Hamming distance is approximately 50%.
M. Vosoughi; A. Jahanian
Abstract
Nowadays, bulk of the designers prefer to outsource some parts of their design and fabrication process to the third-part companies due to the reliability problems, manufacturing cost and time-to-market limitations. In this situation, there are a lot of opportunities for malicious alterations by the off-shore ...
Read More
Nowadays, bulk of the designers prefer to outsource some parts of their design and fabrication process to the third-part companies due to the reliability problems, manufacturing cost and time-to-market limitations. In this situation, there are a lot of opportunities for malicious alterations by the off-shore companies. In this paper, we proposed a new placement algorithm that hinders the hardware Trojan insertion or simplifies the detection process in existence of Trojans. Experimental results show that the proposed placement improves the Trojan detectability of the attempted benchmarks against Trojan insertion more than 20% in reasonable cost in delay and wire length.