Frontiers in Hardware Security and Trust: Theory, design and practice (Materials, Circuits and Devices)

Cover
Contents
About the editors
Preface
Part I. Hardware security threats
1 IP/IC piracy threats of reversible circuits
1.1 Introduction
1.2 Reversible logic
1.2.1 Reversible circuits
1.2.2 Reversible synthesis
1.2.2.1 BDD-based synthesis
1.2.2.2 QMDD-based synthesis
1.2.2.3 ESOP-based synthesis
1.2.2.4 Transformation-based synthesis
1.2.3 Post-synthesis optimization
1.3 Motivation and threat model
1.3.1 Motivation
1.3.2 Threat model
1.4 IP/IC piracy attacks
1.4.1 Machine learning-based classification
1.4.2 De-synthesis of reversible circuits
1.5 Countermeasures
1.5.1 Insertion of redundant inputs/outputs
1.5.2 Insertion of redundant reversible gates
1.6 Summary
References
2 Improvements and recent updates of persistent fault analysis on block ciphers
2.1 Introduction
2.2 Related works
2.3 Persistent fault attack
2.3.1 Fault model
2.3.2 Core idea
2.3.3 Persistent fault analysis
2.3.4 Complexity analysis
2.3.5 Comparison with other fault analysis
2.3.5.1 Advantages
2.3.5.2 Disadvantages
2.4 PFA with multiple faults
2.5 Validation of PFA on AES-128
2.5.1 AES implementation
2.5.2 PFA on vulnerable S-box implementation (I1)
2.5.2.1 Attack result
2.5.2.2 Residual key entropy for different sample size
2.5.2.3 Sample size distributions for full key recovery
2.6 Defeating fault attack countermeasures with PFA
2.6.1 Countermeasures against fault attacks
2.6.2 PFA on S-box (I1) with NCO and ZVO
2.6.3 PFA on S-box (I1) with RCO
2.6.4 PFA on T-tables (I2) with RCO
2.6.5 Discussion
2.7 Case studies: breaking public implementation of masking schemes with single fault
2.7.1 General idea
2.7.2 Bytewise masking AES
2.7.3 Coron’s higher order masking of lookup tables [38]
2.7.4 Rivain and Prouff’s masking [18]
2.7.5 Software threshold [40]
2.8 Conclusion
References
3 Deployment of EMC techniques in design of IC chips for hardware security
3.1 Overview
3.2 EMC simulation technique
3.3 SC leakage analysis
3.4 Conclusion
Acknowledgments
References
Part II. Design for security
4 Hardware obfuscation for IP protection
4.1 Introduction
4.1.1 IP protection in globalized supply chain
4.1.2 IP infringement cases
4.1.3 Encryption and watermarking for IP protection
4.1.4 Hardware obfuscation
4.1.5 Difference from software obfuscation
4.1.6 Outline of the chapter
4.2 Threat models
4.2.1 Threat at different stages of the supply chain
4.2.1.1 Untrusted SoC developer/IC design house
4.2.1.2 Untrusted foundry
4.2.1.3 Untrusted end user
4.2.2 Comprehensive attack models
4.3 Hardware obfuscation techniques
4.3.1 Random insertion
4.3.2 Secure logic locking (SLL)
4.3.3 Logic cone size (CS) obfuscation
4.3.4 Binary decision diagram (BDD) obfuscation
4.3.5 Logic obfuscation for reconfigurable hardware
4.3.6 Finite state machine (FSM) obfuscation
4.4 Attacks on hardware obfuscation
4.4.1 Boolean satisfiability (SAT) attack
4.4.2 Key sensitization attack (KSA)
4.4.3 Structural analysis using machine learning attack (SAIL)
4.4.4 Constant propagation attack (SWEEP)
4.5 The trends of hardware obfuscation
4.5.1 Evolution of obfuscation research
4.5.1.1 Evolution of obfuscation techniques
4.5.1.2 Evolution of attacks on obfuscation
4.5.2 Evolution of obfuscation benchmarks
4.6 Future direction
4.6.1 Evaluation of security
4.6.2 Evaluation of performance and overheads
4.6.3 The future of hardware obfuscation
4.6.3.1 Stronger obfuscation techniques
4.6.3.2 Robust security assessment framework
4.6.3.3 High-level obfuscation
4.6.3.4 Scalability
4.6.3.5 Better metrics
4.7 Summary
References
5 Formal verification for SoC security
5.1 Introduction
5.2 Related work
5.2.1 Runtime methods
5.2.2 Static methods
5.3 Background and preliminary
5.3.1 Threat model
5.3.2 Model checking
5.3.3 Reverse engineering finite state machine
5.3.4 Noninterference and information-flow tracking
5.4 Methodology
5.4.1 SoC formalization
5.4.2 Security specification
5.5 Implementations
5.5.1 Attack vectors
5.5.1.1 Information leakage attack
5.5.1.2 Denial-of-service attack
5.5.1.3 Integrity tampering attack
5.5.1.4 Malicious modifications in IP wrapper
5.5.2 Modeling process
5.5.3 Property development
5.5.3.1 Information leakage Trojan detection
5.5.3.2 Denial-of-service attack detection
5.5.3.3 Integrity tampering Trojan detection
5.6 Experimental results
5.6.1 Information leakage Trojan detection results
5.6.2 Denial-of-service attack detection
5.7 Information-flow tracking-based detection
5.7.1 Information leakage analysis
5.7.2 Denial-of-service attack analysis
5.7.3 Integrity tampering attack analysis
5.8 Conclusions
5.9 Discussions and future research directions
References
6 Silicon-based true random number generators
6.1 Introduction
6.2 Pseudo random number generators
6.2.1 Linear congruential generator PRNG
6.2.2 Cryptographically secure PRNG
6.3 True random number generators
6.3.1 Noise-based TRNG
6.3.2 Chaos-based TRNG
6.3.3 Jitter-based TRNG
6.3.4 Metastability-based TRNG
6.4 Post-processing
6.4.1 Simple correctors
6.4.2 Cryptographic hash functions
6.4.3 Extractor functions
6.4.4 Resilient functions
6.4.5 PUF-based entropy pump
6.5 TRNG randomness tests
6.5.1 Standard tests
6.5.2 Entropy estimate
6.5.3 Attack analysis
6.6 Conclusion
Acknowledgments
References
7 Micro-architectural attacks and countermeasures on public-key implementations
7.1 Introduction
7.2 Related works
7.2.1 Speculative execution
7.2.2 Speculative execution attacks
7.3 Branch-predictor security
7.3.1 Dynamic branch predictor
7.3.2 Branch predictors and branch mispredictions
7.4 Branch misprediction attack
7.5 Inserting real-time faults in public-key secret using rowhammer
7.6 Fault attack revealing secret keys of exponentiation algorithms from branch prediction misses
7.7 Deduce and remove attack on blinded scalar multiplication with asynchronous perf ioctl calls
7.8 Extending deduce and remove to a publicly available
cryptographic implementation
7.8.1 Difference in branch misprediction due to difference in operations involved in Addition and Doubling in RELIC
7.8.2 Template building and matching in RELIC
7.9 Online detection and reactive countermeasure for leakage from BPU using TVLA
7.10 General mitigation against branch prediction attacks
7.11 Existing countermeasures
7.11.1 Altering the structure of the target implementation
7.11.2 Patching architecture here and there
7.11.3 Countermeasures and patches are expensive
7.12 Conclusion
Appendix A: Perf handler Code
Appendix B: RELIC codes
References
8 Mitigating the CACHEKIT attack
8.1 Introduction
8.2 Background:ARM, cache, and TrustZone
8.2.1 ARM architecture
8.2.2 ARM TrustZone
8.2.3 ARM cache
8.3 The Genode operating system framework
8.4 Background: CACHEKIT attack
8.4.1 Loading
8.4.2 Locking
8.4.3 Hiding
8.5 Defeating CACHEKIT attacks: naïve approaches
8.5.1 Naïve prevention
8.5.2 Naïve detection
8.6 Defeating CACHEKIT attacks: CACHELIGHT
8.6.1 Workflow
8.6.2 Virtual-to-physical address translation
8.6.3 Verifying memory contents
8.6.3.1 Enabling and disabling interrupts
8.6.4 Mapping normal-world memory to secure world
8.6.5 World-shared memory
8.6.6 Locking NW memory into cache from SW
8.6.7 Comparing approaches
8.7 CACHELIGHT implementation
8.7.1 Genode: a secure world OS
8.7.2 Building and deploying the environment
8.7.3 Deploying the CACHEKIT attack
8.7.4 Deploying the CACHELIGHT defense
8.8 Evaluation
8.8.1 Effects of world-shared memory
8.8.2 Performance evaluation
8.9 Related work
8.10 Future work
8.11 Conclusion
References
9 Deep learning network security
9.1 Introduction
9.2 Preliminaries
9.2.1 Artificial neural networks (ANNs) and DNNs
9.2.2 Fundamental components of DNNs
9.2.3 Popular DNN architectures
9.2.4 Representative techniques for DNN hardware acceleration
9.3 Misprediction attacks
9.3.1 Threat model
Attack taxonomy
9.3.2 Evasion attacks
9.3.2.1 Data evasion
9.3.2.2 Model evasion
9.3.3 Poisoning attacks
9.3.4 Backdoor attacks
9.4 Confidentiality attacks
9.4.1 Incentive
9.4.2 Model confidentiality attacks
9.4.3 Data confidentiality attacks
9.5 Explainability
9.5.1 Explainability of DNN processing
9.5.2 Explainability of DNN representations
9.5.3 Self-explainable systems
9.6 Conclusion
Acknowledgment
References
10 Security implications of non-digital components
10.1 Introduction
10.2 Case study 1: Face Flashing—using light reflections to secure liveness detections
10.2.1 Architecture of face authentication systems
10.2.2 Attacks and solutions on liveness detection
10.2.3 Design of Face Flashing protocol
10.2.4 Key techniques
10.2.4.1 Model of light reflection
10.2.4.2 Face extraction
10.2.4.3 Timing verification
10.2.4.4 Face verification
10.2.5 Security analysis
10.2.5.1 Challenge–response elements
10.2.5.2 Security of timing verification
10.2.5.3 Security of face verification
10.2.5.4 Security against typical attacks
10.3 Case study 2: Secure mobile payment via imperfection of LCD screens
10.3.1 Physical feature of screens
10.3.2 Off-line QR payment
10.3.3 Adversary model
10.3.4 Generate screen fingerprint using brightness unevenness
10.3.4.1 Photo extraction and correction
10.3.4.2 Fingerprint extraction and comparison
10.3.5 Extension: anonymous screen authentication
10.3.5.1 Framework overview
10.3.5.2 Screen obfuscation
10.3.5.3 AnonPrint verification
10.4 Conclusion
References
11 Accelerating homomorphic encryption in hardware: a review
11.1 Introduction
11.2 Fan–Vercauteren (FV) homomorphic encryption scheme
11.2.1 Ring learning-with-error assumption
11.2.2 The encryption scheme
11.2.3 FV noise growth
11.2.4 Parameter selection
11.3 Polynomial multiplication
11.3.1 Karatsuba algorithm
11.3.2 Number theoretic transform algorithm
11.4 Residue number system
11.5 Hardware accelerators
11.5.1 Accelerating homomorphic encryption with number theoretic transform and Solinas prime
11.5.2 Accelerating homomorphic encryption with number theoretic transform and residue number system
11.5.3 Accelerating homomorphic encryption with Karatsuba algorithm
11.6 Conclusion
References
12 Information leakage from robust codes protecting cryptographic primitives
12.1 Introduction
12.2 Fault injection attacks
12.3 Robust code-based architectures
12.4 Security-oriented codes
12.5 Information leakage from robust code-based checkers
12.5.1 Fault attack on the first round
12.5.2 Fault attack on round i > 1
Acknowledgment
References
Part III. Physical-layer security
13 Confidential and energy-efficient cognitive communications by physical-layer security
13.1 Introduction
13.2 Preliminaries
13.2.1 System model
13.2.2 Fractional programming theory
13.3 Radio resource allocation for EE maximization
13.3.1 The achievable rate and EE formulation
13.3.1.1 Discrete memoryless channels
13.3.1.2 Additive white Gaussian noise channels
13.3.2 Radio resource allocation for EE CR systems
13.3.2.1 Sequential optimization
13.3.2.2 Approximation of Problem 2
13.4 Numerical experiments and assessments
13.4.1 Setup
13.4.2 Numerical results
13.5 Conclusions
Appendix I Proof of Proposition 13.5
References
14 Physical-layer security for mmWave massive MIMO communications in 5G networks
14.1 Physical-layer threats in mmWave massive MIMO
14.1.1 Eavesdropping
14.1.2 Contaminating
14.1.3 Spoofing
14.1.4 Jamming
14.2 Physical-layer security in mmWave
14.2.1 mmWave communications
14.2.2 PLS schemes based on mmWave communication
14.2.2.1 Key generation
14.2.2.2 AN-based mmWave communication
14.2.2.3 Hybrid analog-digital designs
14.2.2.4 Countermeasure to multiple eavesdroppers
14.2.2.5 Satellite communications
14.2.2.6 Directional beamforming
14.3 Physical-layer security in massive MIMO
14.3.1 Massive MIMO communications
14.3.2 PLS schemes based on massive MIMO
14.3.2.1 Pilot-contamination attack detection
14.3.2.2 Countermeasures to jamming attacks
14.3.2.3 AN-based massive MIMO
14.3.2.4 Relay-aided MIMO
14.3.2.5 Finite alphabet and hardware impairments
14.3.2.6 Directional modulation
14.4 PLS schemes integrating mmWave massive MIMO with other 5G scenarios and techniques
14.4.1 UAV communications
14.4.2 NOMA communications
14.4.3 Full-duplex communications
14.4.4 EH communications
Acknowledgment
References
15 Security of in-vehicle controller area network: a review and future directions
15.1 Introduction
15.2 Overview of CAN protocol
15.2.1 Format of the CAN frame
15.2.2 Bus arbitration
15.2.3 Error management
15.2.4 CAN bus network typology
15.3 Vulnerabilities and attack interfaces
15.3.1 Vulnerabilities
15.3.1.1 Broadcast transmission
15.3.1.2 No encryption
15.3.1.3 No authentication
15.3.1.4 Priority-based arbitration
15.3.1.5 Limited bandwidth and payload
15.3.1.6 Open diagnostic function
15.3.2 Attack interfaces
15.3.2.1 OBD-II port
15.3.2.2 Entertainment system
15.3.2.3 Short-range wireless channel
15.3.2.4 Long-range wireless channel
15.4 Attack models
15.4.1 Typical attack procedure
15.4.2 Compromising ECUs
15.4.3 Launching attack vectors
15.4.3.1 Eavesdrop attack
15.4.3.2 Replay attack
15.4.3.3 Masquerade attack
15.4.3.4 Injection attack
15.4.4 Representative attack case studies
15.4.4.1 Remote exploitation of a 2014 Jeep Cherokee
15.4.4.2 A wireless attack through malicious smartphone application
15.4.4.3 The bus-off attack
15.4.4.4 Hacking Tesla through the wireless interface
15.5 Countermeasures
15.5.1 Intrusion detection systems
15.5.1.1 Clock-based IDSs
15.5.1.2 Voltage-based IDSs
15.5.1.3 Low-dimension-based IDSs
15.5.2 Encryption and authentication schemes
15.5.2.1 MAC-based methods
15.5.2.2 Location-based methods
15.6 Future directions
15.6.1 Replacement of the CAN protocol
15.6.1.1 FlexRay
15.6.1.2 CAN-FD
15.6.1.3 Automotive Ethernet
15.6.2 Next-generation gateway
15.7 Conclusions
References
Index
Back Cover