Robert Buhren,Shay Gueron,Jan Nordholz,Jean-Pierre Seifert,Julian Vetter

DOI: https://doi.org/10.48550/arXiv.1612.03744

2016-12-12

Abstract:Adversaries with physical access to a target platform can perform cold boot or DMA attacks to extract sensitive data from the RAM. In response, several main-memory encryption schemes have been proposed to prevent such attacks. Also hardware vendors have acknowledged the threat and already announced respective hardware extensions. Intel's SGX and AMD's SME will provide means to encrypt parts of the RAM to protect security-relevant assets that reside there. Encrypting the RAM will protect the user's content against passive eavesdropping. However, the level of protection it provides in scenarios that involve an adversary who is not only able to read from RAM but can also change content in RAM is less clear. Obviously, encryption offers some protection against such an "active" adversary: from the ciphertext the adversary cannot see what value is changed in the plaintext, nor predict the system behaviour based on the changes. But is this enough to prevent an active adversary from performing malicious tasks? This paper addresses the open research question whether encryption alone is a dependable protection mechanism in practice when considering an active adversary. To this end, we first build a software based memory encryption solution on a desktop system which mimics AMD's SME. Subsequently, we demonstrate a proof-of-concept fault attack on this system, by which we are able to extract the private RSA key of a GnuPG user. Our work suggests that transparent memory encryption is not enough to prevent active attacks.

Cryptography and Security

genxian liu,xi zhang,dongsheng wang,zhenyu liu,haixia wang

DOI: https://doi.org/10.1007/978-3-662-43908-1_1

2014-01-01

Abstract:Security is a crucial element of information systems. Extensive research for cryptographic algorithms that provide the sound theoretical basis of security. Among them security and integrity of memory has been a longstanding issue in trusted system design. Main memory is a critical component of all computing systems. Most of those systems are vulnerable to memory attacks, in which an attacker gains physical accesses to the unattended hardware, obtains the decryption keys from memory. We propose a method for protecting memory systems against attacks with hardware authentication and full memory encryption. The method is secure against all known type of memory attack. We have tested the method with software simulator and Field Programmable Gate Array (FPGA) platform. The results show that the method can authenticate and encrypt the contents of DRAM with 2.5 % performance penalties.

Lois Orosa,Yaohua Wang,Ivan Puddu,Mohammad Sadrosadati,Kaveh Razavi,Juan Gómez-Luna,Hasan Hassan,Nika Mansouri-Ghiasi,Arash Tavakkol,Minesh Patel,Jeremie Kim,Vivek Seshadri,Uksong Kang,Saugata Ghose,Rodolfo Azevedo,Onur Mutlu

DOI: https://doi.org/10.48550/arXiv.1902.07344

2019-11-06

Abstract:DRAM manufacturers have been prioritizing memory capacity, yield, and bandwidth for years, while trying to keep the design complexity as simple as possible. DRAM chips do not carry out any computation or other important functions, such as security. Processors implement most of the existing security mechanisms that protect the system against security threats, because 1) executing security mechanisms usually require non-trivial computational capabilities (e.g., encryption), and 2) commodity DRAM chips are not designed to perform computations or tasks other than data storage. In this work, we advocate for DRAM as a key component for providing security mechanisms to the system. To this end, we propose Dataplant, a new class of low-cost, high-performance, and reliable security primitives that can be integrated in commodity DRAM chips with minimal changes. The main idea of Dataplant is to slightly modify the internal DRAM timing signals to expose the inherent process variation found in all DRAM chips for generating unpredictable but reproducible values (e.g., keys) within DRAM. We use Dataplant to build two new security mechanisms. First, a new Dataplant-based physical unclonable function (PUF) with non-destructive read-out, low evaluation latency, robust responses, resiliency to temperature changes, and data-independent responses. Second, a new cold boot attack prevention mechanism that automatically destroys all data within DRAM on every power cycle with zero run-time energy and latency overheads. Using a combination of detailed simulations and experiments with 136 real commodity DRAM chips, we show that our Dataplant-based PUF has 1.8x higher throughput than the best state-of-the-art DRAM PUFs. We also demonstrate that our Dataplant-based cold boot attack protection mechanism is 19.5x faster and consumes 2.54x less energy when compared to existing mechanisms.

Cryptography and Security

Robert Karam,Tamzidul Hoque,Sandip Ray,Mark Tehranipoor,Swarup Bhunia

DOI: https://doi.org/10.1109/aspdac.2017.7858391

2017-01-01

Abstract:Field Programmable Gate Arrays (FPGAs) are being increasingly deployed in diverse applications including the emerging Internet of Things (IoT), biomedical, and automotive systems. However, security of the FPGA configuration file (i.e. bitstream), especially during in-field reconfiguration, as well as effective safeguards against unauthorized tampering and piracy during operation, are notably lacking. The current practice of bitstreram encryption is only available in high-end FPGAs, incurs unacceptably high overhead for area/energy-constrained devices, and is susceptible to side channel attacks. In this paper, we present a fundamentally different and novel approach to FPGA security that can protect against all major attacks on FPGA, namely, unauthorized in-field reprogramming, piracy of FPGA intellectual property (IP) blocks, and targeted malicious modification of the bitstream. Our approach employs the security through diversity principle to FPGA, which is often used in the software domain. We make each device architecturally different from the others using both physical (static) and logical (time-varying) configuration keys, ensuring that attackers cannot use a priori knowledge about one device to mount an attack on another. It therefore mitigates the economic motivation for attackers to reverse engineering the bitstream and IP. The approach is compatible with modern remote upgrade techniques, and requires only small modifications to existing FPGA tool flows, making it an attractive addition to the FPGA security suite. Our experimental results show that the proposed approach achieves provably high security against tampering and piracy with worst-case 14% latency overhead and 13% area overhead.

Zhun Zhang,Xiang Wang,Qiang Hao,Dongdong Xu,Jinlei Zhang,Jiakang Liu,Jinhui Ma

DOI: https://doi.org/10.3390/mi12050560

IF: 3.4

2021-05-15

Micromachines

Abstract:Dynamic data security in embedded systems is raising more and more concerns in numerous safety-critical applications. In particular, the data exchanges in embedded Systems-on-Chip (SoCs) using main memory are exposing many security vulnerabilities to external attacks, which will cause confidential information leakages and program execution failures for SoCs at key points. Therefore, this paper presents a security SoC architecture with integrating a four-parallel Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) cryptographic accelerator for achieving high-efficiency data processing to guarantee data exchange security between the SoC and main memory against bus monitoring, off-line analysis, and data tampering attacks. The architecture design has been implemented and verified on a Xilinx Virtex-5 Field Programmable Gate Array (FPGA) platform. Based on evaluation of the cryptographic accelerator in terms of performance overhead, security capability, processing efficiency, and resource consumption, experimental results show that the parallel cryptographic accelerator does not incur significant performance overhead on providing confidentiality and integrity protections for exchanged data; its average performance overhead reduces to as low as 2.65% on typical 8-KB I/D-Caches, and its data processing efficiency is around 3 times that of the pipelined AES-GCM construction. The reinforced SoC under the data tampering attacks and benchmark tests confirms the effectiveness against external physical attacks and satisfies a good trade-off between high-efficiency and hardware overhead.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

Xinhui Lai,Maksim Jenihhin,Georgios Selimis,Sven Goossens,Roel Maes,Kolin Paul

DOI: https://doi.org/10.48550/arXiv.2008.08409

2020-08-19

Abstract:Physical Unclonable Functions (PUFs) are gaining attention in the cryptography community because of the ability to efficiently harness the intrinsic variability in the manufacturing process. However, this means that they are noisy devices and require error correction mechanisms, e.g., by employing Fuzzy Extractors (FEs). Recent works demonstrated that applying FEs for error correction may enable new opportunities to break the PUFs if no countermeasures are taken. In this paper, we address an attack model on FEs hardware implementations and provide a solution for early identification of the timing Side-Channel Attack (SCA) vulnerabilities which can be exploited by physical fault injection. The significance of this work stems from the fact that FEs are an essential building block in the implementations of PUF-enabled devices. The information leaked through the timing side-channel during the error correction process can reveal the FE input data and thereby can endanger revealing secrets. Therefore, it is very important to identify the potential leakages early in the process during RTL design. Experimental results based on RTL analysis of several Bose-Chaudhuri-Hocquenghem (BCH) and Reed-Solomon decoders for PUF-enabled devices with FEs demonstrate the feasibility of the proposed methodology.

Cryptography and Security

Joseph McMahan,Weilong Cui,Liang Xia,Jeff Heckey,Frederic T. Chong,Timothy Sherwood

DOI: https://doi.org/10.1109/hst.2017.7951806

2017-05-01

Abstract:On-chip memory is regarded by most secure system designers as a safe memory space, beyond the eyes of all but the most sophisticated attackers. Once a value is overwritten or the power has been removed, it is assumed that the data stored inside fully ceases to persist. However, as writes occur, the bit cells gradually wear; if data is written in an asymmetric way (with repeated writes of the same data), the stored information can later be partially reconstructed solely from statistical measurements of the cells' startup states. We present a technique for measuring the vulnerability of memory systems to such wear-in leakage, modeling the process as the recovery of bits from a noisy channel. We demonstrate our techniques on a 130nm SRAM device and demonstrate that if no countermeasures are used, a very simple prediction model is able to correctly reconstruct 27% of the bits of the written secret — enough to probabilistically reconstruct an RSA key.

Zhehang Zhang,Bharadwaj Madabhushi,Sandip Kundu,Russell Tessier

2024-08-20

Abstract:The integration of Field Programmable Gate Arrays (FPGAs) into cloud computing systems has become commonplace. As the operating systems used to manage these systems evolve, special consideration must be given to DRAM devices accessible by FPGAs. These devices may hold sensitive data that can become inadvertently exposed to adversaries following user logout. Although addressed in some cloud FPGA environments, automatic DRAM clearing after process termination is not automatically included in popular FPGA runtime environments nor in most proposed cloud FPGA hypervisors. In this paper, we examine DRAM data persistence in AMD/Xilinx Alveo U280 nodes that are part of the Open Cloud Testbed (OCT). Our results indicate that DDR4 DRAM is not automatically cleared following user logout from an allocated node and subsequent node users can easily obtain recognizable data from the DRAM following node reallocation over 17 minutes later. This issue is particularly relevant for systems which support FPGA multi-tenancy.

Cryptography and Security,Hardware Architecture,Distributed, Parallel, and Cluster Computing

J. Longo,E. De Mulder,D. Page,M. Tunstall

DOI: https://doi.org/10.1007/978-3-662-48324-4_31

2015-01-01

Abstract:Increased complexity in modern embedded systems has presented various important challenges with regard to side-channel attacks. In particular, it is common to deploy SoC-based target devices with high clock frequencies in security-critical scenarios; understanding how such features align with techniques more often deployed against simpler devices is vital from both destructive (i.e., attack) and constructive (i.e., evaluation and/or countermeasure) perspectives. In this paper, we investigate electromagnetic-based leakage from three different means of executing cryptographic workloads (including the general purpose ARM core, an on-chip co-processor, and the NEON core) on the AM335x SoC. Our conclusion is that addressing challenges of the type above is feasible, and that key recovery attacks can be conducted with modest resources.

liu genxian,wang haixia,liu zhenyu,wang dongsheng

DOI: https://doi.org/10.3778/j.issn.1002-8331.1403-0022

2014-01-01

Abstract:Embedded systems in high security-sensitive areas are susceptible to various types of attacks, including stealing passwords, tampering data and offline analysis. Especially, the hardware-level attacks often result in significant losses to the users. In order to defend the above attacks, the off-chip memory is encrypted and authenticated through AES-GCM algorithm. This scheme writes data after encryption, decrypt and authenticate after read data. In addition, a function is built that scrambling password with page address to ensure the encryption strength. Finally LRU cache is introduced to improve its performance. The scheme is implemented on STM32F103 microprocessor platform in software and the feasibility of the system design is proved. The memory stress experiment shows that the system security is strengthened with 9% performance degradation.

Sunil Malipatlolla,Sorin A. Huss

DOI: https://doi.org/10.1109/spl.2011.5782649

2011-04-01

Abstract:The configuration data sequence of a Field Programmable Gate Array (FPGA) is an Intellectual Property (IP) of the original designer. With the increase in deployment of FP-GAs in modern embedded systems, the IP protection of FPGA has become a necessary requirement for many IP vendors. There have been already many proposals to overcome this problem using symmetric encryption techniques but these methods need a cryptographic key to be stored in a nonvolatile memory located on FPGA or in a battery-backed RAM as done in some of the current FPGAs. The expenses with the proposed methods are, occupation of larger area on FPGA in the former case and limited lifetime of the device in the latter. In contrast, we propose a novel method which combines the Dynamic Partial Reconfiguration (Dy-namic PR) feature of an SRAM-based FPGA with the Public Key Cryptography (PKC) to protect the FPGA configuration files without the need of fixed key storage on FPGA or external to FPGA. The proposed method, is secure against the known attacks such as the Man-In-The-Middle (MITM) attack and replay attack. Therefore, the method can be used for secure deploying of IPs from local and remote vendors. Also, using this novel method not only high-end FPGAs but also low-end FPGAs with PR capabilities are secured.

Bharadwaj Madabhushi,Sandip Kundu,Daniel Holcomb

2024-05-23

Abstract:FPGA-based hardware accelerators are becoming increasingly popular due to their versatility, customizability, energy efficiency, constant latency, and scalability. FPGAs can be tailored to specific algorithms, enabling efficient hardware implementations that effectively leverage algorithm parallelism. This can lead to significant performance improvements over CPUs and GPUs, particularly for highly parallel applications. For example, a recent study found that Stratix 10 FPGAs can achieve up to 90\% of the performance of a TitanX Pascal GPU while consuming less than 50\% of the power. This makes FPGAs an attractive choice for accelerating machine learning (ML) workloads. However, our research finds privacy and security vulnerabilities in existing Xilinx FPGA-based hardware acceleration solutions. These vulnerabilities arise from the lack of memory initialization and insufficient process isolation, which creates potential avenues for unauthorized access to private data used by processes. To illustrate this issue, we conducted experiments using a Xilinx ZCU104 board running the PetaLinux tool from Xilinx. We found that PetaLinux does not effectively clear memory locations associated with a terminated process, leaving them vulnerable to memory scraping attack (MSA). This paper makes two main contributions. The first contribution is an attack methodology of using the Xilinx debugger from a different user space. We find that we are able to access process IDs, virtual address spaces, and pagemaps of one user from a different user space because of lack of adequate process isolation. The second contribution is a methodology for characterizing terminated processes and accessing their private data. We illustrate this on Xilinx ML application library.

Cryptography and Security,Hardware Architecture

Maik Ender,Amir Moradi,Christof Paar

DOI: https://doi.org/10.48550/arXiv.2105.13756

2021-05-28

Abstract:The security of FPGAs is a crucial topic, as any vulnerability within the hardware can have severe consequences, if they are used in a secure design. Since FPGA designs are encoded in a bitstream, securing the bitstream is of the utmost importance. Adversaries have many motivations to recover and manipulate the bitstream, including design cloning, IP theft, manipulation of the design, or design subversions e.g., through hardware Trojans. Given that FPGAs are often part of cyber-physical systems e.g., in aviation, medical, or industrial devices, this can even lead to physical harm. Consequently, vendors have introduced bitstream encryption, offering authenticity and confidentiality. Even though attacks against bitstream encryption have been proposed in the past, e.g., side-channel analysis and probing, these attacks require sophisticated equipment and considerable technical expertise. In this paper, we introduce novel low-cost attacks against the Xilinx 7-Series (and Virtex-6) bitstream encryption, resulting in the total loss of authenticity and confidentiality. We exploit a design flaw which piecewise leaks the decrypted bitstream. In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely. In addition to the attacks, we discuss several countermeasures.

Cryptography and Security

Sebastian Wallat,Marc Fyrbiak,Moritz Schlögel,Christof Paar

DOI: https://doi.org/10.1109/IVSW.2017.8031551

2019-10-01

Abstract:A massive threat to the modern and complex IC production chain is the use of untrusted off-shore foundries which are able to infringe valuable hardware design IP or to inject hardware Trojans causing severe loss of safety and security. Similarly, market dominating SRAM-based FPGAs are vulnerable to both attacks since the crucial gate-level netlist can be retrieved even in field for the majority of deployed device series. In order to perform IP infringement or Trojan injection, reverse engineering (parts of) the hardware design is necessary to understand its internal workings. Even though IP protection and obfuscation techniques exist to hinder both attacks, the security of most techniques is doubtful since realistic capabilities of reverse engineering are often neglected. The contribution of our work is twofold: first, we carefully review an IP watermarking scheme tailored to FPGAs and improve its security by using opaque predicates. In addition, we show novel reverse engineering strategies on proposed opaque predicate implementations that again enables to automatically detect and alter watermarks. Second, we demonstrate automatic injection of hardware Trojans specifically tailored for third-party cryptographic IP gate-level netlists. More precisely, we extend our understanding of adversary's capabilities by presenting how block and stream cipher implementations can be surreptitiously weakened.

Cryptography and Security

Luis Alberto Aranda,Nils-Johan Wessman,Lucana Santos,Alfonso Sánchez-Macián,Jan Andersson,Roland Weigand,Juan Antonio Maestro

DOI: https://doi.org/10.3390/electronics9010175

IF: 2.9

2020-01-17

Electronics

Abstract:One of the traditional issues in space missions is the reliability of the electronic components on board spacecraft. There are numerous techniques to deal with this, from shielding and rad-hard fabrication to ad-hoc fault-tolerant designs. Although many of these solutions have been extensively studied, the recent utilization of FPGAs as the target architecture for many electronic components has opened new possibilities, partly due to the distinct nature of these devices. In this study, we performed fault injection experiments to determine if a RISC-V soft processor implemented in an FPGA could be used as an onboard computer for space applications, and how the specific nature of FPGAs needs to be tackled differently from how ASICs have been traditionally handled. In particular, in this paper, the classic definition of the cross-section is revisited, putting into perspective the importance of the so-called “critical bits” in an FPGA design.

engineering, electrical & electronic,computer science, information systems,physics, applied

Mei Hong,Hui Guo

DOI: https://doi.org/10.1007/978-3-642-17569-5_36

2010-01-01

Abstract:This paper presents a security design for embedded systems that have a secure on-chip computing environment and an insecure off-chip memory. The design protects the confidentiality and integrity of data at a low cost on performance and memory consumption. We implemented the design based on the SimpleScalar simulation software. Our simulation on a set of benchmarks shows that very little overhead is incurred for on-chip memory, and the average overheads on performance and off-chip memory, are only 7.6% and 6.25%, respectively.

Endres Puschner,Maik Ender,Steffen Becker,Christof Paar

DOI: https://doi.org/10.1145/3689939.3695779

2024-11-17

Abstract:Field Programmable Gate Arrays (FPGAs) are known for their reprogrammability that allows for post-manufacture circuitry changes. Nowadays, they are integral to a variety of systems including high-security applications such as aerospace and military systems. However, this reprogrammability also introduces significant security challenges, as bitstream manipulation can directly alter hardware circuits. Malicious manipulations may lead to leakage of secret data and the implementation of hardware Trojans. In this paper, we present a comprehensive framework for manipulating bitstreams with minimal reverse engineering, thereby exposing the potential risks associated with inadequate bitstream protection. Our methodology does not require a complete understanding of proprietary bitstream formats or a fully reverse-engineered target design. Instead, it enables precise modifications by inserting pre-synthesized circuits into existing bitstreams. This novel approach is demonstrated through a semi-automated framework consisting of five steps: (1) partial bitstream reverse engineering, (2) designing the modification, (3) placing and (4) routing the modification into the existing circuit, and (5) merging of the modification with the original bitstream. We validate our framework through four practical case studies on the OpenTitan design synthesized for Xilinx 7-Series FPGAs. While current protections such as bitstream authentication and encryption often fall short, our work highlights and discusses the urgency of developing effective countermeasures. We recommend using FPGAs as trust anchors only when bitstream manipulation attacks can be reliably excluded.

Cryptography and Security

Ali Fakhrzadehgan,Prakash Ramrakhyani,Moinuddin K. Qureshi,Mattan Erez

DOI: https://doi.org/10.1109/DSN58367.2023.00016

2023-10-28

Abstract:The security goals of cloud providers and users include memory confidentiality and integrity, which requires implementing Replay-Attack protection (RAP). RAP can be achieved using integrity trees or mutually authenticated channels. Integrity trees incur significant performance overheads and are impractical for protecting large memories. Mutually authenticated channels have been proposed only for packetized memory interfaces that address only a very small niche domain and require fundamental changes to memory system architecture. We propose SecDDR, a low-cost RAP that targets direct-attached memories, like DDRx. SecDDR avoids memory-side data authentication, and thus, only adds a small amount of logic to memory components and does not change the underlying DDR protocol, making it practical for widespread adoption. In contrast to prior mutual authentication proposals, which require trusting the entire memory module, SecDDR targets untrusted modules by placing its limited security logic on the DRAM die (or package) of the ECC chip. Our evaluation shows that SecDDR performs within 1% of an encryption-only memory without RAP and that SecDDR provides 18.8% and 7.8% average performance improvements (up to 190.4% and 24.8%) relative to a 64-ary integrity tree and an authenticated channel, respectively.

Cryptography and Security,Hardware Architecture

Zichen Zhou,Bo Yin,Renhao Fan,Tao Liu,Bin Xu,Xiang Wang

2011-01-01

Abstract:Most embedded systems present a number of software vulnerabilities, such as buffer overflow, while the physical attacks are becoming popular as well. This paper presents a series of novel architectural-enhanced security solutions. The automated compiler extracts the intrusion model for intrusion detection and secure tag of each main memory segment at the compile time automatically. At runtime, the designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior and trigger appropriate response mechanisms. The proposed schemes don't change the compiler or the existing instruction set and imposes no restriction to the software developer. The architectural design is implemented on an actual OR1200-FPGA platform. The experimental analysis shows that the proposed techniques can eliminate a wide range of common software and physical attacks with low performance penalties and minimal overheads.

Karthikeyan Nagarajan,Asmit De,Mohammad Nasim Imtiaz Khan,Swaroop Ghosh

DOI: https://doi.org/10.48550/arXiv.2001.00856

2020-01-03

Abstract:In this paper, we investigate the advanced circuit features such as wordline- (WL) underdrive (prevents retention failure) and overdrive (assists write) employed in the peripherals of Dynamic RAM (DRAM) memories from a security perspective. In an ideal environment, these features ensure fast and reliable read and write operations. However, an adversary can re-purpose them by inserting Trojans to deliver malicious payloads such as fault injections, Denial-of-Service (DoS), and information leakage attacks when activated by the adversary. Simulation results indicate that wordline voltage can be increased to cause retention failure and thereby launch a DoS attack in DRAM memory. Furthermore, two wordlines or bitlines can be shorted to leak information or inject faults by exploiting the DRAM's refresh operation. We demonstrate an information leakage system exploit by implementing TrappeD on RocketChip SoC.

Hardware Architecture,Cryptography and Security