Surbhi Chhabra,Kusum Lata

DOI: https://doi.org/10.1007/s42979-022-01194-x

2022-05-24

SN Computer Science

Abstract:Intellectual Property (IP) core has evolved into a primary component of System-on-Chip (SoC). They address and implement a wide range of hardware functionalities within a chip core logic. Hence, IP reuse plays a prominent role in enhancing performance and reducing resource utilization in SoC, used in Internet-of-Things (IoT) devices. Unfortunately, continued growth and development in IoT devices raise a severe concern about the security of these IPs and require urgent authentication and encryption. The conventional cryptography methods may not be appropriate to secure IoT devices because of the rise in malicious hardware attacks. Physical Unclonable Functions (PUFs) are a promising approach used in IoT devices that prevent the IP against reverse-engineering, insertion of malicious activities or Trojans, piracy, cloning, and other threats. In this article, in particular, we integrated PUF with the traditional approach of Key-based Hardware Obfuscation to take advantage of PUF properties by generating secret keys that are unique and unclonable. We tested the PUF in terms of reliability, uniqueness, and uniformity. We also explore PUFs as a potential seed for Pseudo-Random Number Generators (PRNGs) to maximize obfuscation while minimizing area and power overhead. Furthermore, the PUF-based obfuscated model is applied to the Advanced Encryption Standard (AES) IP core to provide enhanced authentication as well as data encryption in IoT devices. Experimental results and NIST analysis show that the proposed model is resilient against reverse-engineering and compelling SAT and side-channel attacks. The proposed model is implemented on Basys3 FPGAs with minimum resource utilization, also compared with the current approaches.

Yansong Gao,Said F. Al-Sarawi,Derek Abbott,Ahmad-Reza Sadeghi,Damith C. Ranasinghe

DOI: https://doi.org/10.48550/arXiv.1706.06232

2017-06-20

Abstract:Physical unclonable functions (PUFs), as hardware security primitives, exploit manufacturing randomness to extract hardware instance-specific secrets. One of most popular structures is time-delay based Arbiter PUF attributing to large number of challenge response pairs (CRPs) yielded and its compact realization. However, modeling building attacks threaten most variants of APUFs that are usually employed for strong PUF-oriented application---lightweight authentication---without reliance on the securely stored digital secrets based standard cryptographic protocols. In this paper, we investigate a reconfigurable latent obfuscation technique endowed PUF construction, coined as OB-PUF, to maintain the security of elementary PUF CRPs enabled authentication where a CRP is never used more than once. The obfuscation---determined by said random patterns---conceals and distorts the relationship between challenge-response pairs capable of thwarting a model building adversary needing to know the exact relationship between challenges and responses. A bit further, the obfuscation is hidden and reconfigured on demand, in other words, the patterns are not only invisible but also act as one-time pads that are only employed once per authentication around and then discarded. As a consequence, the OB-PUF demonstrates significant resistance to the recent revealed powerful Evaluation Strategy (ES) based modeling attacks where the direct relationship between challenge and response is even not a must. The OB-PUF's uniqueness and reliability metrics are also systematically studied followed by formal authentication capability evaluations.

Cryptography and Security

Chen Dong,Yi Xu,Ximeng Liu,Fan Zhang,Guorong He,Yuzhong Chen

DOI: https://doi.org/10.3390/s20185165

IF: 3.9

2020-01-01

Sensors

Abstract:Diverse and wide-range applications of integrated circuits (ICs) and the development of Cyber Physical System (CPS), more and more third-party manufacturers are involved in the manufacturing of ICs. Unfortunately, like software, hardware can also be subjected to malicious attacks. Untrusted outsourced manufacturing tools and intellectual property (IP) cores may bring enormous risks from highly integrated. Attributed to this manufacturing model, the malicious circuits (known as Hardware Trojans, HTs) can be implanted during the most designing and manufacturing stages of the ICs, causing a change of functionality, leakage of information, even a denial of services (DoS), and so on. In this paper, a survey of HTs is presented, which shows the threatens of chips, and the state-of-the-art preventing and detecting techniques. Starting from the introduction of HT structures, the recent researches in the academic community about HTs is compiled and comprehensive classification of HTs is proposed. The state-of-the-art HT protection techniques with their advantages and disadvantages are further analyzed. Finally, the development trends in hardware security are highlighted.

Samaneh Ghandali,Thorben Moos,Amir Moradi,Christof Paar

DOI: https://doi.org/10.48550/arXiv.1910.00737

2019-09-23

Abstract:Hardware Trojans have drawn the attention of academia, industry and government agencies. Effective detection mechanisms and countermeasures against such malicious designs can only be developed when there is a deep understanding of how hardware Trojans can be built in practice, in particular Trojans specifically designed to avoid detection. In this work, we present a mechanism to introduce an extremely stealthy hardware Trojan into cryptographic primitives equipped with provably-secure first-order side-channel countermeasures. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage, leading to successful key recovery attacks. Generally, such a Trojan requires neither addition nor removal of any logic which makes it extremely hard to detect. On ASICs, it can be inserted by subtle manipulations at the sub-transistor level and on FPGAs by changing the routing of particular signals, leading to \textbf{zero} logic overhead. The underlying concept is based on modifying a securely-masked hardware implementation in such a way that running the device at a particular clock frequency violates one of its essential properties, leading to exploitable leakage. We apply our technique to a Threshold Implementation of the PRESENT block cipher realized in two different CMOS technologies, and show that triggering the Trojan makes the ASIC prototypes vulnerable.

Cryptography and Security,Hardware Architecture

xuwei ye,jianhua feng,haoran gong,chunhua he,weilei feng

DOI: https://doi.org/10.1109/edssc.2015.7285146

2015-01-01

Abstract:Hardware Trojan, realized by malicious modification of design characteristics, has emerged as a major security concern. The recently proposed Trojan detection methods arc mainly classified into two categories: side-channel signal analysis and logic testing. Due to the stealthy nature of Trojan circuits, it's difficult to activate Trojans to perform logic testing. In this paper, an activation probability-based approach is proposed. A probability obfuscation scan chain (POSC) is presented aiming at increasing the difficulty of Trojan insertion and increasing the activation probability of the Trojan circuits. It proves to be very effective in detecting the presence of a Trojan in a circuit. Experimental results on ISCAS benchmark circuits show that this approach can effectively increase Trojan activation probability and make the detection of the Trojan more easily.

Md Moshiur Rahman,Jim Geist,Daniel Xing,Yuntao Liu,Ankur Srivastava,Travis Meade,Yier Jin,Swarup Bhunia

DOI: https://doi.org/10.1145/3640461

IF: 1.447

2024-03-05

ACM Transactions on Design Automation of Electronic Systems

Abstract:Due to the inclination towards a fab-less model of integrated circuit (IC) manufacturing, several untrusted entities get white-box access to the proprietary intellectual property (IP) blocks from diverse vendors. To this end, the untrusted entities pose security-breach threats in the form of piracy, cloning, and reverse engineering, sometimes threatening national security. Hardware obfuscation is a prominent countermeasure against such issues. Obfuscation allows for preventing the usage of the IP blocks without authorization from the IP owners. Due to finite state machine (FSM) transformation-based hardware obfuscation, the design’s FSM gets transformed to make it difficult for an attacker to reverse engineer the design. A secret key needs to be applied to make the FSM functional thus preventing the usage of the IP for unintended purposes. Although several hardware obfuscation techniques have been proposed, due to the inability to analyze the techniques from the attackers’ standpoint, numerous vulnerabilities inherent to the obfuscation methods go undetected unless a true adversary discovers them. In this paper, we present a collaborative approach between two entities - one acting as an attacker or red team and another as a defender or blue team , the first systematic approach to replicate the real attacker-defender scenario in the hardware security domain, which in return strengthens the FSM transformation-based obfuscation technique. The blue team transforms the underlying FSM of a gate-level netlist using state space obfuscation. The red team plays the role of an adversary or evaluator and tries to unlock the design by extracting the unlocking key or recovering the obfuscation circuitries. As the key outcome of this red team - blue team effort, a robust state space obfuscation methodology is evolved showing security promises.

computer science, software engineering, hardware & architecture

Bin Gao,Bohan Lin,Yachuan Pang,Feng Xu,Yuyao Lu,Yen-Cheng Chiu,Zhengwu Liu,Jianshi Tang,Meng-Fan Chang,He Qian,Huaqiang Wu

DOI: https://doi.org/10.1126/sciadv.abn7753

IF: 13.6

2022-01-01

Science Advances

Abstract:A physically unclonable function (PUF) is a creditable and lightweight solution to the mistrust in billions of Internet of Things devices. Because of this remarkable importance, PUF need to be immune to multifarious attack means. Making the PUF concealable is considered an effective countermeasure but it is not feasible for existing PUF designs. The bottleneck is finding a reproducible randomness source that supports repeatable concealment and accurate recovery of the PUF data. In this work, we experimentally demonstrate a concealable PUF at the chip level with an integrated memristor array and peripherals. The correlated filamentary switching characteristic of the hafnium oxide (HfOx)-based memristor is used to achieve PUF concealment/recovery with SET/RESET operations efficiently. PUF recovery with a zero-bit error rate and remarkable attack resistance are achieved simultaneously with negligible circuit overhead. This concealable PUF provides a promising opportunity to build memristive hardware systems with effective security in the near future.

Hongfei Wang,Wei Liu,Wenjie Cai,Yunxiao Lu,Caixue Wan

DOI: https://doi.org/10.1145/3687469

IF: 1.447

2024-09-18

ACM Transactions on Design Automation of Electronic Systems

Abstract:The physical unclonable function (PUF) is a widely used hardware security primitive. Before hacking into a PUF-protected system, intruders typically initiate attacks on the PUF as the first step. Many strong PUF designs have been proposed to thwart non-invasive attacks that exploit acquired CRPs. In this work, we propose a general framework for efficient attacks on strong PUFs by investigating from two perspectives, namely, statistical covariances in the challenge space and the design dependency among PUF compositions. The framework consists of two novel attack methods against a wide range of PUF families, including XOR APUFs, interpose PUFs, and bistable ring (BR)-PUFs. It can also exploit the knowledge of reliability information to improve attack efficiency with gradient optimization. We evaluate our proposed attacks through extensive experiments, running both software-based simulation and hardware implementations on FPGAs to compare with corresponding SOTA works. Considerable effort has been made in ensuring identical software/hardware conditions for a fair comparison. The results demonstrate that our framework significantly outperforms SOTA results. Moreover, we show that our framework can efficiently attack diverse PUF families built from entirely different types, while almost all existing works solely focused on attacking one or very limited number of PUF designs.

computer science, software engineering, hardware & architecture

Lei LI,Zijing SHANG,Jianhua FENG,Xing ZHANG,Huiyao AN

2013-01-01

Abstract:According to the hardware Trojans inserted during design and fabrication, the authors provide a new model of Trojan. New model is based on a finite state machine which is more difficult to trigger and detect than those based on combinational circuits. Also, the locations in target circuits to insert Trojans are considered to avoid being detected using path delay fingerprint method. S349 circuit from ISCAS'89 benchmark circuits is chosen as the target circuit. Functional simulations are performed and delay information is simulated. The results show that this type of hardware Trojan is difficult to activate and the insertion method is effective to hide delay information.

Wei Hu,Beibei Li,Lingjuan Wu,Yiwei Li,Xuefei Li,Liang Hong

2023-11-21

Abstract:Third-party intellectual property cores are essential building blocks of modern system-on-chip and integrated circuit designs. However, these design components usually come from vendors of different trust levels and may contain undocumented design functionality. Distinguishing such stealthy lightweight malicious design modification can be a challenging task due to the lack of a golden reference. In this work, we make a step towards design for assurance by developing a method for identifying and preventing hardware Trojans, employing functional verification tools and languages familiar to hardware designers. We dump synthesized design netlist mapped to a field programmable gate array technology library and perform switching as well as coverage analysis at the granularity of look-up-tables (LUTs) in order to identify specious signals and cells. We automatically extract and formally prove properties related to switching and coverage, which allows us to retrieve Trojan trigger condition. We further provide a solution to preventing Trojan from activation by reconfiguring the confirmed malicious LUTs. Experimental results have demonstrated that our method can detect and mitigate Trust-Hub as well as recently reported don't care Trojans.

Cryptography and Security

Yao Wang,Zhengtai Chang

DOI: https://doi.org/10.48550/arXiv.2007.10755

2020-07-21

Cryptography and Security

Abstract:With the expansion of the Internet of Things industry, the information security of Internet of Things devices attracts much attention. Traditional encryption algorithms require sensitive information such as keys to be stored in memory, and also need the support of operating system, which is obviously unacceptable for resource-constrained Internet of Things terminals. Physical not cloning function by extracting the chip is inevitable in the process of manufacturing process deviation, the introduction of the corresponding function relationship between incentive and response, not to need the storage user sensitive information, and only when electricity will respond, in power response immediately disappear, this can save a lot of resources of equipment and the power consumption. However, PUF is vulnerable to modeling attacks, and the traditional methods such as the challenge obfuscation method are time-invariant, which is equivalent to adding a fixed function to the front stage of a traditional APUF circuit. Therefore, it can be potentially modelling attacked with sufficient CRPs. In order to further enhance APUF circuit resistance to modelling attack, this paper proposes a dual-LFSR-based APUF circuit with time-variant challenge obfuscation. Besides, traditional authentication scheme generally adopts the one-time key scheme to enhance resistance to man-in-the-middle attack. The two-time authentication scheme proposed in this paper can improve the ability of RFID system to resist man-in-the-middle attack without sacrificing CRPs.

Tony F. Wu,Karthik Ganesan,Yunqing Alexander Hu,H.-S. Philip Wong,Simon Wong,Subhasish Mitra

DOI: https://doi.org/10.1109/TCAD.2015.2474373

2015-08-25

Abstract:There are increasing concerns about possible malicious modifications of integrated circuits (ICs) used in critical applications. Such attacks are often referred to as hardware Trojans. While many techniques focus on hardware Trojan detection during IC testing, it is still possible for attacks to go undetected. Using a combination of new design techniques and new memory technologies, we present a new approach that detects a wide variety of hardware Trojans during IC testing and also during system operation in the field. Our approach can also prevent a wide variety of attacks during synthesis, place-and-route, and fabrication of ICs. It can be applied to any digital system, and can be tuned for both traditional and split-manufacturing methods. We demonstrate its applicability for both ASICs and FPGAs. Using fabricated test chips with Trojan emulation capabilities and also using simulations, we demonstrate: 1. The area and power costs of our approach can range between 7.4-165% and 0.07-60%, respectively, depending on the design and the attacks targeted; 2. The speed impact can be minimal (close to 0%); 3. Our approach can detect 99.998% of Trojans (emulated using test chips) that do not require detailed knowledge of the design being attacked; 4. Our approach can prevent 99.98% of specific attacks (simulated) that utilize detailed knowledge of the design being attacked (e.g., through reverse-engineering). 5. Our approach never produces any false positives, i.e., it does not report attacks when the IC operates correctly.

Hardware Architecture,Cryptography and Security

Xiang-Yu Li,Li-Ji Wu,Xiang-Min Zhang

DOI: https://doi.org/10.1109/icsict49897.2020.9278354

2020-01-01

Abstract:The destruction of cooperation technology can interdict the communication between hardware Trojans and adversaries. This paper discusses the design principles of the scrambling scheme and proposed a PUFFIN based scheme and its hardware structure for a switch chip's data buffer. Test shows that the proposed scheme is destructive for both static and sequential trigger conditions with about 288.6 k gates overhead for every bit of the data bus and 7.5 ns additional latency.

Jiliang Zhang,Qiang Wu,Yongqiang Lyu,Qiang Zhou,Yici Cai,Yaping Lin,Gang Qu

DOI: https://doi.org/10.1109/cadgraphics.2013.22

2013-01-01

Abstract:Physical Unclonable Function (PUF) makes use of the uncontrollable process variations during the production of IC to generate a unique signature for each IC. It has a wide application in security such as FPGA Intellectual Property (IP) protection, key generation and digital rights management. Ring Oscillator (RO) based PUF and Arbiter-based PUF are the most popular PUFs, but they are not specially designed for FPGA. RO-based PUF incurs high resource overhead while obtaining less challenge-response pairs, and requires ``hard macros'' to implement on FPGA. The arbiter-based PUF brings low resource overhead, but its structure is hard to be mapped on FPGA. Anderson'PUF can address these weaknesses of current Arbiter-based and RO-based PUFs. However, it cannot be directly implemented on the new generation FPGAs, and therefore it has the scalability issue. In order to address these problems, this paper presents a delay-based PUF using the intrinsic structure of FPGA (look-up table and multiplexer). The proposed delay-based PUF is completely realized on 28nm FPGAs. The experimental results show its high uniqueness and reliability. Moreover, we test the proposed PUF in the high temperature, and the results show its availability. Finally, the prospect of the proposed PUF in the FPGA IP protection is discussed.

Ji-Liang Zhang,Qiang Wu,Yi-Peng Ding,Yong-Qiang Lv,Qiang Zhou,Zhi-Hua Xia,Xing-Ming Sun,Xing-Wei Wang

DOI: https://doi.org/10.1007/s11390-016-1616-8

2016-01-01

Abstract:Physical unclonable function (PUF) makes use of the uncontrollable process variations during the production of IC to generate a unique signature for each IC. It has a wide application in security such as FPGA intellectual property (IP) protection, key generation and digital rights management. Ring oscillator (RO) PUF and Arbiter PUF are the most popular PUFs, but they are not specially designed for FPGA. RO PUF incurs high resource overhead while obtaining less challenge-response pairs, and requires "hard macros" to implement on FPGAs. The arbiter PUF brings low resource overhead, but its structure has big bias when it is mapped on FPGAs. Anderson PUF can address these weaknesses of current Arbiter and RO PUFs implemented on FPGAs. However, it cannot be directly implemented on the new generation 28 nm FPGAs. In order to address these problems, this paper designs and implements a delay-based PUF that uses two LUTs in an SLICEM to implement two 16-bit shift registers of the PUF, 2-to-1 multiplexers in the carry chain to implement the multiplexers of the PUF, and any one of the 8 flip-flops to latch 1-bit PUF signatures. The proposed delay-based PUF is completely realized on 28 nm commercial FPGAs, and the experimental results show its high uniqueness, reliability and reconfigurability. Moreover, we test the impact of aging on it, and the results show that the effect of aging on the proposed PUF is insignificant, with only 6% bit-flips. Finally, the prospects of the proposed PUF in the FPGA binding and volatile key generation are discussed.

Yi Zhang,Min Zhu,Bohan Yang,Leibo Liu

DOI: https://doi.org/10.1088/1742-6596/1619/1/012003

2020-01-01

Journal of Physics Conference Series

Abstract:Physical unclonable function (PUF) generates unique secret keys from unavoidable IC manufacturing variations, which can eliminate high computation expense and additional key storage. The inherent flexibility and lower time-to-market have made field programmable gate array (FPGA) the platform of choice for faster implementation. However, logic elements on FPGA are predefined while some types of PUFs need strictly mirrored symmetric routing. This paper presents a robust and FPGA friendly PUF based on oscillator collapse (OC-PUF) with million number of challenge-response pairs (CRPs). Mirrored routes are obtained with a novel delay cell design and a signal path configuration technique. In the meanwhile, the response bias issues on FPGA is effectively resolved. Measured on Altera DE2-115, the average interchip hamming distance (inter-chip HD) of the proposed OC-PUF is 46.7%. After applying dynamic threshold with a value 255, intra-chip hamming distance (intra-chip HD) dropped to 5.46E-06 at nominal conditions.

Jianfeng Wang,Shuwen Deng,Huazhong Yang,Vijaykrishnan Narayanarn,Xueqing Li

DOI: https://doi.org/10.23919/date58400.2024.10546580

2024-01-01

Abstract:Keys grant access to devices and are the core secrets in logic obfuscation. Typically, keys are stored in tamper-proof memory and are subsequently delivered to logic locking modules through scan chains. However, recent physical attacks have successfully extracted keys directly from registers, challenging the security of the prior scan obfuscation/blocking efforts. This paper mitigates the threat of direct value extraction by proposing TroScan, an architecture that leverages the internal frequency of register chains to activate trigger circuits. We propose three key generation methods for typical defense scenarios and gate-aware obfuscation optimization. To the authors' best knowledge, this work presents the first on-chip key delivery obfuscation architecture against Electro-Optical Frequency Mapping (EOFM) attacks. Evaluation shows similar to 100% key obfuscation effectiveness under two EOFM attack targets. For overheads, we demonstrate the worst-case fault coverage rate of 97.6%, average area/power overheads of 7.5%/11.8%, and an average key generation success rate of 98% across 80 process voltage temperature (PVT) conditions.

Zhang Yuejun,Wang Jiawei,Pan Zhao,Zhang Xiaowei,Wang Pengjun

DOI: https://doi.org/10.11999/JEIT180898

2019-01-01

Abstract:In order to solve the problem of member information leakage in multi-party cooperative design of integrated circuits, a orthogonal obfuscation scheme of multi-hardware IPs core security protection is proposed. Firstly, the orthogonal obfuscation matrix generates orthogonal key data, and the obfuscated key of the hardware IP core is designed with the physical feature of the Physical Unclonable Function (PUF) circuit. Then the security of multiple hardware IP cores is realized by the orthogonal obfuscation state machine. Finally, the validity of orthogonal aliasing is verified using the ISCAS-85 circuit and cryptographic algorithm. The multi-hardware IP core orthogonal obfuscation scheme is tested under Taiwan Semiconductor Manufacturing Company (TSMC) 65 nm process, the difference of Toggle flip rate between the correct key and the wrong key is less than 5%, and the area and power consumption of the larger test circuit are less than 2%. The experimental results show that orthogonal obfuscation can improve the security of multi-hardware IP cores, and can effectively defend against member information leakage and state flip rate analysis attacks.

Zihan Pang,Qiang Zhou,Wenchao Gao,Shiyi Guo,Xu Qian

DOI: https://doi.org/10.3969/j.issn.1003-9775.2017.09.002

2017-01-01

Abstract:As an important hardware security primitive, physical unclonable function (PUF) which exploits in-trinsic process variation, generates unique identification signature. The properties of lightweight and unique tam-per-resistant endow PUF with great advantage in hardware security fields such as random number or secret key generator. As field-programmable gate array (FPGA) application has flexible configuration circuits features, its self-security and reliability issues have gained lots of attention over the recent years. PUF technology can protect circuit configuration from the hardware level with less overhead. In this paper, we give a survey on a variety of state-of-the-art PUF implementation methods, and analyze the optimization strategy of various implementation architectures in terms of randomness, stability and resource consumption. After that we compare the performance of different FPGA PUF with the test evaluation methods and introduce its specific applications. Finally, we con-clude with challenges and opportunities, and paint a blueprint for the future of FPGA PUF application in the field of hardware security.

Lili Wang,Liji Wu,Zhenhui Zhang,Xiangmin Zhang,Jing Zhou

DOI: https://doi.org/10.1117/12.3024716

2024-01-01

Abstract:With the rapid development of the digital society, hardware security has become a pressing issue in information security. Although the Post-Quantum Cryptography (PQC) is known for its high security, it is still threatened by hardware Trojan attacks. In this paper, the Classic McEliece algorithm is applied to hardware implementation and a hardware Trojan detection method based on sensor chains for PQC Classic McEliece circuits is proposed. The deployment of the sensor chain consisting of 12 ring oscillators (ROs) on the PQC Classic McEliece circuits is precisely controlled by employing an incremental compilation technique. The validation experiments are performed on an Altera Cyclone-II EP2C35F672C8 FPGA development board, and the results show that the hardware Trojans at RO6 and RO12 are successfully detected using the normalized difference algorithm. The Support vector machine (SVM) algorithm achieves an accuracy of 72%, the logistic regression algorithm achieves an accuracy of 92%, and the K-means algorithm achieves an accuracy of 97%. These results strongly support the effectiveness and accuracy of the proposed hardware Trojan detection method based on sensor chains for the PQC Classic McEliece circuits, and also suggest that the method is applicable to the protection of other cryptographic circuits.