Jian Wang,Ying Li

DOI: https://doi.org/10.3390/info12040169

2021-01-01

Information

Abstract:Ensuring the security of IoT devices and chips at runtime has become an urgent task as they have been widely used in human life. Embedded memories are vital components of SoC (System on Chip) in these devices. If they are attacked or incur faults at runtime, it will bring huge losses. In this paper, we propose a run-time detection architecture for memory security (RDAMS) to detect memory threats (fault and Hardware Trojans attack). The architecture consists of a Security Detection Core (SDC) that controls and enforces the detection procedure as a “security brain”, and a memory wrapper (MEM_wrapper) which interacts with memory to assist the detection. We also design a low latency response mechanism to solve the SoC performance degradation caused by run-time detection. A block-based multi-granularity detection approach is proposed to render the design flexible and reduce the cost in implementation using the FPGA’s dynamic partial reconfigurable (DPR) technology, which enables online detection mode reconfiguration according to the requirements. Experimental results show that RDAMS can correctly detect and identify 10 modeled memory faults and two types of Hardware Trojans (HTs) attacks without leading a great performance degradation to the system.

Jiyuan Bai,Xiang Wang,Zifeng Zhao,Zikang Zhang,Chang Cai,Gengsheng Chen

DOI: https://doi.org/10.1016/j.microrel.2023.115311

IF: 1.6

2024-01-01

Microelectronics Reliability

Abstract:Fault tolerance is crucial for mission-critical FPGA-based systems in radiation environments. Soft-core processors in these systems, performing both control and computational tasks, require efficient soft error mitigation techniques to enhance their fault tolerance. In this paper, we investigate the variation trends in the fault tolerance of various processor components as the software workload changes. Based on our investigation, we propose a reconfigurable soft error mitigation framework that dynamically switches the hardening strategies for the processor according to the running workloads. The innovative application of dynamic partial reconfiguration technique in FPGAs enables time-multiplexing of the same circuit region to accommodate various hardening schemes, consequently achieving high area efficiency. We apply the framework to an open-source dual-issue superscalar RISC-V processor on a Xilinx ZCU102 FPGA board. Compared to traditional spatial redundancy-based hardening techniques, the proposed framework achieves a 20.84 % reduction in LUT utilization and a 20.53 % reduction in flip-flop utilization. The effectiveness of our framework has been evaluated through fault injection campaigns. The results indicate that, on average, only 0.05 % of faults would lead to system failure after hardening. Therefore, our work offers a new perspective on dynamic soft error mitigation in reconfigurable systems.

Zichen Zhou,Bo Yin,Renhao Fan,Tao Liu,Bin Xu,Xiang Wang

2011-01-01

Abstract:Most embedded systems present a number of software vulnerabilities, such as buffer overflow, while the physical attacks are becoming popular as well. This paper presents a series of novel architectural-enhanced security solutions. The automated compiler extracts the intrusion model for intrusion detection and secure tag of each main memory segment at the compile time automatically. At runtime, the designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior and trigger appropriate response mechanisms. The proposed schemes don't change the compiler or the existing instruction set and imposes no restriction to the software developer. The architectural design is implemented on an actual OR1200-FPGA platform. The experimental analysis shows that the proposed techniques can eliminate a wide range of common software and physical attacks with low performance penalties and minimal overheads.

Zhaojie Dong,Lan Chen,Ying Li

DOI: https://doi.org/10.1587/elex.19.20220167

2022-01-01

IEICE Electronics Express

Abstract:Existing functional validation approaches and post-manufacturing tests are inadequate to detect all hardware bugs and hardware Trojans in third-party intellectual property blocks (3PIPs). Especially for cryptographic IPs, a well-designed framework is needed for detecting and mitigating hardware security risks even after chip deployment. In this paper, we present an innovative multi-level architecture providing runtime hardware security detection and response. The proposed architecture consists of a controller and a security wrapper, enabling the collaborative operation of three different types of detection and three levels of response according to the potential malicious impact. We show that a field programmable gate array prototype of the proposed architecture can pursue 4 hardware bug and 6 hardware Trojan detection towards an AES IP, and make appropriate protective responses.

Fan Zhang,Chen Dong,Wucheng Hu,Jinghui Chen,Guorong He

DOI: https://doi.org/10.1109/IAEAC47372.2019.8997863

2019-01-01

Abstract:EDA tools almost completely automate the current chip design. However, EDA tools are all provided by third-party companies, therefore the credibility of EDA tools and the trust issues brought by their process libraries have attracted people's attention. Given these problems, this paper proposes a self-training hardware Trojan confrontation framework based on machine learning embedded in EDA tools. The framework focuses on the gate-level netlist files generated during the integrated chip comprehensive optimization phase, thereby detects, locates and deletes hardware Trojans that may appear. The experimental results show that the framework can achieve more than 85% detection effect for unknown hardware Trojans. Moreover, for known hardware Trojans, this framework can achieve almost 100% detection. Accordingly, hardware Trojans can be located and deleted.

Yumin Hou,Hu He,Kaveh Shamsi,Yier Jin,Dong Wu,Huaqing Wu

DOI: https://doi.org/10.1109/hst.2018.8383914

2018-01-01

Abstract:With the globalization of semiconductor industry, hardware security issues have been gaining increasing attention. Among all hardware security threats, the insertion of hardware Trojans is one of the main concerns. Meanwhile, many current Trojan detection solutions follow the assumption that the hardware Trojan itself should be composed of digital logic. This assumption is invalidated by recently proposed analog Trojans which are extremely small and can detect rare events. This paper proposes a runtime hardware Trojan detection method which is geared towards detecting such advanced Trojans. The principle of this method is to guard a set of concerned signals, and initiate a hardware interrupt request when abnormal toggling events occur in these guarded signals. To prove the effectiveness of this method, we design a processor based on ARMv7-A&R ISA, and insert an analog Trojan into the processor. We fabricated the design in the SMIC 130 nm process and demonstrate the effectiveness of the proposed methodology.

Yumin Hou,Hu He,Kaveh Shamsi,Yier Jin,Dong Wu,Huaqiang Wu

DOI: https://doi.org/10.1109/tcad.2018.2864246

IF: 2.9

2019-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:With the globalization of semiconductor industry, hardware security issues have been gaining increasing attention. Among all hardware security threats, the insertion of hardware Trojans is one of the main concerns. Meanwhile, many current Trojan detection solutions follow the assumption that the hardware Trojan itself should be composed of digital logic. This assumption is invalidated by recently proposed analog Trojans which are extremely small and can detect rare events. This paper proposes a runtime hardware Trojan detection method which is geared toward detecting such advanced Trojans. The principle of this method is to guard a set of concerned signals, and initiate a hardware interrupt request when abnormal toggling events occur in these guarded signals. To prove the effectiveness of this method, we design a processor based on ARMv7-A&R ISA, and insert an analog Trojan into the processor. We fabricated the design in an SMIC 130-nm process and demonstrate the effectiveness of the proposed methodology.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yang Xiang,Yuxia Cheng,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1007/s10586-017-0833-4

2017-01-01

Cluster Computing

Abstract:With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Zhenliang An,Weike Wang,Wenxin Li,Senyang Li,Dexue Zhang

DOI: https://doi.org/10.3390/mi14081525

IF: 3.4

2023-07-30

Micromachines

Abstract:The growing prevalence of embedded systems in various applications has raised concerns about their vulnerability to malicious code reuse attacks. Current software-based and hardware-assisted security techniques struggle to detect or block these attacks with minor performance and implementation overhead. To address this issue, this paper presents a lightweight hardware-assisted scheme to enhance the security of embedded systems against code reuse attacks. We develop an on-chip lightweight hardware shadow stack to validate target addresses at runtime for backward-edge control flow integrity, which backs up valid return addresses during function calls and automatically verifies actual return addresses during the return phase. Additionally, we propose a lightweight stream cipher circuit that encrypts and decrypts critical stack data related to control flow manipulation, preventing attackers from analyzing or tampering with them. When designing and implementing the security mechanism for embedded systems, we fully consider the constraints of limited system resources and performance, optimizing both the architecture design and implementation of the proposed hardware. Finally, we integrate both the proposed lightweight hardware shadow stack and the runtime data encryption hardware into the OR1200 processor. We have verified the system security function on the Terasic DE1-SoC FPGA platform and evaluated the system performance as well as implementation overhead. The results show that the proposed lightweight hardware-assisted scheme can provide a dedicated defense capability against code reuse attacks for embedded systems, with an average system performance overhead of 0.39% and an area footprint of 0.316 mm2.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

Robert Schilling,Mario Werner,Pascal Nasahl,Stefan Mangard

DOI: https://doi.org/10.1145/3274694.3274728

2018-09-24

Abstract:Reading and writing memory are, besides computation, the most common operations a processor performs. The correctness of these operations is therefore essential for the proper execution of any program. However, as soon as fault attacks are considered, assuming that the hardware performs its memory operations as instructed is not valid anymore. In particular, attackers may induce faults with the goal of reading or writing incorrectly addressed memory, which can have various critical safety and security implications. In this work, we present a solution to this problem and propose a new method for protecting every memory access inside a program against address tampering. The countermeasure comprises two building blocks. First, every pointer inside the program is redundantly encoded using a multi-residue error detection code. The redundancy information is stored in the unused upper bits of the pointer with zero overhead in terms of storage. Second, load and store instructions are extended to link data with the corresponding encoded address from the pointer. Wrong memory accesses subsequently infect the data value allowing the software to detect the error. For evaluation purposes, we implemented our countermeasure into a RISC-V processor, tested it on a FPGA development board, and evaluated the induced overhead. Furthermore, a LLVM-based C compiler has been modified to automatically encode all data pointers, to perform encoded pointer arithmetic, and to emit the extended load/store instructions with linking support. Our evaluations show that the countermeasure induces an average overhead of 10% in terms of code size and 7% regarding runtime, which makes it suitable for practical adoption.

Cryptography and Security

Wei Song,Jiameng Ying,Sihao Shen,Boya Li,Hao Ma,Peng Liu

DOI: https://doi.org/10.48550/arXiv.2111.14072

2021-11-28

Abstract:Memory safety remains a critical and widely violated property in reality. Numerous defense techniques have been proposed and developed but most of them are not applied or enabled by default in production-ready environment due to their substantial running cost. The situation might change in the near future because the hardware supported defenses against these attacks are finally beginning to be adopted by commercial processors, operating systems and compilers. We then face a question as there is currently no suitable test suite to measure the memory safety extensions supported on different processors. In fact, the issue is not constrained only for memory safety but all aspect of processor security. All of the existing test suites related to processor security lack some of the key properties, such as comprehensiveness, distinguishability and portability. As an initial step, we propose an expandable test framework for measuring the processor security and open source a memory safety test suite utilizing this framework. The framework is deliberately designed to be flexible so it can be gradually extended to all types of hardware supported security extensions in processors. The initial test suite for memory safety currently contains 160 test cases covering spatial and temporal safety of memory, memory access control, pointer integrity and control-flow integrity. Each type of vulnerabilities and their related defenses have been individually evaluated by one or more test cases. The test suite has been ported to three different instruction set architectures (ISAs) and experimented on six different platforms. We have also utilized the test suite to explore the security benefits of applying different sets of compiler flags available on the latest GNU GCC and LLVM compilers.

Cryptography and Security,Hardware Architecture

Zhijiao Zhang,Yashuai Lü,Yu Chen,Yongqiang Lu,Yuanchun Shi

DOI: https://doi.org/10.1007/978-3-319-18467-8_29

2015-01-01

Abstract:Recently, code-reuse attack (CRA) is becoming the most prevalent attack vector which reuses fragments of existing code to make up malicious code. Recent studies show that CRAs especially jump-oriented programming (JOP) attacks are hard and costly to detect and protect from, especially on CISC processors. One reason for this is that the instructions of CISC architecture are of variable-length, and lots of unintended but legal instructions can be exploited by starting from in the middle of a legal instruction. This feature of CISC architectures makes the finding of so called gadgets for CRAs is much easier than that of RISC architectures. Most of previous studies for mitigating CRA on CISC processors rely on software-only means to tackle the unintended instruction problem, which makes their approaches either very costly or can only be applied under restricted conditions. In this paper, we propose two hardware supported techniques. The first, which is the main contribution of this paper, is to eliminate the execution of an unintended instruction. This technique only requires a few modifications to the processor and operating system. Furthermore, the proposed mechanism has little performance impact on the examined SPEC CPU 2006 benchmarks (-0.093% similar to 2.993%). Second, we propose using hardware control-flow locking as a complementary technique to our protection mechanism. By using the two techniques together, an attacker will have little chance to carry out CRAs on a CISC processor.

Xiao-Wei Wang,Wei-Nan Chen,Cheng-Lian Peng,Hong-jun You

DOI: https://doi.org/10.1109/ICESS.Symposia.2008.10

2008-01-01

Abstract:Dynamic partial reconfigurable embedded system includes at least one reconfigurable device, which is emerging as the new paradigm for satisfying the simultaneous demand for application performance and flexibility. But it brings difficulties in debugging, testing and performance measurement at the same time. Monitoring is an effective approach in debugging, testing and performance measurement in such complex systems. Dynamical partial reconfigurable monitor module based on the reconfigurability of the hardware platform and the implement methods were proposed in this paper, which decrease the chippsilas area consumption and reconfiguration time cost. The experiments about hardware-software monitoring approach showed expected results.

Leibo Liu,Zhuoquan Zhou,Shaojun Wei,Min Zhu,Shouyi Yin,Shengyang Mao

DOI: https://doi.org/10.1109/tcad.2017.2729340

IF: 2.9

2017-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Coarse grained reconfigurable architectures (CGRA) have been applied to numerous fields of computing- and data-intensive applications, such as computer vision, baseband communication, and cipher processing. A CGRA usually comprises hundreds of reconfigurable computing-cells (RCC), which account for a majority of the die area. As such, RCCs have a higher probability of being attacked by hardware Trojans, which seriously affects CGRA behavior. However, a CGRA can be dynamically and partially reconfigured via configuration contexts at runtime; this property could be utilized as an effective countermeasure against malicious hardware. This particular topic has yet to undergo significant research. This paper proposes a secure mapping approach called dynamic resource management based on security value (DRMaSV) to enhance CGRA capability against hardware Trojans by selectively protecting RCCs. DRMaSV realizes run-time monitoring based on an adapted triple modular redundancy mechanism under hardware resource constraints (i.e., area constraints). First, in order to measure the capability against hardware Trojans, a security capability metric called “security value” (SV) is defined, with measurements categorized as “Influence” and “Unreliability.” Here, both the circuit architecture and the level of Unreliability for modules used in the circuit are considered. Next, a DRM strategy to maximize the SV under hardware resource constraints is introduced. This strategy is described by the dynamic programming model (i.e., 0/1 knapsack problem), which can obtain an optimal solution. Finally, a mapping approach for CGRAs is derived by attaching the DRM strategy to a generic mapping flow. Simulations show that the proposed secure mapping approach ensures a given number of correct outputs, which then allows the number of outputs affected by activated Trojans under any given hardware resource constraint (area constraint) or overhead (area overhead) to be minimized. The results of actual chip design experiments are in agreement with the simulation results, indicating that the proposed secure mapping approach is effective.

Tony F. Wu,Karthik Ganesan,Yunqing Alexander Hu,H.-S. Philip Wong,Simon Wong,Subhasish Mitra

DOI: https://doi.org/10.1109/TCAD.2015.2474373

2015-08-25

Abstract:There are increasing concerns about possible malicious modifications of integrated circuits (ICs) used in critical applications. Such attacks are often referred to as hardware Trojans. While many techniques focus on hardware Trojan detection during IC testing, it is still possible for attacks to go undetected. Using a combination of new design techniques and new memory technologies, we present a new approach that detects a wide variety of hardware Trojans during IC testing and also during system operation in the field. Our approach can also prevent a wide variety of attacks during synthesis, place-and-route, and fabrication of ICs. It can be applied to any digital system, and can be tuned for both traditional and split-manufacturing methods. We demonstrate its applicability for both ASICs and FPGAs. Using fabricated test chips with Trojan emulation capabilities and also using simulations, we demonstrate: 1. The area and power costs of our approach can range between 7.4-165% and 0.07-60%, respectively, depending on the design and the attacks targeted; 2. The speed impact can be minimal (close to 0%); 3. Our approach can detect 99.998% of Trojans (emulated using test chips) that do not require detailed knowledge of the design being attacked; 4. Our approach can prevent 99.98% of specific attacks (simulated) that utilize detailed knowledge of the design being attacked (e.g., through reverse-engineering). 5. Our approach never produces any false positives, i.e., it does not report attacks when the IC operates correctly.

Hardware Architecture,Cryptography and Security

Wei Hu,Beibei Li,Lingjuan Wu,Yiwei Li,Xuefei Li,Liang Hong

2023-11-21

Abstract:Third-party intellectual property cores are essential building blocks of modern system-on-chip and integrated circuit designs. However, these design components usually come from vendors of different trust levels and may contain undocumented design functionality. Distinguishing such stealthy lightweight malicious design modification can be a challenging task due to the lack of a golden reference. In this work, we make a step towards design for assurance by developing a method for identifying and preventing hardware Trojans, employing functional verification tools and languages familiar to hardware designers. We dump synthesized design netlist mapped to a field programmable gate array technology library and perform switching as well as coverage analysis at the granularity of look-up-tables (LUTs) in order to identify specious signals and cells. We automatically extract and formally prove properties related to switching and coverage, which allows us to retrieve Trojan trigger condition. We further provide a solution to preventing Trojan from activation by reconfiguring the confirmed malicious LUTs. Experimental results have demonstrated that our method can detect and mitigate Trust-Hub as well as recently reported don't care Trojans.

Cryptography and Security

genxian liu,xi zhang,dongsheng wang,zhenyu liu,haixia wang

DOI: https://doi.org/10.1007/978-3-662-43908-1_1

2014-01-01

Abstract:Security is a crucial element of information systems. Extensive research for cryptographic algorithms that provide the sound theoretical basis of security. Among them security and integrity of memory has been a longstanding issue in trusted system design. Main memory is a critical component of all computing systems. Most of those systems are vulnerable to memory attacks, in which an attacker gains physical accesses to the unattended hardware, obtains the decryption keys from memory. We propose a method for protecting memory systems against attacks with hardware authentication and full memory encryption. The method is secure against all known type of memory attack. We have tested the method with software simulator and Field Programmable Gate Array (FPGA) platform. The results show that the method can authenticate and encrypt the contents of DRAM with 2.5 % performance penalties.

Alon Hillel-Tuch,Aspen Olmstead

DOI: https://doi.org/10.48550/arXiv.2403.08656

2024-03-14

Abstract:Programming errors, defective hardware components (such as hard disk spindle defects), and environmental hazards can lead to invalid memory operations. In addition, less predictable forms of environmental stress, such as radiation, thermal influence, and energy fluctuations, can induce hardware faults. Sometimes, a soft error can occur instead of a complete failure, such as a bit-flip. The 'natural' factors that can cause bit-flips are replicable through targeted attacks that result in significant compromises, including full privileged system access. Existing physical defense solutions have consistently been circumvented shortly after deployment. We will explore the concept of a novel software-based low-level layer that can protect vulnerable memory targeted by physical attack vectors related to bit-flip vulnerabilities.

Cryptography and Security,Operating Systems

Shengyang Mao,Leibo Liu

DOI: https://doi.org/10.1109/iceiec.2016.7589689

2016-01-01

Abstract:Hardware Trojans have become a significant threat to computing reliability and data security in reconfigurable hardware. One of the most effective techniques of run-time detection and recovery is based on Triple Modular Redundancy (TMR) mechanism; however, this mechanism causes a large resource overhead because the protected circuit needs to be totally duplicated twice for detection stage and decision stage. This paper proposes a novel methodology called Optimal Partitioning Triple Modular Redundancy (OPTMR) that optimizes the Data Flow Graph (DFG) partitioning to reduce the total overhead of TMR. The mathematical relationship between DFG partitioning and total overhead is discussed and the principle of DFG node division is presented. The efficiency and effectiveness of OPTMR is verified through simulation on an actual Field Programmable Gate Array (FPGA) device.

Merve Gülmez,Håkan Englund,Jan Tobias Mühlberg,Thomas Nyman

2024-07-12

Abstract:Up to 10% of memory-safety vulnerabilities in languages like C and C++ stem from uninitialized variables. This work addresses the prevalence and lack of adequate software mitigations for uninitialized memory issues, proposing architectural protections in hardware. Capability-based addressing, such as the University of Cambridge's CHERI, mitigates many memory defects, including spatial and temporal safety violations at an architectural level. However, current CHERI designs do not handle undefined behavior from uninitialized variables. We extend the CHERI capability model to include "conditional capabilities", enabling memory-access policies based on prior operations. This allows enforcement of policies that satisfy memory safety objectives such as "no reads to memory without at least one prior write" (Write-before-Read). We present our architecture extension, compiler support, and a detailed evaluation of our approach using the QEMU full-system simulator and our modified FPGA-based CHERI-RISCV softcore. Our evaluation shows Write-before-Read conditional capabilities are practical, with high detection accuracy while adding a small (~3.5%) overhead to the existing CHERI architecture.

Cryptography and Security