By Topic

Hardware-Oriented Security and Trust, 2008. HOST 2008. IEEE International Workshop on

Date 9-9 June 2008

Filter Results

Displaying Results 1 - 25 of 34
  • 2008 IEEE international workshop on hardware-oriented security and trust (HOST)

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (12 KB)  
    Freely Available from IEEE
  • 2008 IEEE international workshop on hardware-oriented security and trust (HOST)

    Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (11 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Page(s): ii
    Save to Project icon | Request Permissions | PDF file iconPDF (17 KB)  
    Freely Available from IEEE
  • Table of contents

    Page(s): iii - iv
    Save to Project icon | Request Permissions | PDF file iconPDF (33 KB)  
    Freely Available from IEEE
  • Keynote address

    Page(s): 1
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (10 KB)  

    Provides an abstract for each of the keynote presentations and a brief professional biography of each presenter. The complete presentations were not made available for publication as part of the conference proceedings. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 1 Hardware Trojans

    Page(s): 2
    Save to Project icon | Request Permissions | PDF file iconPDF (8 KB)  
    Freely Available from IEEE
  • Sensitivity analysis to hardware Trojans using power supply transient signals

    Page(s): 3 - 7
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (292 KB) |  | HTML iconHTML  

    Trust in reference to integrated circuits addresses the concern that the design and/or fabrication of the IC may be purposely altered by an adversary. The insertion of a hardware Trojan involves a deliberate and malicious change to an IC that adds or removes functionality or reduces its reliability. Trojans are designed to disable and/or destroy the IC at some future time or they may serve to leak confidential information covertly to the adversary. Trojans are cleverly hidden by the adversary to make it extremely difficult for chip validation processes, such as manufacturing test, to accidentally discover them. This paper investigates a power supply transient signal analysis method for detecting Trojans that is based on the analysis of multiple power port signals. In particular, we focus on determining the smallest detectable Trojan in a set of process simulation models that characterize a TSMC 0.18 um process. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • At-speed delay characterization for IC authentication and Trojan Horse detection

    Page(s): 8 - 14
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1269 KB) |  | HTML iconHTML  

    New attacker scenarios involving integrated circuits (ICs) are emerging that pose a tremendous threat to national security. Concerns about overseas fabrication facilities and the protection of deployed ICs have given rise to methods for IC authentication (ensuring that an IC being used in a system has not been altered, replaced, or spoofed) and hardware Trojan Horse (HTH) detection (ensuring that an IC fabricated in a nonsecure facility contains the desired functionality and nothing more), but significant additional work is required to quell these treats. This paper discusses how a technique for precisely measuring the combinational delay of an arbitrarily large number of register-to-register paths internal to the functional portion of the IC can be used to provide the desired authentication and design alteration (including HTH implantation) detection. This low-cost delay measurement technique does not affect the main IC functionality and can be performed at-speed at both test-time and run-time. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting malicious inclusions in secure hardware: Challenges and solutions

    Page(s): 15 - 19
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (86 KB) |  | HTML iconHTML  

    This paper addresses a new threat to the security of integrated circuits (ICs) used in safety critical, security and military systems. The migration of IC fabrication to low-cost foundries has made ICs vulnerable to malicious alterations, that could, under specific conditions, result in functional changes and/or catastrophic failure of the system in which they are embedded. We refer to such malicious alternations and inclusions as Hardware Trojans. The modification(s) introduced by the Trojan depends on the application, with some designed to disable the system or degrade signal integrity, while others are designed to defeat hardware security and encryption to leak plain text information. This paper explores the wide range of malicious alternations of ICs that are possible and proposes a general framework for their classification. The taxonomy is essential for properly evaluating the effectiveness of methods designed to detect Trojans. The latter portion of the paper explores several Trojan detection strategies and the classes of Trojans each is most likely to detect. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 2 Side-channel attacks and countermeasures

    Page(s): 20
    Save to Project icon | Request Permissions | PDF file iconPDF (8 KB)  
    Freely Available from IEEE
  • Slicing up a perfect hardware masking scheme

    Page(s): 21 - 25
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1000 KB) |  | HTML iconHTML  

    Masking is a side-channel countermeasure that randomizes side-channel leakage, such as the power dissipation of a circuit. Masking is only effective on the condition that the internal random mask remains a secret. Previous research has illustrated how a successful estimation of the mask bit in circuit-level masking leads to successful side-channel attacks. In this paper, we extend this concept to algorithmic masking, which uses multi-bit masks. Our key observation is that the power dissipation of a masked circuit and the mask value are not independent. We exploit this property by using a slice of the power samples obtained by partial selection. This slice has a statistically biased mask, even when the mask signal itself is generated with a uniform distribution. We demonstrate this attack by showing how a perfectly masked AES SBox can be broken using part of the observed power samples, while the same circuit remains secure if we use all of the observed power samples. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Place-and-route impact on the security of DPL designs in FPGAs

    Page(s): 26 - 32
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (225 KB) |  | HTML iconHTML  

    Straightforward implementations of cryptographic algorithms are known to be vulnerable to attacks aimed not at the mathematical structure of the cipher but rather at the weak points of the electronic devices which implement it. These attacks, known as side-channel attacks, have proved to be very powerful in retrieving secret keys from any kind of unprotected electronic device. Amongst the various protection strategies, side-channel hiding is very popular and well studied. The principle of information hiding is to make any leak constant, thus uncorrelated to the device internal secrets. The so-called ldquodual-rail with precharge logicrdquo (DPL) style is indicated to achieve that goal. For DPL protection to be effective, it further requires a carefully balanced layout so as to obtain equal propagation delays and power consumption on both rails. In this article, we study to which extent the differential place-and-route constraints must be strict in FPGA technology. We describe placement techniques suitable for Xilinx and Altera FPGAs, and quantify the gain of balance they confer. On the one hand, we observed that Xilinx fitting tool achieves naturally good balancing results. On the other hand, the symmetry can be greatly improved with Altera devices, using a manual placement, leading to unprecedented dual netlists balancing. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extended abstract: A high-performance, low-overhead, power-analysis-resistant, single-rail logic style

    Page(s): 33 - 36
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (721 KB) |  | HTML iconHTML  

    Differential power analysis (DPA) has been shown to be an effective attack on cryptographic systems capable of revealing secret data by measuring power consumption. DPA-resistant circuits currently incur severe penalties in terms of performance, area, and power - as much as 4times in each. Additionally, most are dual-rail logic families, which can require careful attention to wire routing to ensure balanced output loads. We present three-phase single-rail precharge logic (TSPL), a single-rail dynamic logic family with high DPA resistance and significantly lower overheads in performance, area, and power than other DPA-resistant logic styles. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 3 Invited presentation

    Page(s): 37
    Save to Project icon | Request Permissions | PDF file iconPDF (8 KB)  
    Freely Available from IEEE
  • The role of platform integrity in trustworthy systems

    Page(s): 38
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (23 KB)  

    Summary form only given. This presentation discusses the role of platform integrity in platform security trustworthiness while reviewing a few basic tenants for hardware requirements to enable and support successful applications. Users demand that applications and platforms strike a delicate balance between hardware and software utility. Platforms, and their associated applications, that are too difficult or complex for the user are bypassed and ignored. Security applications and the platforms they rely upon are not exempt from this axiom. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 4 Hardware Trojans

    Page(s): 39
    Save to Project icon | Request Permissions | PDF file iconPDF (8 KB)  
    Freely Available from IEEE
  • A region based approach for the identification of hardware Trojans

    Page(s): 40 - 47
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (563 KB) |  | HTML iconHTML  

    Outsourcing of SoC fabrication units has created the potential threat of design tampering using hardware Trojans. Methods based on side-channel analysis exist to differentiate such maligned ICs from the genuine ones but process variation in the foundries limit the effectiveness of such approaches. In this work, we propose a circuit partition based approach to detect and locate the embedded Trojan. Results show that our approach is effective in separating out candidate Trojans in the circuit. In addition, we provide a power profile based method for refining the candidate regions that may contain a Trojan. In many cases, such an isolation method leads to noticeable manifestation of the anomalous behavior of the circuit due to the presence of the Trojan thereby enhancing chances of their detection. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On-demand transparency for improving hardware Trojan detectability

    Page(s): 48 - 50
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (351 KB) |  | HTML iconHTML  

    Malevolent Trojan circuits inserted by layout modifications in an IC at untrustworthy fabrication facilities are difficult to detect by traditional post-manufacturing testing. In this paper, we develop a novel low-overhead design methodology that facilitates the detection of inserted Trojan hardware in an IC through logic testing. As a byproduct, it also increases the security of the design by design obfuscation. Application of the proposed design methodology to an 8-bit RISC processor and a JPEG encoder resulted in improvement in Trojan detection probability significantly. It also obfuscated the design with verification mismatch for 90% of the verification points, while incurring moderate area, power and delay overheads. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hardware Trojan detection using path delay fingerprint

    Page(s): 51 - 57
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (303 KB) |  | HTML iconHTML  

    Trusted IC design is a recently emerged topic since fabrication factories are moving worldwide in order to reduce cost. In order to get a low-cost but effective hardware trojan detection method to complement traditional testing methods, a new behavior-oriented category method is proposed to divide trojans into two categories: explicit payload trojan and implicit payload trojan. This categorization method makes it possible to construct trojan models and then lower the cost of testing. Path delays of nominal chips are collected to construct a series of fingerprints, each one representing one aspect of the total characteristics of a genuine design. Chips are validated by comparing their delay parameters to the fingerprints. The comparison of path delays makes small trojan circuits significant from a delay point of view. The experimentpsilas results show that the detection rate on explicit payload trojans is 100%, while this method should be developed further if used to detect implicit payload trojans. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 5 IP piracy protection, CAD tool security and PUFs

    Page(s): 58
    Save to Project icon | Request Permissions | PDF file iconPDF (9 KB)  
    Freely Available from IEEE
  • Verifying the authenticity of chip designs with the DesignTag system

    Page(s): 59 - 64
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1242 KB) |  | HTML iconHTML  

    This paper introduces DesignTag - a novel, patented, dasiasecurity tagpsila technology which can be used to verify the authenticity of semiconductor devices. The tag takes the form of a small digital circuit which is added to the chip design and communicates through the package with an external sensor. Falsely marked dasiaghostpsila chips are present in the supply chain and cause economic damage to reputable semiconductor companies. They can also constitute a safety hazard in critical applications and act as a vector for inserting malicious dasiaTrojanpsila functionality into a secure system such as banking or government communications. DesignTag can also be used to address related threats such as copying of chip designs and Intellectual Property cores and unlicensed use of CAD tools. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extended abstract: Circuit CAD tools as a security threat

    Page(s): 65 - 66
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (166 KB) |  | HTML iconHTML  

    The demand for trusted and tamper-resistant computing platforms has placed security at the leading edge of research and industrial practice. Reported hardware-security breaches have already led to loss of confidential information, identity theft, intercepted cellular communications, and IP burglary. Our work demonstrates that ICs can be easily compromised by tampering with CAD tools or scripts that run these tools, suggesting that developing effective countermeasures against such attacks is a major research challenge. Our work is especially relevant to industrial uses of open-source EDA. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extended abstract: The butterfly PUF protecting IP on every FPGA

    Page(s): 67 - 70
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (302 KB) |  | HTML iconHTML  

    IP protection of hardware designs is the most important requirement for many FPGA IP vendors. To this end, various solutions have been proposed by FPGA manufacturers based on the idea of bitstream encryption. An alternative solution was advocated in (E. Simpson and P. Schaumont, 2006). Simpson and Schaumont proposed a new approach based on physical unclonable functions (PUFs) for IP protection on FPGAs. PUFs are a unique class of physical systems that extract secrets from complex physical characteristics of the integrated circuits which along with the properties of unclonability provide a highly secure means of generating volatile secret keys for cryptographic operations. However, the first practical PUF on an FPGA was proposed only later in (J. Guajardo et al., 2007) based on the startup values of embedded SRAM memories which are intrinsic in some of the current FPGAs. The disadvantage of these intrinsic SRAM PUFs is that not all FPGAs support uninitialized SRAM memory. In this paper, we propose a new PUF structure called the butterfly PUF that can be used on all types of FPGAs. We also present experimental results showing their identification and key generation capabilities. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Session 6 Cryptography and securing hardware

    Page(s): 71
    Save to Project icon | Request Permissions | PDF file iconPDF (9 KB)  
    Freely Available from IEEE
  • Extended abstract: Unified digit-serial multiplier/inverter in finite field GF(2m)

    Page(s): 72 - 75
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (286 KB) |  | HTML iconHTML  

    Modular multiplication and inversion are the essential operations in both elliptic curve cryptosystems (ECC) and hyperelliptic curve cryptosystems (HECC). In this paper, we describe a unified digit-serial multiplier/inverter in GF(2m). The inverter is based on a modified extended Euclidean algorithm (EEA). When choosing digit size to be w, this multiplier/inverter finishes one inversion in lceil2 m/wrceil clock cycles, or two multiplications in parallel in lceilm/wrceil clock cycles. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.