Visible to the public Biblio

Found 227 results

Filters: Keyword is Hardware  [Clear All Filters]
2020-01-20
Guha, Krishnendu, Saha, Debasri, Chakrabarti, Amlan.  2019.  Zero Knowledge Authentication for Reuse of IPs in Reconfigurable Platforms. TENCON 2019 - 2019 IEEE Region 10 Conference (TENCON). :2040–2045.
A key challenge of the embedded era is to ensure trust in reuse of intellectual properties (IPs), which facilitates reduction of design cost and meeting of stringent marketing deadlines. Determining source of the IPs or their authenticity is a key metric to facilitate safe reuse of IPs. Though physical unclonable functions solves this problem for application specific integrated circuit (ASIC) IPs, authentication strategies for reconfigurable IPs (RIPs) or IPs of reconfigurable hardware platforms like field programmable gate arrays (FPGAs) are still in their infancy. Existing authentication techniques for RIPs that relies on verification of proof of authentication (PoA) mark embedded in the RIP by the RIP producers, leak useful clues about the PoA mark. This results in replication and implantation of the PoA mark in fake RIPs. This not only causes loss to authorized second hand RIP users, but also poses risk to the reputation of the RIP producers. We propose a zero knowledge authentication strategy for safe reusing of RIPs. The PoA of an RIP producer is kept secret and verification is carried out based on traversal times from the initial point to several intermediate points of the embedded PoA when the RIPs configure an FPGA. Such delays are user specific and cannot be replicated as these depend on intrinsic properties of the base semiconductor material of the FPGA, which is unique and never same as that of another FPGA. Experimental results validate our proposed mechanism. High strength even for low overhead ISCAS benchmarks, considered as PoA for experimentation depict the prospects of our proposed methodology.
He, Zecheng, Raghavan, Aswin, Hu, Guangyuan, Chai, Sek, Lee, Ruby.  2019.  Power-Grid Controller Anomaly Detection with Enhanced Temporal Deep Learning. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :160–167.
Controllers of security-critical cyber-physical systems, like the power grid, are a very important class of computer systems. Attacks against the control code of a power-grid system, especially zero-day attacks, can be catastrophic. Earlier detection of the anomalies can prevent further damage. However, detecting zero-day attacks is extremely challenging because they have no known code and have unknown behavior. Furthermore, if data collected from the controller is transferred to a server through networks for analysis and detection of anomalous behavior, this creates a very large attack surface and also delays detection. In order to address this problem, we propose Reconstruction Error Distribution (RED) of Hardware Performance Counters (HPCs), and a data-driven defense system based on it. Specifically, we first train a temporal deep learning model, using only normal HPC readings from legitimate processes that run daily in these power-grid systems, to model the normal behavior of the power-grid controller. Then, we run this model using real-time data from commonly available HPCs. We use the proposed RED to enhance the temporal deep learning detection of anomalous behavior, by estimating distribution deviations from the normal behavior with an effective statistical test. Experimental results on a real power-grid controller show that we can detect anomalous behavior with high accuracy (\textbackslashtextgreater99.9%), nearly zero false positives and short (\textbackslashtextless; 360ms) latency.
Thiemann, Benjamin, Feiten, Linus, Raiola, Pascal, Becker, Bernd, Sauer, Matthias.  2019.  On Integrating Lightweight Encryption in Reconfigurable Scan Networks. 2019 IEEE European Test Symposium (ETS). :1–6.

Reconfigurable Scan Networks (RSNs) are a powerful tool for testing and maintenance of embedded systems, since they allow for flexible access to on-chip instrumentation such as built-in self-test and debug modules. RSNs, however, can be also exploited by malicious users as a side-channel in order to gain information about sensitive data or intellectual property and to recover secret keys. Hence, implementing appropriate counter-measures to secure the access to and data integrity of embedded instrumentation is of high importance. In this paper we present a novel hardware and software combined approach to ensure data privacy in IEEE Std 1687 (IJTAG) RSNs. To do so, both a secure IJTAG compliant plug-and-play instrument wrapper and a versatile software toolchain are introduced. The wrapper demonstrates the necessary architectural adaptations required when using a lightweight stream cipher, whereas the software toolchain provides a seamless integration of the testing workflow with stream cipher. The applicability of the method is demonstrated by an FPGA-based implementation. We report on the performance of the developed instrument wrapper, which is empirically shown to have only a small impact on the workflow in terms of hardware overhead, operational costs and test time overhead.

Gay, Maël, Paxian, Tobias, Upadhyaya, Devanshi, Becker, Bernd, Polian, Ilia.  2019.  Hardware-Oriented Algebraic Fault Attack Framework with Multiple Fault Injection Support. 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). :25–32.

The evaluation of fault attacks on security-critical hardware implementations of cryptographic primitives is an important concern. In such regards, we have created a framework for automated construction of fault attacks on hardware realization of ciphers. The framework can be used to quickly evaluate any cipher implementations, including any optimisations. It takes the circuit description of the cipher and the fault model as input. The output of the framework is a set of algebraic equations, such as conjunctive normal form (CNF) clauses, which is then fed to a SAT solver. We consider both attacking an actual implementation of a cipher on an field-programmable gate array (FPGA) platform using a fault injector and the evaluation of an early design of the cipher using idealized fault models. We report the successful application of our hardware-oriented framework to a collection of ciphers, including the advanced encryption standard (AES), and the lightweight block ciphers LED and PRESENT. The corresponding results and a discussion of the impact to different fault models on our framework are shown. Moreover, we report significant improvements compared to similar frameworks, such as speedups or more advanced features. Our framework is the first algebraic fault attack (AFA) tool to evaluate the state-of-the art cipher LED-64, PRESENT and full-scale AES using only hardware-oriented structural cipher descriptions.

Chawla, Nikhil, Singh, Arvind, Rahman, Nael Mizanur, Kar, Monodeep, Mukhopadhyay, Saibal.  2019.  Extracting Side-Channel Leakage from Round Unrolled Implementations of Lightweight Ciphers. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :31–40.

Energy efficiency and security is a critical requirement for computing at edge nodes. Unrolled architectures for lightweight cryptographic algorithms have been shown to be energy-efficient, providing higher performance while meeting resource constraints. Hardware implementations of unrolled datapaths have also been shown to be resistant to side channel analysis (SCA) attacks due to a reduction in signal-to-noise ratio (SNR) and an increased complexity in the leakage model. This paper demonstrates optimal leakage models and an improved CFA attack which makes it feasible to extract first-order side-channel leakages from combinational logic in the initial rounds of unrolled datapaths. Several leakage models, targeting initial rounds, are explored and 1-bit hamming weight (HW) based leakage model is shown to be an optimal choice. Additionally, multi-band narrow bandpass filtering techniques in conjunction with correlation frequency analysis (CFA) is demonstrated to improve SNR by up to 4×, attributed to the removal of the misalignment effect in combinational logics and signal isolation. The improved CFA attack is performed on side channel signatures acquired for 7-round unrolled SIMON datapaths, implemented on Sakura-G (XILINX spartan 6, 45nm) based FPGA platform and a 24× reduction in minimum-traces-to-disclose (MTD) for revealing 80% of the key bits is demonstrated with respect to conventional time domain correlation power analysis (CPA). Finally, the proposed method is successfully applied to a fully-unrolled datapath for PRINCE and a parallel round-based datapath for Advanced Encryption Standard (AES) algorithm to demonstrate its general applicability.

Bauer, Sergei, Brunner, Martin, Schartner, Peter.  2019.  Lightweight Authentication for Low-End Control Units with Hardware Based Individual Keys. 2019 Third IEEE International Conference on Robotic Computing (IRC). :425–426.

In autonomous driving, security issues from robotic and automotive applications are converging toward each other. A novel approach for deriving secret keys using a lightweight cipher in the firmware of low-end control units is introduced. By evaluating the method on a typical low-end automotive platform, we demonstrate the reusability of the cipher for message authentication. The proposed solution counteracts a known security issue in the robotics and automotive domain.

Pillutla, Siva Ramakrishna, Boppana, Lakshmi.  2019.  A high-throughput fully digit-serial polynomial basis finite field \$\textbackslashtextGF(2ˆm)\$ multiplier for IoT applications. TENCON 2019 - 2019 IEEE Region 10 Conference (TENCON). :920–924.

The performance of many data security and reliability applications depends on computations in finite fields \$\textbackslashtextGF (2ˆm)\$. In finite field arithmetic, field multiplication is a complex operation and is also used in other operations such as inversion and exponentiation. By considering the application domain needs, a variety of efficient algorithms and architectures are proposed in the literature for field \$\textbackslashtextGF (2ˆm)\$ multiplier. With the rapid emergence of Internet of Things (IoT) and Wireless Sensor Networks (WSN), many resource-constrained devices such as IoT edge devices and WSN end nodes came into existence. The data bus width of these constrained devices is typically smaller. Digit-level architectures which can make use of the full data bus are suitable for these devices. In this paper, we propose a new fully digit-serial polynomial basis finite field \$\textbackslashtextGF (2ˆm)\$ multiplier where both the operands enter the architecture concurrently at digit-level. Though there are many digit-level multipliers available for polynomial basis multiplication in the literature, it is for the first time to propose a fully digit-serial polynomial basis multiplier. The proposed multiplication scheme is based on the multiplication scheme presented in the literature for a redundant basis multiplication. The proposed polynomial basis multiplication results in a high-throughput architecture. This multiplier is applicable for a class of trinomials, and this class of irreducible polynomials is highly desirable for IoT edge devices since it allows the least area and time complexities. The proposed multiplier achieves better throughput when compared with previous digit-level architectures.

2020-01-13
Kabiri, Peyman, Chavoshi, Mahdieh.  2019.  Destructive Attacks Detection and Response System for Physical Devices in Cyber-Physical Systems. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–6.
Nowadays, physical health of equipment controlled by Cyber-Physical Systems (CPS) is a significant concern. This paper reports a work, in which, a hardware is placed between Programmable Logic Controller (PLC) and the actuator as a solution. The proposed hardware operates in two conditions, i.e. passive and active. Operation of the proposed solution is based on the repetitive operational profile of the actuators. The normal operational profile of the actuator is fed to the protective hardware and is considered as the normal operating condition. In the normal operating condition, the middleware operates in its passive mode and simply monitors electronic signals passing between PLC and Actuator. In case of any malicious operation, the proposed hardware operates in its active mode and both slowly stops the actuator and sends an alert to SCADA server initiating execution of the actuator's emergency profile. Thus, the proposed hardware gains control over the actuator and prevents any physical damage on the operating devices. Two sample experiments are reported in which, results of implementing the proposed solution are reported and assessed. Results show that once the PLC sends incorrect data to actuator, the proposed hardware detects it as an anomaly. Therefore, it does not allow the PLC to send incorrect and unauthorized data pattern to its actuator. Significance of the paper is in introducing a solution to prevent destruction of physical devices apart from source or purpose of the encountered anomaly and apart from CPS functionality or PLC model and operation.
2019-12-30
Venkatesh, K, Pratibha, K, Annadurai, Suganya, Kuppusamy, Lakshmi.  2019.  Reconfigurable Architecture to Speed-up Modular Exponentiation. 2019 International Carnahan Conference on Security Technology (ICCST). :1-6.

Diffie-Hellman and RSA encryption/decryption involve computationally intensive cryptographic operations such as modular exponentiation. Computing modular exponentiation using appropriate pre-computed pairs of bases and exponents was first proposed by Boyko et al. In this paper, we present a reconfigurable architecture for pre-computation methods to compute modular exponentiation and thereby speeding up RSA and Diffie-Hellman like protocols. We choose Diffie-Hellman key pair (a, ga mod p) to illustrate the efficiency of Boyko et al's scheme in hardware architecture that stores pre-computed values ai and corresponding gai in individual block RAM. We use a Pseudo-random number generator (PRNG) to randomly choose ai values that are added and corresponding gai values are multiplied using modular multiplier to arrive at a new pair (a, ga mod p). Further, we present the advantage of using Montgomery and interleaved methods for batch multiplication to optimise time and area. We show that a 1024-bit modular exponentiation can be performed in less than 73$μ$s at a clock rate of 200MHz on a Xilinx Virtex 7 FPGA.

Bazm, Mohammad-Mahdi, Lacoste, Marc, Südholt, Mario, Menaud, Jean-Marc.  2018.  Secure Distributed Computing on Untrusted Fog Infrastructures Using Trusted Linux Containers. 2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom). :239–242.
Fog and Edge computing provide a large pool of resources at the edge of the network that may be used for distributed computing. Fog infrastructure heterogeneity also results in complex configuration of distributed applications on computing nodes. Linux containers are a mainstream technique allowing to run packaged applications and micro services. However, running applications on remote hosts owned by third parties is challenging because of untrusted operating systems and hardware maintained by third parties. To meet such challenges, we may leverage trusted execution mechanisms. In this work, we propose a model for distributed computing on Fog infrastructures using Linux containers secured by Intel's Software Guard Extensions (SGX) technology. We implement our model on a Docker and OpenSGX platform. The result is a secure and flexible approach for distributed computing on Fog infrastructures.
2019-12-18
Misono, Masanori, Yoshida, Kaito, Hwang, Juho, Shinagawa, Takahiro.  2018.  Distributed Denial of Service Attack Prevention at Source Machines. 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech). :488-495.

Distributed denial of service (DDoS) attacks is a serious cyberattack that exhausts target machine's processing capacity by sending a huge number of packets from hijacked machines. To minimize resource consumption caused by DDoS attacks, filtering attack packets at source machines is the best approach. Although many studies have explored the detection of DDoS attacks, few studies have proposed DDoS attack prevention schemes that work at source machines. We propose a reliable, lightweight, transparent, and flexible DDoS attack prevention scheme that works at source machines. In this scheme, we employ a hypervisor with a packet filtering mechanism on each managed machine to allow the administrator to easily and reliably suppress packet transmissions. To make the proposed scheme lightweight and transparent, we exploit a thin hypervisor that allows pass-through access to hardware (except for network devices) from the operating system, thereby reducing virtualization overhead and avoiding compromising user experience. To make the proposed scheme flexible, we exploit a configurable packet filtering mechanism with a guaranteed safe code execution mechanism that allows the administrator to provide a filtering policy as executable code. In this study, we implemented the proposed scheme using BitVisor and the Berkeley Packet Filter. Experimental results show that the proposed scheme can suppress arbitrary packet transmissions with negligible latency and throughput overhead compared to a bare metal system without filtering mechanisms.

2019-12-17
Huang, Bo-Yuan, Ray, Sayak, Gupta, Aarti, Fung, Jason M., Malik, Sharad.  2018.  Formal Security Verification of Concurrent Firmware in SoCs Using Instruction-Level Abstraction for Hardware*. 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC). :1-6.
Formal security verification of firmware interacting with hardware in modern Systems-on-Chip (SoCs) is a critical research problem. This faces the following challenges: (1) design complexity and heterogeneity, (2) semantics gaps between software and hardware, (3) concurrency between firmware/hardware and between Intellectual Property Blocks (IPs), and (4) expensive bit-precise reasoning. In this paper, we present a co-verification methodology to address these challenges. We model hardware using the Instruction-Level Abstraction (ILA), capturing firmware-visible behavior at the architecture level. This enables integrating hardware behavior with firmware in each IP into a single thread. The co-verification with multiple firmware across IPs is formulated as a multi-threaded program verification problem, for which we leverage software verification techniques. We also propose an optimization using abstraction to prevent expensive bit-precise reasoning. The evaluation of our methodology on an industry SoC Secure Boot design demonstrates its applicability in SoC security verification.
2019-12-09
Nozaki, Yusuke, Yoshikawa, Masaya.  2018.  Area Constraint Aware Physical Unclonable Function for Intelligence Module. 2018 3rd International Conference on Computational Intelligence and Applications (ICCIA). :205-209.

Artificial intelligence technology such as neural network (NN) is widely used in intelligence module for Internet of Things (IoT). On the other hand, the risk of illegal attacks for IoT devices is pointed out; therefore, security countermeasures such as an authentication are very important. In the field of hardware security, the physical unclonable functions (PUFs) have been attracted attention as authentication techniques to prevent the semiconductor counterfeits. However, implementation of the dedicated hardware for both of NN and PUF increases circuit area. Therefore, this study proposes a new area constraint aware PUF for intelligence module. The proposed PUF utilizes the propagation delay time from input layer to output layer of NN. To share component for operation, the proposed PUF reduces the circuit area. Experiments using a field programmable gate array evaluate circuit area and PUF performance. In the result of circuit area, the proposed PUF was smaller than the conventional PUFs was showed. Then, in the PUF performance evaluation, for steadiness, diffuseness, and uniqueness, favorable results were obtained.

2019-11-26
Chollet, Stéphanie, Pion, Laurent, Barbot, Nicolas, Michel, Clément.  2018.  Secure IoT for a Pervasive Platform. 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). :113-118.

Nowadays, the proliferation of smart, communication-enable devices is opening up many new opportunities of pervasive applications. A major requirement of pervasive applications is to be secured. The complexity to secure pervasive systems is to address a end-to-end security level: from the device to the services according to the entire life cycle of devices, applications and platform. In this article, we propose a solution combining both hardware and software elements to secure communications between devices and pervasive platform based on certificates issued from a Public Key Infrastructure. Our solution is implemented and validated with a real device extended by a secure element and our own Public Key Infrastructure.

2019-11-25
Jalilian, Maisam, Ahmadi, Arash, Ahmadi, Majid.  2018.  Hardware Implementation of A Chaotic Pseudo Random Number Generator Based on 3D Chaotic System without Equilibrium. 2018 25th IEEE International Conference on Electronics, Circuits and Systems (ICECS). :741–744.
Deterministic chaotic systems have been studied and developed in various fields of research. Dynamical systems with chaotic dynamics have different applications in communication, security and computation. Chaotic behaviors can be created by even simple nonlinear systems which can be implemented on low-cost hardware platforms. This paper presents a high-speed and low-cost hardware of three-dimensional chaotic flows without equilibrium. The proposed chaotic hardware is able to reproduce the main mechanism and dynamical behavior of the 3D chaotic flows observed in simulation, then a Chaotic Pseudo Random Number Generator is designed based on a 3D chaotic system. The proposed hardware is implemented with low computational overhead on an FPGA board, as a proof of concept. This low-cost chaotic hardware can be utilized in embedded and lightweight systems for a variety of chaotic based digital systems such as digital communication systems, and cryptography systems based on chaos theory for Security and IoT applications.
2019-11-04
Daoud, Luka, Rafla, Nader.  2018.  Routing Aware and Runtime Detection for Infected Network-on-Chip Routers. 2018 IEEE 61st International Midwest Symposium on Circuits and Systems (MWSCAS). :775-778.

Network-on-Chip (NoC) architecture is the communication heart of the processing cores in Multiprocessors System-on-Chip (MPSoC), where messages are routed from a source to a destination through intermediate nodes. Therefore, NoC has become a target to security attacks. By experiencing outsourcing design, NoC can be infected with a malicious Hardware Trojans (HTs) which potentially degrade the system performance or leave a backdoor for secret key leaking. In this paper, we propose a HT model that applies a denial of service attack by misrouting the packets, which causes deadlock and consequently degrading the NoC performance. We present a secure routing algorithm that provides a runtime HT detection and avoiding scheme. Results show that our proposed model has negligible overhead in area and power, 0.4% and 0.6%, respectively.

Harrison, William L., Allwein, Gerard.  2018.  Semantics-Directed Prototyping of Hardware Runtime Monitors. 2018 International Symposium on Rapid System Prototyping (RSP). :42-48.

Building memory protection mechanisms into embedded hardware is attractive because it has the potential to neutralize a host of software-based attacks with relatively small performance overhead. A hardware monitor, being at the lowest level of the system stack, is more difficult to bypass than a software monitor and hardware-based protections are also potentially more fine-grained than is possible in software: an individual instruction executing on a processor may entail multiple memory accesses, all of which may be tracked in hardware. Finally, hardware-based protection can be performed without the necessity of altering application binaries. This article presents a proof-of-concept codesign of a small embedded processor with a hardware monitor protecting against ROP-style code reuse attacks. While the case study is small, it indicates, we argue, an approach to rapid-prototyping runtime monitors in hardware that is quick, flexible, and extensible as well as being amenable to formal verification.

2019-10-30
Dean, Andrew, Agyeman, Michael Opoku.  2018.  A Study of the Advances in IoT Security. Proceedings of the 2Nd International Symposium on Computer Science and Intelligent Control. :15:1-15:5.

The Internet-of-things (IoT) holds a lot of benefits to our lives by removing menial tasks and improving efficiency of everyday objects. You are trusting your personal data and device control to the manufactures and you may not be aware of how much risk your putting your privacy at by sending your data over the internet. The internet-of-things may not be as secure as you think when the devices used are constrained by a lot of variables which attackers can exploit to gain access to your data / device and anything they connected to and as the internet-of-things is all about connecting devices together one weak point can be all it takes to gain full access. In this paper we have a look at the current advances in IoT security and the most efficient methods to protect IoT devices.

2019-10-22
Hagan, Matthew, Siddiqui, Fahad, Sezer, Sakir.  2018.  Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures. 2018 31st IEEE International System-on-Chip Conference (SOCC). :84–89.
Complex embedded systems often contain hard to find vulnerabilities which, when exploited, have potential to cause severe damage to the operating environment and the user. Given that threats and vulnerabilities can exist within any layer of the complex eco-system, OEMs face a major challenge to ensure security throughout the device life-cycle To lower the potential risk and damage that vulnerabilities may cause, OEMs typically perform application threat analysis and security modelling. This process typically provides a high level guideline to solving security problems which can then be implemented during design and development. However, this concept presents issues where new threats or unknown vulnerability has been discovered. To address this issue, we propose a policy-based security modelling approach, which utilises a configurable policy engine to apply new policies that counter serious threats. By utilising this approach, the traditional security modelling approaches can be enhanced and the consequences of a new threat greatly reduced. We present a realistic use case of connected car, applying several attack scenarios. By utilising STRIDE threat modelling and DREAD risk assessment model, adequate policies are derived to protect the car assets. This approach poses advantages over the standard approach, allowing a policy update to counter a new threat, which may have otherwise required a product redesign to alleviate the issue under the traditional approach.
2019-10-14
Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T. et al..  2019.  Spectre Attacks: Exploiting Speculative Execution. 2019 IEEE Symposium on Security and Privacy (SP). :1–19.
Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try to guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access the victim's memory and registers, and can perform operations with measurable side effects. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim's process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating system process separation, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing and side-channel attacks. These attacks represent a serious threat to actual systems since vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices. While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak.
Li, W., Ma, Y., Yang, Q., Li, M..  2018.  Hardware-Based Adversary-Controlled States Tracking. 2018 IEEE 4th International Conference on Computer and Communications (ICCC). :1366–1370.

Return Oriented Programming is one of the most important software security challenges nowadays. It exploits memory vulnerabilities to control the state of the program and hijacks its control flow. Existing defenses usually focus on how to protect the control flow or face the challenge of how to maintain the taint markings for memory data. In this paper, we directly focus on the adversary-controlled states, simplify the classic dynamic taint analysis method to only track registers and propose Hardware-based Adversary-controlled States Tracking (HAST). HAST dynamically tracks registers that may be controlled by the adversary to detect ROP attack. It is transparent to user application and makes few modifications to existing hardware. Our evaluation demonstrates that HAST will introduce almost no performance overhead and can effectively detect ROP attacks without false positives on the tested common Linux applications.

Tymburibá, M., Sousa, H., Pereira, F..  2019.  Multilayer ROP Protection Via Microarchitectural Units Available in Commodity Hardware. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :315–327.

This paper presents a multilayer protection approach to guard programs against Return-Oriented Programming (ROP) attacks. Upper layers validate most of a program's control flow at a low computational cost; thus, not compromising runtime. Lower layers provide strong enforcement guarantees to handle more suspicious flows; thus, enhancing security. Our multilayer system combines techniques already described in the literature with verifications that we introduce in this paper. We argue that modern versions of x86 processors already provide the microarchitectural units necessary to implement our technique. We demonstrate the effectiveness of our multilayer protection on a extensive suite of benchmarks, which includes: SPEC CPU2006; the three most popular web browsers; 209 benchmarks distributed with LLVM and four well-known systems shown to be vulnerable to ROP exploits. Our experiments indicate that we can protect programs with almost no overhead in practice, allying the good performance of lightweight security techniques with the high dependability of heavyweight approaches.

Koo, H., Chen, Y., Lu, L., Kemerlis, V. P., Polychronakis, M..  2018.  Compiler-Assisted Code Randomization. 2018 IEEE Symposium on Security and Privacy (SP). :461–477.

Despite decades of research on software diversification, only address space layout randomization has seen widespread adoption. Code randomization, an effective defense against return-oriented programming exploits, has remained an academic exercise mainly due to i) the lack of a transparent and streamlined deployment model that does not disrupt existing software distribution norms, and ii) the inherent incompatibility of program variants with error reporting, whitelisting, patching, and other operations that rely on code uniformity. In this work we present compiler-assisted code randomization (CCR), a hybrid approach that relies on compiler-rewriter cooperation to enable fast and robust fine-grained code randomization on end-user systems, while maintaining compatibility with existing software distribution models. The main concept behind CCR is to augment binaries with a minimal set of transformation-assisting metadata, which i) facilitate rapid fine-grained code transformation at installation or load time, and ii) form the basis for reversing any applied code transformation when needed, to maintain compatibility with existing mechanisms that rely on referencing the original code. We have implemented a prototype of this approach by extending the LLVM compiler toolchain, and developing a simple binary rewriter that leverages the embedded metadata to generate randomized variants using basic block reordering. The results of our experimental evaluation demonstrate the feasibility and practicality of CCR, as on average it incurs a modest file size increase of 11.46% and a negligible runtime overhead of 0.28%, while it is compatible with link-time optimization and control flow integrity.

2019-10-08
Tripathi, S. K., Pandian, K. K. S., Gupta, B..  2018.  Hardware Implementation of Dynamic Key Value Based Stream Cipher Using Chaotic Logistic Map. 2018 2nd International Conference on Trends in Electronics and Informatics (ICOEI). :1104–1108.

In the last few decades, the relative simplicity of the logistic map made it a widely accepted point in the consideration of chaos, which is having the good properties of unpredictability, sensitiveness in the key values and ergodicity. Further, the system parameters fit the requirements of a cipher widely used in the field of cryptography, asymmetric and symmetric key chaos based cryptography, and for pseudorandom sequence generation. Also, the hardware-based embedded system is configured on FPGA devices for high performance. In this paper, a novel stream cipher using chaotic logistic map is proposed. The two chaotic logistic maps are coded using Verilog HDL and implemented on commercially available FPGA hardware using Xilinx device: XC3S250E for the part: FT256 and operated at frequency of 62.20 MHz to generate the non-recursive key which is used in key scheduling of pseudorandom number generation (PRNG) to produce the key stream. The realization of proposed cryptosystem in this FPGA device accomplishes the improved efficiency equal to 0.1186 Mbps/slice. Further, the generated binary sequence from the experiment is analyzed for X-power, thermal analysis, and randomness tests are performed using NIST statistical.

2019-09-11
Duncan, A., Jiang, L., Swany, M..  2018.  Repurposing SoC Analog Circuitry for Additional COTS Hardware Security. 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :201–204.

This paper introduces a new methodology to generate additional hardware security in commercial off-the-shelf (COTS) system-on-a-chip (SoC) integrated circuits (ICs) that have already been fabricated and packaged. On-chip analog hardware blocks such as analog to digital converters (ADCs), digital to analog converters (DACs) and comparators residing within an SoC are repurposed and connected to one another to generate unique physically unclonable function (PUF) responses. The PUF responses are digitized and processed on-chip to create keys for use in encryption and device authentication activities. Key generation and processing algorithms are presented that minimize the effects of voltage and temperature fluctuations to maximize the repeatability of a key within a device. Experimental results utilizing multiple on-chip analog blocks inside a common COTS microcontroller show reliable key generation with minimal overhead.