Visible to the public Biblio

Filters: Keyword is reverse engineering  [Clear All Filters]
2021-09-21
Yan, Fan, Liu, Jia, Gu, Liang, Chen, Zelong.  2020.  A Semi-Supervised Learning Scheme to Detect Unknown DGA Domain Names Based on Graph Analysis. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1578–1583.
A large amount of malware families use the domain generation algorithms (DGA) to randomly generate a large amount of domain names. It is a good way to bypass conventional blacklists of domain names, because we cannot predict which of the randomly generated domain names are selected for command and control (C&C) communications. An effective approach for detecting known DGA families is to investigate the malware with reverse engineering to find the adopted generation algorithms. As reverse engineering cannot handle the variants of DGA families, some researches leverage supervised learning to find new variants. However, the explainability of supervised learning is low and cannot find previously unseen DGA families. In this paper, we propose a graph-based semi-supervised learning scheme to track the evolution of known DGA families and find previously unseen DGA families. With a domain relation graph, we can clearly figure out how new variants relate to known DGA domain names, which induces better explainability. We deployed the proposed scheme on real network scenarios and show that the proposed scheme can not only comprehensively and precisely find known DGA families, but also can find new DGA families which have not seen before.
2021-09-07
Young, Clinton, Svoboda, Jordan, Zambreno, Joseph.  2020.  Towards Reverse Engineering Controller Area Network Messages Using Machine Learning. 2020 IEEE 6th World Forum on Internet of Things (WF-IoT). :1–6.
The automotive Controller Area Network (CAN) allows Electronic Control Units (ECUs) to communicate with each other and control various vehicular functions such as engine and braking control. Consequently CAN and ECUs are high priority targets for hackers. As CAN implementation details are held as proprietary information by vehicle manufacturers, it can be challenging to decode and correlate CAN messages to specific vehicle operations. To understand the precise meanings of CAN messages, reverse engineering techniques that are time-consuming, manually intensive, and require a physical vehicle are typically used. This work aims to address the process of reverse engineering CAN messages for their functionality by creating a machine learning classifier that analyzes messages and determines their relationship to other messages and vehicular functions. Our work examines CAN traffic of different vehicles and standards to show that it can be applied to a wide arrangement of vehicles. The results show that the function of CAN messages can be determined without the need to manually reverse engineer a physical vehicle.
2021-08-11
Karmakar, Rajit, Chattopadhyay, Santanu.  2020.  Hardware IP Protection Using Logic Encryption and Watermarking. 2020 IEEE International Test Conference (ITC). :1—10.
Logic encryption is a popular Design-for-Security(DfS) solution that offers protection against the potential adversaries in the third-party fab labs and end-users. However, over the years, logic encryption has been a target of several attacks, especially Boolean satisfiability attacks. This paper exploits SAT attack's inability of deobfuscating sequential circuits as a defense against it. We propose several strategies capable of preventing the SAT attack by obfuscating the scan-based Design-for-Testability (DfT) infrastructure. Unlike the existing SAT-resilient schemes, the proposed techniques do not suffer from poor output corruption for wrong keys. This paper also offers various probable solutions for inserting the key-gates into the circuit that ensures protection against numerous other attacks, which exploit weak key-gate locations. Along with several gate-level obfuscation strategies, this paper also presents a Cellular Automata (CA) guided FSM obfuscation strategy to offer protection at a higher abstraction level, that is, RTL-level. For all the proposed schemes, rigorous security analysis against various attacks evaluates their strengths and limitations. Testability analysis also ensures that none of the proposed techniques hamper the basic testing properties of the ICs. We also present a CA-based FSM watermarking strategy that helps to detect potential theft of the designer's IP by any adversary.
2021-08-03
Kuai, Jun, He, Jiaji, Ma, Haocheng, Zhao, Yiqiang, Hou, Yumin, Jin, Yier.  2020.  WaLo: Security Primitive Generator for RT-Level Logic Locking and Watermarking. 2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). :01—06.
Various hardware security solutions have been developed recently to help counter hardware level attacks such as hardware Trojan, integrated circuit (IC) counterfeiting and intellectual property (IP) clone/piracy. However, existing solutions often provide specific types of protections. While these solutions achieve great success in preventing even advanced hardware attacks, the compatibility of among these hardware security methods are rarely discussed. The inconsistency hampers with the development of a comprehensive solution for hardware IC and IP from various attacks. In this paper, we develop a security primitive generator to help solve the compatibility issue among different protection techniques. Specifically, we focus on two modern IC/IP protection methods, logic locking and watermarking. A combined locking and watermarking technique is developed based on enhanced finite state machines (FSMs). The security primitive generator will take user-specified constraints and automatically generate an FSM module to perform both logic locking and watermarking. The generated FSM can be integrated into any designs for protection. Our experimental results show that the generator can facilitate circuit protection and provide the flexibility for users to achieve a better tradeoff between security levels and design overheads.
2021-05-05
Poudyal, Subash, Dasgupta, Dipankar.  2020.  AI-Powered Ransomware Detection Framework. 2020 IEEE Symposium Series on Computational Intelligence (SSCI). :1154—1161.

Ransomware attacks are taking advantage of the ongoing pandemics and attacking the vulnerable systems in business, health sector, education, insurance, bank, and government sectors. Various approaches have been proposed to combat ransomware, but the dynamic nature of malware writers often bypasses the security checkpoints. There are commercial tools available in the market for ransomware analysis and detection, but their performance is questionable. This paper aims at proposing an AI-based ransomware detection framework and designing a detection tool (AIRaD) using a combination of both static and dynamic malware analysis techniques. Dynamic binary instrumentation is done using PIN tool, function call trace is analyzed leveraging Cuckoo sandbox and Ghidra. Features extracted at DLL, function call, and assembly level are processed with NLP, association rule mining techniques and fed to different machine learning classifiers. Support vector machine and Adaboost with J48 algorithms achieved the highest accuracy of 99.54% with 0.005 false-positive rates for a multi-level combined term frequency approach.

2021-05-03
Adithyan, A., Nagendran, K., Chethana, R., Pandy D., Gokul, Prashanth K., Gowri.  2020.  Reverse Engineering and Backdooring Router Firmwares. 2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS). :189–193.
Recently, there has been a dramatic increase in cyber attacks around the globe. Hundreds of 0day vulnerabilities on different platforms are discovered by security researchers worldwide. The attack vectors are becoming more and more difficult to be discovered by any anti threat detection engine. Inorder to bypass these smart detection mechanisms, attackers now started carrying out attacks at extremely low level where no threat inspection units are present. This makes the attack more stealthy with increased success rate and almost zero detection rate. A best case example for this scenario would be attacks like Meltdown and Spectre that targeted the modern processors to steal information by exploiting out-of-order execution feature in modern processors. These types of attacks are incredibly hard to detect and patch. Even if a patch is released, a wide range of normal audience are unaware of this both the vulnerability and the patch. This paper describes one such low level attacks that involves the process of reverse engineering firmwares and manually backdooring them with several linux utilities. Also, compromising a real world WiFi router with the manually backdoored firmware and attaining reverse shell from the router is discussed. The WiFi routers are almost everywhere especially in public places. Firmwares are responsible for controlling the routers. If the attacker manipulates the firmware and gains control over the firmware installed in the router, then the attacker can get a hold of the network and perform various MITM attacks inside the network with the help of the router.
2021-03-09
Akram, B., Ogi, D..  2020.  The Making of Indicator of Compromise using Malware Reverse Engineering Techniques. 2020 International Conference on ICT for Smart Society (ICISS). CFP2013V-ART:1—6.

Malware threats often go undetected immediately, because attackers can camouflage well within the system. The users realize this after the devices stop working and cause harm for them. One way to deceive malicious content detection, malware authors use packers. Malware analysis is an activity to gain knowledge about malware. Reverse engineering is a technique used to identify and deal with new viruses or to understand malware behavior. Therefore, this technique can be the right choice for conducting malware analysis, especially for malware with packers. The results of the analysis are used as a source for making creating indicator of compromise in the YARA rule format. YARA rule is used as a component for detecting malware using the indicators obtained in the analysis process.

Ho, W.-G., Ng, C.-S., Kyaw, N. A., Lwin, N. Kyaw Zwa, Chong, K.-S., Gwee, B.-H..  2020.  High Efficiency Early-Complete Brute Force Elimination Method for Security Analysis of Camouflage IC. 2020 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS). :161—164.

We propose a high efficiency Early-Complete Brute Force Elimination method that speeds up the analysis flow of the Camouflage Integrated Circuit (IC). The proposed method is targeted for security qualification of the Camouflaged IC netlists in Intellectual Property (IP) protection. There are two main features in the proposed method. First, the proposed method features immediate elimination of the incorrect Camouflage gates combination for the rest of computation, concentrating the resources into other potential correct Camouflage gates combination. Second, the proposed method features early complete, i.e. revealing the correct Camouflage gates once all incorrect gates combination are eliminated, increasing the computation speed for the overall security analysis. Based on the Python programming platform, we implement the algorithm of the proposed method and test it for three circuits including ISCAS’89 benchmarks. From the simulation results, our proposed method, on average, features 71% lesser number of trials and 79% shorter run time as compared to the conventional method in revealing the correct Camouflage gates from the Camouflaged IC netlist.

2021-03-04
Amadori, A., Michiels, W., Roelse, P..  2020.  Automating the BGE Attack on White-Box Implementations of AES with External Encodings. 2020 IEEE 10th International Conference on Consumer Electronics (ICCE-Berlin). :1—6.

Cloud-based payments, virtual car keys, and digital rights management are examples of consumer electronics applications that use secure software. White-box implementations of the Advanced Encryption Standard (AES) are important building blocks of secure software systems, and the attack of Billet, Gilbert, and Ech-Chatbi (BGE) is a well-known attack on such implementations. A drawback from the adversary’s or security tester’s perspective is that manual reverse engineering of the implementation is required before the BGE attack can be applied. This paper presents a method to automate the BGE attack on a class of white-box AES implementations with a specific type of external encoding. The new method was implemented and applied successfully to a CHES 2016 capture the flag challenge.

2021-02-22
Haile, J., Havens, S..  2020.  Identifying Ubiquitious Third-Party Libraries in Compiled Executables Using Annotated and Translated Disassembled Code with Supervised Machine Learning. 2020 IEEE Security and Privacy Workshops (SPW). :157–162.
The size and complexity of the software ecosystem is a major challenge for vendors, asset owners and cybersecurity professionals who need to understand the security posture of these systems. Annotated and Translated Disassembled Code is a graph based datastore designed to organize firmware and software analysis data across builds, packages and systems, providing a highly scalable platform enabling automated binary software analysis tasks including corpora construction and storage for machine learning. This paper describes an approach for the identification of ubiquitous third-party libraries in firmware and software using Annotated and Translated Disassembled Code and supervised machine learning. Annotated and Translated Disassembled Code provide matched libraries, function names and addresses of previously unidentified code in software as it is being automatically analyzed. This data can be ingested by other software analysis tools to improve accuracy and save time. Defenders can add the identified libraries to their vulnerability searches and add effective detection and mitigation into their operating environment.
2020-12-28
Zhang, Y., Weng, J., Ling, Z., Pearson, B., Fu, X..  2020.  BLESS: A BLE Application Security Scanning Framework. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :636—645.
Bluetooth Low Energy (BLE) is a widely adopted wireless communication technology in the Internet of Things (IoT). BLE offers secure communication through a set of pairing strategies. However, these pairing strategies are obsolete in the context of IoT. The security of BLE based devices relies on physical security, but a BLE enabled IoT device may be deployed in a public environment without physical security. Attackers who can physically access a BLE-based device will be able to pair with it and may control it thereafter. Therefore, manufacturers may implement extra authentication mechanisms at the application layer to address this issue. In this paper, we design and implement a BLE Security Scan (BLESS) framework to identify those BLE apps that do not implement encryption or authentication at the application layer. Taint analysis is used to track if BLE apps use nonces and cryptographic keys, which are critical to cryptographic protocols. We scan 1073 BLE apps and find that 93% of them are not secure. To mitigate this problem, we propose and implement an application-level defense with a low-cost \$0.55 crypto co-processor using public key cryptography.
2020-11-16
Su, H., Halak, B., Zwolinski, M..  2019.  Two-Stage Architectures for Resilient Lightweight PUFs. 2019 IEEE 4th International Verification and Security Workshop (IVSW). :19–24.
The following topics are dealt with: Internet of Things; invasive software; security of data; program testing; reverse engineering; product codes; binary codes; decoding; maximum likelihood decoding; field programmable gate arrays.
2020-11-09
Karmakar, R., Jana, S. S., Chattopadhyay, S..  2019.  A Cellular Automata Guided Obfuscation Strategy For Finite-State-Machine Synthesis. 2019 56th ACM/IEEE Design Automation Conference (DAC). :1–6.
A popular countermeasure against IP piracy relies on obfuscating the Finite State Machine (FSM), which is assumed to be the heart of a digital system. In this paper, we propose to use a special class of non-group additive cellular automata (CA) called D1 * CA, and it's counterpart D1 * CAdual to obfuscate each state-transition of an FSM. The synthesized FSM exhibits correct state-transitions only for a correct key, which is a designer's secret. The proposed easily testable key-controlled FSM synthesis scheme can thwart reverse engineering attacks, thus offers IP protection.
Rao, V. V., Savidis, I..  2019.  Mesh Based Obfuscation of Analog Circuit Properties. 2019 IEEE International Symposium on Circuits and Systems (ISCAS). :1–5.
In this paper, a technique to design analog circuits with enhanced security is described. The proposed key based obfuscation technique uses a mesh topology to obfuscate the physical dimensions and the threshold voltage of the transistor. To mitigate the additional overhead of implementing the obfuscated circuitry, a satisfiability modulo theory (SMT) based algorithm is proposed to auto-determine the sizes of the transistors selected for obfuscation such that only a limited set of key values produce the correct circuit functionality. The proposed algorithm and the obfuscation methodology is implemented on an LC tank voltage-controlled oscillator (VCO). The operating frequency of the VCO is masked with a 24-bit encryption key applied to a 2×6 mesh structure that obfuscates the dimensions of each varactor transistor. The probability of determining the correct key is 5.96×10-8 through brute force attack. The dimensions of the obfuscated transistors determined by the analog satisfiability (aSAT) algorithm result in at least a 15%, 3%, and 13% deviation in, respectively, the effective transistor dimensions, target frequency, and voltage amplitude when an incorrect key is applied to the VCO. In addition, only one key produces the desired frequency and properly sets the overall performance specifications of the VCO. The simulated results indicate that the proposed design methodology, which quickly and accurately determines the transistor sizes for obfuscation, produces the target specifications and provides protection for analog circuits against IP piracy and reverse engineering.
Islam, S. A., Sah, L. K., Katkoori, S..  2019.  DLockout: A Design Lockout Technique for Key Obfuscated RTL IP Designs. 2019 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS). :17–20.
Intellectual Property (IP) infringement including piracy and overproduction have emerged as significant threats in the semiconductor supply chain. Key-based obfuscation techniques (i.e., logic locking) are widely applied to secure legacy IP from such attacks. However, the fundamental question remains open whether an attacker is allowed an exponential amount of time to seek correct key or could it be useful to lock out the design in a non-destructive manner after several incorrect attempts. In this paper, we address this question with a robust design lockout technique. Specifically, we perform comparisons on obfuscation logic output that reflects the condition (correct or incorrect) of the applied key without changing the system behavior. The proposed approach, when combined with key obfuscation (logic locking) technique, increases the difficulty of reverse engineering key obfuscated RTL module. We provide security evaluation of DLockout against three common side-channel attacks followed by a quantitative assessment of the resilience. We conducted a set of experiments on four datapath intensive IPs and one crypto core for three different key lengths (32-, 64-, and 128-bit) under the typical design corner. On average, DLockout incurs negligible area, power, and delay overheads.
Mobaraki, S., Amirkhani, A., Atani, R. E..  2018.  A Novel PUF based Logic Encryption Technique to Prevent SAT Attacks and Trojan Insertion. 2018 9th International Symposium on Telecommunications (IST). :507–513.
The manufacturing of integrated circuits (IC) outside of the design houses makes it possible for the adversary to easily perform a reverse engineering attack against intellectual property (IP)/IC. The aim of this attack can be the IP piracy, overproduction, counterfeiting or inserting hardware Trojan (HT) throughout the supply chain of the IC. Preventing hardware Trojan insertion is a significant issue in the context of hardware security (HS) and has not been considered in most of the previous logic encryption methods. To eliminate this problem, in this paper an Anti-Trojan insertion algorithm is presented. The idea is based on the fact that reducing the signals with low-observability (LO) and low-controllability (LC) can prevent HT insertion significantly. The security of logic encryption methods depends on the algorithm and the encryption key. However, the security of these methods has been compromised by SAT attacks over recent years. SAT attacks, can decode the correct key from most logic encryption techniques. In this article, by using the PUF-based encryption, the applied key in the encryption is randomized and SAT attack cannot be performed. Based on the output of PUF, a unique encryption has been made for each chip that preventing from counterfeiting and IP piracy.
Patooghy, A., Aerabi, E., Rezaei, H., Mark, M., Fazeli, M., Kinsy, M. A..  2018.  Mystic: Mystifying IP Cores Using an Always-ON FSM Obfuscation Method. 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :626–631.
The separation of manufacturing and design processes in the integrated circuit industry to tackle the ever increasing circuit complexity and time to market issues has brought with it some major security challenges. Chief among them is IP piracy by untrusted parties. Hardware obfuscation which locks the functionality and modifies the structure of an IP core to protect it from malicious modifications or piracy has been proposed as a solution. In this paper, we develop an efficient hardware obfuscation method, called Mystic (Mystifying IP Cores), to protect IP cores from reverse engineering, IP overproduction, and IP piracy. The key idea behind Mystic is to add additional state transitions to the original/functional FSM (Finite State Machine) that are taken only when incorrect keys are applied to the circuit. Using the proposed Mystic obfuscation approach, the underlying functionality of the IP core is locked and normal FSM transitions are only available to authorized chip users. The synthesis results of ITC99 circuit benchmarks for ASIC 45nm technology reveal that the Mystic protection method imposes on average 5.14% area overhead, 5.21% delay overhead, and 8.06% power consumption overheads while it exponentially lowers the probability that an unauthorized user will gain access to or derive the chip functionality.
2020-11-02
Shayan, Mohammed, Bhattacharjee, Sukanta, Song, Yong-Ak, Chakrabarty, Krishnendu, Karri, Ramesh.  2019.  Deceive the Attacker: Thwarting IP Theft in Sieve-Valve-based Biochips. 2019 Design, Automation Test in Europe Conference Exhibition (DATE). :210—215.

Researchers develop bioassays following rigorous experimentation in the lab that involves considerable fiscal and highly-skilled-person-hour investment. Previous work shows that a bioassay implementation can be reverse engineered by using images or video and control signals of the biochip. Hence, techniques must be devised to protect the intellectual property (IP) rights of the bioassay developer. This study is the first step in this direction and it makes the following contributions: (1) it introduces use of a sieve-valve as a security primitive to obfuscate bioassay implementations; (2) it shows how sieve-valves can be used to obscure biochip building blocks such as multiplexers and mixers; (3) it presents design rules and security metrics to design and measure obfuscated biochips. We assess the cost-security trade-offs associated with this solution and demonstrate practical sieve-valve based obfuscation on real-life biochips.

Wang, Jiawei, Zhang, Yuejun, Wang, Pengjun, Luan, Zhicun, Xue, Xiaoyong, Zeng, Xiaoyang, Yu, Qiaoyan.  2019.  An Orthogonal Algorithm for Key Management in Hardware Obfuscation. 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). :1—4.

The globalization of supply chain makes semiconductor chips susceptible to various security threats. Design obfuscation techniques have been widely investigated to thwart intellectual property (IP) piracy attacks. Key distribution among IP providers, system integration team, and end users remains as a challenging problem. This work proposes an orthogonal obfuscation method, which utilizes an orthogonal matrix to authenticate obfuscation keys, rather than directly examining each activation key. The proposed method hides the keys by using an orthogonal obfuscation algorithm to increasing the key retrieval time, such that the primary keys for IP cores will not be leaked. The simulation results show that the proposed method reduces the key retrieval time by 36.3% over the baseline. The proposed obfuscation methods have been successfully applied to ISCAS'89 benchmark circuits. Experimental results indicate that the orthogonal obfuscation only increases the area by 3.4% and consumes 4.7% more power than the baseline1.

2020-10-26
Black, Paul, Gondal, Iqbal, Vamplew, Peter, Lakhotia, Arun.  2019.  Evolved Similarity Techniques in Malware Analysis. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :404–410.

Malware authors are known to reuse existing code, this development process results in software evolution and a sequence of versions of a malware family containing functions that show a divergence from the initial version. This paper proposes the term evolved similarity to account for this gradual divergence of similarity across the version history of a malware family. While existing techniques are able to match functions in different versions of malware, these techniques work best when the version changes are relatively small. This paper introduces the concept of evolved similarity and presents automated Evolved Similarity Techniques (EST). EST differs from existing malware function similarity techniques by focusing on the identification of significantly modified functions in adjacent malware versions and may also be used to identify function similarity in malware samples that differ by several versions. The challenge in identifying evolved malware function pairs lies in identifying features that are relatively invariant across evolved code. The research in this paper makes use of the function call graph to establish these features and then demonstrates the use of these techniques using Zeus malware.

Sun, Pengfei, Garcia, Luis, Zonouz, Saman.  2019.  Tell Me More Than Just Assembly! Reversing Cyber-Physical Execution Semantics of Embedded IoT Controller Software Binaries. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :349–361.
The safety of critical cyber-physical IoT devices hinges on the security of their embedded software that implements control algorithms for monitoring and control of the associated physical processes, e.g., robotics and drones. Reverse engineering of the corresponding embedded controller software binaries enables their security analysis by extracting high-level, domain-specific, and cyber-physical execution semantic information from executables. We present MISMO, a domain-specific reverse engineering framework for embedded binary code in emerging cyber-physical IoT control application domains. The reverse engineering outcomes can be used for firmware vulnerability assessment, memory forensics analysis, targeted memory data attacks, or binary patching for dynamic selective memory protection (e.g., important control algorithm parameters). MISMO performs semantic-matching at an algorithmic level that can help with the understanding of any possible cyber-physical security flaws. MISMO compares low-level binary symbolic values and high-level algorithmic expressions to extract domain-specific semantic information for the binary's code and data. MISMO enables a finer-grained understanding of the controller by identifying the specific control and state estimation algorithms used. We evaluated MISMO on 2,263 popular firmware binaries by 30 commercial vendors from 6 application domains including drones, self-driving cars, smart homes, robotics, 3D printers, and the Linux kernel controllers. The results show that MISMO can accurately extract the algorithm-level semantics of the embedded binary code and data regions. We discovered a zero-day vulnerability in the Linux kernel controllers versions 3.13 and above.
2020-08-28
Sguigna, Alan.  2019.  Mitigating JTAG as an Attack Surface. 2019 IEEE AUTOTESTCON. :1—7.

The Joint Test Action Group (JTAG) standards define test and debug architectures that are ingrained within much of today's commercial silicon. In particular, the IEEE Std. 1149.1 (Standard Test Access Port and Boundary Scan Architecture) forms the foundation of on-chip embedded instrumentation that is used extensively for everything from prototype board bring-up to firmware triage to field and depot system repair. More recently, JTAG is being used in-system as a hardware/firmware mechanism for Built-In Test (BIT), addressing No Fault Found (NFF) and materiel availability issues. Its power and efficacy are a direct outcome of being a ubiquitously available, embedded on-die instrument that is inherent in most electronic devices. While JTAG is indispensable for all aspects of test and debug, it suffers from a lack of inherent security. Unprotected, it can represent a security weakness, exposing a back-door vulnerability through which hackers can reverse engineer, extract sensitive data from, or disrupt systems. More explicitly, JTAG can be used to: - Read and write from system memory - Pause execution of firmware (by setting breakpoints) - Patch instructions or data in memory - Inject instructions directly into the pipeline of a target chip (without modifying memory) - Extract firmware (for reverse engineering/vulnerability research) - Execute private instructions to activate other engines within the chip As a low-level means of access to a powerful set of capabilities, the JTAG interface must be safeguarded against unauthorized intrusions and attacks. One method used to protect platforms against such attacks is to physically fuse off the JTAG Test Access Ports, either at the integrated circuit or the board level. But, given JTAG's utility, alternative approaches that allow for both security and debug have become available, especially if there is a hardware root of trust on the platform. These options include chip lock and key registers, challenge-response mechanisms, secure key systems, TDI/TDO encryption, and other authentication/authorization techniques. This paper reviews the options for safe access to JTAG-based debug and test embedded instrumentation.

2020-08-10
Kim, Byoungchul, Jung, Jaemin, Han, Sangchul, Jeon, Soyeon, Cho, Seong-je, Choi, Jongmoo.  2019.  A New Technique for Detecting Android App Clones Using Implicit Intent and Method Information. 2019 Eleventh International Conference on Ubiquitous and Future Networks (ICUFN). :478–483.
Detecting repackaged apps is one of the important issues in the Android ecosystem. Many attackers usually reverse engineer a legitimate app, modify or embed malicious codes into the app, repackage and distribute it in the online markets. They also employ code obfuscation techniques to hide app cloning or repackaging. In this paper, we propose a new technique for detecting repackaged Android apps, which is robust to code obfuscation. The technique analyzes the similarity of Android apps based on the method call information of component classes that receive implicit intents. We developed a tool Calldroid that implemented the proposed technique, and evaluated it on apps transformed using well-known obfuscators. The evaluation results showed that the proposed technique can effectively detect repackaged apps.
2020-07-30
Patnaik, Satwik, Ashraf, Mohammed, Sinanoglu, Ozgur, Knechtel, Johann.  2018.  Best of Both Worlds: Integration of Split Manufacturing and Camouflaging into a Security-Driven CAD Flow for 3D ICs. 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). :1—8.

With the globalization of manufacturing and supply chains, ensuring the security and trustworthiness of ICs has become an urgent challenge. Split manufacturing (SM) and layout camouflaging (LC) are promising techniques to protect the intellectual property (IP) of ICs from malicious entities during and after manufacturing (i.e., from untrusted foundries and reverse-engineering by end-users). In this paper, we strive for “the best of both worlds,” that is of SM and LC. To do so, we extend both techniques towards 3D integration, an up-and-coming design and manufacturing paradigm based on stacking and interconnecting of multiple chips/dies/tiers. Initially, we review prior art and their limitations. We also put forward a novel, practical threat model of IP piracy which is in line with the business models of present-day design houses. Next, we discuss how 3D integration is a naturally strong match to combine SM and LC. We propose a security-driven CAD and manufacturing flow for face-to-face (F2F) 3D ICs, along with obfuscation of interconnects. Based on this CAD flow, we conduct comprehensive experiments on DRC-clean layouts. Strengthened by an extensive security analysis (also based on a novel attack to recover obfuscated F2F interconnects), we argue that entering the next, third dimension is eminent for effective and efficient IP protection.

Shayan, Mohammed, Bhattacharjee, Sukanta, Song, Yong-Ak, Chakrabarty, Krishnendu, Karri, Ramesh.  2019.  Can Multi-Layer Microfluidic Design Methods Aid Bio-Intellectual Property Protection? 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS). :151—154.
Researchers develop bioassays by rigorously experimenting in the lab. This involves significant fiscal and skilled person-hour investment. A competitor can reverse engineer a bioassay implementation by imaging or taking a video of a biochip when in use. Thus, there is a need to protect the intellectual property (IP) rights of the bioassay developer. We introduce a novel 3D multilayer-based obfuscation to protect a biochip against reverse engineering.