Chester Rebeiro

The emergence of distributed manufacturing ecosystems for electronic hardware involving untrusted parties has led to diverse trust issues. In particular, Intellectual Property (IP) piracy, reverse engineering, and overproduction pose significant threats to integrated circuits (IC) manufacturers. Watermarking has been one of the solutions employed by the semiconductor industry to overcome many of the trust issues. However, existing watermarking techniques often suffer from one or more of the following deficiencies: (1) low structural coverage, (2) applicability to specific design abstraction level (e.g., gate or layout), (3) high design overhead, and (4) vulnerabilities to removal or tampering attacks. We address these deficiencies by introducing a new watermarking scheme, called SIGNED: Signature Insertion through challenGe respoNse in Electronic Design. SIGNED relies on a challenge-response protocol-based interrogation scheme for generating the watermark. It identifies strategic locations of an input design and samples them in response to select input patterns to form a set of compact signatures representing the functional and structural characteristics of a design. We show that this signature set can be used as high-quality watermark of an IP to verify its provenance. We evaluate SIGNED on the ISCAS85, ITC, and MIT CEP benchmark circuits with respect to all major quality parameters of hardware watermark. We show that SIGNED achieves excellent structural coverage and robustness against identification and removal attacks, while introducing modest design overheads.

Fault attacks belong to a potent class of implementation-based attacks that can compromise a crypto-device within a few milliseconds. Out of the large numbers of faults that can occur in the device, only a very few are exploitable in terms of leaking the secret key. Ignorance of this fact has resulted in countermeasures that have either significant overhead or inadequate protection. This article presents a framework, referred to as FaultDroid, for automated vulnerability analysis of fault attacks. It explores the entire fault attack space, identifies the single/multiple fault scenarios that can be exploited by a differential fault attack, rank-orders them in terms of criticality, and provides design guidance to mitigate the vulnerabilities at low cost. The framework enables a designer to automatically evaluate the fault attack vulnerabilities of a block cipher implementation and then incorporate efficient countermeasures. FaultDroid uses a formal model of fault attacks on a high-level specification of a block cipher and hence is equally applicable to both software and hardware implementation of the cipher. As case studies, we employ FaultDroid to comprehensively evaluate the fault scenarios in several common ciphers - AES, CLEFIA, CAMELLIA, SMS4, SIMON, PRESENT, and GIFT - and assess their vulnerability.

Fault injection attacks are one of the most powerful forms of cryptanalytic attacks on ciphers. A single, precisely injected fault during the execution of a cipher like the AES, can completely reveal the key within a few milliseconds. Software implementations of ciphers, therefore, need to be thoroughly evaluated for such attacks. In recent years, automated tools have been developed to perform these evaluations. These tools either work on the cipher algorithm or on their implementations. Tools that work at the algorithm level can provide a comprehensive assessment of fault attack vulnerability for different fault attacks and with different fault models. Their application is, however, restricted because every realization of the cipher has unique vulnerabilities. On the other hand, tools that work on cipher implementations have a much wider application but are often restricted by the range of fault attacks and the number of fault models they can evaluate. In this paper, we propose a framework, called FEDS, that uses a combination of compiler techniques and model checking to merge the advantages of both, algorithmic level tools as well as implementation level tools. Like the algorithmic level tools, FEDS can provide a comprehensive assessment of fault attack exploitability considering a wide range of fault attacks and fault models. Like implementation level tools, FEDS works with implementations, therefore has wide application. We demonstrate the versatility of FEDS by evaluating seven different implementations of AES (includ-ing bitsliced implementation) and implementations of CLEFIA and CAMELLIA for Differential Fault Attacks. The framework automatically identifies exploitable instructions in all implementations. Further, we present an application of FEDS in a Fault Attack Aware Compiler, that can automatically identify and protect exploitable regions of the code. We demonstrate that the compiler can generate significantly more efficient code than a naïvely protected equivalent, while maintaining the same level of protection.

Most cipher implementations are vulnerable to a class of cryptanalytic attacks known as fault injection attacks. To reveal the secret key, these attacks make use of faults induced at specific locations during the execution of the cipher. Countermeasures for fault injection attacks require these vulnerable locations in the implementation to be first identified and then protected. However, both these steps are difficult and error-prone and, hence, it requires considerable expertise to design efficient countermeasures. Incorrect or insufficient application of the countermeasures would cause the implementation to remain vulnerable, while inefficient application of the countermeasures could lead to significant performance penalties to achieve the desired fault-attack resistance. In this paper, we present a novel framework called SAFARI for automatically synthesizing fault-attack resistant implementations of block ciphers. The framework takes as input the security requirements and a high-level specification of the block cipher. It automatically detects the vulnerable locations from the specification, applies an appropriate countermeasure based on the user-specified security requirements, and then synthesizes an efficient, fault-attack protected, RTL, or C code for the cipher. We take AES, CAMELLIA, and CLEFIA as case studies and demonstrate how the framework would explore different countermeasures, based on the vulnerability of the locations, the output format, and the required security margins. We then evaluate the efficacy of SAFARI in hardware and software to the design overhead incurred and the fault coverage.

Fault attacks are potent physical attacks on crypto-devices. A single fault injected during encryption can reveal the cipher's secret key. In a hardware realization of an encryption algorithm, only a tiny fraction of the gates is exploitable by such an attack. Finding these vulnerable gates has been a manual and tedious task requiring considerable expertise. In this paper, we propose SOLOMON, the first automatic fault attack vulnerability detection framework for hardware designs. Given a cipher implementation, either at RTL or gate-level, SOLOMON uses formal methods to map vulnerable regions in the cipher algorithm to specific locations in the hardware thus enabling targeted countermeasures to be deployed with much lesser overheads. We demonstrate the efficacy of the SOLOMON framework using three ciphers: AES, CLEFIA, and Simon.

Power side-channel attacks are potent security threats that exploit the power consumption patterns of an electronic device to glean sensitive information ranging from secret keys and passwords to web-browsing activity. While pre-Silicon tools promise early detection of side-channel leakage at the design stage, they require several hours of simulation time. In this paper, we present an analytical framework called FORTIFY that estimates the power side-channel vulnerability of digital circuit designs at signal-level granularity, given the RTL or gate-level netlist of the design, at least 100 times faster than contemporary works. We demonstrate the correctness of FORTIFY by comparing it with a recent simulation-based side-channel leakage analysis framework. We also test its scalability by evaluating FORTIFY on an open-source System-on-Chip.