skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: High-Level Approaches to Hardware Security: A Tutorial
Designers use third-party intellectual property (IP) cores and outsource various steps in the integrated circuit (IC) design and manufacturing flow. As a result, security vulnerabilities have been rising. This is forcing IC designers and end users to re-evaluate their trust in ICs. If attackers get hold of an unprotected IC, they can reverse engineer the IC and pirate the IP. Similarly, if attackers get hold of a design, they can insert malicious circuits or take advantage of “backdoors” in a design. Unintended design bugs can also result in security weaknesses. This tutorial paper provides an introduction to the domain of hardware security through two pedagogical examples of hardware security problems. The first is a walk-through of the scan chain-based side channel attack. The second is a walk-through of logic locking of digital designs. The tutorial material is accompanied by open access digital resources that are linked in this article.  more » « less
Award ID(s):
2039607
PAR ID:
10391979
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
ACM Transactions on Embedded Computing Systems
ISSN:
1539-9087
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; (, Asian Hardware Oriented Security and Trust Symposium (AsianHOST))
    null (Ed.)
    Various hardware security solutions have been developed recently to help counter hardware level attacks such as hardware Trojan, integrated circuit (IC) counterfeiting and intellectual property (IP) clone/piracy. However, existing solutions often provide specific types of protections. While these solutions achieve great success in preventing even advanced hardware attacks, the compatibility of among these hardware security methods are rarely discussed. The inconsistency hampers with the development of a comprehensive solution for hardware IC and IP from various attacks. In this paper, we develop a security primitive generator to help solve the compatibility issue among different protection techniques. Specifically, we focus on two modern IC/IP protection methods, logic locking and watermarking. A combined locking and watermarking technique is developed based on enhanced finite state machines (FSMs). The security primitive generator will take user-specified constraints and automatically generate an FSM module to perform both logic locking and watermarking. The generated FSM can be integrated into any designs for protection. Our experimental results show that the generator can facilitate circuit protection and provide the flexibility for users to achieve a better tradeoff between security levels and design overheads. 
    more » « less
  2. ; ; (, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems)
    Hardware Trojan insertion and intellectual property (IP) theft are two major concerns when dealing with untrusted foundries. Most existing mitigation techniques are limited in protecting against both vulnerabilities. Split manufacturing is designed to stop IP piracy and IC cloning, but it fails at preventing untargeted hardware Trojan insertion and incurs significant overheads when high level of security is demanded. Built-in self-authentication (BISA) is a low cost technique for preventing and detecting hardware Trojan insertion, but is vulnerable to IP piracy, IC cloning or redesign attacks, especially on original circuitry. In this paper, we propose an obfuscated built-in self-authentication (OBISA) technique that combines and optimizes both techniques so that they complement and improve security against both vulnerabilities, while at the same time minimizing design overheads to the extent that the proposed method does not incur prohibitive cost for designs of industrial-level sophistication. Our evaluation on AES and DES cores shows that the proposed technique can reach security levels more than two times higher, satisfy all existing layout-based security metrics, while reducing overheads from hundreds of percents to less than 13% in power, less than 5% in delay, and zero percent in area, as compared to best reported performance in existing techniques. 
    more » « less
  3. ; ; ; ; (, International Verification and Security Workshop (IVSW))
    Due to the increasing complexity of hardware designs, third-party hardware Intellectual Property (IP) cores are often incorporated to alleviate the burden on hardware designers. However, the prevalent use of third-party IPs has raised security concerns such as hardware Trojans. These Trojans inserted in the soft IPs are very difficult to detect through functional testing and no single detection methodology has been able to completely address this issue. Based on a Register- Transfer Level (RTL) soft IP analysis method named Structural Checking, this paper presents a hardware Trojan detection methodology and tool by detailing the implementation of a Golden Reference Library for matching an unknown IP to a functionally similar Golden Reference. The matching result is quantified in percentages so that two different IPs with similar functions have a higher percentage match. A match of the unknown IP to a whitelist IP advances it to be identified with a known functionality, while a match to a blacklist IP causes it to be detected as Trojan-infested. 
    more » « less
  4. ; ; ; (, SRC TECHCON)
    Outsourcing semiconductor device fabrication can result in malicious insertions and overbuilding of integrated circuits (ICs) by untrusted foundries without the IP owner’s knowledge. Active hardware metering methods attempt to combat IC piracy by requiring fabs to perform an activation protocol with the IP owner for each chip created. In this paper, we have taken a closer look at the IC metering through bus scrambling protocol mentioned in Maes et al., 2009 and we investigate alternatives which employ 1-out of 2 oblivious transfer (OT). Our focus is on Bellare Micali OT and Naor Pinkas OT, which, under certain assumptions, guarantee protection against malicious adversaries. Using OT as an alternative helps with the need to protect the integrity of the private input generated by the chip. Thus, the security of the protocol reduces to the Decisional Diffie Hellman sense. Finally, we discuss possible attacks and show how the proposed protocols could prevent them. 
    more » « less
  5. ; ; (, 2022 IEEE 8th World Forum on Internet of Things (WF-IoT))
    Because FPGAs outperform traditional processing cores like CPUs and GPUs in terms of performance per watt and flexibility, they are being used more and more in cloud and data center applications. There are growing worries about the security risks posed by multi-tenant sharing as the demand for hardware acceleration increases and gradually gives way to FPGA multi-tenancy in the cloud. The confidentiality, integrity, and availability of FPGA-accelerated applications may be compromised if space-shared FPGAs are made available to many cloud tenants. We propose a root of trust-based trusted execution mechanism called TrustToken to prevent harmful software-level attackers from getting unauthorized access and jeopardizing security. With safe key creation and truly random sources, TrustToken creates a security block that serves as the foundation of trust-based IP security. By offering crucial security characteristics, such as secure, isolated execution and trusted user interaction, TrustToken only permits trustworthy connection between the non-trusted third-party IP and the rest of the SoC environment. The suggested approach does this by connecting the third-party IP interface to the TrustToken Controller and running run-time checks on the correctness of the IP authorization(Token) signals. With an emphasis on software-based assaults targeting unauthorized access and information leakage, we offer a noble hardware/software architecture for trusted execution in FPGA-accelerated clouds and data centers. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email