skip to main content


The NSF Public Access Repository (NSF-PAR) system and access will be unavailable from 11:00 PM ET on Friday, April 12 until 2:00 AM ET on Saturday, April 13 due to maintenance. We apologize for the inconvenience.

This content will become publicly available on November 1, 2024

Title: Protection Against Physical Attacks Through Self-Destructive Polymorphic Latch
On-chip assets, such as cryptographic keys, intermediate cipher computations, obfuscation keys, and hardware security primitive outputs, are usually stored in volatile memories, e.g., registers and SRAMs. Such volatile memories could be read out using active physical attacks, such laser-assisted side-channels. One way to protect assets stored in volatile memories can be the employment of sensors that detect active physical attacks and trigger complete zeroization of sensitive data. However, hundreds or thousands of clock cycles are often needed to accomplish this. Further, the sensing and self-destruction mechanisms are decoupled from the sensitive circuitry and can be disabled separately by an adversary. Moreover, defensive actions (e.g., zeroization) may be disabled by bringing the CPU/SoC into an inoperable condition, while registers may still hold their data, making them susceptible. This paper proposes a self-destructive latch to protect sensitive data from active side-channel attacks, which require supply voltage manipulations.Our proposed latch senses supply voltage interference required during such attacks, and reacts instantaneously by entering a forbidden data state, erasing its stored data. The design uses a NULL convention logic (NCL)- based polymorphic NOR/NAND gate, which changes its functionality with supply voltage. Our results show that the latch is stable across temperature and process variation reacting to attacks with 91% confidence. Even for the 9% where data is not destroyed, in 3.33% of cases data flips its state which makes reliable extraction difficult for an attacker. The polymorphic latch is straightforward to implement due to its NCL implementation and the voltage for the self-destructive behavior is easily altered by resizing only two transistors. Further, this self-destructive behavior extends to registers which are built out of latches.  more » « less
Award ID(s):
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
International Conference on Computer-Aided Design (ICCAD)
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. The threats of physical side-channel attacks and their countermeasures have been widely researched. Most physical side-channel attacks rely on the unavoidable influence of computation or storage on current consumption or voltage drop on a chip. Such data-dependent influence can be exploited by, for instance, power or electromagnetic analysis. In this work, we introduce a novel non-invasive physical side-channel attack, which exploits the data-dependent changes in the impedance of the chip. Our attack relies on the fact that the temporarily stored contents in registers alter the physical characteristics of the circuit, which results in changes in the die's impedance. To sense such impedance variations, we deploy a well-known RF/microwave method called scattering parameter analysis, in which we inject sine wave signals with high frequencies into the system's power distribution network (PDN) and measure the echo of the signals. We demonstrate that according to the content bits and physical location of a register, the reflected signal is modulated differently at various frequency points enabling the simultaneous and independent probing of individual registers. Such side-channel leakage challenges the t-probing security model assumption used in masking, which is a prominent side-channel countermeasure. To validate our claims, we mount non-profiled and profiled impedance analysis attacks on hardware implementations of unprotected and high-order masked AES. We show that in the case of the profiled attack, only a single trace is required to recover the secret key. Finally, we discuss how a specific class of hiding countermeasures might be effective against impedance leakage. 
    more » « less
  2. Speculative execution side-channel vulnerabilities in micro-architecture processors have raised concerns about the security of Intel SGX. To understand clearly the security impact of this vulnerability against SGX, this paper makes the following studies: First, to demonstrate the feasibility of the attacks, we present SgxPectre Attacks (the SGX-variants of Spectre attacks) that exploit speculative execution side-channel vulnerabilities to subvert the confidentiality of SGX enclaves. We show that when the branch prediction of the enclave code can be influenced by programs outside the enclave, the control flow of the enclave program can be temporarily altered to execute instructions that lead to observable cache-state changes. An adversary observing such changes can learn secrets inside the enclave memory or its internal registers, thus completely defeating the confidentiality guarantee offered by SGX. Second, to determine whether real-world enclave programs are impacted by the attacks, we develop techniques to automate the search of vulnerable code patterns in enclave binaries using symbolic execution. Our study suggests that nearly any enclave program could be vulnerable to SgxPectre Attacks since vulnerable code patterns are available in most SGX runtimes (e.g., Intel SGX SDK, Rust-SGX, and Graphene-SGX). Third, we apply SgxPectre Attacks to steal seal keys and attestation keys from Intel signed quoting enclaves. The seal key can be used to decrypt sealed storage outside the enclaves and forge valid sealed data; the attestation key can be used to forge attestation signatures. For these reasons, SgxPectre Attacks practically defeat SGX's security protection. Finally, we evaluate Intel's existing countermeasures against SgxPectre Attacks and discusses the security implications. 
    more » « less
  3. Probing attacks against integrated circuits (IC) have become a serious concern, especially for security-critical applications. With the help of modern circuit editing tools, an attacker could remove layers of materials and expose wires carrying sensitive on-chip assets, such as cryptographic keys and proprietary firmware for probing. Most existing protection methods use active shield which provides tamper-evident covers at the top-most metal layers to the circuity below. However, they lack formal proofs of their effectiveness as some active shields have already been circumvented by hackers. In this paper, we investigate the problem of protection against front-side probing attacks and present a framework to assess a design’s vulnerabilities against probing attacks. Metrics are developed to evaluate the resilience of designs to bypass attack and reroute attack which are two common techniques used to compromise an anti-probing mechanism. Exemplary assets from an SoC layout are used to evaluate the proposed flow. Results show that long net and high layer wires are vulnerable to probing attack equipped with high aspect ratio FIB. Meanwhile, nets that occupy small area on the chip are probably compromised through rerouting shield wires. On the other hand, multi-layer internal orthogonal shield performs the best among common shield structures. 
    more » « less
  4. In this paper, we present the characterization of pre-formed resistive random access memories to design physical unclonable functions and experimentally validate inherent properties such as tamper sensitivity and a self-destroy mode. The physical unclonable functions were tested for repetitive use, temperature effects, and aging. The variations during successive response generation cycles and drift rates are quantized to explore their reliability. We define tamper-sensitivity as the ability to detect tampering attacks. To establish tamper sensitivity, the cells were characterized for higher current sweeps, and the injected current at which they break down is extracted and analyzed to determine suitable operating ranges. Our experimental results show that at least 91% of the cells can generate keys protected by the scheme, while 22% of the sensing elements are triggered. Finally, the cells were characterized for high Voltage sweeps to be able to destroy the physical unclonable functions on-demand when tampering activity is detected. A fixed Voltage of 1.9 V is enough to destroy the entire array. 
    more » « less
  5. Spiking Neural Networks (SNN) are fast emerging as an alternative option to Deep Neural Networks (DNN). They are computationally more powerful and provide higher energy-efficiency than DNNs. While exciting at first glance, SNNs contain security-sensitive assets (e.g., neuron threshold voltage) and vulnerabilities (e.g., sensitivity of classification accuracy to neuron threshold voltage change) that can be exploited by the adversaries. We explore global fault injection attacks using external power supply and laser-induced local power glitches on SNN designed using common analog neurons to corrupt critical training parameters such as spike amplitude and neuron’s membrane threshold potential. We also analyze the impact of power-based attacks on the SNN for digit classification task and observe a worst-case classification accuracy degradation of −85.65%. We explore the impact of various design parameters of SNN (e.g., learning rate, spike trace decay constant, and number of neurons) and identify design choices for robust implementation of SNN. We recover classification accuracy degradation by 30–47% for a subset of power-based attacks by modifying SNN training parameters such as learning rate, trace decay constant, and neurons per layer. We also propose hardware-level defenses, e.g., a robust current driver design that is immune to power-oriented attacks, improved circuit sizing of neuron components to reduce/recover the adversarial accuracy degradation at the cost of negligible area, and 25% power overhead. We also propose a dummy neuron-based detection of voltage fault injection at ∼1% power and area overhead each. 
    more » « less