skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Protection Against Physical Attacks Through Self-Destructive Polymorphic Latch
On-chip assets, such as cryptographic keys, intermediate cipher computations, obfuscation keys, and hardware security primitive outputs, are usually stored in volatile memories, e.g., registers and SRAMs. Such volatile memories could be read out using active physical attacks, such laser-assisted side-channels. One way to protect assets stored in volatile memories can be the employment of sensors that detect active physical attacks and trigger complete zeroization of sensitive data. However, hundreds or thousands of clock cycles are often needed to accomplish this. Further, the sensing and self-destruction mechanisms are decoupled from the sensitive circuitry and can be disabled separately by an adversary. Moreover, defensive actions (e.g., zeroization) may be disabled by bringing the CPU/SoC into an inoperable condition, while registers may still hold their data, making them susceptible. This paper proposes a self-destructive latch to protect sensitive data from active side-channel attacks, which require supply voltage manipulations.Our proposed latch senses supply voltage interference required during such attacks, and reacts instantaneously by entering a forbidden data state, erasing its stored data. The design uses a NULL convention logic (NCL)- based polymorphic NOR/NAND gate, which changes its functionality with supply voltage. Our results show that the latch is stable across temperature and process variation reacting to attacks with 91% confidence. Even for the 9% where data is not destroyed, in 3.33% of cases data flips its state which makes reliable extraction difficult for an attacker. The polymorphic latch is straightforward to implement due to its NCL implementation and the voltage for the self-destructive behavior is easily altered by resizing only two transistors. Further, this self-destructive behavior extends to registers which are built out of latches.  more » « less
Award ID(s):
2150122
PAR ID:
10441234
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
International Conference on Computer-Aided Design (ICCAD)
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, ACM)
    The threats of physical side-channel attacks and their countermeasures have been widely researched. Most physical side-channel attacks rely on the unavoidable influence of computation or storage on current consumption or voltage drop on a chip. Such data-dependent influence can be exploited by, for instance, power or electromagnetic analysis. In this work, we introduce a novel non-invasive physical side-channel attack, which exploits the data-dependent changes in the impedance of the chip. Our attack relies on the fact that the temporarily stored contents in registers alter the physical characteristics of the circuit, which results in changes in the die's impedance. To sense such impedance variations, we deploy a well-known RF/microwave method called scattering parameter analysis, in which we inject sine wave signals with high frequencies into the system's power distribution network (PDN) and measure the echo of the signals. We demonstrate that according to the content bits and physical location of a register, the reflected signal is modulated differently at various frequency points enabling the simultaneous and independent probing of individual registers. Such side-channel leakage challenges the t-probing security model assumption used in masking, which is a prominent side-channel countermeasure. To validate our claims, we mount non-profiled and profiled impedance analysis attacks on hardware implementations of unprotected and high-order masked AES. We show that in the case of the profiled attack, only a single trace is required to recover the secret key. Finally, we discuss how a specific class of hiding countermeasures might be effective against impedance leakage. 
    more » « less
  2. ; ; ; (, IEEE transactions on very large scale integration (VLSI) systems)
    Probing attacks against integrated circuits (IC) have become a serious concern, especially for security-critical applications. With the help of modern circuit editing tools, an attacker could remove layers of materials and expose wires carrying sensitive on-chip assets, such as cryptographic keys and proprietary firmware for probing. Most existing protection methods use active shield which provides tamper-evident covers at the top-most metal layers to the circuity below. However, they lack formal proofs of their effectiveness as some active shields have already been circumvented by hackers. In this paper, we investigate the problem of protection against front-side probing attacks and present a framework to assess a design’s vulnerabilities against probing attacks. Metrics are developed to evaluate the resilience of designs to bypass attack and reroute attack which are two common techniques used to compromise an anti-probing mechanism. Exemplary assets from an SoC layout are used to evaluate the proposed flow. Results show that long net and high layer wires are vulnerable to probing attack equipped with high aspect ratio FIB. Meanwhile, nets that occupy small area on the chip are probably compromised through rerouting shield wires. On the other hand, multi-layer internal orthogonal shield performs the best among common shield structures. 
    more » « less
  3. ; ; ; ; (, GLSVLSI '21: Proceedings of the 2021 on Great Lakes Symposium on VLSI)
    null (Ed.)
    Lightweight authenticated ciphers are crucial in many resource-constrained applications, including hardware security. To protect Intellectual Property (IPs) from theft and reverse-engineering, multiple obfuscation methods have been developed. An essential component of such schemes is the need for secrecy and authenticity of the obfuscation keys. Such keys may need to be exchanged through the unprotected channels, and their recovery attempted using side-channel attacks. However, the use of the current AES-GCM standard to protected key exchange requires a substantial area and power overhead. NIST is currently coordinating a standardization process to select lightweight algorithms for resource-constrained applications. Although security against cryptanalysis is paramount, cost, performance, and resistance to side-channel attacks are among the most important selection criteria. Since the cost of protection against side-channel attacks is a function of the algorithm, quantifying this cost is necessary for estimating its cost and performance in real-world applications. In this work, we investigate side-channel resistant lightweight implementations of an authenticated cipher TinyJAMBU, one of ten finalists in the current NIST LWC standardization process. Our results demonstrate that these implementations achieve robust security against side-channel attacks while keeping the area and power consumption significantly lower than it is possible using the current standards. 
    more » « less
  4. ; ; ; ; ; (, IEEE European Symposium on Security and Privacy (EuroS&P))
    Speculative execution side-channel vulnerabilities in micro-architecture processors have raised concerns about the security of Intel SGX. To understand clearly the security impact of this vulnerability against SGX, this paper makes the following studies: First, to demonstrate the feasibility of the attacks, we present SgxPectre Attacks (the SGX-variants of Spectre attacks) that exploit speculative execution side-channel vulnerabilities to subvert the confidentiality of SGX enclaves. We show that when the branch prediction of the enclave code can be influenced by programs outside the enclave, the control flow of the enclave program can be temporarily altered to execute instructions that lead to observable cache-state changes. An adversary observing such changes can learn secrets inside the enclave memory or its internal registers, thus completely defeating the confidentiality guarantee offered by SGX. Second, to determine whether real-world enclave programs are impacted by the attacks, we develop techniques to automate the search of vulnerable code patterns in enclave binaries using symbolic execution. Our study suggests that nearly any enclave program could be vulnerable to SgxPectre Attacks since vulnerable code patterns are available in most SGX runtimes (e.g., Intel SGX SDK, Rust-SGX, and Graphene-SGX). Third, we apply SgxPectre Attacks to steal seal keys and attestation keys from Intel signed quoting enclaves. The seal key can be used to decrypt sealed storage outside the enclaves and forge valid sealed data; the attestation key can be used to forge attestation signatures. For these reasons, SgxPectre Attacks practically defeat SGX's security protection. Finally, we evaluate Intel's existing countermeasures against SgxPectre Attacks and discusses the security implications. 
    more » « less
  5. ; (, 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC))
    Recent studies have shown that several government and business organizations experience huge data breaches. Data breaches increase in a daily basis. The main target for attackers is organization sensitive data which includes personal identifiable information (PII) such as social security number (SSN), date of birth (DOB) and credit card /debit card (CCDC). The other target is encryption/decryption keys or passwords to get access to the sensitive data. The cloud computing is emerging as a solution to store, transfer and process the data in a distributed location over the Internet. Big data and internet of things (IoT) increased the possibility of sensitive data exposure. Most methods used for the attack are hacking, unauthorized access, insider theft and false data injection on the move. Most of the attacks happen during three different states of data life cycle such as data-at-rest, data-in-use, and data-in-transit. Hence, protecting sensitive data at all states particularly when data is moving to cloud computing environment needs special attention. The main purpose of this research is to analyze risks caused by data breaches, personal and organizational weaknesses to protect sensitive data and privacy. The paper discusses methods such as data classification and data encryption at different states to protect personal and organizational sensitive data. The paper also presents mathematical analysis by leveraging the concept of birthday paradox to demonstrate the encryption key attack. The analysis result shows that the use of same keys to encrypt sensitive data at different data states make the sensitive data less secure than using different keys. Our results show that to improve the security of sensitive data and to reduce the data breaches, different keys should be used in different states of the data life cycle. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email