skip to main content


This content will become publicly available on October 31, 2025

Title: Breaking On-Chip Communication Anonymity Using Flow Correlation Attacks
Network-on-chip (NoC) is widely used to facilitate communication between components in sophisticated system-on-chip (SoC) designs. Security of the on-chip communication is crucial because exploiting any vulnerability in shared NoC would be a goldmine for an attacker that puts the entire computing infrastructure at risk. We investigate the security strength of existing anonymous routing protocols in NoC architectures, making two pivotal contributions. Firstly, we develop and perform a machine learning (ML)-based flow correlation attack on existing anonymous routing techniques in NoC systems, revealing that they provide only packet-level anonymity. Secondly, we propose a novel, lightweight anonymous routing protocol featuring outbound traffic tunneling and traffic obfuscation. This protocol is designed to provide robust defense against ML-based flow correlation attacks, ensuring both packet-level and flow-level anonymity. Experimental evaluation using both real and synthetic traffic demonstrates that our proposed attack successfully deanonymizes state-of-the-art anonymous routing in NoC architectures with high accuracy (up to 99%) for diverse traffic patterns. It also reveals that our lightweight anonymous routing protocol can defend against ML-based attacks with minor hardware and performance overhead.  more » « less
Award ID(s):
1936040
PAR ID:
10559190
Author(s) / Creator(s):
;
Publisher / Repository:
ACM
Date Published:
Journal Name:
ACM Journal on Emerging Technologies in Computing Systems
Volume:
20
Issue:
4
ISSN:
1550-4832
Page Range / eLocation ID:
1 to 27
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. System-on-Chip (SoC) supply chain is widely acknowledged as a major source of security vulnerabilities. Potentially malicious third-party IPs integrated on the same Network-on-Chip (NoC) with the trusted components can lead to security and trust concerns. While secure communication is a well studied problem in computer networks domain, it is not feasible to implement those solutions on resource-constrained SoCs. In this paper, we present a lightweight anonymous routing protocol for communication between IP cores in NoC based SoCs. Our method eliminates the major overhead associated with traditional anonymous routing protocols while ensuring that the desired security goals are met. Experimental results demonstrate that existing security solutions on NoC can introduce significant (1.5X) performance degradation, whereas our approach provides the same security features with minor (4%) impact on performance. 
    more » « less
  2. Network-on-Chip (NoC) fulfills the communication requirements of modern System-on-Chip (SoC) architectures. Due to the resource-constrained nature of NoC-based SoCs, it is a major challenge to secure on-chip communication against eavesdropping attacks using traditional encryption methods. In this paper, we propose a lightweight encryption technique using chaffing and winnowing (C&W) with all-or-nothing transform (AONT) that benefits from the unique NoC traffic characteristics. Our experimental results demonstrate that our proposed encryption technique provides the required security with significantly less area and energy overhead compared to the state-of-the-art approaches. 
    more » « less
  3. Network-on-chip (NoC) is widely used as an efficient communication architecture in multi-core and many-core System-on-chips (SoCs). However, the shared communication resources in an NoC platform, e.g., channels, buffers, and routers, might be used to conduct attacks compromising the security of NoC-based SoCs. Most of the proposed encryption-based protection methods in the literature require leaving some parts of the packet unencrypted to allow the routers to process/forward packets accordingly. This reveals the source/destination information of the packet to malicious routers, which can be exploited in various attacks. For the first time, we propose the idea of secure, anonymous routing with minimal hardware overhead to encrypt the entire packet while exchanging secure information over the network. We have designed and implemented a new NoC architecture that works with encrypted addresses. The proposed method can manage malicious and benign failures at NoC channels and buffers by bypassing failed components with a situation-driven stochastic path diversification approach. Hardware evaluations show that the proposed security solution combats the security threats at the affordable cost of 1.5% area and 20% power overheads chip-wide.

     
    more » « less
  4. Network-on-Chip (NoC) is widely employed by multi-core System-on-Chip (SoC) architectures to cater to their communication requirements. Increasing NoC complexity coupled with its widespread usage has made it a focal point of potential security attacks. Distributed Denial-of-Service (DDoS) is one such attack that is caused by malicious intellectual property (IP) cores flooding the network with unnecessary packets causing significant performance degradation through NoC congestion. In this paper, we propose an efficient framework for real-time detection and localization of DDoS attacks. This paper makes three important contributions. We propose a real-time and lightweight DDoS attack detection technique for NoC-based SoCs by monitoring packets to detect any violations. Once a potential attack has been flagged, our approach is also capable of localizing the malicious IPs using the latency data in the NoC routers. The applications are statically profiled during design time to determine communication patterns. These patterns are then used for real-time detection and localization of DDoS attacks. We have evaluated the effectiveness of our approach against different NoC topologies and architecture models using both real benchmarks and synthetic traffic patterns. Our experimental results demonstrate that our proposed approach is capable of real-time detection and localization of DDoS attacks originating from multiple malicious IPs in NoC-based SoCs. 
    more » « less
  5. Network-on-chip (NoC) has become the standard communication fabric for on-chip components in modern System-on-chip (SoC) designs. Since NoC has visibility to all communications in the SoC, it has been one of the primary targets for security attacks. While packet encryption can provide secure communication, it can introduce unacceptable energy and performance overhead due to the resource-constrained nature of SoC designs. In this paper, we propose a lightweight encryption scheme that is implemented on the network interface. Our approach improves the performance of encryption without compromising security using incremental cryptography, which exploits the unique NoC traffic characteristics. Experimental results demonstrate that our proposed approach significantly (up to 57%, 30% on average) reduces the encryption time compared to traditional approaches with negligible (less than 2%) impact on area overhead. 
    more » « less