Search for: All records

Globalized outsourcing of integrated circuit manufacturing has introduced potent security threats such as unauthorized overproduction and hardware Trojan insertion. An approach that is used to protect circuit designs from overproduction is logic locking, which introduces key inputs to a digital circuit such that only the correct key will allow the circuit to work properly and all others will cause unintended functionality. On the other hand, the majority of the existing methods to tackle hardware Trojans are in the realm of proactive prevention or static detection, but a more challenging problem, which is the run-time mitigation of the Trojans inserted in a zero-trust design flow, is yet to be solved. In this work, we look through the lens of logic locking with the goal of introducing online reconfigurability into a design and apply the fundamental principles of fault tolerance and state traversal to create an effective mitigation tactic against hardware Trojans. Redundancy is inserted at low-controllable states to create trap states for the attackers, and key inputs are added to select the active path. The strength of our proposed approach lies in its ability to circumvent Trojan payloads transparently at run-time with only a slight overhead, as demonstrated by experiments run on over 40 benchmarks of varying sizes. We also demonstrate viability when combined with secure logic locking methods to provide multi-objective security. 

The risk of hardware Trojans being inserted at various stages of chip production has increased in a zero-trust fabless era. To counter this, various machine learning solutions have been developed for the detection of hardware Trojans. While most of the focus has been on either a statistical or deep learning approach, the limited number of Trojan-infected benchmarks affects the detection accuracy and restricts the possibility of detecting zero-day Trojans. To close the gap, we first employ generative adversarial networks to amplify our data in two alternative representation modalities: a graph and a tabular, which ensure a representative distribution of the dataset. Further, we propose a multimodal deep learning approach to detect hardware Trojans and evaluate the results from both early fusion and late fusion strategies. We also estimate the uncertainty quantification metrics of each prediction for risk-aware decision-making. The results not only validate the effectiveness of our suggested hardware Trojan detection technique but also pave the way for future studies utilizing multimodality and uncertainty quantification to tackle other hardware security problems. 

Physical Unclonable Functions (PUFs) leverage manufacturing process imperfections that cause propagation delay discrepancies for the signals traveling along these paths. While PUFs can be used for device authentication and chip-specific key generation, strong PUFs have been shown to be vulnerable to machine learning modeling attacks. Although there is an impression that combinational circuits must be designed without any loops, cyclic combinational circuits have been shown to increase design security against hardware intellectual property theft. In this paper, we introduce feedback signals into traditional delay-based PUF designs such as arbiter PUF, ring oscillator PUF, and butterfly PUF to give them a wider range of possible output behaviors and thus an edge against modeling attacks. Based on our analysis, cyclic PUFs produce responses that can be binary, steady-state, oscillating, or pseudo-random under fixed challenges. The proposed cyclic PUFs are implemented in field programmable gate arrays, and their power and area overhead, in addition to functional metrics, are reported compared with their traditional counterparts. The security gain of the proposed cyclic PUFs is also shown against state-of-the-art attacks. 

Piracy and overproduction of hardware intellectual properties are growing concerns for the semiconductor industry under the fabless paradigm. Although chip designers have attempted to secure their designs against these threats by means of logic locking and obfuscation, due to the increasing number of powerful oracle-guided attacks, they are facing an ever-increasing challenge in evaluating the security of their designs and their associated overhead. Especially while many so-called "provable" logic locking techniques are subjected to a novel attack surface, overcoming these attacks may impose a huge overhead on the circuit. Thus, in this paper, after investigating the shortcoming of state-of-the-art graph neural network models in logic locking and refuting the use of hamming distance as a proper key accuracy metric, we employ two machine learning models, a decision tree to predict the security degree of the locked benchmarks and a convolutional neural network to assign a low-overhead and secure locking scheme to a given circuit. We first build multi-label datasets by running different attacks on locked benchmarks with existing logic locking methods to evaluate the security and compute the imposed area overhead. Then, we design and train a decision tree model to learn the features of the created dataset and predict the security degree of each given locked circuit. Furthermore, we utilize a convolutional neural network model to extract more features, obtain higher accuracy, and consider overhead. Then, we put our trained models to the test against different unseen benchmarks. The experimental results reveal that the convolutional neural network model has a higher capability for extracting features from unseen, large datasets which comes in handy in assigning secure and low-overhead logic locking to a given netlist. 

In a zero-trust fabless paradigm, designers are increasingly concerned about hardware-based attacks on the semiconductor supply chain. Logic locking is a design-for-trust method that adds extra key-controlled gates in the circuits to prevent hardware intellectual property theft and overproduction. While attackers have traditionally relied on an oracle to attack logic-locked circuits, machine learning attacks have shown the ability to retrieve the secret key even without access to an oracle. In this paper, we first examine the limitations of state-of-the-art machine learning attacks and argue that the use of key hamming distance as the sole model-guiding structural metric is not always useful. Then, we develop, train, and test a corruptibility-aware graph neural network-based oracle-less attack on logic locking that takes into consideration both the structure and the behavior of the circuits. Our model is explainable in the sense that we analyze what the machine learning model has interpreted in the training process and how it can perform a successful attack. Chip designers may find this information beneficial in securing their designs while avoiding incremental fixes. 

As the semiconductor industry has shifted to a fabless paradigm, the risk of hardware Trojans being inserted at various stages of production has also increased. Recently, there has been a growing trend toward the use of machine learning solutions to detect hardware Trojans more effectively, with a focus on the accuracy of the model as an evaluation metric. However, in a high-risk and sensitive domain, we cannot accept even a small misclassification. Additionally, it is unrealistic to expect an ideal model, especially when Trojans evolve over time. Therefore, we need metrics to assess the trustworthiness of detected Trojans and a mechanism to simulate unseen ones. In this paper, we generate evolving hardware Trojans using our proposed novel conformalized generative adversarial networks and offer an efficient approach to detecting them based on a non-invasive algorithm-agnostic statistical inference framework that leverages the Mondrian conformal predictor. The method acts like a wrapper over any of the machine learning models and produces set predictions along with uncertainty quantification for each new detected Trojan for more robust decision-making. In the case of a NULL set, a novel method to reject the decision by providing a calibrated explainability is discussed. The proposed approach has been validated on both synthetic and real chip-level benchmarks and proven to pave the way for researchers looking to find informed machine learning solutions to hardware security problems. 

Abstract Chaos is a deterministic phenomenon that occurs in a non-linear dynamic system under specific condition when the trajectories of the state vector become periodic and extremely sensitive to the initial conditions. While traditional resistor-based chaotic communications are primarily concerned with the safe transfer of information across networks, the transceivers themselves can be compromised due to outsource manufacturing. With the growth of wireless sensors in resource-constrained implantable and wearable devices, chaotic communication may be a good fit if the information transmitted is reliable and the transmitter devices are secure. We believe that memristor, as the fourth fundamental two-terminal circuit element, can close the gap between reliable communication and secure manufacturing since its resistance can be programmed and saved by the designer and not the foundry. Thus, in this paper, we propose a memristor-based Chua’s chaotic transceiver that is both reliable in the presence of eavesdroppers and secure against untrusted foundries. Specifically, we consider the pair of transmitter and receiver under the same memristor value to show the possibility of uninterrupted communication as well as cases where different values of memristors are used to find out the possible range in which the message can still be meaningfully decoded. Experimental results confirm that both reliable communication and secure design can be achieved via our proposed memristor-based chaos transceivers. 

Chip designers can secure their ICs against piracy and overproduction by employing logic locking and obfuscation. However, there are numerous attacks that can examine the logic-locked netlist with the assistance of an activated IC and extract the correct key using a SAT solver. In addition, when it comes to fabrication, the imposed area overhead is a challenge that needs careful attention to preserve the design goals. Thus, to assign a logic locking method that can provide security against diverse attacks and at the same time add minimal area overhead, a comprehensive understanding of the circuit structure is needed. Towards this goal, in this paper, we first build a multi-label dataset by running different attacks on benchmarks locked with existing logic locking methods and various key sizes to capture the provided level of security and overhead for each benchmark. Then we propose and analyze CoLA, a convolutional neural network model that is trained on this dataset and thus is able to map circuits to secure low-overhead locking schemes by analyzing extracted features of the benchmark circuits. Considering various resynthesized versions of the same circuits empowers CoLA to learn features beyond the structure view alone. We use a quantization method that can lower the computation overhead of feature extraction in the classification of new, unseen data, hence speeding up the locking assignment process. Results on over 10,000 data show high accuracy both in the training and validation phases. 

The semiconductor industry must deal with different hardware threats like piracy and overproduction as a result of outsourcing manufacturing. While there are many proposals to lock the circuit using a global protected key only known to the designer, there exist numerous oracle-guided attacks that can examine the locked netlist with the assistance of an activated IC and extract the correct key. In this paper, by adopting a low-overhead structural method, we propose DK Lock, a novel Dual Key locking method that securely protects sequential circuits with two different keys that are applied to one set of key inputs at different times. DK Lock structurally adds an activation phase to the sequential circuit, and a correct key must be applied for several cycles to exit this phase. Once the circuit has been successfully activated, a new functional key must be applied to the same set of inputs to resume normal operation. DK Lock opens up new avenues for hardware IP protection by simultaneously refuting the single static key assumption of the existing attacks and overcoming the state explosion problem of state-of-the-art sequential logic locking methods. Our experiments confirm that DK Lock maintains a high degree of security with reasonable power and area overheads. 

The Global Wearable market is anticipated to rise at a considerable rate in the next coming years and communication is a fundamental block in any wearable device. In communication, encryption methods are being used with the aid of microcontrollers or software implementations, which are power-consuming and incorporate complex hardware implementation. Internet of Things (IoT) devices are considered as resource-constrained devices that are expected to operate with low computational power and resource utilization criteria. At the same time, recent research has shown that IoT devices are highly vulnerable to emerging security threats, which elevates the need for low-power and small-size hardware-based security countermeasures. Chaotic encryption is a method of data encryption that utilizes chaotic systems and non-linear dynamics to generate secure encryption keys. It aims to provide high-level security by creating encryption keys that are sensitive to initial conditions and difficult to predict, making it challenging for unauthorized parties to intercept and decode encrypted data. Since the discovery of chaotic equations, there have been various encryption applications associated with them. In this paper, we comprehensively analyze the physical and encryption attacks on continuous chaotic systems in resource-constrained devices and their potential remedies. To this aim, we introduce different categories of attacks of chaotic encryption. Our experiments focus on chaotic equations implemented using Chua’s equation and leverages circuit architectures and provide simulations proof of remedies for different attacks. These remedies are provided to block the attackers from stealing users’ information (e.g., a pulse message) with negligible cost to the power and area of the design.