12.6 Trojans and public key implementation challenges

Time	Label	Presentation Title Authors
16:00	12.6.1	(Best Paper Award Candidate) WHEN CAPACITORS ATTACK: FORMAL METHOD DRIVEN DESIGN AND DETECTION OF CHARGE-DOMAIN TROJANS Speaker: Yier Jin, University of Florida, US Authors: Xiaolong Guo¹, Huifeng Zhu², Yier Jin¹ and Xuan Zhang² ¹University of Florida, US; ²Washington University in St. Louis, US Abstract The rapid growth and globalization of the integrated circuit (IC) industry put the threat of hardware Trojans (HTs) front and center among all security concerns in the IC supply chain. Current Trojan detection approaches always assume HTs are composed of digital circuits. However, recent demonstrations of analog attacks, such as A2 and Rowhammer, invalidate the digital assumption in previous HT detection or testing methods. At the system level, attackers can utilize the analog properties of the underlying circuits such as charge-sharing and capacitive coupling effects to create information leakage paths. These new capacitor-based vulnerabilities are rarely covered in digital testings. To address these stealthy yet harmful threats, we identify a large class of such capacitor-enabled attacks and define them as charge-domain Trojans. We are able to abstract the detailed charge-domain models for these Trojans and expose the circuit-level properties that critically contribute to their information leakage paths. Aided by the abstract models, an information flow tracking (IFT) based solution is developed to detect charge-domain leakage paths and then identify the charge-domain Trojans/vulnerabilities. Our proposed method is validated on an experimental RISC microcontroller design injected with different variants of charge-domain Trojans. We demonstrate that successful detection can be accomplished with an automatic tool which realizes the IFT-based solution. Download Paper (PDF; Only available from the DATE venue WiFi)
16:30	12.6.2	FOURQ ON ASIC: BREAKING SPEED RECORDS FOR ELLIPTIC CURVE SCALAR MULTIPLICATION Speaker: Hiromitsu Awano, The University of Tokyo, JP Authors: Hiromitsu Awano and Makoto Ikeda, The University of Tokyo, JP Abstract An ASIC cryptoprocessor for scalar multiplication (SM) on FourQ is proposed. By exploiting Karatsuba multiplication and lazy reduction techniques, the arithmetic units of the proposed processor are tailored for operations over quadratic extension field (Fp2). We also propose an automated instruction scheduling methodology based on a combinatorial optimization solver to fully exploit the available instruction-level parallelism. With the proposed processor fabricated by using a 65 nm silicon-on-thin-box (SOTB) CMOS process, we demonstrate that an SM can be computed in 10.1us when a typical operating voltage of 1.20 V is applied, which corresponds to 3.66x acceleration compared to the conventional P-256 curve SM accelerator implemented on an ASIC platform and is the fastest ever reported. We also demonstrate that by lowering the supply voltage down to 0.32 V, the lowest ever reported energy consumption of 0.327uJ/SM is achieved. Download Paper (PDF; Only available from the DATE venue WiFi)
17:00	12.6.3	DARL: DYNAMIC PARAMETER ADJUSTMENT FOR LWE-BASED SECURE INFERENCE Speaker: Song Bian, Kyoto University, JP Authors: Song Bian, Masayuki Hiromoto and Takashi Sato, Kyoto University, JP Abstract Packed additive homomorphic encryption (PAHE)-based secure neural network inference is attracting increasing attention in the field of applied cryptography. In this work, we seek to improve the practicality of LWE-based secure inference by dynamically changing the cryptographic parameters depending on the underlaying architecture of the neural network. We develop and apply theoretical methods to closely examine the error behavior of secure inference, and propose parameters that can reduce as much as 67% of ciphertext size when smaller networks are used. In addition, we use rare-event simulation techniques based on the sigma-scale sampling method to provide tight bounds on the size of cumulative errors drawn from (somewhat) arbitrary distributions. In the experiment, we instantiate an example PAHE scheme and show that we can further reduce the ciphertext size by 3.3x if we adopt a binarized neural network architecture, along with a computation speedup of 2x--3x. Download Paper (PDF; Only available from the DATE venue WiFi)
17:15	12.6.4	TIMING VIOLATION INDUCED FAULTS IN MULTI-TENANT FPGAS Speaker: Mirjana Stojilovic, EPFL, CH Authors: Dina Mahmoud¹ and Mirjana Stojilovic² ¹Ecole Polytechnique Federale de Lausanne, CH; ²EPFL, CH Abstract FPGAs have made their way into the cloud, allowing users to gain remote access to the state-of-the-art reconfigurable fabric and implement their custom accelerators. Since FPGAs are large enough to accommodate multiple independent designs, the multi-tenant user scenario may soon be prevalent in cloud computing environments. However, shared use of an FPGA raises security concerns. Recently discovered hardware Trojans for use in multi-tenant FPGA settings target denial-of-service attacks, power side-channel attacks, and crosstalk side-channel attacks. In this work, we present an attack method for causing timing- constraints violation in the multi-tenant FPGA setting. This type of attack is very dangerous as the consequences of timing faults are temporary errors, which are often impossible to notice. We demonstrate the attack on a set of self-timed true random number generators (STRNGs), frequently used in cryptographic applications. When the attack is launched, the STRNG outputs become biased and fail randomness tests. However, after the attack, STRNGs recover and continue generating random bits. Download Paper (PDF; Only available from the DATE venue WiFi)
17:30		End of session

Time

Label

Presentation Title
Authors

16:00

12.6.1

(Best Paper Award Candidate)
WHEN CAPACITORS ATTACK: FORMAL METHOD DRIVEN DESIGN AND DETECTION OF CHARGE-DOMAIN TROJANS
Speaker:
Yier Jin, University of Florida, US
Authors:
Xiaolong Guo¹, Huifeng Zhu², Yier Jin¹ and Xuan Zhang²
¹University of Florida, US; ²Washington University in St. Louis, US
Abstract
The rapid growth and globalization of the integrated circuit (IC) industry put the threat of hardware Trojans (HTs) front and center among all security concerns in the IC supply chain. Current Trojan detection approaches always assume HTs are composed of digital circuits. However, recent demonstrations of analog attacks, such as A2 and Rowhammer, invalidate the digital assumption in previous HT detection or testing methods. At the system level, attackers can utilize the analog properties of the underlying circuits such as charge-sharing and capacitive coupling effects to create information leakage paths. These new capacitor-based vulnerabilities are rarely covered in digital testings. To address these stealthy yet harmful threats, we identify a large class of such capacitor-enabled attacks and define them as charge-domain Trojans. We are able to abstract the detailed charge-domain models for these Trojans and expose the circuit-level properties that critically contribute to their information leakage paths. Aided by the abstract models, an information flow tracking (IFT) based solution is developed to detect charge-domain leakage paths and then identify the charge-domain Trojans/vulnerabilities. Our proposed method is validated on an experimental RISC microcontroller design injected with different variants of charge-domain Trojans. We demonstrate that successful detection can be accomplished with an automatic tool which realizes the IFT-based solution.
Download Paper (PDF; Only available from the DATE venue WiFi)

16:30

12.6.2

FOURQ ON ASIC: BREAKING SPEED RECORDS FOR ELLIPTIC CURVE SCALAR MULTIPLICATION
Speaker:
Hiromitsu Awano, The University of Tokyo, JP
Authors:
Hiromitsu Awano and Makoto Ikeda, The University of Tokyo, JP
Abstract
An ASIC cryptoprocessor for scalar multiplication (SM) on FourQ is proposed. By exploiting Karatsuba multiplication and lazy reduction techniques, the arithmetic units of the proposed processor are tailored for operations over quadratic extension field (Fp2). We also propose an automated instruction scheduling methodology based on a combinatorial optimization solver to fully exploit the available instruction-level parallelism. With the proposed processor fabricated by using a 65 nm silicon-on-thin-box (SOTB) CMOS process, we demonstrate that an SM can be computed in 10.1us when a typical operating voltage of 1.20 V is applied, which corresponds to 3.66x acceleration compared to the conventional P-256 curve SM accelerator implemented on an ASIC platform and is the fastest ever reported. We also demonstrate that by lowering the supply voltage down to 0.32 V, the lowest ever reported energy consumption of 0.327uJ/SM is achieved.
Download Paper (PDF; Only available from the DATE venue WiFi)

17:00

12.6.3

DARL: DYNAMIC PARAMETER ADJUSTMENT FOR LWE-BASED SECURE INFERENCE
Speaker:
Song Bian, Kyoto University, JP
Authors:
Song Bian, Masayuki Hiromoto and Takashi Sato, Kyoto University, JP
Abstract
Packed additive homomorphic encryption (PAHE)-based secure neural network inference is attracting increasing attention in the field of applied cryptography. In this work, we seek to improve the practicality of LWE-based secure inference by dynamically changing the cryptographic parameters depending on the underlaying architecture of the neural network. We develop and apply theoretical methods to closely examine the error behavior of secure inference, and propose parameters that can reduce as much as 67% of ciphertext size when smaller networks are used. In addition, we use rare-event simulation techniques based on the sigma-scale sampling method to provide tight bounds on the size of cumulative errors drawn from (somewhat) arbitrary distributions. In the experiment, we instantiate an example PAHE scheme and show that we can further reduce the ciphertext size by 3.3x if we adopt a binarized neural network architecture, along with a computation speedup of 2x--3x.
Download Paper (PDF; Only available from the DATE venue WiFi)

17:15

12.6.4

TIMING VIOLATION INDUCED FAULTS IN MULTI-TENANT FPGAS
Speaker:
Mirjana Stojilovic, EPFL, CH
Authors:
Dina Mahmoud¹ and Mirjana Stojilovic²
¹Ecole Polytechnique Federale de Lausanne, CH; ²EPFL, CH
Abstract
FPGAs have made their way into the cloud, allowing users to gain remote access to the state-of-the-art reconfigurable fabric and implement their custom accelerators. Since FPGAs are large enough to accommodate multiple independent designs, the multi-tenant user scenario may soon be prevalent in cloud computing environments. However, shared use of an FPGA raises security concerns. Recently discovered hardware Trojans for use in multi-tenant FPGA settings target denial-of-service attacks, power side-channel attacks, and crosstalk side-channel attacks. In this work, we present an attack method for causing timing- constraints violation in the multi-tenant FPGA setting. This type of attack is very dangerous as the consequences of timing faults are temporary errors, which are often impossible to notice. We demonstrate the attack on a set of self-timed true random number generators (STRNGs), frequently used in cryptographic applications. When the attack is launched, the STRNG outputs become biased and fail randomness tests. However, after the attack, STRNGs recover and continue generating random bits.
Download Paper (PDF; Only available from the DATE venue WiFi)

17:30

End of session