3.3 Hardware Trojans and Fault Attacks

Time	Label	Presentation Title Authors
14:30	3.3.1	ALGEBRAIC FAULT ANALYSIS OF SHA-3 Speaker: Pei Luo, Northeastern University, US Authors: Pei Luo, Konstantinos Athanasiou, Yunsi Fei and Thomas Wahl, Northeastern University, US Abstract This paper presents an efficient algebraic fault analysis on all four modes of SHA-3 under relaxed fault models. This is the first work to apply algebraic techniques on fault analysis of SHA-3. Results show that algebraic fault analysis on SHA-3 is very efficient and effective due to the clear algebraic properties of Keccak operations. Comparing with previous work on differential fault analysis of SHA-3, algebraic fault analysis can identify the injected faults with much higher rates, and recover an entire internal state of the penultimate round with much fewer fault injections. Download Paper (PDF; Only available from the DATE venue WiFi)
15:00	3.3.2	EVALUATING COHERENCE-EXPLOITING HARDWARE TROJAN Speaker: Minsu Kim, Korea University, KR Authors: Minsu Kim¹, Sunhee Kong¹, Boeui Hong¹, Lei Xu², Weidong Shi² and Taeweon Suh¹ ¹Korea University, KR; ²University of Houston, US Abstract Increasing complexity of integrated circuits and IP-based hardware designs have created the risk of hardware Trojans. This paper introduces a new type of threat, a coherence-exploiting hardware Trojan. This Trojan can be maliciously implanted in master components in a system, and continuously injects memory transactions onto the main interconnect. The injected traffic forces the eviction of cache lines, taking advantage of cache coherence protocols. This type of Trojans insidiously slows down the system performance, incurring Denial-of-Service (DoS) attack. We used a Xilinx Zynq-7000 device to implement the Trojan and evaluate its severity. Experiments revealed that the system performance can be severely degraded as much as 258% with the Trojan. A countermeasure to annihilate the Trojan attack is proposed in detail. We also found that AXI version 3.0 supports a seemingly irrelevant invalidation protocol through ACP, opening a door for the potential Trojan attack. Download Paper (PDF; Only available from the DATE venue WiFi)
15:30	3.3.3	HARDWARE TROJAN DETECTION BASED ON CORRELATED PATH DELAYS IN DEFIANCE OF VARIATIONS WITH SPATIAL CORRELATIONS Speaker: Fatma Nur Esirci, Gebze Technical University, TR Authors: Fatma Nur Esirci and Alp Arslan Bayrakci, Gebze Technical University, TR Abstract Hardware Trojan (HT) detection methods based on the side channel analysis deeply suffer from the process variations. In order to suppress the effect of the variations, we devise a method that smartly selects two highly correlated paths for each interconnect (edge) that is suspected to have an HT on it. First path is the shortest one passing through the suspected edge and the second one is a path that is highly correlated with the first one. Delay ratio of these paths avails the detection of the HT inserted circuits. Test results reveal that the method enables the detection of even the minimally invasive Trojans in spite of both inter and intra die variations with the spatial correlations. Download Paper (PDF; Only available from the DATE venue WiFi)
15:45	3.3.4	MALWARE DETECTION USING MACHINE LEARNING BASED ANALYSIS OF VIRTUAL MEMORY ACCESS PATTERNS Speaker: Zhixing Xu, Princeton University, US Authors: Zhixing Xu¹, Sayak Ray², Pramod Subramanyan¹ and Sharad Malik¹ ¹Princeton University, US; ²Intel corp, US Abstract Malicious software, referred as malware, continues to grow in sophistication. Past proposals for malware detection have primarily focused on software-based detectors which are vulnerable to being compromised. Thus, recent work has proposed hardware-assisted malware detection. In this paper, we introduce a new framework for hardware-assisted malware detection based on monitoring and classifying memory access patterns using machine learning. This provides for increased automation and coverage through reducing user input on specific malware signatures. The key insight underlying our work is that malware must change control flow and/or data structures, which leaves fingerprints on program memory accesses. Building on this, we propose an online framework for detecting malware that uses machine learning to classify malicious behavior based on virtual memory access patterns. Novel aspects of the framework include techniques for collecting and summarizing per-function/system-call memory access patterns, and a two-level classification architecture. Our experimental evaluation focuses on two important classes of malware (i) kernel rootkits and (ii) memory corruption attacks on user programs. The framework has a detection rate of 99.0% with less than 5% false positives and outperforms previous proposals for hardware-assisted malware detection. Download Paper (PDF; Only available from the DATE venue WiFi)
16:00	IP1-12, 838	POWER PROFILING OF MICROCONTROLLER'S INSTRUCTION SET FOR RUNTIME HARDWARE TROJANS DETECTION WITHOUT GOLDEN CIRCUIT MODELS Speaker: Falah Awwad, College of Engineering / Department of Electrical Engineering, UAE University, AE Authors: Faiq Khalid Lodhi¹, Syed Rafay Hasan², Osman Hasan¹ and Falah Awwad³ ¹School of Electrical Engineering and Computer Science National University of Sciences and Technology (NUST), PK; ²Department of Electrical and Computer Engineering, Tennessee Technological University, US; ³College of Engineering, United Arab Emirates University, AE Abstract Globalization trends in integrated circuit (IC) design are leading to increased vulnerability of ICs against hardware Trojans (HT). Recently, several side channel parameters based techniques have been developed to detect these hardware Trojans that require golden circuit as a reference model, but due to the widespread usage of IPs, most of the system-on-chip (SoC) do not have a golden reference. Hardware Trojans in intellectual property (IP)-based SoC designs are considered as major concern for future integrated circuits. Most of the state-of-the-art runtime hardware Trojan detection techniques presume that Trojans will lead to anomaly in the SoC integration units. In this paper, we argue that an intelligent intruder may intrude the IP-based SoC without disturbing the normal SoC operation or violating any protocols. To overcome this limitation, we propose a methodology to extract the power profile of the micro-controllers instruction sets, which is in turn used to train a machine learning algorithm. In this technique, the power profile is obtained by extracting the power behavior of the micro-controllers for different assembly language instructions. This trained model is then embedded into the integrated circuits at the SoC integration level, which classifies the power profile during runtime to detect the intrusions. We applied our proposed technique on MC8051 micro-controller in VHDL, obtained the power profile of its instruction set and then applied deep learning, k-NN, decision tree and naive Bayesian based machine learning tools to train the models. The cross validation comparison of these learning algorithm, when applied to MC8051 Trojan benchmarks, shows that we can achieve 87\% to 99\% accuracy. To the best of our knowledge, this is the first work in which the power profile of a microprocessor's instruction set is used in conjunction with machine learning for runtime HT detection. Download Paper (PDF; Only available from the DATE venue WiFi)
16:00		End of session Coffee Break in Exhibition Area On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area. Tuesday, March 28, 2017 Coffee Break 10:30 - 11:30 Coffee Break 16:00 - 17:00 Wednesday, March 29, 2017 Coffee Break 10:00 - 11:00 Coffee Break 16:00 - 17:00 Thursday, March 30, 2017 Coffee Break 10:00 - 11:00 Coffee Break 15:30 - 16:00

Time

Label

Presentation Title
Authors

14:30

3.3.1

ALGEBRAIC FAULT ANALYSIS OF SHA-3
Speaker:
Pei Luo, Northeastern University, US
Authors:
Pei Luo, Konstantinos Athanasiou, Yunsi Fei and Thomas Wahl, Northeastern University, US
Abstract
This paper presents an efficient algebraic fault analysis on all four modes of SHA-3 under relaxed fault models. This is the first work to apply algebraic techniques on fault analysis of SHA-3. Results show that algebraic fault analysis on SHA-3 is very efficient and effective due to the clear algebraic properties of Keccak operations. Comparing with previous work on differential fault analysis of SHA-3, algebraic fault analysis can identify the injected faults with much higher rates, and recover an entire internal state of the penultimate round with much fewer fault injections.
Download Paper (PDF; Only available from the DATE venue WiFi)

15:00

3.3.2

EVALUATING COHERENCE-EXPLOITING HARDWARE TROJAN
Speaker:
Minsu Kim, Korea University, KR
Authors:
Minsu Kim¹, Sunhee Kong¹, Boeui Hong¹, Lei Xu², Weidong Shi² and Taeweon Suh¹
¹Korea University, KR; ²University of Houston, US
Abstract
Increasing complexity of integrated circuits and IP-based hardware designs have created the risk of hardware Trojans. This paper introduces a new type of threat, a coherence-exploiting hardware Trojan. This Trojan can be maliciously implanted in master components in a system, and continuously injects memory transactions onto the main interconnect. The injected traffic forces the eviction of cache lines, taking advantage of cache coherence protocols. This type of Trojans insidiously slows down the system performance, incurring Denial-of-Service (DoS) attack. We used a Xilinx Zynq-7000 device to implement the Trojan and evaluate its severity. Experiments revealed that the system performance can be severely degraded as much as 258% with the Trojan. A countermeasure to annihilate the Trojan attack is proposed in detail. We also found that AXI version 3.0 supports a seemingly irrelevant invalidation protocol through ACP, opening a door for the potential Trojan attack.
Download Paper (PDF; Only available from the DATE venue WiFi)

15:30

3.3.3

HARDWARE TROJAN DETECTION BASED ON CORRELATED PATH DELAYS IN DEFIANCE OF VARIATIONS WITH SPATIAL CORRELATIONS
Speaker:
Fatma Nur Esirci, Gebze Technical University, TR
Authors:
Fatma Nur Esirci and Alp Arslan Bayrakci, Gebze Technical University, TR
Abstract
Hardware Trojan (HT) detection methods based on the side channel analysis deeply suffer from the process variations. In order to suppress the effect of the variations, we devise a method that smartly selects two highly correlated paths for each interconnect (edge) that is suspected to have an HT on it. First path is the shortest one passing through the suspected edge and the second one is a path that is highly correlated with the first one. Delay ratio of these paths avails the detection of the HT inserted circuits. Test results reveal that the method enables the detection of even the minimally invasive Trojans in spite of both inter and intra die variations with the spatial correlations.
Download Paper (PDF; Only available from the DATE venue WiFi)

15:45

3.3.4

MALWARE DETECTION USING MACHINE LEARNING BASED ANALYSIS OF VIRTUAL MEMORY ACCESS PATTERNS
Speaker:
Zhixing Xu, Princeton University, US
Authors:
Zhixing Xu¹, Sayak Ray², Pramod Subramanyan¹ and Sharad Malik¹
¹Princeton University, US; ²Intel corp, US
Abstract
Malicious software, referred as malware, continues to grow in sophistication. Past proposals for malware detection have primarily focused on software-based detectors which are vulnerable to being compromised. Thus, recent work has proposed hardware-assisted malware detection. In this paper, we introduce a new framework for hardware-assisted malware detection based on monitoring and classifying memory access patterns using machine learning. This provides for increased automation and coverage through reducing user input on specific malware signatures. The key insight underlying our work is that malware must change control flow and/or data structures, which leaves fingerprints on program memory accesses. Building on this, we propose an online framework for detecting malware that uses machine learning to classify malicious behavior based on virtual memory access patterns. Novel aspects of the framework include techniques for collecting and summarizing per-function/system-call memory access patterns, and a two-level classification architecture. Our experimental evaluation focuses on two important classes of malware (i) kernel rootkits and (ii) memory corruption attacks on user programs. The framework has a detection rate of 99.0% with less than 5% false positives and outperforms previous proposals for hardware-assisted malware detection.
Download Paper (PDF; Only available from the DATE venue WiFi)

16:00

IP1-12, 838

POWER PROFILING OF MICROCONTROLLER'S INSTRUCTION SET FOR RUNTIME HARDWARE TROJANS DETECTION WITHOUT GOLDEN CIRCUIT MODELS
Speaker:
Falah Awwad, College of Engineering / Department of Electrical Engineering, UAE University, AE
Authors:
Faiq Khalid Lodhi¹, Syed Rafay Hasan², Osman Hasan¹ and Falah Awwad³
¹School of Electrical Engineering and Computer Science National University of Sciences and Technology (NUST), PK; ²Department of Electrical and Computer Engineering, Tennessee Technological University, US; ³College of Engineering, United Arab Emirates University, AE
Abstract
Globalization trends in integrated circuit (IC) design are leading to increased vulnerability of ICs against hardware Trojans (HT). Recently, several side channel parameters based techniques have been developed to detect these hardware Trojans that require golden circuit as a reference model, but due to the widespread usage of IPs, most of the system-on-chip (SoC) do not have a golden reference. Hardware Trojans in intellectual property (IP)-based SoC designs are considered as major concern for future integrated circuits. Most of the state-of-the-art runtime hardware Trojan detection techniques presume that Trojans will lead to anomaly in the SoC integration units. In this paper, we argue that an intelligent intruder may intrude the IP-based SoC without disturbing the normal SoC operation or violating any protocols. To overcome this limitation, we propose a methodology to extract the power profile of the micro-controllers instruction sets, which is in turn used to train a machine learning algorithm. In this technique, the power profile is obtained by extracting the power behavior of the micro-controllers for different assembly language instructions. This trained model is then embedded into the integrated circuits at the SoC integration level, which classifies the power profile during runtime to detect the intrusions. We applied our proposed technique on MC8051 micro-controller in VHDL, obtained the power profile of its instruction set and then applied deep learning, k-NN, decision tree and naive Bayesian based machine learning tools to train the models. The cross validation comparison of these learning algorithm, when applied to MC8051 Trojan benchmarks, shows that we can achieve 87\% to 99\% accuracy. To the best of our knowledge, this is the first work in which the power profile of a microprocessor's instruction set is used in conjunction with machine learning for runtime HT detection.
Download Paper (PDF; Only available from the DATE venue WiFi)

16:00

End of session
Coffee Break in Exhibition Area

On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area.

Tuesday, March 28, 2017