9.3 Hot Topic Session: Security in Cyber-Physical Systems: Attacks All The Way

Time	Label	Presentation Title Authors
08:30	9.3.1	SECURE CYBER-PHYSICAL SYSTEMS: CURRENT TRENDS, TOOLS AND OPEN RESEARCH PROBLEMS Speaker: Anupam Chattopadhyay, Nanyang Technological University, SG Authors: Anupam Chattopadhyay¹, Alok Prakash¹ and Muhammad Shafique² ¹Nanyang Technological University, SG; ²Vienna University of Technology (TU Wien), AT Download Paper (PDF; Only available from the DATE venue WiFi)
08:45	9.3.2	DON'T FALL INTO A TRAP: PHYSICAL SIDE-CHANNEL ANALYSIS OF CHACHA20-POLY1305 Speaker: Bernhard Jungk, Temasek Laboratories @ Nanyang Technological University, SG Authors: Bernhard Jungk¹ and Shivam Bhasin² ¹Temasek Laboratories @ Nanyang Technological University, SG; ²TL@NTU, SG Abstract The stream cipher ChaCha20 and the MAC function Poly1305 have been published as IETF RFC 7539. Since then, the industry is starting to use it more often. For example, it has been implemented by Google in their Chrome browser for TLS and also support has been added to OpenSSL, as well as OpenSSH. It is often claimed, that the algorithms are designed to be resistant to side-channel attacks. However, this is only true, if the only observable side-channel is the timing behavior. In this paper, we show that ChaCha20 is susceptible to power and EM side-channel analysis, which also translates to an attack on Poly1305, if used together with ChaCha20 for key generation. As a first countermeasure, we analyze the effectiveness of randomly shuffling the operations of the ChaCha round function. Download Paper (PDF; Only available from the DATE venue WiFi)
09:00	9.3.3	THE ROWHAMMER PROBLEM AND OTHER ISSUES WE MAY FACE AS MEMORY BECOMES DENSER Speaker and Author: Onur Mutlu, ETH Zurich, CH Abstract As memory scales down to smaller technology nodes, new failure mechanisms emerge that threaten its correct operation. If such failure mechanisms are not anticipated and corrected, they can not only degrade system reliability and availability but also, perhaps even more importantly, open up security vulnerabilities: a malicious attacker can exploit the exposed failure mechanism to take over the entire system. As such, new failure mechanisms in memory can become practical and significant threats to system security. In this work, we discuss the RowHammer problem in DRAM, which is a prime (and perhaps the first) example of how a circuit-level failure mechanism in DRAM can cause a practical and widespread system security vulnerability. RowHammer, as it is popularly referred to, is the phenomenon that repeatedly accessing a row in a modern DRAM chip causes bit flips in physically-adjacent rows at consistently predictable bit locations. It is caused by a hardware failure mechanism called DRAM disturbance errors, which is a manifestation of circuit-level cell-to-cell interference in a scaled memory technology. Researchers from Google Project Zero recently demonstrated that this hardware failure mechanism can be effectively exploited by user-level programs to gain kernel privileges on real systems. Several other recent works demonstrated other practical attacks exploiting RowHammer. These include remote takeover of a server vulnerable to RowHammer, takeover of a victim virtual machine by another virtual machine running on the same system, and takeover of a mobile device by a malicious user-level application that requires no permissions. We analyze the root causes of the RowHammer problem and examine various solutions. We also discuss what other vulnerabilities may be lurking in DRAM and other types of memories, e.g., NAND flash memory or Phase Change Memory, that can potentially threaten the foundations of secure systems, as the memory technologies scale to higher densities. We conclude by describing and advocating a principled approach to memory reliability and security research that can enable us to better anticipate and prevent such vulnerabilities. Download Paper (PDF; Only available from the DATE venue WiFi)
09:15	9.3.4	COMPROMISING FPGA SOCS USING MALICIOUS HARDWARE BLOCKS Speaker: Nisha Jacob, Fraunhofer AISEC, DE Authors: Nisha Jacob¹, Carsten Rolfes¹, Andreas Zankl¹, Johann Heyszl¹ and Georg Sigl² ¹Fraunhofer Institute for Applied and Integrated Security (AISEC), DE; ²Technische Universität München, DE Abstract Modern FPGA System-on-Chips (SoCs) combine high performance application processors with reconfigurable hardware. This allows to enhance complex software systems with reconfigurable hardware accelerators. Unfortunately, even when state-of-the-art software security mechanisms are implemented, this combination creates new security threats. Attacks on the software are now possible through the reconfigurable hardware as these cores share resources with the processor and may contain unwanted functionality. In this paper, we discuss software protection mechanisms offered in conventional SoCs and how they can be circumvented by malicious hardware blocks. As a concrete example, we show how the malicious functionality within an IP core accesses and replaces critical memory sections. We refer to this type of attacks as hardware-assisted attacks against running software systems. We carry-out a proof-of-concept on the Xilinx Zynq device which runs a Linux OS and a software application that verifies system updates. The malicious IP core replaces the public key used to verify system updates, thus, allowing an attacker to maliciously update the FPGA SoC. Additionally, we propose a countermeasure that can be applied against such threats in the form of a security wrapper for hardware modules. Download Paper (PDF; Only available from the DATE venue WiFi)
09:30	9.3.5	INSPIRING TRUST IN OUTSOURCED INTEGRATED CIRCUIT FABRICATION Speaker and Author: Siddharth Garg, New York University, US Abstract The fabrication of integrated circuits (ICs) is typically outsourced to an external semiconductor foundry to reduce cost. However, this can come at the expense of trust. How can a designer ensure the integrity of the ICs fabricated by an external foundry? The talk will discuss a new approach for inspiring trust in outsourced IC fabrication by complementing the untrusted (outsourced) with an IC fabricated at a low-end but trusted foundry. This approach is referred to as split fabrication. We present two different ways in which split fabrication can be used to enhance security: logic obfuscation and verifiable ASICs. Download Paper (PDF; Only available from the DATE venue WiFi)
09:45	9.3.6	ANALYZING SECURITY BREACHES OF COUNTERMEASURES THROUGHOUT THE REFINEMENT PROCESS IN HARDWARE DESIGN FLOW Speaker: Jean-Luc Danger, Secure-IC, FR Authors: Sylvain Guilley, Jean-Luc Danger, Philippe Nguyen, Robert Nguyen and Youssef Souissi, Secure-IC S.A.S., FR Abstract Side-channel and fault injection attacks are two threats on devices carrying sensitive information. Protections are thus implemented at design time. However, CAD (Computer Aided Design) tools can compromise them, in ways we detail pedagogically in this paper. Then, we explain how a simulation-based methodology allows to check for non-regression, and find problems in case some are introduced while refining the design description from RTL (Register Transfer Level) source code to GDS (Graphic Display System) stream format. Download Paper (PDF; Only available from the DATE venue WiFi)
10:00		End of session Coffee Break in Exhibition Area On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area. Tuesday, March 28, 2017 Coffee Break 10:30 - 11:30 Coffee Break 16:00 - 17:00 Wednesday, March 29, 2017 Coffee Break 10:00 - 11:00 Coffee Break 16:00 - 17:00 Thursday, March 30, 2017 Coffee Break 10:00 - 11:00 Coffee Break 15:30 - 16:00

Time

Label

Presentation Title
Authors

08:30

9.3.1

SECURE CYBER-PHYSICAL SYSTEMS: CURRENT TRENDS, TOOLS AND OPEN RESEARCH PROBLEMS
Speaker:
Anupam Chattopadhyay, Nanyang Technological University, SG
Authors:
Anupam Chattopadhyay¹, Alok Prakash¹ and Muhammad Shafique²
¹Nanyang Technological University, SG; ²Vienna University of Technology (TU Wien), AT

Download Paper (PDF; Only available from the DATE venue WiFi)

08:45

9.3.2

DON'T FALL INTO A TRAP: PHYSICAL SIDE-CHANNEL ANALYSIS OF CHACHA20-POLY1305
Speaker:
Bernhard Jungk, Temasek Laboratories @ Nanyang Technological University, SG
Authors:
Bernhard Jungk¹ and Shivam Bhasin²
¹Temasek Laboratories @ Nanyang Technological University, SG; ²TL@NTU, SG
Abstract
The stream cipher ChaCha20 and the MAC function Poly1305 have been published as IETF RFC 7539. Since then, the industry is starting to use it more often. For example, it has been implemented by Google in their Chrome browser for TLS and also support has been added to OpenSSL, as well as OpenSSH. It is often claimed, that the algorithms are designed to be resistant to side-channel attacks. However, this is only true, if the only observable side-channel is the timing behavior. In this paper, we show that ChaCha20 is susceptible to power and EM side-channel analysis, which also translates to an attack on Poly1305, if used together with ChaCha20 for key generation. As a first countermeasure, we analyze the effectiveness of randomly shuffling the operations of the ChaCha round function.
Download Paper (PDF; Only available from the DATE venue WiFi)

09:00

9.3.3

THE ROWHAMMER PROBLEM AND OTHER ISSUES WE MAY FACE AS MEMORY BECOMES DENSER
Speaker and Author:
Onur Mutlu, ETH Zurich, CH
Abstract
As memory scales down to smaller technology nodes, new failure mechanisms emerge that threaten its correct operation. If such failure mechanisms are not anticipated and corrected, they can not only degrade system reliability and availability but also, perhaps even more importantly, open up security vulnerabilities: a malicious attacker can exploit the exposed failure mechanism to take over the entire system. As such, new failure mechanisms in memory can become practical and significant threats to system security. In this work, we discuss the RowHammer problem in DRAM, which is a prime (and perhaps the first) example of how a circuit-level failure mechanism in DRAM can cause a practical and widespread system security vulnerability. RowHammer, as it is popularly referred to, is the phenomenon that repeatedly accessing a row in a modern DRAM chip causes bit flips in physically-adjacent rows at consistently predictable bit locations. It is caused by a hardware failure mechanism called DRAM disturbance errors, which is a manifestation of circuit-level cell-to-cell interference in a scaled memory technology. Researchers from Google Project Zero recently demonstrated that this hardware failure mechanism can be effectively exploited by user-level programs to gain kernel privileges on real systems. Several other recent works demonstrated other practical attacks exploiting RowHammer. These include remote takeover of a server vulnerable to RowHammer, takeover of a victim virtual machine by another virtual machine running on the same system, and takeover of a mobile device by a malicious user-level application that requires no permissions. We analyze the root causes of the RowHammer problem and examine various solutions. We also discuss what other vulnerabilities may be lurking in DRAM and other types of memories, e.g., NAND flash memory or Phase Change Memory, that can potentially threaten the foundations of secure systems, as the memory technologies scale to higher densities. We conclude by describing and advocating a principled approach to memory reliability and security research that can enable us to better anticipate and prevent such vulnerabilities.
Download Paper (PDF; Only available from the DATE venue WiFi)

09:15

9.3.4

COMPROMISING FPGA SOCS USING MALICIOUS HARDWARE BLOCKS
Speaker:
Nisha Jacob, Fraunhofer AISEC, DE
Authors:
Nisha Jacob¹, Carsten Rolfes¹, Andreas Zankl¹, Johann Heyszl¹ and Georg Sigl²
¹Fraunhofer Institute for Applied and Integrated Security (AISEC), DE; ²Technische Universität München, DE
Abstract
Modern FPGA System-on-Chips (SoCs) combine high performance application processors with reconfigurable hardware. This allows to enhance complex software systems with reconfigurable hardware accelerators. Unfortunately, even when state-of-the-art software security mechanisms are implemented, this combination creates new security threats. Attacks on the software are now possible through the reconfigurable hardware as these cores share resources with the processor and may contain unwanted functionality. In this paper, we discuss software protection mechanisms offered in conventional SoCs and how they can be circumvented by malicious hardware blocks. As a concrete example, we show how the malicious functionality within an IP core accesses and replaces critical memory sections. We refer to this type of attacks as hardware-assisted attacks against running software systems. We carry-out a proof-of-concept on the Xilinx Zynq device which runs a Linux OS and a software application that verifies system updates. The malicious IP core replaces the public key used to verify system updates, thus, allowing an attacker to maliciously update the FPGA SoC. Additionally, we propose a countermeasure that can be applied against such threats in the form of a security wrapper for hardware modules.
Download Paper (PDF; Only available from the DATE venue WiFi)

09:30

9.3.5

INSPIRING TRUST IN OUTSOURCED INTEGRATED CIRCUIT FABRICATION
Speaker and Author:
Siddharth Garg, New York University, US
Abstract
The fabrication of integrated circuits (ICs) is typically outsourced to an external semiconductor foundry to reduce cost. However, this can come at the expense of trust. How can a designer ensure the integrity of the ICs fabricated by an external foundry? The talk will discuss a new approach for inspiring trust in outsourced IC fabrication by complementing the untrusted (outsourced) with an IC fabricated at a low-end but trusted foundry. This approach is referred to as split fabrication. We present two different ways in which split fabrication can be used to enhance security: logic obfuscation and verifiable ASICs.
Download Paper (PDF; Only available from the DATE venue WiFi)

09:45

9.3.6

ANALYZING SECURITY BREACHES OF COUNTERMEASURES THROUGHOUT THE REFINEMENT PROCESS IN HARDWARE DESIGN FLOW
Speaker:
Jean-Luc Danger, Secure-IC, FR
Authors:
Sylvain Guilley, Jean-Luc Danger, Philippe Nguyen, Robert Nguyen and Youssef Souissi, Secure-IC S.A.S., FR
Abstract
Side-channel and fault injection attacks are two threats on devices carrying sensitive information. Protections are thus implemented at design time. However, CAD (Computer Aided Design) tools can compromise them, in ways we detail pedagogically in this paper. Then, we explain how a simulation-based methodology allows to check for non-regression, and find problems in case some are introduced while refining the design description from RTL (Register Transfer Level) source code to GDS (Graphic Display System) stream format.
Download Paper (PDF; Only available from the DATE venue WiFi)

10:00

End of session
Coffee Break in Exhibition Area

On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area.

Tuesday, March 28, 2017