6.2 Memory Security

Time	Label	Presentation Title Authors
11:00	6.2.1	DYNAMIC SKEWED TREE FOR FAST MEMORY INTEGRITY VERIFICATION Speaker: Saru Vig, Nanyang Technological University, SG Authors: Saru Vig, Jiang Guiyuan and Lam Siew Kei, Nanyang Technological University, SG Abstract Memory authentication techniques often employ an integrity tree as a countermeasure against replay, spoofing and splicing attacks. However, the balanced memory integrity trees used in existing approaches lead to excessive memory access overheads for runtime verification. In this paper, we propose a framework to dynamically construct a customized integrity tree based on the data access patterns to reduce the overhead of runtime verification. The proposed framework can adapt the memory integrity tree structure at runtime such that the nodes that correspond to frequently accessed data are placed closer to the root. We have validated the effectiveness of our approach on the Altera NIOS II processor with an external DRAM. Experimental results based on applications from widely used CHStone and SNU Real-Time benchmarks demonstrate that the proposed approach can lead to an average performance gain of 30% compared to the conventional means of using balanced memory integrity trees. In addition, to preserve data confidentiality, we implemented the encryption/decryption operations using custom instructions on the NIOS II processor to notably reduce the overall overhead of memory security. Download Paper (PDF; Only available from the DATE venue WiFi)
11:30	6.2.2	EARTHQUAKE - A NOC-BASED OPTIMIZED DIFFERENTIAL CACHE-COLLISION ATTACK FOR MPSOCS Speaker: Cezar Rodolfo W. Reinbrecht, UFRGS, BR Authors: Cezar Rodolfo Wedig Reinbrecht¹, Bruno Endres Forlin¹, Andreas Zankl² and Johanna Sepulveda³ ¹UFRGS, BR; ²Fraunhofer Institute for Applied and Integrated Security, DE; ³Technical University of Munich, DE Abstract Multi-Processor Systems-on-Chips (MPSoCs) are a platform for a wide variety of applications and use-cases. The high on-chip connectivity, the programming flexibility, and the reuse of IPs, however, also introduce security concerns. Problems arise when applications with different trust and protection levels share resources of the MPSoC, such as processing units, cache memories, and the Network-on-Chip (NoC) communication structure. If a program gets compromised, an adversary can observe the use of these resources and infer (potentially secret) information from other applications. In this work, we explore the cache-based attack by Bogdanov et al., which infers the cache activity of a target program through timing measurements and exploits collisions that occur when the same cache location is accessed for different program inputs. We implement this differential cache-collision attack on the MPSoC Glass and introduce an optimized variant of it, the Earthquake Attack, which leverages the NoC-based communication to increase attack efficiency. Our results show that Earthquake performs well under different cache line and MPSoC configurations, illustrating that cache-collision attacks are considerable threats on MPSoCs. Download Paper (PDF; Only available from the DATE venue WiFi)
12:00	6.2.3	(Best Paper Award Candidate) A FAST AND RESOURCE EFFICIENT FPGA IMPLEMENTATION OF SECRET SHARING FOR STORAGE APPLICATIONS Speaker: Jakob Stangl, Austrian Institute of Technology (AIT), AT Authors: Jakob Stangl¹, Thomas Lorünser² and Sai Dinakarrao¹ ¹TU Wien, AT; ²Austrian Institute of Technology, AT Abstract Outsourcing data into the cloud gives wide benefits and opportunities to customers. Beside these advantages, new challenges such as confidentiality and accessibility have to be addressed. One approach to overcome these challenges is by applying secret sharing in a distributed storage setting, known as cloud of clouds approach. For this purpose we present a new hardware architecture of a wide parametrizable secret sharing core. Performance metrics for various applied bit-widths of secret words are given, which are crucial for benefits of higher level protocols in the cloud of clouds approach. Additionally, a complete system which is able to operate in a network environment is presented. The achieved throughputs are in the order of Gbit/s. It is significantly faster than similar comparable hardware architectures and orders of magnitude higher than software implementations. Download Paper (PDF; Only available from the DATE venue WiFi)
12:30	IP2-15, 958	AIM: FAST AND ENERGY-EFFICIENT AES IN-MEMORY IMPLEMENTATION FOR EMERGING NON-VOLATILE MAIN MEMORY Speaker: Jingtong Hu, University of Pittsburgh, US Authors: Mimi Xie¹, Shuangchen Li², Alvin Glova², Jingtong Hu¹, Yuangang Wang³ and Yuan Xie² ¹University of Pittsburgh, US; ²University of California, Santa Barbara, US; ³Huawei Technologies, China, CN Abstract Non-volatile main memory-based systems pose an opportunity for an attacker to readily access sensitive information on the memory because of its long retention time. While real-time memory encryption with dedicated AES engine can address this vulnerability, it incurs extra performance and energy overheads. As an alternative, we propose an AES in-memory implementation, AIM, to encrypt the whole/part of the memory only when it is necessary. We leverage the benefits offered by the in-memory computing architecture to address the challenges of the bandwidth intensive encryption application. We take advantage of NVM's intrinsic logic operation capability to implement the AES task. Embracing the massive parallelism inside the memory, AIM outperforms existing mechanisms with higher throughput yet lower energy consumption. Compared with state-of-the-art AES engine running at 2.1GHz, AIM can speed up the encryption process by 80 times for a 1GB NVM. Download Paper (PDF; Only available from the DATE venue WiFi)
12:31	IP2-16, 748	SAT-BASED BIT-FLIPPING ATTACK ON LOGIC ENCRYPTIONS Speaker: Hai Zhou, Northwestern University, US Authors: Yuanqi Shen, Amin Rezaei and Hai Zhou, Northwestern University, US Abstract Logic encryption is a hardware security technique that uses extra key inputs to prevent unauthorized use of a circuit. With the discovery of the SAT-based attack, new encryption techniques such as SARLock and Anti-SAT are proposed, and further combined with traditional logic encryption techniques, to guarantee both high error rates and resilience to the SAT-based attack. In this paper, the SAT-based bit-flipping attack is presented. It first separates the two groups of keys via SAT-based bit-flippings, and then attacks the traditional encryption and the SAT-resilient encryption, by conventional SAT-based attack and by-passing attack, respectively. The experimental results show that the bit-flipping attack successfully returns a circuit with the correct functionality and significantly reduces the execution time compared with other advanced attacks. Download Paper (PDF; Only available from the DATE venue WiFi)
12:30		End of session Lunch Break in Großer Saal and Saal 1 Coffee Breaks in the Exhibition Area On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area (Terrace Level of the ICCD). Lunch Breaks (Großer Saal + Saal 1) On all conference days (Tuesday to Thursday), a seated lunch (lunch buffet) will be offered in the rooms "Großer Saal" and "Saal 1" (Saal Level of the ICCD) to fully registered conference delegates only. There will be badge control at the entrance to the lunch break area. Tuesday, March 20, 2018 Coffee Break 10:30 - 11:30 Lunch Break 13:00 - 14:30 Awards Presentation and Keynote Lecture in "Saal 2" 13:50 - 14:20 Coffee Break 16:00 - 17:00 Wednesday, March 21, 2018 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:30 Awards Presentation and Keynote Lecture in "Saal 2" 13:30 - 14:20 Coffee Break 16:00 - 17:00 Thursday, March 22, 2018 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:00 Keynote Lecture in "Saal 2" 13:20 - 13:50 Coffee Break 15:30 - 16:00

Time

Label

Presentation Title
Authors

11:00

6.2.1

DYNAMIC SKEWED TREE FOR FAST MEMORY INTEGRITY VERIFICATION
Speaker:
Saru Vig, Nanyang Technological University, SG
Authors:
Saru Vig, Jiang Guiyuan and Lam Siew Kei, Nanyang Technological University, SG
Abstract
Memory authentication techniques often employ an integrity tree as a countermeasure against replay, spoofing and splicing attacks. However, the balanced memory integrity trees used in existing approaches lead to excessive memory access overheads for runtime verification. In this paper, we propose a framework to dynamically construct a customized integrity tree based on the data access patterns to reduce the overhead of runtime verification. The proposed framework can adapt the memory integrity tree structure at runtime such that the nodes that correspond to frequently accessed data are placed closer to the root. We have validated the effectiveness of our approach on the Altera NIOS II processor with an external DRAM. Experimental results based on applications from widely used CHStone and SNU Real-Time benchmarks demonstrate that the proposed approach can lead to an average performance gain of 30% compared to the conventional means of using balanced memory integrity trees. In addition, to preserve data confidentiality, we implemented the encryption/decryption operations using custom instructions on the NIOS II processor to notably reduce the overall overhead of memory security.
Download Paper (PDF; Only available from the DATE venue WiFi)

11:30

6.2.2

EARTHQUAKE - A NOC-BASED OPTIMIZED DIFFERENTIAL CACHE-COLLISION ATTACK FOR MPSOCS
Speaker:
Cezar Rodolfo W. Reinbrecht, UFRGS, BR
Authors:
Cezar Rodolfo Wedig Reinbrecht¹, Bruno Endres Forlin¹, Andreas Zankl² and Johanna Sepulveda³
¹UFRGS, BR; ²Fraunhofer Institute for Applied and Integrated Security, DE; ³Technical University of Munich, DE
Abstract
Multi-Processor Systems-on-Chips (MPSoCs) are a platform for a wide variety of applications and use-cases. The high on-chip connectivity, the programming flexibility, and the reuse of IPs, however, also introduce security concerns. Problems arise when applications with different trust and protection levels share resources of the MPSoC, such as processing units, cache memories, and the Network-on-Chip (NoC) communication structure. If a program gets compromised, an adversary can observe the use of these resources and infer (potentially secret) information from other applications. In this work, we explore the cache-based attack by Bogdanov et al., which infers the cache activity of a target program through timing measurements and exploits collisions that occur when the same cache location is accessed for different program inputs. We implement this differential cache-collision attack on the MPSoC Glass and introduce an optimized variant of it, the Earthquake Attack, which leverages the NoC-based communication to increase attack efficiency. Our results show that Earthquake performs well under different cache line and MPSoC configurations, illustrating that cache-collision attacks are considerable threats on MPSoCs.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:00

6.2.3

(Best Paper Award Candidate)
A FAST AND RESOURCE EFFICIENT FPGA IMPLEMENTATION OF SECRET SHARING FOR STORAGE APPLICATIONS
Speaker:
Jakob Stangl, Austrian Institute of Technology (AIT), AT
Authors:
Jakob Stangl¹, Thomas Lorünser² and Sai Dinakarrao¹
¹TU Wien, AT; ²Austrian Institute of Technology, AT
Abstract
Outsourcing data into the cloud gives wide benefits and opportunities to customers. Beside these advantages, new challenges such as confidentiality and accessibility have to be addressed. One approach to overcome these challenges is by applying secret sharing in a distributed storage setting, known as cloud of clouds approach. For this purpose we present a new hardware architecture of a wide parametrizable secret sharing core. Performance metrics for various applied bit-widths of secret words are given, which are crucial for benefits of higher level protocols in the cloud of clouds approach. Additionally, a complete system which is able to operate in a network environment is presented. The achieved throughputs are in the order of Gbit/s. It is significantly faster than similar comparable hardware architectures and orders of magnitude higher than software implementations.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:30

IP2-15, 958

AIM: FAST AND ENERGY-EFFICIENT AES IN-MEMORY IMPLEMENTATION FOR EMERGING NON-VOLATILE MAIN MEMORY
Speaker:
Jingtong Hu, University of Pittsburgh, US
Authors:
Mimi Xie¹, Shuangchen Li², Alvin Glova², Jingtong Hu¹, Yuangang Wang³ and Yuan Xie²
¹University of Pittsburgh, US; ²University of California, Santa Barbara, US; ³Huawei Technologies, China, CN
Abstract
Non-volatile main memory-based systems pose an opportunity for an attacker to readily access sensitive information on the memory because of its long retention time. While real-time memory encryption with dedicated AES engine can address this vulnerability, it incurs extra performance and energy overheads. As an alternative, we propose an AES in-memory implementation, AIM, to encrypt the whole/part of the memory only when it is necessary. We leverage the benefits offered by the in-memory computing architecture to address the challenges of the bandwidth intensive encryption application. We take advantage of NVM's intrinsic logic operation capability to implement the AES task. Embracing the massive parallelism inside the memory, AIM outperforms existing mechanisms with higher throughput yet lower energy consumption. Compared with state-of-the-art AES engine running at 2.1GHz, AIM can speed up the encryption process by 80 times for a 1GB NVM.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:31

IP2-16, 748

SAT-BASED BIT-FLIPPING ATTACK ON LOGIC ENCRYPTIONS
Speaker:
Hai Zhou, Northwestern University, US
Authors:
Yuanqi Shen, Amin Rezaei and Hai Zhou, Northwestern University, US
Abstract
Logic encryption is a hardware security technique that uses extra key inputs to prevent unauthorized use of a circuit. With the discovery of the SAT-based attack, new encryption techniques such as SARLock and Anti-SAT are proposed, and further combined with traditional logic encryption techniques, to guarantee both high error rates and resilience to the SAT-based attack. In this paper, the SAT-based bit-flipping attack is presented. It first separates the two groups of keys via SAT-based bit-flippings, and then attacks the traditional encryption and the SAT-resilient encryption, by conventional SAT-based attack and by-passing attack, respectively. The experimental results show that the bit-flipping attack successfully returns a circuit with the correct functionality and significantly reduces the execution time compared with other advanced attacks.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:30

End of session
Lunch Break in Großer Saal and Saal 1

Coffee Breaks in the Exhibition Area

On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area (Terrace Level of the ICCD).

Lunch Breaks (Großer Saal + Saal 1)

On all conference days (Tuesday to Thursday), a seated lunch (lunch buffet) will be offered in the rooms "Großer Saal" and "Saal 1" (Saal Level of the ICCD) to fully registered conference delegates only. There will be badge control at the entrance to the lunch break area.

Tuesday, March 20, 2018