12.1 SPECIAL DAY Hot Topic: Design Methods for Security and Trust

Time	Label	Presentation Title Authors
16:00	12.1.1	A DESIGN METHOD FOR REMOTE INTEGRITY CHECKING OF COMPLEX PCBS Speaker: Patrick Schaumont, Virginia Tech, US Authors: Aydin Aysu, Shravya Gaddam, Harsha Mandadi, Carol Pinto, Luke Wegryn and Patrick Schaumont, Virginia Tech, US Abstract Modern, complex printed circuit boards contain high-end commercial off-the-shelf components such as high-capacity FPGAs and expensive peripherals. This paper describes a strategy to build a hardware attestation protocol for such a board. The owner or operator of the PCB wants to achieve the assurance that the board installed in the field is physically the same as the one that was originally deployed. Our methodology builds a unique identifier for the PCB by cryptographically linking individual component-level identifiers from the board. The component-level identifiers are implemented using Physical Unclonable Functions (PUF) within the components of the board. We discuss a generic methodology for design and dimensioning of the critical post-processing parameters of the PUF, and we present several strategies to combine multiple PUF into a combined Fusion PUF. We present a prototype of the proposed technique on an FPGA board running uClinux, and we characterize the performance of the proposed protocol on a population of 22 PCBs. Download Paper (PDF; Only available from the DATE venue WiFi)
16:30	12.1.2	QUANTIFYING HARDWARE SECURITY USING JOINT INFORMATION FLOW ANALYSIS Speaker: Ryan Kastner, University of California, San Diego, US Authors: Ryan Kastner, Wei Hu and Alric Althoff, University of California, San Diego, US Abstract Existing hardware design methodologies provide limited methods to detect security flaws or derive a measure on how well a mitigation technique protects the system. Information flow analysis provides a powerful method to test and verify a design against security properties that are typically expressed using the notion of noninterference. While this is useful in many scenarios, it does have drawbacks primarily related to its strict enforcement of limiting all information flows -- even those that could only occur in rare circumstances. Quantitative metrics based upon information theoretic measures provide an approach to loosen such restrictions. Furthermore, they are useful in understanding the effectiveness of security mitigations techniques. In this work, we discuss information flow analysis using noninterference and qualitative metrics. We describe how to use them in a synergistic manner to perform joint information flow analysis. And we use this novel technique to analyze security properties across several different hardware cryptographic cores. Download Paper (PDF; Only available from the DATE venue WiFi)
17:00	12.1.3	INSTRUCTION SET EXTENSIONS FOR SECURE APPLICATIONS Speaker: Francesco Regazzoni, ALaRI, CH Authors: Francesco Regazzoni¹ and Paolo Ienne² ¹ALaRI, CH; ²École Polytechnique Fédérale de Lausanne (EPFL), CH Abstract The main goal of this paper is to expose the community to past achievements and future possible uses of Instruction Set Extension (ISE) in security applications. Processor customization has proven to be an effective way for achieving high performance with limited area and energy overhead for several applications, ranging from signal processing to graphical computation. Concerning cryptographic algorithms, a large body of work exists on speeding up block ciphers and asymmetric cryptography with specific ISEs. These algorithms often mix non-standard operations with regular ones, thus representing an ideal target for being accelerated with dedicated instructions. Tools supporting automatic generations of ISEs demonstrated to be useful for algorithm exploration, while secure instructions can increase the robustness against side channels attacks of software routines. In this paper, we discuss how processor customization and the relative tool chains can be used by designers to address security problems and we highlight possible research directions. Download Paper (PDF; Only available from the DATE venue WiFi)
17:30		End of session

Time

Label

Presentation Title
Authors

16:00

12.1.1

A DESIGN METHOD FOR REMOTE INTEGRITY CHECKING OF COMPLEX PCBS
Speaker:
Patrick Schaumont, Virginia Tech, US
Authors:
Aydin Aysu, Shravya Gaddam, Harsha Mandadi, Carol Pinto, Luke Wegryn and Patrick Schaumont, Virginia Tech, US
Abstract
Modern, complex printed circuit boards contain high-end commercial off-the-shelf components such as high-capacity FPGAs and expensive peripherals. This paper describes a strategy to build a hardware attestation protocol for such a board. The owner or operator of the PCB wants to achieve the assurance that the board installed in the field is physically the same as the one that was originally deployed. Our methodology builds a unique identifier for the PCB by cryptographically linking individual component-level identifiers from the board. The component-level identifiers are implemented using Physical Unclonable Functions (PUF) within the components of the board. We discuss a generic methodology for design and dimensioning of the critical post-processing parameters of the PUF, and we present several strategies to combine multiple PUF into a combined Fusion PUF. We present a prototype of the proposed technique on an FPGA board running uClinux, and we characterize the performance of the proposed protocol on a population of 22 PCBs.
Download Paper (PDF; Only available from the DATE venue WiFi)

16:30

12.1.2

QUANTIFYING HARDWARE SECURITY USING JOINT INFORMATION FLOW ANALYSIS
Speaker:
Ryan Kastner, University of California, San Diego, US
Authors:
Ryan Kastner, Wei Hu and Alric Althoff, University of California, San Diego, US
Abstract
Existing hardware design methodologies provide limited methods to detect security flaws or derive a measure on how well a mitigation technique protects the system. Information flow analysis provides a powerful method to test and verify a design against security properties that are typically expressed using the notion of noninterference. While this is useful in many scenarios, it does have drawbacks primarily related to its strict enforcement of limiting all information flows -- even those that could only occur in rare circumstances. Quantitative metrics based upon information theoretic measures provide an approach to loosen such restrictions. Furthermore, they are useful in understanding the effectiveness of security mitigations techniques. In this work, we discuss information flow analysis using noninterference and qualitative metrics. We describe how to use them in a synergistic manner to perform joint information flow analysis. And we use this novel technique to analyze security properties across several different hardware cryptographic cores.
Download Paper (PDF; Only available from the DATE venue WiFi)

17:00

12.1.3

INSTRUCTION SET EXTENSIONS FOR SECURE APPLICATIONS
Speaker:
Francesco Regazzoni, ALaRI, CH
Authors:
Francesco Regazzoni¹ and Paolo Ienne²
¹ALaRI, CH; ²École Polytechnique Fédérale de Lausanne (EPFL), CH
Abstract
The main goal of this paper is to expose the community to past achievements and future possible uses of Instruction Set Extension (ISE) in security applications. Processor customization has proven to be an effective way for achieving high performance with limited area and energy overhead for several applications, ranging from signal processing to graphical computation. Concerning cryptographic algorithms, a large body of work exists on speeding up block ciphers and asymmetric cryptography with specific ISEs. These algorithms often mix non-standard operations with regular ones, thus representing an ideal target for being accelerated with dedicated instructions. Tools supporting automatic generations of ISEs demonstrated to be useful for algorithm exploration, while secure instructions can increase the robustness against side channels attacks of software routines. In this paper, we discuss how processor customization and the relative tool chains can be used by designers to address security problems and we highlight possible research directions.
Download Paper (PDF; Only available from the DATE venue WiFi)

17:30

End of session

Visit us at DATE 2016