|TUTORIAL 1 and TUTORIAL 2
Tutorial Chair: Sheng Wei, Rutgers University
T1. Physical Inspection for Hardware Assurance
Navid Asadi(bio) -University of Florida.
Abstract: In this tutorial we will focus on the physical inspections, physical attacks, reverse engineering, counterfeit detection, etc. of electronics from the device to system level using advanced microscopy, failure analysis (FA) techniques combined with image analysis and machine learning. We first introduce the advanced techniques for physical inspection and failure analysis on electronic systems and components. More than five different modules will be discussed here to cover different aspects of the topic. The most recent techniques for physical inspection and attacks are based on the tools and methodologies developed for FA in electronics. FA tools are primarily developed to detect a defect during or after fabrication process, but they have good enough resolution to detect Trojans, extract secret keys, or reverse engineer IC if used maliciously. Such tools include different imaging modalities such as optical microscope, scanning electron microscope (SEM), focused ion beam (FIB), photon emission microscope (PEM), X-ray microscopy (XRM), etc. and probe stations. It is worth mentioning that these attacks require a very sophisticated sample preparation process to expose a targeted area for reverse engineering or other measurements. In this tutorial, the attendees will learn the basics of how such advanced microscopes are working and how they are used for physical inspection approaches including: reverse engineering, counterfeit detection, invasive and semi-invasive attacks, on electronics from device to system level.
T2. Protecting Confidentiality and Integrity of Deep Neural Networks against Side-Channel and Fault Attacks
Prof. Yunsi Fei (bio) - Northeastern University.
Prof. Thomas Wahl (bio) - Northeastern University.
Prof. Xue Lin (bio) - Northeastern University.
Abstract: Deep learning (DL) has become a foundational means for solving diverse problems ranging from computer vision, natural language processing, and digital surveillance, to finance and healthcare. Security of the deep neural network (DNN) inference engines and trained DNN models on various platforms has become one of the biggest challenges in deploying artificial intelligence. Confidentiality breaches of the DNN model can facilitate manipulations of the DNN inference, resulting in potentially devastating consequences. This tutorial session addresses those security challenges in DNN implementations to promote broader applications of DNNs in security-critical scenarios by ensuring secure execution of DNN inference engines against side-channel and fault injection attacks.
The tutorial starts with a thorough investigation on an adversary’s capability to reverse engineer a DNN model implemented on mainstream platforms, including CPU, GPU, FPGA, and ASIC, via passive side channels. Next, we discuss the feasibility of active fault injection attacks, i.e., how to effectively and efficiently disrupt the execution of DNN inference engines. Finally, protection, detection, and hardening mechanisms are proposed for secure execution of DNN inference engines. This tutorial may deepen the understanding of inherent information leakage and fault tolerance of DNN models. The unprecedented rise of DL technology in diverse application domains has rendered secure execution, primarily confidentiality and integrity, a top priority. This tutorial introduces the state-of-the-art on DL implementations, computer architecture and heterogeneous systems, hardware security, and formal methods/verification.
|TUTORIAL 3 and TUTORIAL 4
Tutorial Chair: Sheng Wei, Rutgers University
T3. Electromagnetic and Machine Learning Side-Channel Attacks and Low-overhead Generic Countermeasures
Prof. Shreyas Sen (bio) - Purdue University.
Prof. Arijit Raychowdhury (bio) - Georgia Institute of Technology.
Abstract: Computationally secure Cryptographic algorithms, when implemented on physical hardware leak correlated physical signatures (e.g. power supply current, electromagnetic radiation, acoustic, thermal) which could be utilized to break the crypto engine in linear time. While the existence of such side-channel attacks has been known for decades, the impact of them have been increasing with the proliferation of billions of IoT edge-devices with resource constraints. Recently, it was shown that the AES-256 key could be broken non-invasively in just 5 minutes from a 1-meter distance using EM side-channels. The complexity of breaking AES-256 reduced from ~2256 to ~213 when side-channels are utilized. An attacker does not need to know specific implementation details of the cryptographic device to perform these attacks and extract keys. Going from AES128 to AES 256 only improves protection by 2x when side-channel attacks are employed, making physical side-channel attacks a significant threat.
Existing countermeasures (e.g. algorithmic, masking, power balancing, shielding) generally suffer from high overheads, sometimes performance degradations and often is algorithm specific. Generic low-overhead countermeasures require white-box modeling of the physical emissions and low-level countermeasures. Current statistical techniques for power and EM side-channel attacks during secure computation require multiple traces to be collected; and for low SNR, requires thousands of cycles. Recent advances in Deep Learning based power/EM Side-Channel Analysis (DL-SCA) allows an attack with a single or a few encryptions. Thus DL-SCA increases the attack surface massively, as an attacker who has access to a device for minutes can now attack; instead of hours of possession that were required with previous attacks like CPA. Recent work has shown how training on multiple devices can be used to generalize a DL-SCA machine learning (ML) model and can be used to carry out attack on a new and similar device in a very few encryptions. This puts a huge dent to the security of embedded devices.
In this tutorial, we will cover the following (a) Threats and impacts of physical side-channels (b) In-depth analysis of power side-channel and low-overhead generic power-side channel countermeasure through attenuated signature noise injection (ASNI) using in-line current domain signature attenuation (c) White-box modeling of EM leakage from cryptographic ICs starting from Maxwell’s equations and accelerating electrons and analysis of the impact of metal layers on EM information leakage (d) Generic low-overhead EM side-channel countermeasures (e) Intelligent EM sniffing using automated algorithmic automated detection of highest leakage-point (f) Machine-Leaning Side-channel attack and techniques for cross-device DL-SCA and (g) countermeasures for ML-SCA (h) a summary of open problems and future research directions for side-channel attacks and defenses.
T4. CAD for Security
Prof. Mark Tehranipoor (bio) - University of Florida.
Prof. Farimah Farahmandi (bio) - University of Florida.
Abstract: The growing complexity of system-on-chips (SoCs) and the ever-increasing cost of IC fabrication have forced the semiconductor industry to shift from a vertical business model to a horizontal model. In this model, time-to-market and manufacturing costs are lowered through outsourcing and design reuse. To be more specific, SoC designers obtain licenses for third party intellectual property (3PIPs) and integrate them with their in-house IPs to design a specific SoC. To further reduce the cost, they may also outsource the SoC design to contract design houses, foundries, and assemblies for synthesis, DFT insertion, GDSII development, fabrication, test, and packaging. With most of these entities involved in design, manufacturing, integration, and distribution located across the globe, SOC design houses no longer have the ability to monitor the entire process and ensure security and trust.
Moreover, designers are not knowledgeable about all vulnerabilities in the design, and the countermeasures to address them. Unfortunately, existing tools do not help with the alleviating the magnitude of the problem. The tools are developed to optimize designs against power, performance, and area, while security is completely ignored. In fact, in some cases, tools and designers unintentionally create vulnerability in a circuit through security-unaware design processes/practices. These issues and the lack of trust and control have led to a large number of vulnerabilities. Hence, it is imperative to develop computer-aided design (CAD) tools with security in mind to identify and address vulnerabilities through design life-cycle.
To protect the SoC from such vulnerabilities, academic and industry researchers have proposed many design-for-security and security assessment/validation techniques, e.g., information flow tracking, side-channel leakage analysis, IP encryption, logic obfuscation, design-for-anti-counterfeit, etc. These techniques can be applied to detect vulnerabilities in ASIC and FPGA design flows. Some of these techniques are currently being evaluated by industry and are expected to be adopted in the near future. However, recent literature has pointed out to some of the limitations of these approaches. Therefore, it is crucial to have an in-depth understanding of the security provided by different techniques and understand their limitations.
The goal of this tutorial is to present (i) the threat posed by each entity in the SoC supply chain, (ii) vulnerabilities introduced during various stages of design life-cycle, (iii) CAD tools and methodologies for security assessment, (iv) Countermeasure tools and methodologies for addressing each vulnerability, and (vi) challenges and research roadmap ahead.
|TUTORIAL 5 and TUTORIAL 6
Tutorial Chair: Sheng Wei, Rutgers University
T5. Property Driven Hardware Security
Prof. Ryan Kastner (bio) - University of California, San Diego.
Dr. Nicole Fern (bio) - Tortuga Logic.
Abstract: There are a large and growing number of hardware specific security vulnerabilities. Meltdown, Spectre, Foreshadow, TLBleed, and countless other attacks expose architectural flaws with implications on the security of computing devices ranging from cloud services to embedded devices. With the dramatic increase in hardware security flaws reported, it is clear that we have reached a time where hardware has become an attractive attack surface that can be exploited with potentially large consequences. To mitigate these attacks we must make security a first class citizen in the hardware design process.
Property driven hardware security is a design methodology to assess the safety and security of hardware designs. It enables security experts to describe how the hardware should (or should not) function. These security properties are formally specified using languages that map to models that are easy to verify using existing design tools. There are three fundamental elements for any hardware security design flow. First, security experts need expressive languages to specify these security properties. Second, these properties should map to models to describe the security related behavior of a hardware design. Finally, hardware security design tools verify that the hardware design meets these properties using formal solvers, simulation, and emulation.
This tutorial looks at the elements of a property driven hardware security design methodology. A property driven hardware security design methodology starts with expressive security models that enable one to specify safety and security properties related to confidentiality, integrity, availability, separation, isolation, side channels, real-time operation, and Trojans. These models provide a formal way to specify the desired security of the hardware. Hardware security verification tools evaluate that the hardware design meets these security properties. These tools help the hardware designer find the source of security flaws and provide an assessment of their potential risks. Information flow and statistical models provide the necessary expressive power for specifying these properties, while also leveraging existing hardware verification tools for formal analysis, simulation, and emulation.
T6. Security Issues in AI and Their Impacts on Hardware Security
Prof. Gang Qu (bio) - University of Maryland, College Park.
Dr. Rosario Cammarota (bio) - Intel AI Research.
Dr. Pin-Yu Chen (bio) - IBM Research Trusted AI Group.
Dr. Lin Yuan (bio) - Amazon AI.
Abstract: Hardware security and trust has gained a lot of attention in the past two decades and many related topics have gained attention from both government and industry. These include hardware Trojan, physical unclonable function, intellectual property (IP) protection, trusted IC and EDA tools as well as supply chain in general. Recently, artificial intelligence (AL) and machine learning (ML) has been growing at a pace that we have never seen before and now it has made its impact on literally everywhere from our daily life to homeland security. This tutorial will address two key problems: (1) what are the major security (or robustness) challenges facing the AI/ML community? (2) how AI/ML affect the development of hardware security and trust? More specifically, we will focus on trust in AI/ML, IP protection in AI.ML adversarial robustness in deep learning, preservation of user privacy in inference models, the best AI/ML practices in industry, and the challenges and opportunities for hardware security in the ear of AI/ML.