Session Chair: Jiafeng Xie, Villanova University

Thursday, June 30, 2022 | Time: 11:10 - 12:10

Location: Int'l Ballroom C

• 81. HERMES: Hardware-Efficient Speculative Dataflow Architecture for Bonsai Merkle Tree-Based Memory Authentication
  Yu Zou, Mingjie Lin and Amro Awad
  Abstract: Emerging byte-addressable Non-Volatile Memory (NVM) technology, although promising superior memory density and ultra-low energy consumption, poses unique challenges to guaranteeing memory confidentiality, integrity, and crash consistency. As such, extensive research has been conducted to transparently protect memory security through an FPGA implemented middleware that effectively deploys encryption, authentication/integrity verification, and replay attack protection. Bonsai Merkle tree (BMT) has been proven to be highly effective in guaranteeing memory integrity and protecting against replay attack. However, when used in a strictly persistent trusted execution environment (TEE), BMT-based memory integrity protection severely bottlenecks memory performance because properly maintaining a BMT results in a deep traversal over the hash tree for every counter update. In this paper, we propose HERMES, a hardware-efficient memory integrity engine specifically designed to deliver a crash consistent BMT for NVM, capable of processing multiple outstanding counter requests in flight, which significantly improves both latency and throughput of all BMT operations through leveraging an asynchronous dataflow architecture and speculative execution. HERMES incorporates three architectural innovations: (1) a speculative control logic and a speculative temporary buffer dedicatedly designed and deployed at each level; (2) an optimized hardware component verifying all BMT levels in parallel and an adaptive algorithm adapting to caching status of BMT levels; (3) a formalized message format transferred between BMT levels to accommodate both counter operations within a unified architecture where each level is able to adaptively behave. Experimented with Shuhai memory bandwidth benchmark, HERMES achieved up to 7.9x higher throughput and up to 3.5x shorter latency over the state-of-the-art ARES while consuming 2x resource utilization as a tradeoff.


• 15. Single-Trace Side-Channel Attacks on w-Small Polynomial Sampling with Applications to NTRU, NTRU Prime, and CRYSTALS-Dilithium
  Emre Karabulut, Erdem Alkim and Aydin Aysu
  Abstract: This paper proposes a new single-trace side-channel attack on lattice-based post-quantum protocols. We target the ω-small polynomial sampling of NTRU, NTRU Prime, and CRYSTALS-DILITHIUM algorithm implementations (which are NIST Round-3 finalist and alternative candidates), and we demonstrate the vulnerabilities of their sub-routines to a powerbased side-channel attack. Specifically, we reveal that the sorting implementation in NTRU/NTRU Prime and the shuffling in CRYSTALS-DILITHIUM’s ω-small polynomial sampling process leaks information about the ‘-1’, ‘0’, or ‘+1’ assignments made to the coefficients. We further demonstrate that these assignments can be found within a single power measurement and that revealing them allows secret and session key recovery for NTRU/NTRU Prime, while reducing the challenge polynomial’s entropy for CRYSTALS-DILITHIUM. We execute our proposed attacks on an ARM Cortex-M4 microcontroller running the reference software submissions from NIST Round-3 software packages. The results show that our attacks can extract coefficients with a success rate of 99.78% for NTRU and NTRU Prime, reducing the search space to 2 41 or below. For CRYSTALS-DILITHIUM, our attack recovers the coefficients’ signs with over 99.99% success, reducing rejected challenge polynomials’ entropy between 39 to 60 bits. Our work informs the proposers about the single-trace vulnerabilities of their software and urges them to develop single trace resilient software for low-cost microcontrollers.


• 75. Lightweight Encryption using Chaffing and Winnowing with All-or-Nothing Transform for Network-on-Chip Architectures
  Hansika Weerasena, Subodha Charles and Prabhat Mishra
  Abstract: Network-on-Chip (NoC) fulfills the communication requirements of modern System-on-Chip (SoC) architectures. Due to the resource-constrained nature of NoC-based SoCs, it is a major challenge to secure onchip communication against eavesdropping attacks using traditional encryption methods. In this paper, we propose a lightweight encryption technique using chaffing and winnowing (C&W) with all-or-nothing transform (AONT) that benefits from the unique NoC traffic characteristics. Our experimental results demonstrate that our proposed encryption technique provides the required security with significantly less area and energy overhead compared to the state-of-the-art approaches.