Session Chair: Aydin Aysu, North Carolina State University

Tuesday, June 28, 2022 | Time: 13:00 - 14:20

Location: Int'l Ballroom C

• ^**119. Multiphysics Simulation of EM Side-Channels from Silicon Backside with ML-based Auto-POI Identification
  Lang Lin, Deqi Zhu, Jimin Wen, Hua Chen, Yu Lu, Norman Chang, Calvin Chow, Harsh Shrivastav, Chia-Wei Chen, Kazuki Monta and Makoto Nagata
  Abstract: The silicon substrate backside of modern ICs is increasingly recognized as a critical hardware vulnerability, which opens a backdoor for laser/optical probing, fault injection and side-channel attacks. In this work, a novel multiphysics simulation framework is proposed to assess near-field electromagnetic (EM) side-channel leakage. By modeling cell-level power, chip logic functionality and layout geometry, this framework efficiently generates time-domain EM traces at any virtual probe above the surface of silicon substrate. Moreover, an ML-based automatic POI (point-of-interest) identification algorithm is proposed to predict the most vulnerable leakage location, which can be 10-100x faster than a conventional correlation-based side-channel simulation approach. The simulation accuracy is further validated by silicon measurements of an AES crypto testchip in 130nm technology, with a matching leakage location pattern quantified by the required number of EM side-channel traces to disclose the secret keys. Our simulation result uncovers several unexpected data leakage issues from the silicon substrate, which is confirmed by measurements, thus demonstrating an approach that can effectively help prioritize pre-silicon design fixes or security ECOs (Engineering Change Orders).


• 110. Methodology of Assessing Information Leakage through Software-Accessible Telemetries
  Chen Liu, Monodeep Kar, Xueyang Wang, Nikhil Chawla, Neer Roggel, Yuce Bilgiday and Jason Fung
  Abstract: Modern computer systems offer a multitude of software-accessible telemetries to report system usage status. Recent research has shown a risk of sensitive information leaking through these telemetries during CPU execution. And yet, existing risk analysis methods are adhoc. We propose a methodology for evaluating the data dependency exhibited by a workload through any chosen telemetry, using qualitative risk assessment and quantitative analysis. We present two case studies on analyzing correlation between telemetry readings and output classes in Deep Neural Network (DNN) algorithms, and workload identification using multiple telemetries, respectively. Based on the analysis, we conclude that the framework is conducive to assessing risk throughout secure design.


• 129. Formal Evaluation and Construction of Glitch-resistant Masked Functions
  Sofiane Takarabt, Sylvain Guilley, Youssef Souissi, Laurent Sauvage, Yves Mathieu and Khaled Karray
  Abstract: We give an algorithm that checks whether every possible transition is masked. It allows to verify the absence of first-order leakage from a masked netlist. It validates the state-ofthe-art masking schemes, such as Threshold Implementation and Domain Oriented Masking, but also proves that more compact netlists with equivalent functions are secure. We leverage this methodology to propose a more compact implementation of AES S-Box.


• 80. ConNOC: A practical timing channel attack on network-on-chip hardware in a multicore processor
  Usman Ali and Omer Khan
  Abstract: Shared hardware resources in today’s microprocessors have emerged as a target for adversaries to leak secret information via timing-based software side channels. This paper characterizes such attacks on the non-persistent network-on-chip (NoC) hardware, and demonstrates its practicality on a real multicore machine. State-of-the-art 4-core baseline setup shows an average of less than 2-cycle latency variation due to contention at the NoC hardware resources. This noisy and unpredictable timing channel achieves ∼18% accuracy when the attacker is assumed to have no replay capability. However, in the presence of a high number of replays, accuracy improves significantly but slows down the speed of the attack. ConNOC proposes a novel attack setup that better exploits interference at NoC hardware to make it less noisy and more predictable. It demonstrates ∼7-cycle latency variation under no replay capability. The evaluation of covert communication and information leakage attacks shows 100% accuracy using five replays to leak information. This translates to 2 mbps (mega bits per second) attack throughput on the Tilera TileGx72 multicore processor executing at 1GHz.

^** HOST 2022 Best Paper Nominee