-
SCALLER: Standard Cell Assembled and Local Layout Effect-based Ring Oscillators
Authors:
Muayad J. Aljafar,
Zain Ul Abideen,
Adriaan Peetermans,
Benedikt Gierlichs,
Samuel Pagliarini
Abstract:
This letter presents a technique that enables very fine tunability of the frequency of Ring Oscillators (ROs). Multiple ROs with different numbers of tunable elements were designed and fabricated in a 65nm CMOS technology. A tunable element consists of two inverters under different local layout effects (LLEs) and a multiplexer. LLEs impact the transient response of inverters deterministically and…
▽ More
This letter presents a technique that enables very fine tunability of the frequency of Ring Oscillators (ROs). Multiple ROs with different numbers of tunable elements were designed and fabricated in a 65nm CMOS technology. A tunable element consists of two inverters under different local layout effects (LLEs) and a multiplexer. LLEs impact the transient response of inverters deterministically and allow to establish a fine tunable mechanism even in the presence of large process variation. The entire RO is digital and its layout is standard-cell compatible. We demonstrate the tunability of multi-stage ROs with post-silicon measurements of oscillation frequencies in the range of 80-900MHz and tuning steps of 90KHz
△ Less
Submitted 3 June, 2024;
originally announced June 2024.
-
Impact of Orientation on the Bias of SRAM-Based PUFs
Authors:
Zain Ul Abideen,
Rui Wang,
Tiago Diadami Perez,
Geert-Jan Schrijen,
Samuel Pagliarini
Abstract:
This paper investigates the impact of memory orientation on the bias pattern of SRAM-based PUFs. We designed and fabricated a 65nm CMOS chip that contains eleven SRAM macros that exercise different memory- and chip-level parameters. At the memory level, several parameters passed to the SRAM compiler are considered, including the number of addresses, the number of words, the aspect ratio, and the c…
▽ More
This paper investigates the impact of memory orientation on the bias pattern of SRAM-based PUFs. We designed and fabricated a 65nm CMOS chip that contains eleven SRAM macros that exercise different memory- and chip-level parameters. At the memory level, several parameters passed to the SRAM compiler are considered, including the number of addresses, the number of words, the aspect ratio, and the chosen bitcell. Chip-level decisions are considered during the floorplan, including the location and rotation of each SRAM macro in the testchip. In this study, we conduct a comprehensive analysis of different memory orientations and their effect on the biasing direction. Physical measurements performed on 50 fabricated chips revealed that specific memory orientations, namely R270 and MY90, exhibit a distinct negative biasing direction compared to other orientations. Importantly, this biasing direction remains consistent regardless of memory type, column mux ratio, memory size, or the utilization of SRAMs with different bitcells. Overall, this study highlights the significance of careful physical implementation and memory orientation selection in designing SRAM-based PUFs. Our findings can guide designers in the selection of SRAM memories with properties that make for better PUFs that potentially require less error correction effort to compensate for instability.
△ Less
Submitted 13 August, 2023;
originally announced August 2023.
-
An Overview of FPGA-inspired Obfuscation Techniques
Authors:
Zain Ul Abideen,
Sumathi Gokulanathan,
Muayad J. Aljafar,
Samuel Pagliarini
Abstract:
Building and maintaining a silicon foundry is a costly endeavor that requires substantial financial investment. From this scenario, the semiconductor business has largely shifted to a fabless model where the Integrated Circuit supply chain is globalized but potentially untrusted. In recent years, several hardware obfuscation techniques have emerged to thwart hardware security threats related to un…
▽ More
Building and maintaining a silicon foundry is a costly endeavor that requires substantial financial investment. From this scenario, the semiconductor business has largely shifted to a fabless model where the Integrated Circuit supply chain is globalized but potentially untrusted. In recent years, several hardware obfuscation techniques have emerged to thwart hardware security threats related to untrusted IC fabrication. Reconfigurable-based obfuscation schemes have shown great promise of security against state-of-the-art attacks -- these are techniques that rely on the transformation of static logic configurable elements such as Look Up Tables (LUTs). This survey provides a comprehensive analysis of reconfigurable-based obfuscation techniques, evaluating their overheads and enumerating their effectiveness against all known attacks. The techniques are also classified based on different factors, including the technology used, element type, and IP type. Additionally, we present a discussion on the advantages of reconfigurable-based obfuscation techniques when compared to Logic Locking techniques and the challenges associated with evaluating these techniques on hardware, primarily due to the lack of tapeouts. The survey's findings are essential for researchers interested in hardware obfuscation and future trends in this area.
△ Less
Submitted 25 May, 2023;
originally announced May 2023.
-
Obfuscating the Hierarchy of a Digital IP
Authors:
Giorgi Basiashvili,
Zain Ul Abideen,
Samuel Pagliarini
Abstract:
Numerous security threats are emerging from untrusted players in the integrated circuit (IC) ecosystem. Among them, reverse engineering practices with the intent to counterfeit, overproduce, or modify an IC are worrying. In recent years, various techniques have been proposed to mitigate the aforementioned threats but no technique seems to be adequate to hide the hierarchy of a design. Such ability…
▽ More
Numerous security threats are emerging from untrusted players in the integrated circuit (IC) ecosystem. Among them, reverse engineering practices with the intent to counterfeit, overproduce, or modify an IC are worrying. In recent years, various techniques have been proposed to mitigate the aforementioned threats but no technique seems to be adequate to hide the hierarchy of a design. Such ability to obfuscate the hierarchy is particularly important for designs that contain repeated modules. In this paper, we propose a novel way to obfuscate such designs by leveraging conventional logic synthesis. We exploit multiple optimizations that are available in the synthesis tool to create design diversity. Our security analysis, performed by using the DANA reverse engineering tool, confirms the significant impact of these optimizations on obfuscation. Among the many considered obfuscated design instances, users can find options that incur very small overheads while still confusing the work of a reverse engineer.
△ Less
Submitted 24 June, 2022; v1 submitted 19 May, 2022;
originally announced May 2022.
-
Preventing Distillation-based Attacks on Neural Network IP
Authors:
Mahdieh Grailoo,
Zain Ul Abideen,
Mairo Leier,
Samuel Pagliarini
Abstract:
Neural networks (NNs) are already deployed in hardware today, becoming valuable intellectual property (IP) as many hours are invested in their training and optimization. Therefore, attackers may be interested in copying, reverse engineering, or even modifying this IP. The current practices in hardware obfuscation, including the widely studied logic locking technique, are insufficient to protect th…
▽ More
Neural networks (NNs) are already deployed in hardware today, becoming valuable intellectual property (IP) as many hours are invested in their training and optimization. Therefore, attackers may be interested in copying, reverse engineering, or even modifying this IP. The current practices in hardware obfuscation, including the widely studied logic locking technique, are insufficient to protect the actual IP of a well-trained NN: its weights. Simply hiding the weights behind a key-based scheme is inefficient (resource-hungry) and inadequate (attackers can exploit knowledge distillation). This paper proposes an intuitive method to poison the predictions that prevent distillation-based attacks; this is the first work to consider such a poisoning approach in hardware-implemented NNs. The proposed technique obfuscates a NN so an attacker cannot train the NN entirely or accurately. We elaborate a threat model which highlights the difference between random logic obfuscation and the obfuscation of NN IP. Based on this threat model, our security analysis shows that the poisoning successfully and significantly reduces the accuracy of the stolen NN model on various representative datasets. Moreover, the accuracy and prediction distributions are maintained, no functionality is disturbed, nor are high overheads incurred. Finally, we highlight that our proposed approach is flexible and does not require manipulation of the NN toolchain.
△ Less
Submitted 1 April, 2022;
originally announced April 2022.
-
From FPGAs to Obfuscated eASICs: Design and Security Trade-offs
Authors:
Zain Ul Abideen,
Tiago Diadami Perez,
Samuel Pagliarini
Abstract:
Threats associated with the untrusted fabrication of integrated circuits (ICs) are numerous: piracy, overproduction, reverse engineering, hardware trojans, etc. The use of reconfigurable elements (i.e., look-up tables as in FPGAs) is a known obfuscation technique. In the extreme case, when the circuit is entirely implemented as an FPGA, no information is revealed to the adversary but at a high cos…
▽ More
Threats associated with the untrusted fabrication of integrated circuits (ICs) are numerous: piracy, overproduction, reverse engineering, hardware trojans, etc. The use of reconfigurable elements (i.e., look-up tables as in FPGAs) is a known obfuscation technique. In the extreme case, when the circuit is entirely implemented as an FPGA, no information is revealed to the adversary but at a high cost in area, power, and performance. In the opposite extreme, when the same circuit is implemented as an ASIC, best-in-class performance is obtained but security is compromised. This paper investigates an intermediate solution between these two. Our results are supported by a custom CAD tool that explores this FPGA-ASIC design space and enables a standard-cell based physical synthesis flow that is flexible and compatible with current design practices. Layouts are presented for obfuscated circuits in a 65nm commercial technology, demonstrating the attained obfuscation both graphically and quantitatively. Furthermore, our security analysis revealed that for truly hiding the circuit's intent (not only portions of its structure), the obfuscated design also has to chiefly resemble an FPGA: only some small amount of logic can be made static for an adversary to remain unaware of what the circuit does.
△ Less
Submitted 13 October, 2021; v1 submitted 11 October, 2021;
originally announced October 2021.
-
DroidMorph: Are We Ready to Stop the Attack of Android Malware Clones?
Authors:
Shahid Alam,
M. Zain ul Abideen,
Shahzad Saleem
Abstract:
The number of Android malware variants (clones) are on the rise and, to stop this attack of clones we need to develop new methods and techniques for analysing and detecting them. As a first step, we need to study how these malware clones are generated. This will help us better anticipate and recognize these clones. In this paper we present a new tool named DroidMorph, that provides morphing of And…
▽ More
The number of Android malware variants (clones) are on the rise and, to stop this attack of clones we need to develop new methods and techniques for analysing and detecting them. As a first step, we need to study how these malware clones are generated. This will help us better anticipate and recognize these clones. In this paper we present a new tool named DroidMorph, that provides morphing of Android applications (APKs) at different level of abstractions, and can be used to create Android application (malware/benign) clones. As a case study we perform testing and evaluating resilience of current commercial anti-malware products against attack of the Android malware clones generated by DroidMorph. We found that 8 out of 17 leading commercial anti-malware programs were not able to detect any of the morphed APKs. We hope that DroidMorph will be used in future research, to improve Android malware clones analysis and detection, and help stop them.
△ Less
Submitted 16 June, 2021;
originally announced June 2021.
-
An Open-source Library of Large Integer Polynomial Multipliers
Authors:
Malik Imran,
Zain Ul Abideen,
Samuel Pagliarini
Abstract:
Polynomial multiplication is a bottleneck in most of the public-key cryptography protocols, including Elliptic-curve cryptography and several of the post-quantum cryptography algorithms presently being studied. In this paper, we present a library of various large integer polynomial multipliers to be used in hardware cryptocores. Our library contains both digitized and non-digitized multiplier flav…
▽ More
Polynomial multiplication is a bottleneck in most of the public-key cryptography protocols, including Elliptic-curve cryptography and several of the post-quantum cryptography algorithms presently being studied. In this paper, we present a library of various large integer polynomial multipliers to be used in hardware cryptocores. Our library contains both digitized and non-digitized multiplier flavours for circuit designers to choose from. The library is supported by a C++ generator that automatically produces the multipliers' logic in Verilog HDL that is amenable for FPGA and ASIC designs. Moreover, for ASICs, it also generates configurable and parameterizable synthesis scripts. The features of the generator allow for a quick generation and assessment of several architectures at the same time, thus allowing a designer to easily explore the (complex) optimization search space of polynomial multiplication.
△ Less
Submitted 29 March, 2021; v1 submitted 27 January, 2021;
originally announced January 2021.
-
A Systematic Study of Lattice-based NIST PQC Algorithms: from Reference Implementations to Hardware Accelerators
Authors:
Malik Imran,
Zain Ul Abideen,
Samuel Pagliarini
Abstract:
Security of currently deployed public key cryptography algorithms is foreseen to be vulnerable against quantum computer attacks. Hence, a community effort exists to develop post-quantum cryptography (PQC) algorithms, i.e., algorithms that are resistant to quantum attacks. In this work, we have investigated how lattice-based candidate algorithms from the NIST PQC standardization competition fare wh…
▽ More
Security of currently deployed public key cryptography algorithms is foreseen to be vulnerable against quantum computer attacks. Hence, a community effort exists to develop post-quantum cryptography (PQC) algorithms, i.e., algorithms that are resistant to quantum attacks. In this work, we have investigated how lattice-based candidate algorithms from the NIST PQC standardization competition fare when conceived as hardware accelerators. To achieve this, we have assessed the reference implementations of selected algorithms with the goal of identifying what are their basic building blocks. We assume the hardware accelerators will be implemented in application specific integrated circuit (ASIC) and the targeted technology in our experiments is a commercial 65nm node. In order to estimate the characteristics of each algorithm, we have assessed their memory requirements, use of multipliers, and how each algorithm employs hashing functions. Furthermore, for these building blocks, we have collected area and power figures for 12 candidate algorithms. For memories, we make use of a commercial memory compiler. For logic, we make use of a standard cell library. In order to compare the candidate algorithms fairly, we select a reference frequency of operation of 500MHz. Our results reveal that our area and power numbers are comparable to the state of the art, despite targeting a higher frequency of operation and a higher security level in our experiments. The comprehensive investigation of lattice-based NIST PQC algorithms performed in this paper can be used for guiding ASIC designers when selecting an appropriate algorithm while respecting requirements and design constraints.
△ Less
Submitted 24 September, 2020; v1 submitted 15 September, 2020;
originally announced September 2020.