Cited By
View all- Harrison JAsadizanjani NTehranipoor M(2021)On malicious implants in PCBs throughout the supply chainIntegration10.1016/j.vlsi.2021.03.00279(12-22)Online publication date: Jul-2021
Permutation Network De-obfuscation: A Delay-based Attack and Countermeasure Investigation
Article No.: 17, Pages 1 - 25
Abstract
Permutation-based obfuscation has been proposed to protect hardware against cloning, overproduction, reverse engineering, and unauthorized operation. To prevent key extraction from memory, the key used by the obfuscation is usually stored in volatile memory. Since the key is erased after the system loses power, this scheme is often considered the best way to prevent a key from being stolen, since many attacks would require power. However, in this article, we propose a new attack where the key is determined by exploring path aging within the permutation network used for obfuscation. Both the theoretical analysis and experimental results are provided. A practical procedure to achieve the proposed attack is also discussed in the context of an attacker’s capabilities and knowledge. The proposed attack is executed in both simulation and hardware. The experimental results show the accuracy of identifying the key is over 80% and more than enough to reduce the number of brute-force combinations required by an attacker. This attack accuracy reaches 100% when the permutation network has experienced sufficient degradations. Besides the attack, we also propose a low-cost countermeasure that sweeps the permutation network configurations. Incorporating this countermeasure, the proposed attack becomes no better than brute-force guessing.
References
[1]
Yousra Alkabani and Farinaz Koushanfar. 2007. Active hardware metering for intellectual property protection and security. In Proceedings of the Annual USENIX Security Symposium. 291--306.
[2]
A. Chakraborty, Y. Liu, and A. Srivastava. 2018. TimingSAT: Timing profile embedded SAT attack. In Proceedings of the 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD’18).
[3]
Rajat Subhra Chakraborty and Swarup Bhunia. 2009. HARPOON: An obfuscation-based SoC design methodology for hardware protection. IEEE Trans. Comput.-Aid. Des. Integr. Circ. Syst. 28, 10 (2009), 1493--1502.
[4]
Chihming Chang and Rami Melhem. 1997. Arbitrary size benes networks. Parallel Process. Lett. 7, 3 (1997), 279--284.
[5]
Rasoul Faraji and Hamid Reza Naji. 2014. Adaptive technique for overcoming performance degradation due to aging on 6T SRAM cells. IEEE Trans. Dev. Mater. Reliabil. 14, 4 (2014), 1031--1040.
[6]
Paul Feldman, Joel Friedman, and Nicholas Pippenger. 1988. Wide-sense nonblocking networks. SIAM J. Discr. Math. 1, 2 (1988), 158--173.
[7]
Paolo Giacomazzi and Vittorio Trecordi. 1995. A study of non blocking multicast switching networks. IEEE Trans. Commun. 43, 234 (1995), 1163--1168.
[8]
Zimu Guo, Jia Di, Mark M Tehranipoor, and Domenic Forte. 2017. Obfuscation-based protection framework against printed circuit boards unauthorized operation and reverse engineering. ACM Trans. Des. Automat. Electr. Syst. 22, 3 (2017), 54.
[9]
Z. Guo, M. Tehranipoor, J. Di, and D. Forte. 2015. Investigation of obfuscation-based anti-reverse engineering for printed circuit boards. In Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15).
[10]
Zimu Guo, Mark M. Tehranipoor, and Domenic Forte. 2016. Aging attacks for key extraction on permutation-based obfuscation. In Proceedings of the Hardware-Oriented Security and Trust IEEE Asian (AsianHOST’16). IEEE, 1--6.
[11]
Kim Hartmann and Christoph Steup. 2013. The vulnerability of UAVs to cyber attacks-An approach to the risk assessment. In Proceedings of the 5th International Conference on Cyber Conflict (CyCon’13). IEEE, 1--23.
[12]
Gabriel Hospodar, Roel Maes, and Ingrid Verbauwhede. 2012. Machine learning attacks on 65nm Arbiter PUFs: Accurate modeling poses strict bounds on usability. In Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS’12). IEEE, 37--42.
[13]
Shahrzad Keshavarz, Falk Schellenberg, Bastian Richter, Christof Paar, and Daniel Holcomb. 2018. SAT-based reverse engineering of gate-level schematics using fault injection and probing. CoRR abs/1802.08916 (2018). arxiv:1802.08916 http://arxiv.org/abs/1802.08916 (or arxiv:1802.08916v1 https://arxiv.org/abs/1802.08916v1).
[14]
Soroush Khaleghi, Kai Da Zhao, and Wenjing Rao. 2015. IC piracy prevention via design withholding and entanglement. In Proceedings of the 20th Asia and South Pacific Design Automation Conference (ASP-DAC’15). IEEE, 821--826.
[15]
Roel Maes, Vladimir Rozic, Ingrid Verbauwhede, Patrick Koeberl, Erik Van der Sluis, and Vincent van der Leest. 2012. Experimental evaluation of physically unclonable functions in 65 nm CMOS. In Proceedings of the European Solid State Circuits Conference (ESSCIRC’12). IEEE, 486--489.
[16]
J. Magana, Daohang Shi, and A. Davoodi. 2016. Are proximity attacks a threat to the security of split manufacturing of integrated circuits? In Proceedings of the 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD’16).
[17]
Elie Maricau and Georges Gielen. 2011. Transistor aging-induced degradation of analog circuits: Impact analysis and design guidelines. In Proceedings of the European Solid State Circuits Conference (ESSCIRC’11). IEEE, 243--246.
[18]
Mohamed El Massad, Jun Zhang, Siddharth Garg, and Mahesh V. Tripunitara. 2017. Logic locking for secure outsourced chip fabrication: A new attack and provably secure defense mechanism. CoRR (2017). http://arxiv.org/abs/1703.10187.
[19]
Debasis Mitra and Randall A. Cieslak. 1987. Randomized parallel communications on an extension of the omega network. J. ACM 34, 4 (1987), 802--824.
[20]
Tao Pi and Patrick J. Crotty. 2003. FPGA lookup table with transmission gate structure for reliable low-voltage operation. US Patent 6,667,635.
[21]
Nicholas Pippenger. 1978. On rearrangeable and non-blocking switching networks. J. Comput. Syst. Sci. 17, 2 (1978), 145--162.
[22]
Shahed E. Quadir, Junlin Chen, Domenic Forte, Navid Asadizanjani, Sina Shahbazmohamadi, Lei Wang, John Chandy, and Mark Tehranipoor. 2016. A survey on chip to system reverse engineering. ACM J. Emerg. Technol. Comput. Syst. 13, 1 (2016), 6.
[23]
M. Tanjidur Rahman, M. Sazadur Rahman, Huanyu Wang, Shahin Tajik, Waleed Khalil, Farimah Farahmandi, Domenic Forte, Navid Asadizanjani, and Mark Tehranipoor. 2019. Defense-in-depth: A recipe for logic locking to prevail. CoRR (2019). http://arxiv.org/abs/1907.08863.
[24]
J. Rajendran, O. Sinanoglu, and R. Karri. 2013. Is split manufacturing secure? In Proceedings of the 2013 Design, Automation Test in Europe Conference Exhibition (DATE’13).
[25]
Jeyavijayan Rajendran, Huan Zhang, Chi Zhang, Garrett S. Rose, Youngok Pino, Ozgur Sinanoglu, and Ramesh Karri. 2015. Fault analysis-based logic encryption. IEEE Trans. Comput. 64, 2 (2015), 410--424.
[26]
Smruti R. Sarangi, Brian Greskamp, Radu Teodorescu, Jun Nakano, Abhishek Tiwari, and Josep Torrellas. 2008. VARIUS: A model of process variation and resulting timing errors for microarchitects. IEEE Trans. Semiconduct. Manufact. 21, 1 (2008), 3--13.
[27]
Guido Theodor Sasse. 2008. Reliability Engineering in RF CMOS. PhD Dissertation. University of Twente.
[28]
Pramod Subramanyan, Sayak Ray, and Sharad Malik. 2015. Evaluating the security of logic encryption algorithms. In Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST’15). IEEE, 137--143.
[29]
Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware trojan taxonomy and detection. IEEE Des. Test Comput. 27, 1 (2010).
[30]
Mark Mohammad Tehranipoor, Ujjwal Guin, and Domenic Forte. 2015. Counterfeit Integrated Circuits: Detection and Avoidance. Springer.
[31]
Ajithkumar Thamarakuzhi and John A. Chandy. 2010. 2-dilated flattened butterfly: A nonblocking switching network. In Proceedings of the International Conference on High Performance Switching and Routing (HPSR’10). IEEE, 153--158.
[32]
Bogdan Tudor, Joddy Wang, Zhaoping Chen, Robin Tan, Weidong Liu, and Frank Lee. 2012. An accurate MOSFET aging model for 28 nm integrated circuit simulation. Microelectr. Reliabil. 52, 8 (2012), 1565--1570.
[33]
Abraham Waksman. 1968. A permutation network. J. ACM (JACM) 15, 1 (1968), 159--163.
[34]
M. Yasin, B. Mazumdar, S. S. Ali, and O. Sinanoglu. 2015. Security analysis of logic encryption against the most effective side-channel attack: DPA. In Proceedings of the 2015 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS’15).
Recommendations
Countermeasures for timing-based side-channel attacks against shared, modern computing hardware
There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating microarchitectural timing-based side-channel attacks against these systems and as a result compromise the security of the users of ...
Security Challenges and Countermeasures in Blockchain’s Peer-to-Peer Architecture
Information Security Theory and PracticeAbstractThis paper addresses the issue of security in blockchain systems, with a focus on attacks targeting the peer-to-peer architecture. The peer-to-peer nature of blockchain is fundamental to many of the benefits promised by blockchain applications. We ...
Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems
Writable XOR executable (W X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits[1]. However, they have not proved to be a panacea[1---3], and so other mechanisms, such as stack ...
Comments
Information & Contributors
Information
Published In
April 2020
261 pages
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 28 January 2020
Accepted: 01 November 2019
Revised: 01 August 2019
Received: 01 April 2018
Published in JETC Volume 16, Issue 2
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed
Funding Sources
- US Army Research Of?ce
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 335Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
Cited By
View all- Harrison JAsadizanjani NTehranipoor M(2021)On malicious implants in PCBs throughout the supply chainIntegration10.1016/j.vlsi.2021.03.00279(12-22)Online publication date: Jul-2021
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format