| Title | Netlist Reverse Engineering for High-Level Functionality Reconstruction |
| Author | *Travis Meade, Shaojie Zhang, Yier Jin (University of Central Florida, U.S.A.) |
| Page | pp. 655 - 660 |
| Keyword | Reverse Engineering, IP Security, Netlist Analysis |
| Abstract | In a modern IC design flow, from specification development to chip fabrication, various security threats are emergent. Of particular concern are modifications made to third-party IP cores and commercial off-the-shelf (COTS) chips where no golden models are available for comparisons. Toward this direction, we develop a tool, named Reverse Engineering Finite State Machine (REFSM), that helps end-users reconstruct a high-level description of the control logic from a flattened netlist. We demonstrate that REFSM effectively recovers circuit control logic from netlists with varying degrees of complexity. Experimental results also showed that the developed tool can easily identify malicious logic from a flattened (or even obfuscated) netlist. If combined with chip level reverse engineering techniques, the developed REFSM tool can help detect the insertion of hardware Trojans in fabricated circuits. |
| Title | Assessing CPA Resistance of AES with Different Fault Tolerance Mechanisms |
| Author | Hoda Pahlevanzadeh, Jaya Dofe, *Qiaoyan Yu (University of New Hampshire, U.S.A.) |
| Page | pp. 661 - 666 |
| Keyword | AES, correlation power analysis, fault tolerance, partial guessing entropy, FPGA |
| Abstract | Countermeasures for Advanced Encryption Standard (AES) to thwart side-channel attack and fault attack are typically investigated in a separate fashion. There is lack of thorough investigation on how one countermeasure specifically for one attack affects the efficiency of another attack. In this work, we consider three different fault detection (FD) methods − double modular redundancy (DMR), inverse function (inverse), and even parity check code (parity). We perform FPGA-based systematic analysis to investigate the impact of FD schemes on the correlation power analysis (CPA) resistance of a complete AES implementation. Moreover, the power model used in the existing work is Hamming weight rather than the powerful Hamming distance one. Our experimental results show that, in some scenarios, the use of fault detection mechanisms in AES improves the resistance against CPA. For instance, applying a parity FD to the AES’s S-Box makes it harder to retrieve the key than the case without any FD protection. |
| Slides |
| Title | SPARTA: A Scheduling Policy for Thwarting Differential Power Analysis Attacks |
| Author | *Ke Jiang, Petru Eles, Zebo Peng, Sudipta Chattopadhyay (Linköping University, Sweden), Lejla Batina (Radboud University, Netherlands) |
| Page | pp. 667 - 672 |
| Keyword | Real-time systems, Security, Countermeasure, DPA attacks |
| Abstract | Embedded systems (ESs) have been widely used in various application domains. It is very important to design ESs that guarantee functional correctness of the system under strict timing constraints. Such systems are known as the real-time embedded systems (RTESs). More recently, RTESs started to be utilized in safety and reliability critical areas, which made the overlooked security issues, especially confidentiality of the communication, a serious problem. Differential power analysis attacks (DPAs) pose serious threats to confidentiality protection mechanisms, i.e., implementations of cryptographic algorithms, on embedded platforms. In this work, we present a scheduling policy, SPARTA, that thwarts DPAs. Theoretical guarantees and preliminary experimental results are presented to demonstrate the efficiency of the SPARTA scheduler. |
| Title | Analysis and Vulnerability Exploration of Current Secure Scan Designs |
| Author | Yanhui Luo, *Aijiao Cui (Harbin Institute of Technology Shenzhen Graduate School, China), Huawei Li (Chinese Academy of Sciences, China), Gang Qu (University of Maryland College Park, U.S.A.) |
| Page | pp. 673 - 678 |
| Keyword | secure scan design, scan-based side-channel attack, obfuscating scan chain |
| Abstract | Scan design has become another side-channel of leaking confidential information inside crypto chips. Methods based on obfuscating scan chain order have been proposed as effective countermeasures. In this paper, we analyze the existing secure scan designs from the angle whether they need a complete chain state and rely on any specific scan chain order. We show that all existing attacks do not rely on specific scan chain order. As an example, for the recently proposed ROS countermeasure, we demonstrate, how an attacker can access the complete state of the scan chain and hence defeat the countermeasure. |