The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing s...The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing services that rely on an IoT infrastructure. Thus, ensuring the security of devices during operation and information exchange becomes a fundamental requirement inherent in providing safe and reliable IoT services. NIST requires hardware implementations that are protected against SCAs for the lightweight cryptography standardization process. These attacks are powerful and non-invasive and rely on observing the physical properties of IoT hardware devices to obtain secret information. In this paper, we present a survey of research on hardware security for the IoT. In addition, the challenges of IoT in the quantum era with the first results of the NIST standardization process for post-quantum cryptography are discussed.展开更多
The globalization of hardware designs and supply chains,as well as the integration of third-party intellectual property(IP)cores,has led to an increased focus from malicious attackers on computing hardware.However,exi...The globalization of hardware designs and supply chains,as well as the integration of third-party intellectual property(IP)cores,has led to an increased focus from malicious attackers on computing hardware.However,existing defense or detection approaches often require additional circuitry to perform security verification,and are thus constrained by time and resource limitations.Considering the scale of actual engineering tasks and tight project schedules,it is usually difficult to implement designs for all modules in field programmable gate array(FPGA)circuits.Some studies have pointed out that the failure of key modules tends to cause greater damage to the network.Therefore,under limited conditions,priority protection designs need to be made on key modules to improve protection efficiency.We have conducted research on FPGA designs including single FPGA systems and multi-FPGA systems,to identify key modules in FPGA systems.For the single FPGA designs,considering the topological structure,network characteristics,and directionality of FPGA designs,we propose a node importance evaluationmethod based on the technique for order preference by similarity to an ideal solution(TOPSIS)method.Then,for the multi-FPGA designs,considering the influence of nodes in intra-layer and inter-layers,they are constructed into the interdependent network,and we propose a method based on connection strength to identify the important modules.Finally,we conduct empirical research using actual FPGA designs as examples.The results indicate that compared to other traditional indexes,node importance indexes proposed for different designs can better characterize the importance of nodes.展开更多
Emerging memristive devices offer enormous advantages for applications such as non-volatile memories and inmemory computing(IMC),but there is a rising interest in using memristive technologies for security application...Emerging memristive devices offer enormous advantages for applications such as non-volatile memories and inmemory computing(IMC),but there is a rising interest in using memristive technologies for security applications in the era of internet of things(IoT).In this review article,for achieving secure hardware systems in IoT,lowpower design techniques based on emerging memristive technology for hardware security primitives/systems are presented.By reviewing the state-of-the-art in three highlighted memristive application areas,i.e.memristive non-volatile memory,memristive reconfigurable logic computing and memristive artificial intelligent computing,their application-level impacts on the novel implementations of secret key generation,crypto functions and machine learning attacks are explored,respectively.For the low-power security applications in IoT,it is essential to understand how to best realize cryptographic circuitry using memristive circuitries,and to assess the implications of memristive crypto implementations on security and to develop novel computing paradigms that will enhance their security.This review article aims to help researchers to explore security solutions,to analyze new possible threats and to develop corresponding protections for the secure hardware systems based on low-cost memristive circuit designs.展开更多
With rapid advancement and deep integration of artificial intelligence and the internet-of-things,artificial intelligence of things has emerged as a promising technology changing people’s daily life.Massive growth of...With rapid advancement and deep integration of artificial intelligence and the internet-of-things,artificial intelligence of things has emerged as a promising technology changing people’s daily life.Massive growth of data generated from the devices challenges the AIoT systems from information collection,storage,processing and communication.In the review,we introduce volatile threshold switching memristors,which can be roughly classified into three types:metallic conductive filament-based TS devices,amorphous chalcogenide-based ovonic threshold switching devices,and metal-insulator transition based TS devices.They play important roles in high-density storage,energy efficient computing and hardware security for AIoT systems.Firstly,a brief introduction is exhibited to describe the categories(materials and characteristics)of volatile TS devices.And then,switching mechanisms of the three types of TS devices are discussed and systematically summarized.After that,attention is focused on the applications in 3D cross-point memory technology with high storage-density,efficient neuromorphic computing,hardware security(true random number generators and physical unclonable functions),and others(steep subthreshold slope transistor,logic devices,etc.).Finally,the major challenges and future outlook of volatile threshold switching memristors are presented.展开更多
The advanced integrated circuits have been widely used in various situations including the Internet of Things,wireless communication,etc.But its manufacturing process exists unreliability,so cryptographic chips must b...The advanced integrated circuits have been widely used in various situations including the Internet of Things,wireless communication,etc.But its manufacturing process exists unreliability,so cryptographic chips must be rigorously tested.Due to scan testing provides high test coverage,it is applied to the testing of cryptographic integrated circuits.However,while providing good controllability and observability,it also provides attackers with a backdoor to steal keys.In the text,a novel protection scheme is put forward to resist scan-based attacks,in which we first use the responses generated by a strong physical unclonable function circuit to solidify fuseantifuse structures in a non-linear shift register(NLSR),then determine the scan input code according to the configuration of the fuse-antifuse structures and the styles of connection between the NLSR cells and the scan cells.If the key is right,the chip can be tested normally;otherwise,the data in the scan chain cannot be propagated normally,it is also impossible for illegal users to derive the desired scan data.The proposed technique not only enhances the security of cryptographic chips,but also incurs acceptable overhead.展开更多
Information Flow Tracking(IFT)is an established formal method for proving security properties related to confidentiality,integrity,and isolation.It has seen promise in identifying security vulnerabilities resulting fr...Information Flow Tracking(IFT)is an established formal method for proving security properties related to confidentiality,integrity,and isolation.It has seen promise in identifying security vulnerabilities resulting from design flaws,timing channels,and hardware Trojans for secure hardware design.However,existing IFT methods tend to take a qualitative approach and only enforce binary security properties,requiring strict non-interference for the properties to hold while real systems usually allow a small amount of information flows to enable desirable interactions.Consequently,existing methods are inadequate for reasoning about quantitative security properties or measuring the security of a design in order to assess the severity of a security vulnerability.In this work,we propose two multi-flow solutions—multiple verifications for replicating existing IFT model and multi-flow IFT method.The proposed multi-flow IFT method provides more insight into simultaneous information flow behaviors and allows for proof of quantitative information flow security properties,such as diffusion,randomization,and boundaries on the amount of simultaneous information flows.Experimental results show that our method can be used to prove a new type of information flow security property with verification performance benefits.展开更多
Cloud computing has gained significant use over the last decade due to its several benefits,including cost savings associated with setup,deployments,delivery,physical resource sharing across virtual machines,and avail...Cloud computing has gained significant use over the last decade due to its several benefits,including cost savings associated with setup,deployments,delivery,physical resource sharing across virtual machines,and availability of on-demand cloud services.However,in addition to usual threats in almost every computing environment,cloud computing has also introduced a set of new threats as consumers share physical resources due to the physical co-location paradigm.Furthermore,since there are a growing number of attacks directed at cloud environments(including dictionary attacks,replay code attacks,denial of service attacks,rootkit attacks,code injection attacks,etc.),customers require additional assurances before adopting cloud services.Moreover,the continuous integration and continuous deployment of the code fragments have made cloud services more prone to security breaches.In this study,the model based on the root of trust for continuous integration and continuous deployment is proposed,instead of only relying on a single signon authentication method that typically uses only id and password.The underlying study opted hardware security module by utilizing the Trusted Platform Module(TPM),which is commonly available as a cryptoprocessor on the motherboards of the personal computers and data center servers.The preliminary proof of concept demonstrated that the TPM features can be utilized through RESTful services to establish the root of trust for continuous integration and continuous deployment pipeline and can additionally be integrated as a secure microservice feature in the cloud computing environment.展开更多
With the increasing use of field-programmable gate arrays (FPGAs) in embedded systems and many embedded applications, the failure to protect FPGA-based embedded systems from cloning attacks has brought serious losse...With the increasing use of field-programmable gate arrays (FPGAs) in embedded systems and many embedded applications, the failure to protect FPGA-based embedded systems from cloning attacks has brought serious losses to system developers. This paper proposes a novel combinational logic binding technique to specially protect FPGA-based embedded systems from cloning attacks and provides a pay-per-device licensing model for the FPGA market. Security analysis shows that the proposed binding scheme is robust against various types of malicious attacks. Experimental evaluations demonstrate the low overhead of the proposed technique.展开更多
Silicon physical unclonable function (PUF) is a popular hardware security primitive that exploits the intrinsic variation of IC manufacturing process to generate chip-unique information for various security related ...Silicon physical unclonable function (PUF) is a popular hardware security primitive that exploits the intrinsic variation of IC manufacturing process to generate chip-unique information for various security related applications. For example, the PUF information can be used as a chip identifier, a secret key, the seed for a random number generator, or the response to a given challenge. Due to the unpredictability and irreplicability of IC manufacturing variation, silicon PUF has emerged as a promising hardware security primitive and gained a lot of attention over the past few years. In this article, we first give a survey on the current state-of-the-art of silicon PUFs, then analyze known attacks to PUFs and the countermeasures. After that we discuss PUF-based applications, highlight some recent research advances in ring oscillator PUFs, and conclude with some challenges and opportunities in PUF research and applications.展开更多
Physical unclonable function (PUF) makes use of the uncontrollable process variations during the production of IC to generate a unique signature for each IC. It has a wide application in security such as FPGA intell...Physical unclonable function (PUF) makes use of the uncontrollable process variations during the production of IC to generate a unique signature for each IC. It has a wide application in security such as FPGA intellectual property (IP) protection, key generation and digital rights management. Ring oscillator (RO) PUF and Arbiter PUF are the most popular PUFs, but they are not specially designed for FPGA. RO PUF incurs high resource overhead while obtaining less challenge-response pairs, and requires "hard macros" to implement on FPGAs. The arbiter PUF brings low resource overhead, but its structure has big bias when it is mapped on FPGAs. Anderson PUF can address these weaknesses of current Arbiter and RO PUFs implemented on FPGAs. However, it cannot be directly implemented on the new generation 28 nm FPGAs. In order to address these problems, this paper designs and implements a delay-based PUF that uses two LUTs in an SLICEM to implement two 16-bit shift registers of the PUF, 2-to-1 multiplexers in the carry chain to implement the multiplexers of the PUF, and any one of the 8 flip-flops to latch 1-bit PUF signatures. The proposed delay-based PUF is completely realized on 28 nm commercial FPGAs, and the experimental results show its high uniqueness, reliability and reconfigurability. Moreover, we test the impact of aging on it, and the results show that the effect of aging on the proposed PUF is insignificant, with only 6% bit-flips. Finally, the prospects of the proposed PUF in the FPGA binding and volatile key generation are discussed.展开更多
Hardware security has become more and more important in current information security architecture. Recently collected reports have shown that there may have been considerable hardware attacks prepared for possible mil...Hardware security has become more and more important in current information security architecture. Recently collected reports have shown that there may have been considerable hardware attacks prepared for possible military usage from all over the world. Due to the intrinsic difference from software security, hardware security has some special features and challenges. In order to guarantee hardware security, academia has proposed the concept of trusted integrated circuits,which aims at a secure circulation of IC design, manufacture and chip using. This paper reviews the main problems of trusted integrated circuits, and concludes four key domains of the trusted IC, namely the trusted IC design, trusted manufacture,trusted IP protection, and trusted chip authentication. The main challenges in those domains are also analyzed based on the current known techniques. Finally, the main limitations of the current techniques and possible future trends are discussed.展开更多
Wireless sensor technology plays an important role in the military,medical,and commercial fields nowadays.Wireless Body Area Network(WBAN)is a special application of the wireless sensor network in human health monitor...Wireless sensor technology plays an important role in the military,medical,and commercial fields nowadays.Wireless Body Area Network(WBAN)is a special application of the wireless sensor network in human health monitoring,through which patients can know their physical condition in real time and respond to emergencies on time.Data reliability,guaranteed by the trust of nodes in WBAN,is a prerequisite for the effective treatment of patients.Therefore,authenticating the sensor nodes and the sink nodes in WBAN is necessary.This paper proposes a lightweight Physical Unclonable Function(PUF)-based and cloud-assisted authentication mechanism for multi-hop body area networks,which compared with the star single-hop network,can enhance the adaptability to human motion and the integrity of data transmission.Such authentication mechanism can significantly reduce the storage overhead and resource loss in the data transmission process.展开更多
Intellectual property (IP) protection is one of the hardcore problems in hardware security. Semiconductor industry still lacks effective and proactive defense to shield IPs from reverse engineering (RE) based atta...Intellectual property (IP) protection is one of the hardcore problems in hardware security. Semiconductor industry still lacks effective and proactive defense to shield IPs from reverse engineering (RE) based attacks. Integrated circuit (IC) camouflaging technique fills this gap by replacing some conventional logic gates in tile IPs with specially designed logic cells (called camouflaged gates) without changing the functions of tile IPs. The camouflaged gates can perform different logic functions while maintaining an identical look to RE attackers, thus preventing them from obtaining the layout information of the IP directly from RE tools. Since it was first proposed in 2012, circuit camouflaging has become one of the hottest research topics in hardware security focusing on two fundamental problems. How to choose the types of camouflaged gates and decide where to insert them in order to simultaneously minimize the performance overhead and optimize the RE complexity? How can an attacker de-camouflage a camouflaged circuit and complete the RE attack? In this article, we review the evolution of circuit camouflaging through this spear and shield race. First, we introduce the design methods of four different kinds of camouflaged ceils based on true/dummy contacts, static random access memory (SRAM), doping, and emerging devices, respectively. Then we elaborate four representative de-camouflaging attacks: brute force attack, IC testing based attack, satisfiability-based (SAT-based) attack, and the circuit partition based attack, and the corresponding countermeasures: clique-based camouflaging, CamoPerturb, AND-tree camouflaging, and equivalent class based camouflaging, respectively. We argue that the current research efforts should be on reducing overhead introduced by circuit camouflaging and defeating decamouflaging attacks. We point out that exploring features of emerging devices could be a promising direction. Finally, as a complement to circuit camouflaging, we conclude with a brief review of other state-of-the-art IP protection techniques.展开更多
Hardware security remains as a major concern in the circuit design flow.Logic block based encryption has been widely adopted as a simple but effective protection method.In this paper,the potential threat arising from ...Hardware security remains as a major concern in the circuit design flow.Logic block based encryption has been widely adopted as a simple but effective protection method.In this paper,the potential threat arising from the rapidly developing field,i.e.,machine learning,is researched.To illustrate the challenge,this work presents a standard attack paradigm,in which a three-layer neural network and a naive Bayes classifier are utilized to exemplify the key-guessing attack on logic encryption.Backed with validation results obtained from both combinational and sequential benchmarks,the presented attack scheme can specifically accelerate the decryption process of partial keys,which may serve as a new perspective to reveal the potential vulnerability for current anti-attack designs.展开更多
文摘The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing services that rely on an IoT infrastructure. Thus, ensuring the security of devices during operation and information exchange becomes a fundamental requirement inherent in providing safe and reliable IoT services. NIST requires hardware implementations that are protected against SCAs for the lightweight cryptography standardization process. These attacks are powerful and non-invasive and rely on observing the physical properties of IoT hardware devices to obtain secret information. In this paper, we present a survey of research on hardware security for the IoT. In addition, the challenges of IoT in the quantum era with the first results of the NIST standardization process for post-quantum cryptography are discussed.
基金supported by the Natural Science Foundation of China under Grant Nos.62362008,61973163,61972345,U1911401.
文摘The globalization of hardware designs and supply chains,as well as the integration of third-party intellectual property(IP)cores,has led to an increased focus from malicious attackers on computing hardware.However,existing defense or detection approaches often require additional circuitry to perform security verification,and are thus constrained by time and resource limitations.Considering the scale of actual engineering tasks and tight project schedules,it is usually difficult to implement designs for all modules in field programmable gate array(FPGA)circuits.Some studies have pointed out that the failure of key modules tends to cause greater damage to the network.Therefore,under limited conditions,priority protection designs need to be made on key modules to improve protection efficiency.We have conducted research on FPGA designs including single FPGA systems and multi-FPGA systems,to identify key modules in FPGA systems.For the single FPGA designs,considering the topological structure,network characteristics,and directionality of FPGA designs,we propose a node importance evaluationmethod based on the technique for order preference by similarity to an ideal solution(TOPSIS)method.Then,for the multi-FPGA designs,considering the influence of nodes in intra-layer and inter-layers,they are constructed into the interdependent network,and we propose a method based on connection strength to identify the important modules.Finally,we conduct empirical research using actual FPGA designs as examples.The results indicate that compared to other traditional indexes,node importance indexes proposed for different designs can better characterize the importance of nodes.
基金supported by the DFG(German Research Foundation)Priority Program Nano Security,Project MemCrypto(Projektnummer 439827659/funding id DU 1896/2–1,PO 1220/15–1)the funding by the Fraunhofer Internal Programs under Grant No.Attract 600768。
文摘Emerging memristive devices offer enormous advantages for applications such as non-volatile memories and inmemory computing(IMC),but there is a rising interest in using memristive technologies for security applications in the era of internet of things(IoT).In this review article,for achieving secure hardware systems in IoT,lowpower design techniques based on emerging memristive technology for hardware security primitives/systems are presented.By reviewing the state-of-the-art in three highlighted memristive application areas,i.e.memristive non-volatile memory,memristive reconfigurable logic computing and memristive artificial intelligent computing,their application-level impacts on the novel implementations of secret key generation,crypto functions and machine learning attacks are explored,respectively.For the low-power security applications in IoT,it is essential to understand how to best realize cryptographic circuitry using memristive circuitries,and to assess the implications of memristive crypto implementations on security and to develop novel computing paradigms that will enhance their security.This review article aims to help researchers to explore security solutions,to analyze new possible threats and to develop corresponding protections for the secure hardware systems based on low-cost memristive circuit designs.
基金supported by the STI 2030—Major Projects(Grant No.2021ZD0201201)National Natural Science Foundation of China(Grant No.92064012)Hubei Province Postdoctoral Innovation Research Program(Grant No.0106182103)。
文摘With rapid advancement and deep integration of artificial intelligence and the internet-of-things,artificial intelligence of things has emerged as a promising technology changing people’s daily life.Massive growth of data generated from the devices challenges the AIoT systems from information collection,storage,processing and communication.In the review,we introduce volatile threshold switching memristors,which can be roughly classified into three types:metallic conductive filament-based TS devices,amorphous chalcogenide-based ovonic threshold switching devices,and metal-insulator transition based TS devices.They play important roles in high-density storage,energy efficient computing and hardware security for AIoT systems.Firstly,a brief introduction is exhibited to describe the categories(materials and characteristics)of volatile TS devices.And then,switching mechanisms of the three types of TS devices are discussed and systematically summarized.After that,attention is focused on the applications in 3D cross-point memory technology with high storage-density,efficient neuromorphic computing,hardware security(true random number generators and physical unclonable functions),and others(steep subthreshold slope transistor,logic devices,etc.).Finally,the major challenges and future outlook of volatile threshold switching memristors are presented.
基金This work was funded by the Researchers Supporting Project No.(RSP2022R509)King Saud University,Riyadh,Saudi Arabia.In additionthe Natural Science Foundation of Hunan Province under Grant no.2020JJ5604,2022JJ2029 and 2020JJ4622the National Natural Science Foundation of China under Grant no.62172058.
文摘The advanced integrated circuits have been widely used in various situations including the Internet of Things,wireless communication,etc.But its manufacturing process exists unreliability,so cryptographic chips must be rigorously tested.Due to scan testing provides high test coverage,it is applied to the testing of cryptographic integrated circuits.However,while providing good controllability and observability,it also provides attackers with a backdoor to steal keys.In the text,a novel protection scheme is put forward to resist scan-based attacks,in which we first use the responses generated by a strong physical unclonable function circuit to solidify fuseantifuse structures in a non-linear shift register(NLSR),then determine the scan input code according to the configuration of the fuse-antifuse structures and the styles of connection between the NLSR cells and the scan cells.If the key is right,the chip can be tested normally;otherwise,the data in the scan chain cannot be propagated normally,it is also impossible for illegal users to derive the desired scan data.The proposed technique not only enhances the security of cryptographic chips,but also incurs acceptable overhead.
基金supported in part by the National Natural Science Foundation of China(No.61672433)the Natural Science Foundation of Shaanxi Province(No.2019JM-244)。
文摘Information Flow Tracking(IFT)is an established formal method for proving security properties related to confidentiality,integrity,and isolation.It has seen promise in identifying security vulnerabilities resulting from design flaws,timing channels,and hardware Trojans for secure hardware design.However,existing IFT methods tend to take a qualitative approach and only enforce binary security properties,requiring strict non-interference for the properties to hold while real systems usually allow a small amount of information flows to enable desirable interactions.Consequently,existing methods are inadequate for reasoning about quantitative security properties or measuring the security of a design in order to assess the severity of a security vulnerability.In this work,we propose two multi-flow solutions—multiple verifications for replicating existing IFT model and multi-flow IFT method.The proposed multi-flow IFT method provides more insight into simultaneous information flow behaviors and allows for proof of quantitative information flow security properties,such as diffusion,randomization,and boundaries on the amount of simultaneous information flows.Experimental results show that our method can be used to prove a new type of information flow security property with verification performance benefits.
基金The research work was supported by UTP-Universitas Telkom,Indonesia International Collaborative Research Funding(ICRF)015ME0-153 and Center for Graduate Studies(CGS),Universiti Teknologi PETRONAS(UTP),Perak,Malaysia.
文摘Cloud computing has gained significant use over the last decade due to its several benefits,including cost savings associated with setup,deployments,delivery,physical resource sharing across virtual machines,and availability of on-demand cloud services.However,in addition to usual threats in almost every computing environment,cloud computing has also introduced a set of new threats as consumers share physical resources due to the physical co-location paradigm.Furthermore,since there are a growing number of attacks directed at cloud environments(including dictionary attacks,replay code attacks,denial of service attacks,rootkit attacks,code injection attacks,etc.),customers require additional assurances before adopting cloud services.Moreover,the continuous integration and continuous deployment of the code fragments have made cloud services more prone to security breaches.In this study,the model based on the root of trust for continuous integration and continuous deployment is proposed,instead of only relying on a single signon authentication method that typically uses only id and password.The underlying study opted hardware security module by utilizing the Trusted Platform Module(TPM),which is commonly available as a cryptoprocessor on the motherboards of the personal computers and data center servers.The preliminary proof of concept demonstrated that the TPM features can be utilized through RESTful services to establish the root of trust for continuous integration and continuous deployment pipeline and can additionally be integrated as a secure microservice feature in the cloud computing environment.
基金This work is supported by the National Natural Science Foundation of China under Grant Nos. 61602107, 61572123, 61303042, and the Fundamental Research Funds for the Central Universities of China under Grant No. N161704006.
文摘With the increasing use of field-programmable gate arrays (FPGAs) in embedded systems and many embedded applications, the failure to protect FPGA-based embedded systems from cloning attacks has brought serious losses to system developers. This paper proposes a novel combinational logic binding technique to specially protect FPGA-based embedded systems from cloning attacks and provides a pay-per-device licensing model for the FPGA market. Security analysis shows that the proposed binding scheme is robust against various types of malicious attacks. Experimental evaluations demonstrate the low overhead of the proposed technique.
基金supported in part by the National Natural Science Foundation of China under Grant No.61228204the scholarship from China Scholarship Council under Grant No.201306130042the Ph.D.Candidates’ Innovative Research Project of Hunan Province of China under Grant No.CX2012B142
文摘Silicon physical unclonable function (PUF) is a popular hardware security primitive that exploits the intrinsic variation of IC manufacturing process to generate chip-unique information for various security related applications. For example, the PUF information can be used as a chip identifier, a secret key, the seed for a random number generator, or the response to a given challenge. Due to the unpredictability and irreplicability of IC manufacturing variation, silicon PUF has emerged as a promising hardware security primitive and gained a lot of attention over the past few years. In this article, we first give a survey on the current state-of-the-art of silicon PUFs, then analyze known attacks to PUFs and the countermeasures. After that we discuss PUF-based applications, highlight some recent research advances in ring oscillator PUFs, and conclude with some challenges and opportunities in PUF research and applications.
基金This work was supported in part by the National Science Foundation for Distinguished Young Scholars of China under Grant No. 61225012, the National Natural Science Foundation of China under Grant Nos. 61572123, 61501525, 61402162, 61232016, and U1405254, Hunan Province Science and Technology Project under Grant No. 2014RS4033, and the PAPD fund.
文摘Physical unclonable function (PUF) makes use of the uncontrollable process variations during the production of IC to generate a unique signature for each IC. It has a wide application in security such as FPGA intellectual property (IP) protection, key generation and digital rights management. Ring oscillator (RO) PUF and Arbiter PUF are the most popular PUFs, but they are not specially designed for FPGA. RO PUF incurs high resource overhead while obtaining less challenge-response pairs, and requires "hard macros" to implement on FPGAs. The arbiter PUF brings low resource overhead, but its structure has big bias when it is mapped on FPGAs. Anderson PUF can address these weaknesses of current Arbiter and RO PUFs implemented on FPGAs. However, it cannot be directly implemented on the new generation 28 nm FPGAs. In order to address these problems, this paper designs and implements a delay-based PUF that uses two LUTs in an SLICEM to implement two 16-bit shift registers of the PUF, 2-to-1 multiplexers in the carry chain to implement the multiplexers of the PUF, and any one of the 8 flip-flops to latch 1-bit PUF signatures. The proposed delay-based PUF is completely realized on 28 nm commercial FPGAs, and the experimental results show its high uniqueness, reliability and reconfigurability. Moreover, we test the impact of aging on it, and the results show that the effect of aging on the proposed PUF is insignificant, with only 6% bit-flips. Finally, the prospects of the proposed PUF in the FPGA binding and volatile key generation are discussed.
基金supported by the National Natural Science Foundation of China under Grant No.61228204the National Scienceand Technology Major Project of China under Grant No.2013ZX01039001-002-003
文摘Hardware security has become more and more important in current information security architecture. Recently collected reports have shown that there may have been considerable hardware attacks prepared for possible military usage from all over the world. Due to the intrinsic difference from software security, hardware security has some special features and challenges. In order to guarantee hardware security, academia has proposed the concept of trusted integrated circuits,which aims at a secure circulation of IC design, manufacture and chip using. This paper reviews the main problems of trusted integrated circuits, and concludes four key domains of the trusted IC, namely the trusted IC design, trusted manufacture,trusted IP protection, and trusted chip authentication. The main challenges in those domains are also analyzed based on the current known techniques. Finally, the main limitations of the current techniques and possible future trends are discussed.
基金supported by the National Natural Science Foundation of China(Nos.61874042 and 61602107)the Key Research and Development Program of Hunan Province(No.2019GK2082)+3 种基金the Hu-Xiang Youth Talent Program(No.2018RS3041)the Peng Cheng Laboratory Project of Guangdong Province(No.PCL2018KP004)the Fundamental Research Funds for the Central Universitiesthe Program for Lianning Innovative Research。
文摘Wireless sensor technology plays an important role in the military,medical,and commercial fields nowadays.Wireless Body Area Network(WBAN)is a special application of the wireless sensor network in human health monitoring,through which patients can know their physical condition in real time and respond to emergencies on time.Data reliability,guaranteed by the trust of nodes in WBAN,is a prerequisite for the effective treatment of patients.Therefore,authenticating the sensor nodes and the sink nodes in WBAN is necessary.This paper proposes a lightweight Physical Unclonable Function(PUF)-based and cloud-assisted authentication mechanism for multi-hop body area networks,which compared with the star single-hop network,can enhance the adaptability to human motion and the integrity of data transmission.Such authentication mechanism can significantly reduce the storage overhead and resource loss in the data transmission process.
基金This work is supported by the National Natural Science Foundation of China under Grant No. 61774091. Gang Qu is supported in part by Air Force Office of Scientific Research Multi-University Research Initiative of USA under Award No. FA9550-14-1-0351.
文摘Intellectual property (IP) protection is one of the hardcore problems in hardware security. Semiconductor industry still lacks effective and proactive defense to shield IPs from reverse engineering (RE) based attacks. Integrated circuit (IC) camouflaging technique fills this gap by replacing some conventional logic gates in tile IPs with specially designed logic cells (called camouflaged gates) without changing the functions of tile IPs. The camouflaged gates can perform different logic functions while maintaining an identical look to RE attackers, thus preventing them from obtaining the layout information of the IP directly from RE tools. Since it was first proposed in 2012, circuit camouflaging has become one of the hottest research topics in hardware security focusing on two fundamental problems. How to choose the types of camouflaged gates and decide where to insert them in order to simultaneously minimize the performance overhead and optimize the RE complexity? How can an attacker de-camouflage a camouflaged circuit and complete the RE attack? In this article, we review the evolution of circuit camouflaging through this spear and shield race. First, we introduce the design methods of four different kinds of camouflaged ceils based on true/dummy contacts, static random access memory (SRAM), doping, and emerging devices, respectively. Then we elaborate four representative de-camouflaging attacks: brute force attack, IC testing based attack, satisfiability-based (SAT-based) attack, and the circuit partition based attack, and the corresponding countermeasures: clique-based camouflaging, CamoPerturb, AND-tree camouflaging, and equivalent class based camouflaging, respectively. We argue that the current research efforts should be on reducing overhead introduced by circuit camouflaging and defeating decamouflaging attacks. We point out that exploring features of emerging devices could be a promising direction. Finally, as a complement to circuit camouflaging, we conclude with a brief review of other state-of-the-art IP protection techniques.
基金supported by the 111 Project under Grant No.B18001the National Key Research and Development Program of China under Grant No.2018YFB2202605+1 种基金the Guangdong Science and Technology Project of China under Grant No.2019B010155002the National Natural Science Foundation of China under Grant No.61672054.
文摘Hardware security remains as a major concern in the circuit design flow.Logic block based encryption has been widely adopted as a simple but effective protection method.In this paper,the potential threat arising from the rapidly developing field,i.e.,machine learning,is researched.To illustrate the challenge,this work presents a standard attack paradigm,in which a three-layer neural network and a naive Bayes classifier are utilized to exemplify the key-guessing attack on logic encryption.Backed with validation results obtained from both combinational and sequential benchmarks,the presented attack scheme can specifically accelerate the decryption process of partial keys,which may serve as a new perspective to reveal the potential vulnerability for current anti-attack designs.