AES硬件实现的能量分析攻击仿真

首先针对高级加密标准（AES）算法的硬件实现，给出了攻击时刻的汉明能耗模型；然后在行为级进行了基于寄存器数据变化的PA攻击；进一步通过对门级电路的功耗仿真，实现了能耗曲线数据的PA攻击。     

Golden-Free Processor Hardware Trojan Detection Using Bit Power Consistency Analysis

Processor is the core chip of modern information system, which is severely threatened by hardware Trojan. Side-channel analysis is the most promising method for hardware Trojan detection. However, most existing detection methods require golden chips as reference, which significantly increases the test cost and complexity. In this paper, we propose a golden-free detection method that exploits the bit power consistency of processor. For the data activated processor hardware Trojan, the power model of processor is modified. Two decomposition methods of power signal are proposed: the differential bit power consistency analysis and the contradictory equations solution. With the proposed method, each bit power can be calculated. The bit consistency based detection algorithms are proposed, the deviation boundaries are obtained by statistical analysis. Experimental measurements were done on field programmable gate array chip with open source 8051 core and hardware Trojans. The results showed that the differences between the two methods were very small. The data activated processor hardware Trojans were detected successfully.     

Hardware Trojan Detection Using an Advised Genetic Algorithm Based Logic Testing

Today, outsourced manufacturing of integrated circuit designs are prone to a range of malicious modifications of the circuitry called Hardware Trojans. HTs can alter the functionality of a circuit, leak secret information and initiate other possible malicious actions. HTs are activated in a very rare condition known by an intruder. Therefore, a group of HT detection methods tries to activate the HT circuitry by crafting test vectors. In this paper, we propose a logic testing based HT detection method using an advised genetic algorithm which creates effective test vectors, the so-called TRIAGE (hardware TR ojan detectI on using an A dvised G enetic algorithm based logic tE sting). The key contribution of this paper is to present a proper fitness function for the genetic algorithm providing better evaluation of the test vectors. The controllability, observability and transition probability factors of rare nodes have been considered in the fitness function. Simulation results indicate 80% reduction in generation time for test sets (on average) as compared to the previous work. On the other hand, reduced generation time for test vectors has been associated with an increase in trigger coverage. The coverage of the TRIAGE method for very hard to trigger Trojans increases by about 23% due to high efficiency of the proposed fitness function for the genetic algorithm.     

硬件木马综述

集成电路在设计或制造过程中会受到硬件木马的攻击,使芯片与硬件的安全性受到威胁。硬件木马技术逐渐受到重视,已成为当今一个新的研究热点。文章介绍了硬件木马的概念,对三种主要的硬件木马分类方法进行了分析;着重探讨了硬件木马的检测方法。对检测方法存在的问题与面临的挑战进行了分析,指出基于旁路信号分析的硬件木马检测方法是当前最主要的一种检测方法。     

嵌入式系统抗缓冲区溢出攻击的硬件防御机制研究

嵌入式系统设计时由于成本和功耗等方面的考虑而较少重视安全性,而一般采用的软件防御方式无法满足嵌入式系统在实时性和可靠性上的要求,缓冲区溢出作为最常见的软件安全漏洞对嵌入式系统安全构成严重威胁.文中构建了一种基于细粒度指令流监控(FIFM)的硬件防御机制,通过虚拟执行单元虚拟执行程序,在攻击发生之前检测攻击行为.实验结果表明FIFM能很好的防御典型的缓冲区溢出攻击,而且FIFM不需要修改程序,不破坏流水线完整性,对系统的性能影响小,本文的防护机制可以应用于其他嵌入式系统设计中以动态防御缓冲区溢出攻击.     

基于特征点的抗几何失真数字图像水印

为了增强水印的抗几何攻击能力,本文提出了一种基于图像内容的水印方案。图像的内容由具有几何不变性的特征点选出,在每块选出的内容上进行水印的嵌入和检测。由于图像的特征点在经过几何攻击后仍然可以保持,这样就很好地解决了水印的同步问题,保证了水印检测的可靠性。实验表明该算法能够很好地抵抗诸如旋转、缩放、剪切等几何攻击以及JPEG压缩攻击。     

Hardware Trojan Detection Based on Logical Testing

In recent years, hardware Trojans (HTs) have become one of the main challenging concerns within the chain of manufacturing digital integrated circuit chips. Because of their diversity in chips, HTs are difficult to detect and locate. This paper attempted to propose a new improved method for detection and localization of HTs based on the real-time logical values of nodes. The algorithm extracts the nodes with special attributes. At the next stage, the nodes with the greatest similarity in terms of logical value are selected as targets. Depending on the size of the circuit, the extraction continues until a sufficient number of similar nodes has been selected. The logical relationship between the candidate nodes yields a function, the logical values of which differ in the Trojan-free and Trojan-infected modes, thus detecting the potential Trojans. This method is scalable, overcoming the problems of noise and Process variation. The success rate of Trojan detection in this method is more than 80%. The most overhead is 13% for power consumption and 15% for area.     

New Lightweight Architectures for Secure FSM Design to Thwart Fault Injection and Trojan Attacks

Finite state machine (FSM) is a critical part in digital processing devices used in Internet of Things (IoT) applications as it controls complete functionality of the device. The synthesis tool implements deterministic FSM by adding extra don’t care states/transitions during optimization. This additional insertion makes the FSM vulnerable to setup-time violation based fault injection (STVFI) and hardware Trojan attacks. The existing techniques are inefficient to completely mitigate these vulnerabilities and exhibit significant design overhead. Therefore, this paper presents a novel lightweight secure machine design technique that completely mitigates the vulnerabilities with minimum overhead. The paper first proposes a new metric to identify all types of vulnerable transitions (VTs) followed by a trustworthy FSM design algorithm and efficient vulnerability mitigation architecture (EVMA). Though our EVMA completely alleviates the vulnerabilities to STVFI and Trojan attacks, it slightly increases the overhead due to additional multiplexers. Hence, we also propose new secure FSM design algorithm and two new lightweight vulnerability mitigation architectures (LVMA-I and LIVMA-II) that control the FFs using existing clear and/or preset pins instead of multiplexers. The experimental results on AES and RSA encryption modules show that the proposed technique detects 100% VTs. Further, ASIC and FPGA implementation of the proposed LIVMA-II using Cadence RTL and Xilinx Vivado presents on an average 40%, 59.6%, and 51.1% reduced area, power and delay respectively compared to the well-known technique. Due to negligible design overhead, our technique is best suitable for designing secure controller of portable IoT devices.     

芯片级木马检测技术研究综述

集成电路在各个领域都具有极其重要的作用,但是在当今集成电路设计、制造、测试、封装各种环节相分离的产业模式下,用户所使用的芯片可能会被别有用心者植入硬件特洛伊木马电路,这给信息安全领域带来了严重威胁,芯片级硬件木马的检测技术已经成为了芯片安全研究领域的新热点。首先介绍了硬件木马的概念、危害以及分类方式;然后对硬件木马检测技术国内外有影响的研究成果进行了详细的总结和评述,着重阐述了目前比较有效的旁路分析方法,指出基于功耗指纹分析的硬件木马检测技术是当前最有前途的一种检测方法;最后简要总结了硬件木马的主动防御机制。     

基于多维结构特征的硬件木马检测技术

硬件木马是第三方知识产权(IP)核的主要安全威胁,现有的安全性分析方法提取的特征过于单一,导致特征分布不够均衡,极易出现较高的误识别率.该文提出了基于有向图的门级网表抽象化建模算法,建立了门级网表的有向图模型,简化了电路分析流程;分析了硬件木马共性特征,基于有向图建立了涵盖扇入单元数、扇入触发器数、扇出触发器数、输入拓扑深度、输出拓扑深度、多路选择器和反相器数量等多维度硬件木马结构特征;提出了基于最近邻不平衡数据分类(SMOTEENN)算法的硬件木马特征扩展算法,有效解决了样本特征集较少的问题,利用支持向量机建立硬件木马检测模型并识别出硬件木马的特征.该文基于Trust_Hub硬件木马库开展方法验证实验,准确率高达97.02％,与现有文献相比真正类率(TPR)提高了13.80％,真负类率(TNR)和分类准确率(ACC)分别提高了0.92％和2.48％,在保证低假阳性率的基础上有效识别硬件木马.     

一种基于密钥的硬件木马预防方法研究

硬件木马因其巨大的潜在威胁而受到学术界和工业界越来越广泛的关注。当前主流的集成电路设计制作的各个环节都存在着植入硬件木马的可能性。基于硬件木马的插入设计考虑,提出一种基于密钥的硬件木马预防方法。通过在电路中增加初始序列(密钥)、迷惑电路和冗余电路,隐藏有正确功能的原始电路,以预防在设计及后续环节中可能被植入的硬件木马。基于大量测试矢量激励的实验表明,优化的预防电路在没有太多的额外的电路资源开销的情况下能有效保护电路不被硬件木马破坏,而且不影响正常的功能。     

Adaptive Defense Against Various Network Attacks

In defending against various network attacks, such as distributed denial-of-service (DDoS) attacks or worm attacks, a defense system needs to deal with various network conditions and dynamically changing attacks. Therefore, a good defense system needs to have a built-in “adaptive defense” functionality based on cost minimization—adaptively adjusting its configurations according to the network condition and attack severity in order to minimize the combined cost introduced by false positives (misidentify normal traffic as attack) and false negatives (misidentify attack traffic as normal) at any time. In this way, the adaptive defense system can generate fewer false alarms in normal situations or under light attacks with relaxed defense configurations, while protecting a network or a server more vigorously under severe attacks. In this paper, we present concrete adaptive defense system designs for defending against two major network attacks: SYN flood DDoS attack and Internet worm infection. The adaptive defense is a high-level system design that can be built on various underlying nonadaptive detection and filtering algorithms, which makes it applicable for a wide range of security defenses.     

Optimal Defense Strategy Against Intentional Attacks

This paper presents a generalized model of damage caused to a complex multi-state series-parallel system by intentional attack. The model takes into account the defense strategy that presumes separation and protection of system elements. The defense strategy optimization methodology is suggested, based on the assumption that the attacker tries to maximize the expected damage of an attack. An optimization algorithm is presented that uses a universal generating function technique for evaluating the losses caused by system performance reduction, and a genetic algorithm for determining the optimal defense strategy. Illustrative examples of defense strategy optimization are presented     

Automatic Feature Selection of Hardware Layout: A Step toward Robust Hardware Trojan Detection

Recently, the problem of hardware Trojan detection has gained a tangible significance in academia and industry. That problem, by its nature, is complex, time consuming and error prone due to design and fabrication outsourcing of hardware circuits to external untrusted foundries. Researchers have proposed different approaches, either destructive or non-destructive, to overcome that problem. The destructive approach depends on reverse engineering via decapsulation, delayering and layout identification. This paper presents a first trial of a new approach that can afford an automatic and robust solution for the step of layout identification. The proposed technique takes the underlying digital circuit as input, and automatically determines its basic features using Haar feature extractor. Based on that features, a decision tree is trained to act as a weak classifier, which is later boosted, by making use of AdaBoost learning algorithm, to produce a strong classifier in a chain of cascaded classifiers. Accordingly, a classification model is built up to provide an automatic hardware Trojan location and detection tool. To evaluate the proposed model, ISCAS89 benchmark dataset was used for training and testing. The hardware dataset has been altered deliberately to show different Trojan examples –namely, Trojan insertion, Trojan deletion and Trojan parametric- inside hardware circuits. By investigating the underlying experimental results, the capabilities of the proposed model are evaluated, and the evaluation shows that the approach can detect different hardware Trojan types in different circuit layouts, with high accuracy rate. The proposed approach is not only automatic, but also robust and promising.     

Unconditionally Secure Steganography Against Active Attacks

In this paper, we study unconditionally secure stegosystems against active attacks over an insecure channel in which an adversary can read and write a message. More specifically, we propose an information-theoretic model for steganography in the presence of active adversaries by extending both Simmons' and Cachin's works; and we show a generic construction of stegosystems secure against active attacks by using authenticated encryption in unconditional setting. Although the idea behind this construction is already used in different models (i.e., computational models and/or information-theoretic models with passive adversaries) of steganography, our contribution lies in showing the construction methodology provides provable and unconditional security against active adversaries.     

防御拒绝服务攻击

Internet上的DDoS攻击对网络和系统安全产生了新的挑战,近年来针对这一问题出现了很多应对机制。论文对防范DDoS攻击的多种方法进行了分析比较。     

Design Methodology and Validity Verification for a Reactive Countermeasure Against EM Attacks

This paper presents a standard-cell-based semiautomatic design methodology for a new conceptual countermeasure against electromagnetic (EM) analysis and fault-injection attacks. The countermeasure, called the EM attack sensor, utilizes LC oscillators that react to variations in the EM field around a cryptographic LSI caused by a microprobe brought near the LSI. A dual-coil sensor architecture with digital calibration based on lookup table programming can prevent various microprobe-based EM attacks that cannot be thwarted by conventional countermeasures. All components of the sensor core are semiautomatically designed by standard electronic design automation tools with a fully digital standard cell library and hence minimum design cost. This sensor can therefore be scaled together with the cryptographic LSI to be protected. The sensor prototype is designed based on the proposed methodology together with a 128-bit-key composite AES processor in 0.18-\(\upmu \hbox {m}\) CMOS with overheads of only 2 % in area, 9 % in power, and 0.2 % in performance, respectively. The countermeasure has been validated against a variety of EM attack scenarios. In particular, some further experimental results are shown for a detailed discussion.     

Golden-Free Hardware Trojan Detection with High Sensitivity Under Process Noise

Malicious modification of integrated circuits in untrusted design house or foundry has emerged as a major security threat. Such modifications, popularly referred to as Hardware Trojans, are difficult to detect during manufacturing test. Sequential hardware Trojans, usually triggered by a sequence of rare events, represent a common and deadly form of Trojans that can be extremely hard to detect using logic testing approaches. Side-channel analysis has emerged as an effective approach for detection of hardware Trojans. However, existing side-channel approaches suffer from increasing process variations, which largely reduce the detection sensitivity and sets a lower limit of the sizes of Trojans detectable. In this paper, we present TeSR, a Temporal Self-Referencing approach that compares the current signature of a chip at two different time windows to isolate the Trojan effect. Since it uses a chip as a reference to itself, the method completely eliminates the effect of process noise and other design marginalities (e.g. capacitive coupling), thus providing high detection sensitivity for Trojans of varying size. Furthermore, unlike most of the existing approaches, TeSR does not require a golden reference chip instance, which may impose a major limitation. Associated test generation, test application, and signature comparison approaches aimed at maximizing Trojan detection sensitivity are also presented. Simulation results for three complex sequential designs and three representative sequential Trojan circuits demonstrate the effectiveness of the approach under large inter- and intra-die process variations. The approach is also validated with current measurement results from several Xilinx Virtex-II FPGA chips.