Browsing by Author "Dhavlle, Abhijitt"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Reverse Engineering of Integrated Circuits: Tools and TechniquesDhavlle, Abhijitt; Dhavlle, Abhijitt; PD, Sai ManojConsumer and defense systems demanded design and manufacturing of electronics with increased performance, compared to their predecessors. As such systems became ubiquitous in a plethora of domains, their application surface increased, thus making them a target for adversaries. Hence, with improved performance the aspect of security demanded even more attention of the designers. The research community is rife with extensive details of attacks that target the confidential design details by exploiting vulnerabilities. The adversary could target the physical design of a semiconductor chip or break a cryptographic algorithm by extracting the secret keys, using attacks that will be discussed in this thesis. This thesis focuses on presenting a brief overview of IC reverse engineering attack and attacks targeting cryptographic systems. Further, the thesis presents my contributions to the defenses for the discussed attacks. The globalization of the Integrated Circuit (IC) supply chain has rendered the advantage of low-cost and high performance ICs in the market for the end users. But this has also made the design vulnerable to over production, IP Piracy, reverse engineering attacks and hardware malware during the manufacturing and post manufacturing process. Logic locking schemes have been proposed in the past to overcome the design trust issues but the new state-of-the-art attacks such as SAT has proven a larger threat. This work highlights the reverse engineering attack and a proposed hardened platform along with its framework. On the other side, the side-channel attacks (SCAs) has been one of the emerging threats. These SCAs function by exploiting the side-channels which invariably leak important data during an application's execution. The information leaked through side-channels are inherent characteristics of the system and is often unintentional. This information can be microarchitectural or physical information such as power consumption, thermal maps, timing of the operation, acoustics, and cache-trace. Intercepting secret information based on the study of power signature is a subdivision of SCAs where power consumption information serves as a covert channel leaking crucial information about the executed operations. Such physical SCAs are known to be a significant threat to cryptosystems such as AES (Advanced Encryption Standard) and can reveal the encryption key efficiently. To overcome such concerns and protect the data integrity, I introduce Power Swapper in this work. The proposed Power Swapper thwarts the attack by randomly choosing one of the multiple modules that perform the intended activity, but have power signature different than a standard implementation and can lead to similar power consumption as one of the other modules that perform a different operation. To achieve this, I introduce carefully crafted swapping of the standby modules that are responsible for the AES operation thus deluding the attacker without hurting the crypto operation. This methodology has been validated for the AES power analysis attack and the key information observed by the attacker is seen to be incorrect, indicating the success of the proposed method.Item Securing The Hardware System Stack: Hardware to Software Layers(2022) Dhavlle, Abhijitt; Pudukotai Dinakarrao, Sai ManojComputing systems have come a long way concerning speed, performance, optimization,and security. The state-of-the-art designs are deployed in the real world, targeting a variety of applications. The hardware security domain has experienced various attacks that proved a serious threat to computing systems. It is given that the underlying vulnerabilities in the system cannot be eradicated given the cost and design constraints. Attacks could differ based on the architectural component they target; Cache side-channel attacks, like, Flush+Reload, Prime+Probe, RowHammer, etc.; Malware-based attacks with reinforced evasion techniques; and Hardware Trojans that can camouflage and decipher sensitive information are all on the rise in recent times. With the recent adaptation and pervasiveness of Machine Learning and Deep Learning techniques for improved performance and a better user experience, Hardware attacks have been improvised, too. This thesis focuses on the development of hardware-assisted security defenses against malware, cache-targeted side-channels, and hardware Trojans. Software-based malware detection have certain limitations such as performance overhead,requiring modication to software application, vulnerability to exploits, and so on; to mitigate the limitations incurred by the traditional software-based malware detection techniques, Hardware-assisted Malware Detection (HMD) using machine learning (ML) classifiers has emerged as a panacea to detect malicious applications and secure the systems. To classify benign and malicious applications, HMD primarily relies on the generated low-level microarchitectural events captured through Hardware Performance Counters (HPCs). The dissertation discusses about an adversarial attack on the HMD systems to tamper the security by introducing the perturbations in the HPC traces with the aid of an adversarial sample generator application. We first deploy an adversarial sample predictor to predict the adversarial HPC pattern for a given application to be misclassified by the deployed ML classifier in the HMD. Further, as the attacker has no direct access to manipulate the HPCs generated during runtime, based on the output of the adversarial sample predictor, we devise an adversarial sample generator wrapped around a normal application to produce HPC patterns like the adversarial predictor HPC trace. With the proposed attack, malware detection accuracy has been reduced to 18.04% from 82.76%. To render the HMD robust against the attack, a hardening technique is proposed and evaluated. Hardening refers to the retraining of the HMD on adversarial samples to offer robustness against performance degradation; With hardening, the HMD performance is restored to 81%. Many of the side-channel attacks target cache memories. To mitigate the attack, this thesis presents a random yet cognitive side-channel mitigation technique that is independent of the underlying architecture and/or operating system. In contrast to the existing randomization-based side-channel defenses, we introduce a cognitive perturbation-based defense, Covert-Enigma, where the introduced perturbations look legit but lead to an incorrect observation when interpreted by the attacker. To achieve this, the perturbations are injected at appropriate time instances to introduce additional operations, thereby misleading the attacker and making the extracted data futile. To further make the attack more intricate for the attacker, the proposed Covert-Enigma oers two modes of operation, chosen by the user, to determine the kind of induced cognitive perturbations - arbitrary and cyclic modes. The cognitive perturbations are introduced in a wrapper application to the victim, thus imposing no requirements on architectural level modications nor soft updates/edits to the operating system. We report an evaluation of the proposed Covert-Enigma protecting RSA cryptosystem attacked by Flush+Reload crypto side-channel attack. Offshore chip manufacturing adds a potential risk of hardware malware embedding. Interconnection networks for multi/many-core processors or server systems are the system's backbone as they enable data communication among the processing cores, caches, memory, and other peripherals. Given the criticality of the interconnects, the system can be severely subverted if the interconnection is compromised. Even by deploying naive hardware Trojans (HTs), an adversary can exploit the Network-on-Chip (NoC) backbone of the processor and get access to communication patterns in the system. This information can reveal important insights regarding the application suites running on the system, thereby compromising user privacy, and paving the way for more severe attacks on the entire system. In the dissertation, we demonstrate that one or more HTs embedded in the NoC of a multi/many-core processor can leak sensitive information regarding traffic patterns to an external malicious attacker, who, in turn, can analyze the HT payload data with machine learning techniques to infer the applications running on the processor. Furthermore, to protect against such attacks, we propose a Simulated Annealing-based randomized routing algorithm in the system. The proposed defense can obfuscate the attacker's data processing capabilities to infer the user profiles successfully. Our experimental results demonstrate that the proposed randomized routing algorithm could reduce the attacker's accuracy of identifying user proles from > 98% to < 15% in multi/many-core systems.