Publications
publications by categories in reversed chronological order.
2024
- Establishing trust in untrusted IC testing and provisioning environmentSwarup Bhunia, Atul Prasad Deb Nath, Kshitij Raj, and 2 more authorsFeb 2024US Patent 11,899,827
A system for secure testing and provisioning of an integrated circuit (IC) includes, in part, a secure reconfigurable key provisioning architecture (SLEEVE) module disposed in the IC, and a secure asset provisioning hardware entity (SAPHE) module. The IC may include, in part, a modified IEEE 1500 wrapper to control its operation modes. The SLEEVE module may include, in part, an encoding/decoding module and an unlocking module. The encoding/decoding module may include, in part, a decode key stream cipher module, an encode key stream cipher module, Seed Key programmable linear-feedback shift registers (LFSRs), Initialization Vector (IV) LFSRs, and configuration registers. The encoding/decoding module may be configured to generate key bits for decoding and encoding inputs and outputs of the IC. The unlocking module may include, in part, a pattern matching block and a counter. The unlocking module may be configured to enable write access to the configuration registers. The SAPHE module may include, in part, a microcontroller, a logging module, a provisioning module, and a communications module. The SAPHE module may be configured to interact with the IC to obtain a status of the IC during a testing and provisioning process. The logging module may include, in part, dedicated memory segments to store values for configuring the SLEEVE module and unlocking patterns for enabling write access to the configuration registers. The provisioning module may include, in part, a content accessible memory (CAM) module to store encrypted test patterns and encoded asset provisioning vectors for intellectual property (IP) blocks in the IC.
@misc{bhunia2024establishing, title = {Establishing trust in untrusted IC testing and provisioning environment}, author = {Bhunia, Swarup and Nath, Atul Prasad Deb and Raj, Kshitij and Ray, Sandip and SLPSK, Patanjali}, year = {2024}, month = feb, note = {US Patent 11,899,827} }
- VARI-CHECK: Authentication of COTS Devices using ML-Based Variability CharacterizationChristopher Vega, Patanjali SLPSK, Ravalika Karnati, and 1 more authorAuthorea Preprints, Feb 2024
@article{vega2024vari, title = {VARI-CHECK: Authentication of COTS Devices using ML-Based Variability Characterization}, author = {Vega, Christopher and SLPSK, Patanjali and Karnati, Ravalika and Bhunia, Swarup}, journal = {Authorea Preprints}, year = {2024}, publisher = {Authorea} }
- IOLock: An Input/Output Locking Scheme for Protection Against Reverse Engineering AttacksChristopher Vega, Patanjali SLPSK, and Swarup BhuniaIEEE Transactions on Very Large Scale Integration (VLSI) Systems, Feb 2024
Reverse engineering (RE) of hardware designs poses a significant threat to the modern distributed electronics supply chain. RE can be performed at both chip and printed circuit board (PCB) levels by using structural, functional, or combined analysis techniques. Recent studies on artificial intelligence (AI)-inspired RE techniques have seen a drastic increase in the effectiveness of such attacks. While various countermeasures, e.g., logic locking (LL) at the chip level and camouflaging at the board level, have been studies to combat RE, the advent of Boolean satisfiability (SAT)-based functional query at chip level and 3-D imaging attacks at board level has shown that these protections can be easily bypassed. We observe that a common factor that contributes to the success of these attacks at both chip and board levels is the ability of an attacker to observe the input/output (I/O) patterns of a working system. Based on this observation, we present a novel locking scheme called IOLock that can effectively prevent access to golden I/O behavior of a working system. IOLock restricts access to the actual I/Os of the chips in a PCB by introducing a low-overhead key management unit (KMU) that works in conjunction with internal encryption/decryption modules near the I/O ports. The encryption/decryption modules are designed to work with the existing joint test action group (JTAG) infrastructure. IOLock can be used in standalone mode or in conjunction with another LL scheme to enhance the overall security of the design. We evaluate the security guarantees offered by IOLock theoretically, through simulation, and hardware measurements. We show that IOLock provides robust protection against both chip-level and PCB-level RE attacks while incurring minimal design overhead.
@article{iolock, author = {Vega, Christopher and SLPSK, Patanjali and Bhunia, Swarup}, journal = {IEEE Transactions on Very Large Scale Integration (VLSI) Systems}, title = {IOLock: An Input/Output Locking Scheme for Protection Against Reverse Engineering Attacks}, year = {2024}, volume = {32}, number = {2}, pages = {347-360}, keywords = {Registers;Pins;Cryptography;Threat modeling;Hardware security;Intellectual property;Reverse engineering;Printed circuits;Hardware security;IP protection;logic locking (LL);printed circuit board (PCB) security;reverse engineering (RE)}, doi = {10.1109/TVLSI.2023.3337310}, issn = {1557-9999}, month = feb }
2023
- MeLPUF: Memory-in-Logic PUF Structures for Low-Overhead IC AuthenticationChristopher Vega, Patanjali SLPSK, Shubhra Deb Paul, and 2 more authorsIn 2023 IEEE Physical Assurance and Inspection of Electronics (PAINE), Oct 2023
Physically Unclonable Functions (PUFs) are used for securing electronic devices across the implementation spectrum ranging from Field Programmable Gate Array (FPGA) to system on chips (SoCs). However, existing PUF implementations often suffer from one or more significant deficiencies: (1) Significant design overhead; (2) Difficulty to configure and integrate based on application-specific requirements; (3) Vulnerability to model-building attacks; and (4) Spatial locality to a specific region of a chip. These factors limit their application in the authentication of designs used in various applications. In this work, we propose MeLPUF: Memory-in-Logic PUF; a low-overhead distributed PUF that leverages the existing logic gates in a design to create cross-coupled inverters (i.e., memory cells), in a logic circuit as an entropy source. It exploits these memory cells’ power-up states as the source of entropy to generate device-specific unique fingerprints. A dedicated control signal governs these on-demand memory cells. They can be dispersed across the combinational logic of a design to achieve distributed authentication. They can also be synthesized with a standard logic synthesis tool to meet the target area, power, and performance constraints. We demonstrate the scalability of MeLPUF by aggregating power-up states from multiple memory cells, thus creating PUF signatures or digital identifiers of varying lengths. Our analysis shows the high quality of the PUF in terms of uniqueness, randomness, and robustness while incurring modest overhead.
@inproceedings{melpufpaine, author = {Vega, Christopher and SLPSK, Patanjali and Paul, Shubhra Deb and Chatterjee, Atri and Bhunia, Swarup}, booktitle = {2023 IEEE Physical Assurance and Inspection of Electronics (PAINE)}, title = {MeLPUF: Memory-in-Logic PUF Structures for Low-Overhead IC Authentication}, year = {2023}, volume = {}, number = {}, pages = {1-7}, keywords = {Logic circuits;Authentication;Transforms;Logic gates;Robustness;Entropy;Table lookup}, doi = {10.1109/PAINE58317.2023.10317943}, issn = {}, month = oct }
- PROTECTS: Secure Provisioning of System-on-Chip Assets in Untrusted Testing FacilityPatanjali SLPSK, Jonathan Cruz, Sandip Ray, and 1 more authorIn 2023 IEEE International Test Conference India (ITC India), Jul 2023
System-on-Chips contain variety of Hardware Security Assets (HSAs) to protect the components of the system against untrusted entities. Binding the HSAs to each SoC silicon instance during the testing stage, known as provisioning, is a critical step in SoC life cycle since improper provisioning could compromise the secure, trustworthy field operation of SoC and/or lead to crucial supply chain threats (e.g., piracy, cloning and reverse engineering). However, existing SoC provisioning methods do not scale to more advanced threat vectors under the emergent zero trust model that considers the foundry and testing/assembly process untrustworthy. We address this problem through a comprehensive framework, PROTECTS that enables secure provisioning of HSAs under zero trust. We demonstrate PROTECTS using a representative RISC-V based SoC with diverse set of HSAs. Our analysis shows that PROTECTS incurs minimal design overheads (0.36%, 0.54% and 0.0%) in area, power, and gate-count, respectively, for the entire SoC), while providing strong security guarantees.
@inproceedings{protects, author = {SLPSK, Patanjali and Cruz, Jonathan and Ray, Sandip and Bhunia, Swarup}, booktitle = {2023 IEEE International Test Conference India (ITC India)}, title = {PROTECTS: Secure Provisioning of System-on-Chip Assets in Untrusted Testing Facility}, year = {2023}, volume = {}, number = {}, pages = {1-6}, keywords = {Scalability;Supply chains;Computer architecture;Logic gates;Silicon;Foundries;Software;Zero Trust;SoC provisioning;Reverse Engineering;Counterfeiting;Piracy}, doi = {10.1109/ITCIndia59034.2023.10235499}, issn = {2833-8391}, month = jul }
- Invisible Scan for Protecting Against Scan-Based Attacks: You Can’t Attack What You Can’t SeePravin Gaikwad, Patanjali SLPSK, and Swarup BhuniaIn 2023 IEEE International Test Conference India (ITC India), Jul 2023
Sean-based Design-for- Test (DIT) infrastructure renders an ASIC design testable by making internal circuit nodes more controllable and observable. It, however, vastly conflicts with the security requirements of a design by making on-chip assets vulnerable to scan-based attacks. To address this critical security issue, over the past two decades, numerous scan protection solutions have been investigated. However, none of the existing solutions addresses the growing need to protect a scan chain under the emergent zero trust model. This model considers a fully untrusted fabrication and testing facility consistent with the modern globally distributed supply chain ecosystem. Under this model, existing protection against scan-based DIT can be easily bypassed, leading to unauthorized scan access. This work, for the first time, analyzes the vulnerabilities of state-of-the-art scan countermeasures and presents InvisibleScan, an innovative state space obfuscation-based scan protection method to prevent scan attacks under zero trust. We evaluate InvisbleScan on a suite of ITC’99 benchmarks and show that it incurs minimal overhead while providing strong security guarantees.
@inproceedings{invisiblescan, author = {Gaikwad, Pravin and SLPSK, Patanjali and Bhunia, Swarup}, booktitle = {2023 IEEE International Test Conference India (ITC India)}, title = {Invisible Scan for Protecting Against Scan-Based Attacks: You Can't Attack What You Can't See}, year = {2023}, volume = {}, number = {}, pages = {1-6}, keywords = {Fabrication;Supply chains;Reverse engineering;Ecosystems;Companies;Zero Trust;System-on-chip;Secure Scan;Scan Attacks;DFT;Obfuscation}, doi = {10.1109/ITCIndia59034.2023.10235609}, issn = {2833-8391}, month = jul }
- TVF: A Metric for Quantifying Vulnerability Against Hardware Trojan AttacksJonathan Cruz, Patanjali SLPSK, Pravin Gaikwad, and 1 more authorIEEE Transactions on Very Large Scale Integration (VLSI) Systems, Jul 2023
The need for metrics for quantifying trustworthiness of electronic hardware against diverse threats on its integrity and confidentiality has greatly increased due to the increasing reliance on the untrusted global supply chain. Hardware Trojans, or malicious design alterations, has emerged as a major threat to hardware integrity and garnered significant interest in recent times due to its catastrophic potential. Effective protection against hardware Trojan attacks, however, requires well-defined metrics, which fall into two broad classes: 1) measure of a design’s vulnerability to Trojan insertion and 2) measure of effectiveness of a defense solution—a design or verification/test approach—against Trojan attacks, which is often represented as Trojan coverage. The former is important to assess the level of difficulty an adversary would encounter to insert a hard-to-detect Trojan. Previous efforts have assigned vulnerability as a function of the number of suspect nets identified in a design or are required to enumerate a subspace of Trojans. However, these values simplify the problem of hardware Trojan insertion and leave much of the subsequent analysis regarding the viable Trojan space unmeasured. In this article, we address this critical gap by presenting Trojan vulnerability factor (TVF), a metric for quantifying a design’s vulnerability to Trojan insertion via maximal clique analysis. With such analysis, we can frame the threat to more accurately represent the Trojan behavior and quantify the level of effort required for a designer to cover these Trojan triggers without needing to directly consider Trojan trigger sizes. We also introduce soft thresholding to account for suspect nets, which lie at the boundary of a design. Experimental results highlight the benefits of the proposed approach over existing Trojan vulnerability metrics. Finally, we demonstrate scalability to large designs through partitioning and clique sampling-based estimations.
@article{tvf, author = {Cruz, Jonathan and SLPSK, Patanjali and Gaikwad, Pravin and Bhunia, Swarup}, journal = {IEEE Transactions on Very Large Scale Integration (VLSI) Systems}, title = {TVF: A Metric for Quantifying Vulnerability Against Hardware Trojan Attacks}, year = {2023}, volume = {31}, number = {7}, pages = {969-979}, keywords = {Trojan horses;Measurement;Hardware;Supply chains;Behavioral sciences;Statistics;Sociology;Hardware Trojan;metrics;quantifiable assurance;trust}, doi = {10.1109/TVLSI.2023.3270866}, issn = {1557-9999}, month = jul }
- TREEHOUSE: A Secure Asset Management Infrastructure for Protecting 3DIC DesignsPatanjali SLPSK, Sandip Ray, and Swarup BhuniaIEEE Transactions on Computers, Aug 2023
The push to meet growing user requirements and manufacturing challenges at lower technology nodes have motivated chip designers to adopt non-traditional design techniques. 2.5D/3DIC stacking has gained popularity in recent years since it enables chip manufacturers to integrate complex IPs to meet user demands without incurring design penalties. However, the non-traditional nature of the supply chain also means that additional challenges exist for verification and testing of the manufactured design, making the trust assurance of these designs an extremely challenging proposition. While there have been works focussing on securing 3DIC designs, very few address a completely untrusted supply chain. A robust security countermeasure must address the diverse trust requirements of the IPs in the design and the distributed supply chain requirements while ensuring that the functionality and performance overheads of the IC are not violated. We present TREEHOUSE, a trust assurance solution to counter piracy, reverse-engineering, and counterfeiting attacks. TREEHOUSE uses scan authentication to detect piracy and counterfeiting, scan-and functional-locking to prevent reverse-engineering. We evaluate the efficiency of our proposed scheme on an example 3DIC design. We show that TREEHOUSE incurs less than 1% area and power overheads while incurring less than 1% increase in overall gate count for each layer.
@article{treehouse, author = {SLPSK, Patanjali and Ray, Sandip and Bhunia, Swarup}, journal = {IEEE Transactions on Computers}, title = {TREEHOUSE: A Secure Asset Management Infrastructure for Protecting 3DIC Designs}, year = {2023}, volume = {72}, number = {8}, pages = {2306-2320}, keywords = {Trojan horses;Foundries;Security;IP networks;Three-dimensional displays;Testing;Computer architecture;3DIC;IP authentication;IP piracy;logic locking;reverse-engineering}, doi = {10.1109/TC.2023.3248269}, issn = {1557-9956}, month = aug }
- SIGNED: A Challenge-Response Scheme for Electronic Hardware WatermarkingPatanjali SLPSK, Abhishek Anil Nair, Chester Rebeiro, and 1 more authorIEEE Transactions on Computers, Jun 2023
The emergence of distributed manufacturing ecosystems for electronic hardware involving untrusted parties has led to diverse trust issues. In particular, Intellectual Property (IP) piracy, reverse engineering, and overproduction pose significant threats to integrated circuits (IC) manufacturers. Watermarking has been one of the solutions employed by the semiconductor industry to overcome many of the trust issues. However, existing watermarking techniques often suffer from one or more of the following deficiencies: (1) low structural coverage, (2) applicability to specific design abstraction level (e.g., gate or layout), (3) high design overhead, and (4) vulnerabilities to removal or tampering attacks. We address these deficiencies by introducing a new watermarking scheme, called SIGNED: Signature Insertion through challenGe respoNse in Electronic Design. SIGNED relies on a challenge-response protocol-based interrogation scheme for generating the watermark. It identifies strategic locations of an input design and samples them in response to select input patterns to form a set of compact signatures representing the functional and structural characteristics of a design. We show that this signature set can be used as high-quality watermark of an IP to verify its provenance. We evaluate SIGNED on the ISCAS85, ITC, and MIT CEP benchmark circuits with respect to all major quality parameters of hardware watermark. We show that SIGNED achieves excellent structural coverage and robustness against identification and removal attacks, while introducing modest design overheads.
@article{signed, author = {SLPSK, Patanjali and Nair, Abhishek Anil and Rebeiro, Chester and Bhunia, Swarup}, journal = {IEEE Transactions on Computers}, title = {SIGNED: A Challenge-Response Scheme for Electronic Hardware Watermarking}, year = {2023}, volume = {72}, number = {6}, pages = {1763-1777}, keywords = {Watermarking;IP networks;Logic gates;Hardware;Resistance;Integrated circuits;Delays;Challenge response pairs;hardware interrogation;hardware security;IP protection;IP watermarking}, doi = {10.1109/TC.2022.3223304}, issn = {1557-9956}, month = jun }
2022
- Smart Infrastructures and First-Responder Network for Security and Safety HazardsPrabuddha Chakraborty, Reiner Dizon, Christopher Vega, and 4 more authorsFeb 2022US Patent App. 17/392,376
Disclosed are various embodiments related to coordinated monitoring and responding to an emergency situation at a building structure as a supplement to a traditional emergency response. In some embodiments, a system comprises a computing device that is configured to receive sensor data from a sensor network. The sensor network includes monitoring units that monitor various locations of an infrastructure. The computing device determines an occurrence of an emergency event at a location in the infrastructure using an anomaly detector model based at least in part on the sensor data. A hybrid mobile unit is instructed by the computing device to navigate to the location of the emergency event. The hybrid mobile unit is configured to provide mobile sensor data associated with the location to confirm the emergency event.
@misc{prabuddha2022smart, title = {Smart Infrastructures and First-Responder Network for Security and Safety Hazards}, author = {Chakraborty, Prabuddha and Dizon, Reiner and Vega, Christopher and Harley, Joel B and Ray, Sandip and Bhunia, Swarup and SLPSK, Patanjali}, year = {2022}, month = feb, note = {US Patent App. 17/392,376} }
- Drone-based administration of remotely located instruments and gadgetsMar 2022US Patent US20220083987A1
@misc{swarup2022drone, title = {Drone-based administration of remotely located instruments and gadgets}, author = {}, year = {2022}, month = mar, note = {US Patent US20220083987A1} }
- RECONFIGURABLE JTAG ARCHITECTURE FOR IMPLEMENTATION OF PROGRAMMABLE HARDWARE SECURITY FEATURES IN DIGITAL DESIGNSSwarup Bhunia, Christopher Vega, Reiner Dizon, and 2 more authorsNov 2022US Patent 20,220,357,394
@misc{bhunia2022reconfigurable, title = {RECONFIGURABLE JTAG ARCHITECTURE FOR IMPLEMENTATION OF PROGRAMMABLE HARDWARE SECURITY FEATURES IN DIGITAL DESIGNS}, author = {Bhunia, Swarup and Vega, Christopher and Dizon, Reiner and Kalavakonda, Rohan Reddy and SLPSK, Patanjali}, year = {2022}, month = nov, note = {US Patent 20,220,357,394} }
- RIHANN: Remote IoT Hardware Authentication With Intrinsic IdentifiersShubhra Deb Paul, Fengchao Zhang, Patanjali SLPSK, and 2 more authorsIEEE Internet of Things Journal, Dec 2022
The heterogeneous array of edge devices in an Internet of Things (IoT) infrastructure is increasingly vulnerable to physical in-field tampering attacks. These devices can significantly benefit from a difficult-to-clone and tamper-immune intrinsic identifier that can verify the authenticity or integrity of the physical components. In this article, we develop an intrinsic device identifier, RIHANN, that captures the state of the electronic hardware in an IoT device. This state can adequately reflect any physical tampering of the hardware components by transforming the intrinsic delay variations in the electronic components of an edge device into unique and robust signatures. Our proposed authentication approach utilizes the boundary scan architecture (BSA) in printed circuit boards (PCBs). BSA is a prevalent design for test (DFT) structure used in most PCBs in IoT edge devices. This technique supports an extensive array of heterogeneous devices and can seamlessly operate during the device’s runtime. We measure the boundary scan path delays using the parallel scan delay-measurement (PSDM) technique for commercially available ICs. We perform practical experiments on 20 devices, generate signatures, and evaluate their uniqueness, robustness, randomness, and resistance to aging. We also introduce a security protocol for the cloud server, owner/verifier, or other IoT devices connected to a network to verify their identity remotely. The policy prevents attacks from extracting the device’s secret keys using an efficient moving target defense mechanism that periodically updates and evolves the challenge–response database.
@article{rihann, author = {Paul, Shubhra Deb and Zhang, Fengchao and SLPSK, Patanjali and Trivedi, Amit Ranjan and Bhunia, Swarup}, journal = {IEEE Internet of Things Journal}, title = {RIHANN: Remote IoT Hardware Authentication With Intrinsic Identifiers}, year = {2022}, volume = {9}, number = {24}, pages = {24615-24627}, keywords = {Internet of Things;Authentication;Physical unclonable function;Printed circuits;Delays;Runtime;Boundary scan;boundary scan architecture (BSA);boundary scan cell (BSC);delay;Internet of Things (IoT);Joint Test Action Group (JTAG);parallel scan delay measurement (PSDM);physical unclonable function (PUF);printed circuit board (PCB);process variations;remote authentication;runtime}, doi = {10.1109/JIOT.2022.3195546}, issn = {2327-4662}, month = dec }
- Avatar: Reinforcing Fault Attack Countermeasures in EDA with Fault TransformationsPrithwish Basu Roy, Patanjali SLPSK, and Chester RebeiroIn 2022 27th Asia and South Pacific Design Automation Conference (ASP-DAC), Jan 2022
Cryptography hardware are highly vulnerable to a class of side-channel attacks known as Differential Fault Analysis (DFA). These attacks exploit fault induced errors to compromise secret keys from ciphers within a few seconds. A bias in the error probabilities strengthens the attack considerably. It abets in bypassing countermeasures and is also the basis of powerful attack variants like the Differential Fault Intensity Analysis (DFIA) and Statistical Ineffective Fault Analysis (SIFA). In this paper, we make two significant contributions. First, we identify the correlation between fault induced errors and gatelevel parameters like the threshold voltage, gate size, and V_\textDD. We show how these parameters can influence the bias in the error probabilities. Then, we propose an algorithm, called Avatar, that carefully tunes gate-level parameters to strengthen the redundancy countermeasures against DFA, DFIA, and SIFA attacks with no additional logic needed. The central idea of Avatar is to reconfigure gates in the redundant circuits so that each circuit has a unique behavior to faults, making fault detection much more efficient. In AES for instance, fault attack resistance improves by 40% for DFA and DFIA, and 99% in the case of SIFA. Avatar incurs negligible area overheads and can be quickly adopted in any cipher design. It can be incorporated in commercial EDA flows and provides users with tunable knobs to trade-off performance and power consumption, for fault attack security.
@inproceedings{avatar, author = {Roy, Prithwish Basu and SLPSK, Patanjali and Rebeiro, Chester}, booktitle = {2022 27th Asia and South Pacific Design Automation Conference (ASP-DAC)}, title = {Avatar: Reinforcing Fault Attack Countermeasures in EDA with Fault Transformations}, year = {2022}, volume = {}, number = {}, pages = {417-422}, keywords = {Resistance;Ciphers;Power demand;Error probability;Avatars;Redundancy;Logic gates;Fault injection attacks;Gate Reconfiguration;EDA Security}, doi = {10.1109/ASP-DAC52403.2022.9712539}, issn = {2153-697X}, month = jan }
2021
- Defense of jtag i/o networkSwarup Bhunia, Christopher Vega, Shubhra Deb Paul, and 3 more authorsDec 2021US Patent App. 17/303,648
An integrated circuit includes, in part, a key management unit configured to generate a seeding key during a start-up phase, an encryption module configured to encrypt data using the seeding key and deliver the encrypted data to a second integrated circuit, and an encoder configured to encode the seeding key and deliver the encoded seeding key to the second IC. The second integrated circuit includes, in part, a decoder configured to decode the seeding key. Each of the integrated circuits further includes, in part, a linear-feedback shift register that receives the same clock signals and loads the seeding key.
@misc{swarup2021defense, title = {Defense of jtag i/o network}, author = {Bhunia, Swarup and Vega, Christopher and Paul, Shubhra Deb and Difuntorum, Parker and Dizon, Reiner and SLPSK, Patanjali}, year = {2021}, month = dec, note = {US Patent App. 17/303,648} }
- Framework for obfuscation based watermarkingSwarup Bhunia, Tamzidul Hoque, Abhishek Anil Nair, and 1 more authorOct 2021US Patent App. 17/224,559
The present disclosure describes systems, apparatuses, and methods for obfuscation-based intellectual property (IP) watermark labeling. One such method comprises identifying, by one or more computing processors, a specific net within an integrated circuit design that is likely to be used in a malicious attack; and adding additional nets to the integrated circuit design that add additional logic states to a finite state machine present in the integrated circuit design. The additional logic states comprise watermarking states for performing authentication of the integrated circuit design, in which a watermark digest can be captured upon application of secret key inputs to the additional nets. Other methods, systems, and apparatuses are also presented.
@misc{swarup2021framework, title = {Framework for obfuscation based watermarking}, author = {Bhunia, Swarup and Hoque, Tamzidul and Nair, Abhishek Anil and SLPSK, Patanjali}, year = {2021}, month = oct, note = {US Patent App. 17/224,559} }
- Trusted Electronic Systems with Untrusted COTSShuo Yang, Prabuddha Chakraborty, Patanjali SLPSK, and 1 more authorIn 2021 22nd International Symposium on Quality Electronic Design (ISQED), Apr 2021
The challenges of custom integrated circuits (IC) design have made it prevalent to integrate commercial-off-the-shelf (COTS) components (micro-controllers, FPGAs, etc.) in today’s designs. While this approach eases the design challenges and improves productivity, it also gives rise to diverse security concerns. One such concern is the possibility of malicious hardware modifications, also called hardware Trojan attacks, by untrusted parties involved in the manufacturing or distribution of COTS devices. While Hardware Trojan detection is an active research topic in the field of microelectronics security, most methods assume the availability of a golden design/chip, which is impractical in the case of a COTS device. In this paper, we discuss challenges with detecting Trojan in COTS components, and introduce a Trojan detection method that applies unsupervised learning. We utilize side-channel power signatures to cluster and isolate chips with Trojans. The proposed method is suitable for trust verification of COTS components by an original equipment manufacturer (OEM) before system integration. In our method, the design house creates a set of security validation test vectors available to the tester (e.g., OEM). The OEM can also generate the test vectors using the block-level diagrams provided by the design house. Power signatures are generated for all the chips under test using these test vectors. We use the generated power signatures to apply feature extraction followed by clustering to group the chips into bins. Through this process, we divide the chips into distinct bins and distinguish the Trojan-inserted chips from the Trojan-free ones. The bin with golden chips can be identified by extensive testing and reverse engineering of one chip sampled from each bin. We utilize two clustering techniques K-Means, and Expectation-Maximization (EM) to perform a comparative analysis. Additionally, we perform extensive experiments to assert our method’s effectiveness and obtain over 98% accuracy on the clustering of FPGA chips with both combinational and sequential Trojans.
@inproceedings{cotsisqed, author = {Yang, Shuo and Chakraborty, Prabuddha and SLPSK, Patanjali and Bhunia, Swarup}, booktitle = {2021 22nd International Symposium on Quality Electronic Design (ISQED)}, title = {Trusted Electronic Systems with Untrusted COTS}, year = {2021}, volume = {}, number = {}, pages = {198-203}, keywords = {Systematics;Reverse engineering;System integration;Feature extraction;Hardware;Trojan horses;Security}, doi = {10.1109/ISQED51717.2021.9424257}, issn = {1948-3287}, month = apr }
- On Database-Free Authentication of Microelectronic ComponentsFengchao Zhang, Shubhra Deb Paul, Patanjali SLPSK, and 2 more authorsIEEE Transactions on Very Large Scale Integration (VLSI) Systems, Jan 2021
Counterfeit integrated circuits (ICs) have become a significant security concern in the semiconductor industry as a result of the increasingly complex and distributed nature of the supply chain. These counterfeit chips may result in performance degradation, profit reduction, and reputation risk for the manufacturer. Therefore, developing effective countermeasures against such malpractices is becoming severely crucial. Physical unclonable function (PUF)-based authentication methods have the potential to mitigate these challenges. However, PUF-based solutions are restrained by several factors, such as additional design efforts and significant area/power overhead, struggle to maintain and update challenge-response pairs (CRPs) database, and the vulnerability to machine learning (ML) attacks. In this article, we address these challenges by developing a novel database-free and enrolment-free hardware authentication approaches, i.e., a digital watermark metric for ICs. To enable efficient database-free hardware integrity verification without enrolment, first, we transform the intrinsic variations in circuit parameters, e.g., boundary scan chain (BSC) path delays in the joint test action group (JTAG) chain into robust digital signatures. Then, we perform statistical analysis on a small pilot unit of authentic chips to create a robust watermark for a complete batch of chips, which jointly captures the characteristics of the physical layout, the manufacturing process, and the foundry. The increasing complexity in the current state-of-the-art designs makes it extremely hard for an adversary to perfectly clone such statistical characterization of circuit parameters using counterfeit or compromised hardware. Besides, the proposed approach requires no additional design or hardware overhead in IC design since it utilizes an embedded structure, which inherently exists within the chips. It also obviates the design house from characterizing each manufactured chip instance, reducing overall testing cost. A path-delay measurement method at a high resolution based on clock phase sweep is introduced to measure the delay values effectively. The proposed intrinsic identifier-based authentication approach is validated by performing emulation on FPGAs and also by conducting physical measurements on custom-made printed circuit boards (PCBs). The reliability of the generated watermarks is evaluated with environmental temperature fluctuations and the aging effect.
@article{zhangtvlsi, author = {Zhang, Fengchao and Paul, Shubhra Deb and SLPSK, Patanjali and Trivedi, Amit Ranjan and Bhunia, Swarup}, journal = {IEEE Transactions on Very Large Scale Integration (VLSI) Systems}, title = {On Database-Free Authentication of Microelectronic Components}, year = {2021}, volume = {29}, number = {1}, pages = {149-161}, keywords = {Integrated circuits;Authentication;Watermarking;Delays;Semiconductor device measurement;Registers;Physical unclonable function;Database-free;emulation;enrolment-free;experimental;joint test action group (JTAG);principal component analysis (PCA);runtime authentication;watermark}, doi = {10.1109/TVLSI.2020.3039723}, issn = {1557-9999}, month = jan }
2020
- Depending on HTTP/2 for Privacy? Good Luck!Gargi Mitra, Prasanna Karthik Vairam, Patanjali SLPSK, and 2 more authorsIn 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Jun 2020
HTTP/2 introduced multi-threaded server operation for performance improvement over HTTP/1.1. Recent works have discovered that multi-threaded operation results in multiplexed object transmission, that can also have an unanticipated positive effect on TLS/SSL privacy. In fact, these works go on to design privacy schemes that rely heavily on multiplexing to obfuscate the sizes of the objects based on which the attackers inferred sensitive information. Orthogonal to these works, we examine if the privacy offered by such schemes work in practice. In this work, we show that it is possible for a network adversary with modest capabilities to completely break the privacy offered by the schemes that leverage HTTP/2 multiplexing. Our adversary works based on the following intuition: restricting only one HTTP/2 object to be in the server queue at any point of time will eliminate multiplexing of that object and any privacy benefit thereof. In our scheme, we begin by studying if (1) packet delays, (2) network jitter, (3) bandwidth limitation, and (4) targeted packet drops have an impact on the number of HTTP/2 objects processed by the server at an instant of time. Based on these insights, we design our adversary that forces the server to serialize object transmissions, thereby completing the attack. Our adversary was able to break the privacy of a real-world HTTP/2 website 90% of the time, the code for which will be released. To the best of our knowledge, this is the first privacy attack on HTTP/2.
@inproceedings{http2, author = {Mitra, Gargi and Vairam, Prasanna Karthik and SLPSK, Patanjali and Chandrachoodan, Nitin and V, Kamakoti}, booktitle = {2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)}, title = {Depending on HTTP/2 for Privacy? Good Luck!}, year = {2020}, volume = {}, number = {}, pages = {278-285}, keywords = {Multiplexing;Privacy;Cryptography;Servers;Jitter;Bandwidth;Delays;HTTP/2 attack, HTTP/2 privacy, encrypted traffic analysis}, doi = {10.1109/DSN48063.2020.00044}, issn = {1530-0889}, month = jun }
- SOLOMON: An Automated Framework for Detecting Fault Attack Vulnerabilities in HardwareMilind Srivastava, Patanjali SLPSK, Indrani Roy, and 3 more authorsIn 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE), Mar 2020
Fault attacks are potent physical attacks on crypto-devices. A single fault injected during encryption can reveal the cipher’s secret key. In a hardware realization of an encryption algorithm, only a tiny fraction of the gates is exploitable by such an attack. Finding these vulnerable gates has been a manual and tedious task requiring considerable expertise. In this paper, we propose SOLOMON, the first automatic fault attack vulnerability detection framework for hardware designs. Given a cipher implementation, either at RTL or gate-level, SOLOMON uses formal methods to map vulnerable regions in the cipher algorithm to specific locations in the hardware thus enabling targeted countermeasures to be deployed with much lesser overheads. We demonstrate the efficacy of the SOLOMON framework using three ciphers: AES, CLEFIA, and Simon.
@inproceedings{solomon, author = {Srivastava, Milind and SLPSK, Patanjali and Roy, Indrani and Rebeiro, Chester and Hazra, Aritra and Bhunia, Swarup}, booktitle = {2020 Design, Automation & Test in Europe Conference & Exhibition (DATE)}, title = {SOLOMON: An Automated Framework for Detecting Fault Attack Vulnerabilities in Hardware}, year = {2020}, volume = {}, number = {}, pages = {310-313}, keywords = {Ciphers;Hardware;Logic gates;Hardware design languages;Encryption;Syntactics;Fault diagnosis;fault attack;fault evaluation tools;formal verification}, doi = {10.23919/DATE48585.2020.9116380}, issn = {1558-1101}, month = mar }
- Trust Issues in Microelectronics: The Concerns and the CountermeasuresTamzidul Hoque, Patanjali SLPSK, and Swarup BhuniaIEEE Consumer Electronics Magazine, Nov 2020
The semiconductor industry is constantly striving to improve the performance, reliability, and cost of electronic devices. The growing complexity in the design process of microelectronics coupled with the requirement of significant investment in research and development means that there is hardly any entity in the industry that is capable of acquiring the state-of-the-art technologies for all facets of the development process across myriad niche device technologies. Therefore, for economic and practical reasons, the modern electronic supply chain relies on several different vendors that specialize in a specific area of the design and fabrication process. From a security perspective, this distributed manufacturing process violates the trust of the underlying hardware as any entity in the supply chain could maliciously modify the design. This poses a significant concern, especially for government, military applications, and consumer electronic products handling private and critical data during the acquisition of untrusted microelectronic designs and components. Hence, trust has emerged as a crucial constraint that the various steps in the microelectronic manufacturing process should consider in order to ensure that no malicious functionality exists in the hardware. In the last decade, several works have proposed steps both to establish and verify trust in microelectronics. However, not all threat models are adequately covered, and the solutions are pertinent to a limited category of devices. In this article, we present the challenges in establishing trust in today’s distributed supply chain environment by discussing the attack models at each step of the manufacturing process. We also shed light on the existing solutions that try to address these threats and discuss their limitations. Finally, we elaborate on one of the existing supply chain standards where trust verification is still infeasible and identify avenues for future research.
@article{cotstrust, author = {Hoque, Tamzidul and SLPSK, Patanjali and Bhunia, Swarup}, journal = {IEEE Consumer Electronics Magazine}, title = {Trust Issues in Microelectronics: The Concerns and the Countermeasures}, year = {2020}, volume = {9}, number = {6}, pages = {72-83}, keywords = {Trojan horses;Integrated circuits;Hardware;Microelectronics;Supply chains;Fabrication;Logic gates}, doi = {10.1109/MCE.2020.2988048}, issn = {2162-2256}, month = nov }
- Brutus: Refuting the Security Claims of the Cache Timing Randomization Countermeasure Proposed in CEASERRahul Bodduna, Vinod Ganesan, Patanjali SLPSK, and 2 more authorsIEEE Computer Architecture Letters, Jan 2020
Cache timing attacks are a serious threat to the security of computing systems. It permits sensitive information, such as cryptographic keys, to leak across virtual machines and even to remote servers. Encrypted Address Cache, proposed by CEASER - a best paper candidate at MICRO 2018 - is a promising countermeasure that stymies the timing channel by employing cryptography to randomize the cache address space. The author claims strong security guarantees by providing randomization both spatially (randomizing every address) and temporally (changing the encryption key periodically). In this letter, we point out a serious flaw in their encryption approach that undermines the proposed security guarantees. Specifically, we show that the proposed Low-Latency Block Cipher, used for encryption in CEASER, is composed of only linear functions which neutralizes the spatial and temporal randomization. Thus, we show that the complexity of a cache timing attack remains unaltered even with the presence of CEASER. Further, we compare the encryption overheads if CEASER is implemented with a stronger encryption algorithm.
@article{brutus, author = {Bodduna, Rahul and Ganesan, Vinod and SLPSK, Patanjali and Veezhinathan, Kamakoti and Rebeiro, Chester}, journal = {IEEE Computer Architecture Letters}, title = {Brutus: Refuting the Security Claims of the Cache Timing Randomization Countermeasure Proposed in CEASER}, year = {2020}, volume = {19}, number = {1}, pages = {9-12}, keywords = {Ciphers;Encryption;Timing;Cache memory;Complexity theory}, doi = {10.1109/LCA.2020.2964212}, issn = {1556-6064}, month = jan }
2019
- Karna: A Gate-Sizing based Security Aware EDA Flow for Improved Power Side-Channel Attack ProtectionPatanjali SLPSK, Prasanna Karthik Vairam, Chester Rebeiro, and 1 more authorIn 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Nov 2019
Power side-channel attacks pose a serious threat to the security of embedded devices. Most available countermeasures have significant overheads resulting in the application not meeting its requirements of low-power, high-performance and small area. We propose an algorithm called Karna11Karna, much like Achilles from Greek mythology, was born with a shield that protected him from attacks. Similarly, Our proposed scheme, Karna protects the design from power side-channel attacks in the manufacturing phase or in other words the chip is manufactured(born) with a shield. that can be incorporated in the Electronic Design Automation (EDA) flow, in order to significantly improve the side-channel security of the device, without impacting the other device characteristics. Karna does not add additional logic but rather achieves this by first identifying vulnerable gates in the design and then reconfiguring these gates to increase side-channel resistance. Unlike contemporary works, Karna does not require any specialized gate library but uses the gates available in the standard cell library. We integrate Karna into the Synopsys Design Compiler and demonstrate its efficacy at reducing side-channel leakage in implementations of AES, PRESENT and Simon block ciphers, synthesized for a 28nm technology node. An interesting observation is that Karna only uses the available space around the gates to perform this optimization and does not incur any additional area overheads. We showcase the side-channel resistance of these optimized designs using a Differential Power Analysis attack. Our proposed approach is able to reduce the power side-channel of the designs while incurring no penalty in delay, power and gate-count.
@inproceedings{karna, author = {SLPSK, Patanjali and Vairam, Prasanna Karthik and Rebeiro, Chester and Kamakoti, V.}, booktitle = {2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)}, title = {Karna: A Gate-Sizing based Security Aware EDA Flow for Improved Power Side-Channel Attack Protection}, year = {2019}, volume = {}, number = {}, pages = {1-8}, keywords = {Logic gates;Delays;Tools;Power demand;Side-channel attacks;Side-Channel Attacks;Electronic Design Automation;Countermeasures;CAD for security}, doi = {10.1109/ICCAD45719.2019.8942173}, issn = {1558-2434}, month = nov }
2018
- Mltimer: Leakage power minimization in digital circuits using machine learning and adaptive lazy timing analysisSLPSK Patanjali, Milan Patnaik, Seetal Potluri, and 1 more authorJournal of Low Power Electronics, Nov 2018
@article{patanjali2018mltimer, title = {Mltimer: Leakage power minimization in digital circuits using machine learning and adaptive lazy timing analysis}, author = {Patanjali, SLPSK and Patnaik, Milan and Potluri, Seetal and Kamakoti, V}, journal = {Journal of Low Power Electronics}, volume = {14}, number = {2}, pages = {285--301}, year = {2018}, publisher = {American Scientific Publishers} }
- GANDALF: A Fine-Grained Hardware–Software Co-Design for Preventing Memory AttacksGnanambikai Krishnakumar, Patanjali SLPSK, Prasanna Karthik Vairam, and 2 more authorsIEEE Embedded Systems Letters, Sep 2018
Illegal memory accesses are a serious security vulnerability that have been exploited on numerous occasions. In this letter, we present Gandalf, a compiler assisted hardware extension for the OpenRISC processor that thwarts all forms of memory-based attacks. We associate lightweight capabilities to all program variables, which are checked at run time by the hardware. Gandalf is transparent to the user and does not require significant OS modifications. Moreover, it achieves locality and incurs minimal overheads in the hardware. We demonstrate these features with a customized Linux kernel executing SPEC2006 benchmarks. To the best of our knowledge, this is the first work to demonstrate a complete solution for hardware-based memory protection schemes for embedded platforms.
@article{gandalf, author = {Krishnakumar, Gnanambikai and SLPSK, Patanjali and Vairam, Prasanna Karthik and Rebeiro, Chester and Veezhinathan, Kamakoti}, journal = {IEEE Embedded Systems Letters}, title = {GANDALF: A Fine-Grained Hardware–Software Co-Design for Preventing Memory Attacks}, year = {2018}, volume = {10}, number = {3}, pages = {83-86}, keywords = {Metadata;Program processors;Registers;Computer security;Buffer overflows;Buffer overflows;embedded system security;hardware-based memory protection}, doi = {10.1109/LES.2018.2805734}, issn = {1943-0671}, month = sep }
2012
- The Implications of Shared Data Synchronization Techniques on {Multi-Core} Energy {Efficiency}Ashok Gautham, Kunal Korgaonkar, Patanjali SLPSK, and 2 more authorsSep 2012
@article{gautham2012implications, title = {The Implications of Shared Data Synchronization Techniques on $\{$Multi-Core$\}$ Energy $\{$Efficiency$\}$}, author = {Gautham, Ashok and Korgaonkar, Kunal and SLPSK, Patanjali and Balachandran, Shankar and Veezhinathan, Kamakoti}, booktitle = {2012 Workshop on Power-Aware Computing and Systems (HotPower 12)}, year = {2012} }