Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAD-based Security, Cryptography, and Digital Rights Management

Published byLesley Harmon Modified over 5 years ago

Similar presentations

Presentation on theme: "CAD-based Security, Cryptography, and Digital Rights Management"— Presentation transcript:

1 CAD-based Security, Cryptography, and Digital Rights Management
Farinaz Koushanfar1, Miodrag Ptokonjak2 1ECE & CS Depts., Rice University 2CS Dept., UCLA

2 Strategic Objective Paradigm shift in the dominating design constraint [Ravi et al.TECS’04] Security Leakage Power DRM Privacy Sys. Security IPP Cryptography HW Authentication Dynamic Power Dominating Design Objective Frequency Area Year 1970 1980 1990 2000 2010

3 Knowledge and Results Transfer
Design automation (DA) has been the premier enabler of IC design DA has often benefited from adopting techniques from other scientific and engineering fields Unique opportunity to have impact in other fields Design Auto. EC Info. Theory Stat. Logic/ Arch. Crypto SW Sec. OS Prob. Design Auto. Math CS Theory OR Logic/ Arch. Num. Anal. Stat. Mech. Bio. Prob.

4 Cryptography- and DA-based System Security
Cryptography: versatile, creative and industrial-practice proven System security challenge Resiliency of crypto-systems against system attacks, such as physical attacks [e.g., Anderson and Kuhn] and side-channel attacks [e.g., Verbauwhede’s work] Cryptography is based on one-way difficult math tasks New security paradigm: difficult technological and design (synthesis and analysis) tasks Nature of the side-channels and physical attacks can be used for creating security mechanisms and protocols

5 Variability-based IC ID and Security
Addition of circuitry exploiting manufacturing variability to generate unique ID for each IC using one mask Specialized process [Loftstrom et al., ISSCC’00; Maeda et al., Trans. ED’03] Threshold mismatches [Su et al., ISSCC’07] Variability-based delay for authentication and security [Prof. Devadas Group (MIT)] Physically Unclonable Functions (PUFs) map a set of challenges to a set of responses Authentication occurs when the IC correctly finds the output of challenge inputs Solely use variability as the security mechanism Roy and Asenov, Science, 2005 Friedberg et al., ISQED, 2005

6 Example: Active HW Metering
NB Example: Active HW Metering $, NA? NA Alice Bob Alice gives her HW IP to the fabrication house (Bob) asking for NA ICs implementing it Bob can make NA+NB ICs and sell the pirated ones Active metering manipulates finite state machine (FSM) of the original design, creating a lock for each IC Each manufactured IC will be uniquely locked (nonfunctional) unless Alice provides a Key Requirements: integration into the standard synthesis flow, low overhead, generalizeable, and resilient against attacks

7 Why is the Problem Challenging?
Very little is known about the tampering attacks Many possibilities: tampering at many levels of abstraction of the synthesis process The likely adversaries are financially and otherwise strong The adversary has a full access to the structural specifications and to test vectors The internal parts of the manufactured ICs are intrinsically opaque

8 Active HW Metering Key idea: integrate the unique IDs such that each IC starts in a unique nonfunctional state The designer is the only entity who knows how to unlock The original FSM had m distinct states Boosted FSM (BFSM ) has 2k states With M 1-bit flip flops (FFs), we get 2M states: m original and 2M-m don’t cares S*0 S1 S2 S4 S3 Original FSM Example – FSM/STG (state-transition graph) …… . ……… ... Logic Block Random Bits FF I O Added States S5 S9 S6 S31 S30 S22 … … … …. S29 Random Bits b1 2M States …… bM

9 Active Metering: Analysis
Powering-up in one of the added states The probability of powering-up in an added state is (2k-m)/2k Diversity of power-up states (unique IDs) The probability PICID(k,d) that no two ICs out of a group of d will have matching IDs out of 2k possible Low overhead of the added states Diversity of keys Storing the input sequence for traversal to the original reset state

10 Analysis (Cont’d) Non-equal probabilities (P0P1)
Nunnikhoven’s approximation Number of ICs: n=2M; di=pi-1/n; i=1,..,n; pi=P1(bit i)

11 Attack Identification and Formulation
Brute-force: guessing the key Reverse engineering of FSM Combinational redundancy removal Emulation of the Unique Block Initial power-up state capturing and replaying (CAR) Initial reset state CAR Control signals CAR Creation of identical ICs using selective IC release

12 DA-based Security and Cryptography
Hardware Trojan horse detection and diagnosis Fingerprinting Passive metering Active metering Challenge-based authentication Smart cards Public-key and secret-key cryptography Software and content authentication and metering Multiple-personality authentication

13 DA-based Security: Global Impetus
Creation of a spectrum of new scientific and engineering problems New types of error correction codes for information theorists Need for new probabilistic and statistical tools, taking into account the hierarchical correlations Paradigm shift operating system policies for real-time content/software/hardware authentication Formal computational theory

14 Concluding Remarks Security is a premier design challenge
Cryptography-based system security vs. technology and synthesis-based security Emphasis of creating new security mechanisms and protocols and demonstrating their industrial relevance Design Automation is the emerging enabler of new types of system security

15 Thank You! ?

Download ppt "CAD-based Security, Cryptography, and Digital Rights Management"

Similar presentations

Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Evis Trandafili Polytechnic University of Tirana Albania Functional Programming Languages 1.

Evis Trandafili Polytechnic University of Tirana Albania Functional Programming Languages 1.
Access Control Methodologies

Access Control Methodologies
Slender PUF Protocol Authentication by Substring Matching M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas* International Workshop on.

Slender PUF Protocol Authentication by Substring Matching M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas* International Workshop on.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.

Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.
Finite State Machines. Binary encoded state machines –The number of flip-flops is the smallest number m such that 2 m  n, where n is the number of states.

Finite State Machines. Binary encoded state machines –The number of flip-flops is the smallest number m such that 2 m  n, where n is the number of states.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.

1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.
A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison.

A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison.
Lecture2 – Security and Protection Objectives, Attacks Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009.

Lecture2 – Security and Protection Objectives, Attacks Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009.
Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur.

Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur.
Physically Unclonable Function– Based Security and Privacy in RFID Systems Leonid Bolotnyy and Gabriel Robins Dept. of Computer Science University of Virginia.

Physically Unclonable Function– Based Security and Privacy in RFID Systems Leonid Bolotnyy and Gabriel Robins Dept. of Computer Science University of Virginia.
1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.

1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.
Computer Organization & Programming Chapter 5 Synchronous Components.

Computer Organization & Programming Chapter 5 Synchronous Components.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

Similar presentations

Ads by Google