OnE-Secure: Securing State-of-the-Art Chips Against High-Resolution Contactless Optical and Electron-Beam Probing Attacks
Project title: Securing State-of-the-Art Chips Against High-Resolution Contactless Optical and Electron-Beam Probing Attacks
Acronym: OnE-Secure
Principal Investigators:
- Sebastian Brand (FhG IMWS)
- Rolf Drechsler (U Bremen)
- Jean-Pierre Seifert TU Berlin)
- Frank Sill Torres (DLR)
Project Staff:
- Sajjad Parvin, (U Bremen)
- Lars Renkes, (TU Berlin)
Available open position: TBA
Attribution within the Priority Program:
Link to Project Website:
Physical hardware attacks, especially optical attacks through the chip’s backside, have shown to be a threat to secret data and intellectual property stored on integrated circuits (ICs). Techniques from IC failure analysis, like optical probing (OP), can extract cryptographic keys, configuration data, or other secrets. Recently, due to the demand in the failure analysis (FA) industry for higher resolving tools, electron beam (E-beam) probing has been gaining more attention. Although the threat of attacks is known, no relevant countermeasures have been deployed in commercial chips so far. Following this observation, this project aims to explore methods that can protect future nano-circuits from ”Optical and E-beam” (OnE) probing attacks. By combining the expertise gained in the OptiSecure and the nanoEBeam projects from the first call into a single project with four partners, this unified project continues researching alternative chip designs that are robust against both of the aforementioned techniques.
STAMPS-PLUS: Exploration of an integrated Strain-based TAMPer Sensor for Puf and trng concepts with best-in-class Leakage resilience and robUStness
Project title: Exploration of an integrated Strain-based TAMPer Sensor for Puf and trng concepts with best-in-class Leakage resilience and robUStness
Acronym: STAMPS-PLUS
Principal Investigators:
- Ralf Brederlow (TU Munich)
- Matthias Hiller (FhG AISEC)
- Michael Pehl (TU Munich)
Project Staff:
- Pengchen Xu (TU Munich)
- Valentin Huber
Available open position: TBA
Attribution within the Priority Program:
Link to Project Website:
RAINCOAT II: Randomization in Secure Nano-Scale Microarchitectures 2
Project title: Randomization in Secure Nano-Scale Microarchitectures 2
Acronym: RAINCOAT II
Principal Investigators:
- Lucas Davi (U Duisburg-Essen)
- Tim Güneysu (RU Bochum)
Project Staff: TBA
Available open position: TBA
Attribution within the Priority Program:
Link to Project Website:
EMBOSOM: Embedded Software Security into Modern Emerging Hardware Paradigms
Project title: Embedded Software Security into Modern Emerging Hardware Paradigms
Acronym: EMBOSOM
Principal Investigators:
- Rolf Drechsler (U Bremen)
- Tim Güneysu (RU Bochum)
- Pascal Sasdrich (RU Bochum)
- Christoph Lüth (U Bremen)
Project Staff: TBA
Available open position: TBA
Attribution within the Priority Program:
Link to Project Website:
MemCrypto: Towards Secure Electroforming-free Memristive Cryptographic Implementations
Project title: Towards Secure Electroforming-free Memristive Cryptographic Implementations
Acronym: MemCrypto
Principal Investigators:
- Ilia Polian, University of Stuttgart
- Nan Du, TU Chemnitz
Project Staff:
- Li-Wei Chen, University of Stuttgart
Available open position:
Attribution within the Priority Program:
Area 1 "Nano-electronics for Security"
Area 2 "Hardware Security and Cryptography"
Interdisciplinary Group IG3 "Physical Attack Resilience"
Link to Project Website: https://www.iti.uni-stuttgart.de/en/institute/projects/memcrypto/
Project Abstract: Memristive devices offer enormous advantages for non-volatile memories and neuromorphic computing, but there is a rising interest in using memristive technologies for security applications. Project MemCrypto aims at development and investigation of memristive cryptographic implementations, assessment and improvement of their security against physical attacks. This work focuses on combinational and sequential realizations of complete cryptographic circuits and complements earlier research on memristive physical unclonable functions and random number generators.
Within MemCrypto, simplified cryptographic circuits will be physically built out of novel electroforming-free memristive devices fabricated as wire-bonded line arrays using pulsed laser deposition. Physical attacks (side-channel analysis and fault injections) against memristive circuits will be studied, with a focus on identifying and characterizing novel attack mechanisms that do not exist in conventional CMOS technology. For instance, side-channel analysis could utilize effects of memristance and nonvolatility, and fault injections can target both memristive devices and their control logic. Three representative memristive logic families will be explored and low-level protections for information leakage reduction will be developed for all of them, as well as the development of combination of these low-level protections with higher-level masking. We will also perform an experimental comparative study with commercially available memristive devices (with requirement of an electroforming step) and with a CMOS implementation on an FPGA.
A further objective of MemCrypto is to develop electrical simulation models and simulation procedures suitable for security analysis before physical realization of a circuit. On the one hand, we will improve the accuracy of existing Spice-level simulation models by better reflecting switching performances in endurance and retention. On the other hand, we will devise mixed-level simulation procedures that balance between accuracy and simulation speed and are meant for evaluation of physical attacks in medium-size memristive circuits. Using such procedures, we will extend the findings gathered on reduced-scale physical implementations to fully-fledged cryptographic circuits.
MemCrypto is a tandem project that will strongly benefit from interdisciplinary collaboration of both applicants. Ilia Polian will provide competencies in hardware-oriented security, design of complex electronic circuits and mixed-level simulation algorithms. Nan Du, as a co-inventor of the electroforming free BiFeO3 based memristive device family exploited in MemCrypto, will contribute her knowledge in fabrication, characterization, optimization, modeling and simulation of memristive devices. Together, the applicants are a team that includes complementary abilities to holistically address all relevant security aspects of using memristive technologies for cryptographic circuits.
HaSPro: Verifiable Hardware Security for Out-of-Order Processors
Project title: Verifiable Hardware Security for Out-of-Order Processors
Acronym: HaSPro
Principal Investigators:
- Thomas Eisenbarth, Universität zu Lübeck
- Wolfgang Kunz, RPTU Kaiserslautern-Landau
Project Staff:
- Tobias Jauch, RPTU Kaiserslautern-Landau
- Jonah Heller, Universität zu Lübeck
- Thore Tiemann, Universität zu Lübeck
Attribution within the Priority Program:
Area 2 "Hardware Security and Cryptography"
Area 3 "Secure Composition and Integration"
Interdisciplinary Group IG3 "Physical Attack Resilience"
Link to Project Website: https://www.its.uni-luebeck.de/forschung/haspro.html
Project Abstract: Transient Execution Side Channels (TES), including Spectre and Meltdown, pose continual security risks to modern computer systems, despite mitigation efforts. These vulnerabilities, exacerbated by the security-performance trade-off, are the focus of the HaSPro project. It concentrates on out-of-order processors with speculation and Trusted Execution Environments (TEEs), key for improved system security
In the first project phase, we successfully established Unique Program Execution Checking (UPEC) for security analysis and scaled the methodology to advanced out-of-order processor architectures. We also explored side channels that compromise the constant-time programming paradigm and developed UPEC-DIT that can provide security guarantees for data-oblivious computing. With respect to TEEs, phase 1 focused on identifying and mitigating vulnerabilities in prevalent TEE designs such as Intel SGX and AMD SEV, revealing a number of weaknesses including ciphertext leakage and data-dependent execution. In phase 1 we developed tools like Microwalk-CI, which identifies data-dependent runtime behavior in large code bases, and Cipherfix, which automates the identification and protection of sensitive memory writes vulnerable to ciphertext side-channels.
HaSPro Phase 2 aims at developing new and highly efficient countermeasures against TES at different levels: hardware (HW), software (SW) and HW/SW interface. We investigate how HW-supported in-process isolation mechanisms can effectively counteract Spectre variants and whether these isolation barriers can be utilized by SW compartmentalization for automated and robust protection. We automate the separation of potential Spectre gadgets from sensitive data using compiler-based protection. At the HW level, we examine microarchitectural choices to support the proposed extensions to in-process isolation, leveraging formal methods to assure security guarantees. As an alternative to SW-based solutions, we also explore a fully HW-implemented architecture for secure speculation, using a secure-by-construction design methodology. In addition, we explore the combination of code compartmentalization with a partial probabilistic memory encryption engine to establish a new cost-latency tradeoff for TEE memory encryption, aiming for effective prevention of ciphertext side channels. All developed protection mechanisms will be analyzed for effectiveness and overheads and compared to existing countermeasures to evaluate the efficiency of the identified solutions, in order to provide better protection against the remaining attack surface on modern out-of-order processors.
NANOSEC2: Nanomaterial-based platform electronics for PUF circuits with extended entropy sources
Project title: Nanomaterial-based platform electronics for PUF circuits with extended entropy sources
Acronym: NANOSEC2
Principal Investigators:
- Sascha Hermann, TU Chemnitz
- Elif Bilge Kavun, Uni Passau
- Stefan Katzenbeisser, Uni Passau
Project Staff:
Martin Schmid, Uni Passau
Simon Böttger, TU Chemnitz
Available open position:
Attribution within the Priority Program:
- Area 1 and 2 "Nano-electronics for Security" and "Hardware Security and Cryptography"
- Interdisciplinary Group IG1 and IG3 "Secret Generation" and "Physical Attack Resilience"
Link to Project Website: https://www.pids.uni-passau.de/en/projects/current-projects/
Project Abstract: In this project we investigate the potential of advanced NanoMaterial (NM) circuits manufactured in a modular platform technology to serve as Physical Unclonable Functions (PUFs) with enhanced properties. We will implement various entropy sources making use of the fact that NM-based FETs can be significantly manipulated by their environment and interface. This determines the FET characteristic and in case of charge traps hysteretic switching behavior. We will pursue nanocavities in the Carbon-NanoTube Field-Effect Transistor (CNTFET) structures to induce discrete modification of the gate architecture in order to further increase the entropy of the CNT-PUF. This enables quaternary PUFs with four distinct types of PUF cells, namely conducting, semiconducting, altered semiconducting, and non-conducting cells. We will also investigate configurable CNT-FET circuits to provide an even higher level of entropy, by tuning the hysteresis characteristics. Furthermore, we will examine cell selective erasability of the manufactured Circuit-PUFs, disallowing an attacker from accessing the inherent PUF secret in a low-cost manner. Building upon our previous works on non-invasive attacks against CNT-based PUFs, we will also test the resilience of the constructed CNT-PUFs against side-channel and fault-injection attacks.
SecuReFET II: Secure Circuits through Inherent Reconfigurable FET
Project title: Secure Circuits through Inherent Reconfigurable FET
Acronym: SecuReFET II
Principal Investigators:
- Akash Kumar (TU Dresden)
- Thomas Mikolajick (NaMLab GmbH)
Project Staff: TBA
Available open position: TBA
Attribution within the Priority Program:
Link to Project Website:
SSIMA: Scalable Side-Channel Immune Mirco-Architecture
Project title: Scalable Side-Channel Immune Mirco-Architecture
Acronym: SSIMA
Principal Investigators:
- Amir Moradi (TU Darmstadt)
Project Staff: TBA
Available open position: TBA
Attribution within the Priority Program:
Link to Project Website:
SeMSiNN: Secure Mixed-SIgnal Neural Networks
Project title: Secure Mixed-SIgnal Neural Networks
Acronym: SeMSiNN
Principal Investigators:
- Maurits Ortmanns (U Ulm)
- Ilia Polian (U Stuttgart)
Project Staff:
- Devanshi Upadhyaya, University of Stuttgart
- Maël Gay, University of Stuttgart
- Simon Wilhelmstätter, University of Ulm
Available open position:
Attribution within the Priority Program:
Link to Project Website:
Artificial intelligence (AI) has revolutionized our lives. Many popular AI applications, especially machine learning (ML) based on neural networks (NNs), demand intensive computations and are preferably run on heavyweight servers. However, there is an increasing interest in Edge AI, where resource-restricted “edge devices” perform computations themselves, with limited or no communication with a remote server. Edge AI offers a number of advantages: it saves power needed to transmit huge amounts of raw data; avoids potential communication delays; eliminates possible reliability issues especially when wireless links are used; and it evades security vulnerabilities due to eavesdropping or manipulation of the transmitted data. At the same time, the transition to Edge AI shifts the overall system’s attack surface, because edge devices are usually designed to be exposed to their users, thus giving potential attackers physical access to components on which sensitive data are stored and processed.
To reduce the energy demands of edge devices running NN-based applications, one promising line of research uses mixed-signal (MS) circuits instead of the “classical” purely-digital circuits. Therein, analog quantities, such as current and charge, are used to perform the required calculations. This transition in the compute paradigm poses new challenges and opportunities for hardware security.
This project aims to methodically approach the security of quantized and pruned convolutional neural-networks (CNNs) for power-constrained MS edge applications by providing suitable models, simulation tools, and network improvements on all hierarchy levels to optimize not only considering cost vs. accuracy but also including security.
Contact
Ilia Polian
Prof. Dr. rer. nat. habil.University of Stuttgart