Advanced Topics in Hardware Security
People
Luca Cassano, email: luca.cassano@polimi.it
Christian Pilato, email: christian.pilato@polimi.it
Students meeting: "Officially" on Monday 15:00 - 18:00, Dip. di Elettronica, Informazione e Bioingegneria (1° floor, Building 20, Campus Leonardo ), but you can always send an email: luca.cassano@polimi.it to fix an appointment
Course Calendar
The course calendar is available here.
Reference material
Bhunia, Swarup, and Mark Tehranipoor. Hardware security: a hands-on learning approach. Morgan Kaufmann, 2018.
M. Rostami, F. Koushanfar, J. Rajendran, R. Karri, "Hardware security: threat models and metrics", in: Proc. Int. Conf. Computer-Aided Design, 2013, pp. 819–823.
Mohammad Tehranipoor, Cliff Wang, “Introduction to Hardware Security and Trust”, Springer-Verlag New York, 2012.
Hu, Wei, et al. "An overview of hardware security and trust: Threats, countermeasures, and design tools." IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 40.6 (2020): 1010-1038.
Course material
Lesson 1 (07-03-2023): An introduction to HW Security
Lesson 2 (13-03-2023): HW Trojan horses: texonomy, detection and tolerance
Lesson 3 (20-03-2023): Microarchitectural Side-Channel Attacks
Additional material
Counterfeit intergated circuits
Guin, Huang, DiMase, Carulli, Tehranipoor, Makris, "Counterfeit integrated circuits a rising threat in the global semiconductor supply chain", Proceeding of the IEEE, 102 (8) (2014) 1207 1228
Guin, DiMase, Tehranipoor, "Counterfeit Integrated Circuits Detection, Avoidance, and the Challenges Ahead", Journal of Electronic Testing, 30, 9-23, 2014
Carelli, Cristofanini, Vallero, Basile, Prinetto, Di Carlo, "Securing bitstream integrity confidentiality and authenticity in reconfigurable mobile heterogeneous systems", Proceedings of the IEEE International Conference on Automation, Quality and Testing, Robotics, Cluj Napoca, Romania, 2018 pp 1-6
Fault attacks
Barenghi, Breveglieri, Koren, Naccache, "Fault injection attacks on cryptographic devices theory, practice, and countermeasures", Proceedings of the IEEE, 100 (11) (2012), 3056-3076
Boneh, DeMillo, Lipton, "On the importance of checking cryptographic protocols for faults", Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, 1997, pp 37-51
Bao, Deng, Han, Jeng, Narasimhalu, Ngair, "Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults", Proceedings of the International Workshop on Security Protocols, 1997, 115-124
Joye, Yen, "The montgomery powering ladder", Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems, 2002, pp 291-302
Yen, Joye, "Checking before output may not be enough against fault based cryptanalysis", IEEE Transactions on Computer, 49 (9), 2000, 967-970
Barenghi, Bertoni, Parrinello, Pelosi, "Low voltage fault attacks on the rsa cryptosystem", Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography, 2009, pp 23-31
Hardware Trojan Horses
M. Tehranipoor, F. Koushanfar, "A survey of hardware trojan taxonomy and detection", IEEE Desesign & Test of Computers (2010)
T. Hoque, P. Slpsk, S. Bhunia, "Trust issues in microelectronics: The concerns and the countermeasures", IEEE Consumer Electronics Magazine (2020)
K. Xiao, D. Forte, Y. Jin, R. Karri, S. Bhunia, M. Tehranipoor, "Hardware Trojans: Lessons learned after one decade of research", ACM Transactions on Desisgn Automation of Electronic Systems 22 (2016) 6:1–6:23
L. Lin, W. Burleson and C. Paar, "MOLES: Malicious off-chip leakage enabled by side-channels," 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers, San Jose, CA, 2009, pp. 117-122.
https://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html
trust-hub.org
Y. Liu, Y. Zhao, J. He, A. Liu and R. Xin, "SCCA: Side-channel correlation analysis for detecting hardware Trojan," 2017 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID), Xiamen, China, 2017, pp. 196-200.
J. He, Y. Zhao, X. Guo and Y. Jin, "Hardware Trojan Detection Through Chip-Free Electromagnetic Side-Channel Statistical Analysis," in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 25, no. 10, pp. 2939-2948, Oct. 2017.
J. Cruz, F. Farahmandi, A. Ahmed and P. Mishra, "Hardware Trojan Detection Using ATPG and Model Checking," 2018 31st International Conference on VLSI Design and 2018 17th International Conference on Embedded Systems (VLSID), Pune, India, 2018, pp. 91-96
H. Salmani and M. Tehranipoor, "Layout-Aware Switching Activity Localization to Enhance Hardware Trojan Detection," in IEEE Transactions on Information Forensics and Security, vol. 7, no. 1, pp. 76-87, Feb. 2012
H. Salmani and M. Tehranipoor, "Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level," 2013 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS), New York, NY, USA, 2013, pp. 190-195
F. S. Hossain, M. Shintani, M. Inoue and A. Orailoglu, "Variation-Aware Hardware Trojan Detection through Power Side-channel," 2018 IEEE International Test Conference (ITC), Phoenix, AZ, USA, 2018, pp. 1-10.
M. Rathmair, F. Schupfer and C. Krieg, "Applied formal methods for hardware Trojan detection," 2014 IEEE International Symposium on Circuits and Systems (ISCAS), Melbourne, VIC, Australia, 2014, pp. 169-172
E. Love, Y. Jin and Y. Makris, "Proof-Carrying Hardware Intellectual Property: A Pathway to Trusted Module Acquisition," in IEEE Transactions on Information Forensics and Security, vol. 7, no. 1, pp. 25-40, Feb. 2012
Šišejković, Dominik, et al. "Control-lock: Securing processor cores against software-controlled hardware trojans." Proceedings of the 2019 on Great Lakes Symposium on VLSI. 2019.
A. Basak, S. Bhunia, T. Tkacik and S. Ray, "Security Assurance for System-on-Chip Designs With Untrusted IPs," in IEEE Transactions on Information Forensics and Security, vol. 12, no. 7, pp. 1515-1528, July 2017
C. Liu, J. Rajendran, C. Yang and R. Karri, "Shielding heterogeneous MPSoCs from untrustworthy 3PIPs through security-driven task scheduling," 2013 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS), New York, NY, USA, 2013, pp. 101-106
J. J. Rajendran, O. Sinanoglu and R. Karri, "Building Trustworthy Systems Using Untrusted Components: A High-Level Synthesis Approach," in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 24, no. 9, pp. 2946-2959, Sept. 2016
A. Bolat, L. Cassano, P. Reviriego, O. Ergin and M. Ottavi, "A Microprocessor Protection Architecture against Hardware Trojans in Memories," 2020 15th Design & Technology of Integrated Systems in Nanoscale Era (DTIS), Marrakech, Morocco, 2020, pp. 1-6
A. Palumbo, L. Cassano, P. Reviriego, G. Bianchi and M. Ottavi, "A Lightweight Security Checking Module to Protect Microprocessors against Hardware Trojan Horses," 2021 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), Athens, Greece, 2021, pp. 1-6
"DETON: DEfeating hardware Trojan horses in microprocessors through software ObfuscatioN", Luca Cassano et al., In Journal of Systems Architecture, vol. 129, 2022
"On the optimization of Software Obfuscation against Hardware Trojans in Microprocessors", Luca Cassano et al., In DDECS 2022 "Is Your FPGA Bitstream Hardware Trojan-free? Machine Learning Can Provide an Answer", Alessandro Palumbo et al., In Journal of Systems Architecture vol. 128, 2022
Microarchitectural Side-Channel Attacks
Wenjie Xiong and Jakub Szefer. 2021. “Survey of Transient Execution Attacks and Their Mitigations”. ACM Comput. Surv. 54, 3, Article 54 (April 2022)
Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin Von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. "A systematic evaluation of transient execution attacks and defenses". In Proceedings of the 28th USENIX Conference on Security Symposium (SEC'19). USENIX Association, USA, 249–266
Claudio Canella, Khaled N. Khasawneh, and Daniel Gruss. 2020. “The Evolution of Transient-Execution Attacks”. In Proceedings of the 2020 on Great Lakes Symposium on VLSI (GLSVLSI '20). Association for Computing Machinery, New York, NY, USA, 163–168
M. Schwarz and D. Gruss, "How Trusted Execution Environments Fuel Research on Microarchitectural Attacks," in IEEE Security & Privacy, vol. 18, no. 5, pp. 18-27, Sept.-Oct. 2020
Lipp, Moritz, et al. "Meltdown: Reading kernel memory from user space." Communications of the ACM 63.6 (2020): 46-56
Kocher, Paul, et al. "Spectre attacks: Exploiting speculative execution." Communications of the ACM 63.7 (2020): 93-101
Van Bulck, Jo, et al. "Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution." Proceedings fo the 27th USENIX Security Symposium. USENIX Association, 2018
Schwarz, Michael, et al. "ZombieLoad: Cross-privilege-boundary data sampling." Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019
Van Bulck, Jo, et al. "LVI: Hijacking transient execution through microarchitectural load value injection." 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020
https://www.theregister.com/2022/07/12/amd_intel_retbleed/