2021 FICS Research TDC Program


Tuesday, April 6, 2021

12:00PM
|
12:15PM
Welcoming Remarks
12:15PM
|
12:45PM
Keynote Address

Hardening the physical design against unauthorized access to achieve security closure

Serge Leef
MTO Program Manager, DARPA

12:45PM
|
01:15PM
Demo 1: ACED-IT Assuring Confidential Electronic Design against Insider Threats

To prevent IP piracy, we redefine the modern threat landscape by considering nearly every individual in the IC design and fabrication process untrusted. ACED-IT leverages the industry SoC design flow to provide a more secure development environment for all entities throughout the supply chain. By integrating encryption, logic locking, TILEs, access controls, and action logging, ACED-IT protects the design IP from insider threats originating from any entity in the process.

Andrew Stern

01:15PM
|
01:45PM
Demo 2: Backside Protection

Optical attacks, e.g., optical probing, exploit optically transparent silicon substrate to probe the assets in system-on-chip (SoC). In this demo, we present a novel chip activity masking technique against optical probing to increase the time-cost of backside attacks. The technique is evaluated using device and laser physics driven security metrics. We will also present the silicon results for the masking implementation.

Tanjid Rahman

01:45PM
|
02:15PM
Demo 3: Automated Detection of Malicious Implants in Hardware Models

Malicious implants (such as hardware Trojans) are serious threat to security and reliability of computing systems. It is hard to detect these malicious implants using traditional validation methods since an adversary is likely to hide them under rare trigger conditions. We will discuss two promising alternatives for detecting malicious implants. Specifically, the demo will show how statistical test generation as well as maximal clique sampling can be effectively used for detecting stealthy Trojans.

Miranda Overstreet

02:15PM
|
02:45PM
Invited Talk: Provenance and Traceability in Secure Cloud-Based Microelectronics Workflows

Dr. Ken Merkel
Nimbis Services

02:45PM
|
03:15PM
Demo 4: Assessing the security of cellular baseband processors

Modern smartphones achieve mobility through dedicated cellular protocol processors known as basebands. Baseband processors are usually highly proprietary, dedicated chips, running custom real-time operating systems (RTOS). Unfortunately, effective security testing of on-target baseband implementations is limited due to a lack of memory introspection and slow test case setup time, and the need to set up many devices. To overcome these limitations, we have developed the FirmWire baseband analysis platform that enables full-system emulation of unmodified baseband firmware. FirmWire uses domain knowledge of the cellular protocols and baseband RTOS structures to provide seamless interaction with tasks and internal messaging APIs.We apply FirmWire to Samsung’s Shannon baseband to perform message API and state machine recovery for LTE and GSM, along with coverage-guided fuzzing of GSM and GPRS radio messages. Our fuzzing discovered three buffer overflows, one of which was previously unknown, which we replicated over the air to crash a Samsung S7 and S10, demonstrating the efficacy and accuracy of FirmWire as an analysis platform.

Yash Mundra

03:15PM
|
03:45PM
Demo 5: Locked and unlocked benchmark generation framework

In order to evaluate and validate hardware security features, benchmarks are key requirement. Benchmarks with protection scheme enabled, or obfuscated ones are necessary for testing attack efficiency. To analyze obfuscation techniques and other security features, benchmarks that are not locked are required. In order to fulfill these needs, we have developed two tools. The first tool is SynthGen, a synthetic benchmark generator. The tool utilizes linear programming to determine the structure of a synthetic circuit that is most different than the set of provided sample benchmarks. The structure is then translated into a workable netlist with a supplementary tool. The second tool is KIT (Key Inserting Tool) which generates locked benchmarks from existing unlocked ones. Both of these tools have been analyzed for applications in hardware obfuscation research.

Sarah Amir

03:45PM
|
04:15PM
Demo 6: Security Property-Driven Vulnerability Assessments of ICs Against Fault-Injection Attacks (SoFI)

In this demo, a security property driven fault injection assessment tool, called SoFI, would be introduced. The tool can identify the critical locations in the gate-level netlist of ICs to fault injection attacks.

Huanyu Wang

04:15PM
|
04:45PM
Short Students Presentations

Automated Security Assessment of FSM
Bulbul Ahmad

Obfuscated HLL: Logic locking at High Level Language leveraging the Power of HLS
Rafid Muttaki

04:45PM
|
05:00PM
Concluding Remarks

Wednesday, April 7, 2021

12:00PM
|
12:15PM
Welcoming Remarks
12:15PM
|
12:45PM
Keynote Address

Dr. Matt Casto
Air Force

12:45PM
|
01:15PM
Demo 7: FICS-eChain: A consortium blockchain for electronic supply-chain assurance

This demo presents a blockchain-centric framework for semiconductor supply chain to ensure the authenticity of electronic devices. The underlying approach is to collect provenance records of electronic devices in a distributed ledger data storage while they travel across the supply-chain. It offers traceability of authentic devices and detection of different counterfeit devices using data-centric approaches hosted on the blockchain ledger.

Rakib Shahriar

01:15PM
|
01:45PM
Demo 8: Automated Detection of Don’t Care Transitions in RTL Designs

We present an automated approach to the detection of don’t-care transitions in the RTL level Finite-State Machine (FSM) designs using symbolic execution. Our approach works in two steps. In the first step, it performs forward symbolic execution to compute the set of reachable states. In the second step, it performs abstract backward symbolic execution to compute the don’t care transitions. Our preliminary results on various FSM benchmarks show that our approach is both precise and scalable.

Ruochen Dai

01:45PM
|
02:15PM
Demo 9: Security Verification of FPGA-as-a-Service

This demo addresses the security risks linked to the evolving infrastructure that provides FPGAs on the cloud as accelerators. We demonstrate denial-of-service attacks that exploit driver vulnerabilities responsible for providing communication channel between the FPGA and the user application.

Nitin Pundir

02:15PM
|
02:45PM
Invited Talk: Secure Silicon: The Cornerstone of Silicon Lifecycle Management

Mike Borza
Synopsys Inc.

02:45PM
|
03:15PM
Demo 10: S3A

S3A’s purpose is to simplify the process of pixel-level image labeling. It increases labeling accuracy, decreases manual annotation times and requirements, is free and open-source, extensible, and generalizes to multiple problem domains. Its demo will show the key features and general workflow involved in annotating an image, as well as some of the many ways it can be configured to suit user and application needs.

Nathan Jessurun

03:15PM
|
03:45PM
Demo 11: Protecting Intellectual Property Cores Against Piracy

Logic locking has emerged as a promising solution to protect integrated circuits (ICs) against piracy and tampering. However, the security provided by existing logic locking techniques is often thwarted by oracle-guided attacks. In this demo, we show mathematically and experimentally how Dynamically Obfuscated Scan Chain (DOSC) makes logic locked design resilient against SAT and other oracle-guided attacks.

Sazadur Rahman

03:45PM
|
04:15PM
Demo 12: Leveraging Symbolic Execution for Trojan Detection via Logic Testing

In this demo, we show how to use symbolic execution in C/C++ level to activate hidden malicious functionality in RTL designs. Our approach is based on mapping of RTL design to C-level and leveraging the existing powerful symbolic execution engine, KLEE, to generate tests. The threat model for Trojan insertion is based on the fact of rareness of trojan statements in a design, and this observation is used to steer the Symbolic engine towards specific branches for Test Generation.

Arash Vafaei

04:15PM
|
04:45PM
Demo 13: Cross-Coupled Impedance-Based PUF With 1.06% Native Instability

This work presents an ASIC implementation of a weak physically unclonable function (PUF) with a bimodal output distribution. The PUF, termed negative impedance-based PUF, is formed using a Wheatstone-bridge which employs a combination of positive and negative feedbacks to greatly amplify normally small mismatches due to process variation. The PUF is fabricated in 65-nm TSMC LP process and show a 1.06% native instability without the use of any digital calibration techniques.

Nima Maghari

04:45PM
|
05:00PM
Concluding Remarks

Thursday, April 8, 2021

12:00PM
|
12:15PM
Welcoming Remarks
12:15PM
|
12:45PM
Keynote Address
12:45PM
|
01:15PM
Demo 14: Automatic Generation of Secured SoC with enforced Hardware IP Firewall

In this Demo, we show the design flow of a secured SoC where the Mandatory Access Control policies are enforced through hardware IP firewall. A demonstration of the implemented SoC is presented on a real-world example case. Also, an associated tool flow automating the process will be demonstrated as well.

Christophe Bobda

01:15PM
|
01:45PM
Demo 15: Transparent Voting Machine: Making Every Vote Count

Allegation of voting machines flipping votes were made in the wake of the 2020 Presidential Election. Researchers have demonstrated few voters notice votes flipped on a ballot marking device. The transparent voting machine is an innovative device designed to address these issues. A demonstration of the transparent voting machine prototype will be given followed by questions.

Juan E. Gilbert

01:45PM
|
02:15PM
Demo 17: Automated PCB Reverse Engineering using X-ray Tomography

Robust PCB design verification and reverse engineering are often complex processes requiring tools and experienced personnel. X-ray imaging is most commonly used in this effort for collecting and analyzing 3D volumes of the sample under test. The Auto-3D system attempts to reduce these requirements by performing automated and assisted PCB netlist extraction, processing a full stack of X-ray data to retrieve layer information, connectivity, and more. These details are later combined to output a GERBER or DXF file. Our demonstration would consider 3 types of PCBs for this workflow: 1) An unpopulated non-complex PCB (4 layers, ideal case), 2) An unpopulated complex PCB (6 layers), 3) A populated PCB (6 layers).

John True

Dhwani Mehta

02:15PM
|
02:45PM
Demo 16: RTL Power Side-Channel Assessment with Test Generation

This demo aims to show our tool PSC-TG for RTL power side-channel assessment. We show how formal tools will be used to generate patterns that would enforce the sensitive variables in the design to manifest the maximum leakage. We also show how pre-silicon SCV metric is calculated based on the derived patterns with RTL power estimation tools like Synopsys Spyglass as the indication of the side-channel vulnerabilities.

Tao Zhang

Export Control Session
03:00PM
|
03:30PM
Demo 18: Automated Reverse Engineering of X-ray CT Imaged PCBs

While external and topical PCB design information can be extracted from optical images, only through X-ray CT imaging can a multi-layered PCB’s internal connectivity information be extracted for a thorough high fidelity reverse engineering. This demo serves to present our work in the automation of the internal PCB RE process from slice-to-layer identification, to via and trace detection/localization. And the consolidation of all this information detected in an unsupervised fashion (no prior knowledge or user intervention needed) on a 6 layered PCB.

Ulbert J. Botero

03:30PM
|
04:00PM
Demo 19: AutoBoM

This demo presents automated bill of material generation for PCBs.

Nathan Jessuruan

Olivia Paradis

Jacob Harrison

04:00PM
|
04:30PM
Demo 19: PCB Assurance

This demo presents automated assessment of PCB vulnerabilities.

Marino Guzman

04:30PM
|
05:00PM
Demo 20: STV Automated SoC Trust Validation Using Dynamic Trojan Benchmark Generation

STV is designed to advance the state-of-the-art for the design, validation, and testing of trustworthy hardware. This automated toolset dynamically assesses the likelihood of hardware Trojan detection through standard testing methods and to harden the design against potential Trojan insertion.

Andrew Stern

Dan Capecci

05:00PM
Concluding Remarks