FICS Research Reading Group
The FICS Research Reading Group is designed to acquaint students with cutting edge research across the entire spectrum of cybersecurity.
Talks will include student presentations of their published work, game-changing research at top venues and a variety of topics by external speakers.
Presenter: Atul Prasad Deb Nath
Thursday 12 April 2018, 12PM
Title: System-on-chip security architecture and CAD framework for hardware patch
Abstract: System-on-Chip (SoC) security architectures targeted towards diverse applications including Internet of Things (IoT) and automotive systems enforce two critical design requirements: in-field configurability and low overhead. To simultaneously address these constraints, we present a novel, flexible, and adaptable SoC security architecture that efficiently implements diverse security policies. The architecture and associated CAD flow enable “hardware patching” i.e. hardware security policy engine that can be seamlessly and securely upgraded in-field to address unanticipated attacks or new security requirements. We implement (1) a centralized Reconfigurable Security Policy Engine (RSPE), (2) smart security wrappers, and (3) Design-for-Debug (DfD) infrastructure interface as the building blocks of the architecture. The proposed framework provides a systematic approach to represent and synthesize diverse security policies. Through extensive analysis using representative SoC models, we show, for the first time to our knowledge, that the proposed framework provides high level of patchability with minimal energy and performance overhead.
November 2nd 2017: Tamzidul Hoque
Title: A Systematic Feature Selection Methodology for Machine Learning Based Hardware Trojan Detection
Venue: SRC TECHCON 2017
Abstract: Design houses often integrate Intellectual Property (IP) cores obtained from third-party vendors to reduce hardware design costs. While the design could be verified for a specified functionality, it is extremely hard to guarantee that no hidden, and possibly malicious capability exists in form of a hardware Trojan in the untrusted third-party IP (3PIP) blocks. While Trojan insertion at the foundry could be tackled to a certain extent due to the presence of a golden design, detection of malicious functionalities – i.e. the trust verification in 3PIP is a more intricate challenge since often nothing but the specification of the intended design is available. Several countermeasures have been proposed earlier most of which identifies a group of suspect nets or gates based on certain functional or structural properties that are commonly observed in publicly available hardware Trojan examples. While various machine learning classifiers could be trained to diagnose suspect 3PIPs for detecting Trojans based on such properties, ad-hoc selection of Trojan properties would impact the detection capability of the classifier. Besides, the presence of redundant properties increases the runtime of the classifier without adding any value. In this work, for the first time, we introduce a systematic methodology to select among various functional and structural Trojan properties for Trojan detection in 3PIP. We implement two different machine learning-based feature selection methods and observe the detection capability of the naive Bayes classifiers under the selected properties. By choosing the features systematically, false positive reduction of around 53% is achieved compared to the worst random selection of equal number of properties. This technique allows the separation of properties based on Trojan models to further improve the detection capability and presents the correct property selection strategy based on the computational resources available.
November 10th: Adib Nahiyan
Title: Hardware Trojan Detection through Information Flow Security Verification
Venue: ITC 2017
Abstract: Semiconductor design houses are increasingly becoming dependent on third party vendors to procure intellectual property (IP) and meet time-to-market constraints. However, these third party IPs cannot be trusted as hardware Trojans can be maliciously inserted into them by untrusted vendors. While different approaches have been proposed to detect Trojans in third party IPs, their limitations have not been extensively studied. In this paper, we analyze the limitations of the state-of-the-art Trojan detection techniques and demonstrate with experimental results how to defeat these detection mechanisms. We then propose a Trojan detection framework based on information flow security (IFS) verification. Our framework detects violation of IFS policies caused by Trojans without the need of white-box knowledge of the IP. We experimentally validate the efficacy of our proposed technique by accurately identifying Trojans in the trust-hub benchmarks. We also demonstrate that our technique does not share the limitations of the previously proposed Trojan detection techniques.
November 30th: Jasmine Bowers
Title: Regulators, Mount Up! Analysis of Privacy Policies for Mobile Money Services
Venue: SOUPS 2017
TBD: Grant Hernandez
Title: FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution
Venue: CCS 2017
Abstract: The USB protocol has become ubiquitous, supporting devices from high-powered computing devices to small embedded devices and control systems. USB’s greatest feature, its openness and expandability, is also its weakness, and attacks such as BadUSB exploit the unconstrained functionality afforded to these devices as a vector for compromise. Fundamentally, it is virtually impossible to know whether a USB device is benign or malicious. This work introduces FirmUSB, a USB-specific firmware analysis framework that uses domain knowledge of the USB protocol to examine firmware images and determine the activity that they can produce. Embedded USB devices use microcontrollers that have not been well studied by the binary analysis community, and our work demonstrates how lifters into popular intermediate representations for analysis can be built, as well as the challenges of doing so. We develop targeting algorithms and use domain knowledge to speed up these processes by a factor of 7 compared to unconstrained fully symbolic execution. We also successfully find malicious activity in embedded 8051 firmwares without the use of source code. Finally, we provide insights into the challenges of symbolic analysis on embedded architectures and provide guidance on improving tools to better handle this important class of devices.
12 Oct: Christopher Patton
Title: Hedging Public-Key Cryptography in the Real World
Venue: CRYPTO 2017
Abstract: Hedged PKE schemes are designed to provide useful security when the per-message randomness fails to be uniform, say, due to faulty implementations or adversarial actions. A simple and elegant theoretical approach to building such schemes works like this: Synthesize fresh random bits by hashing all of the encryption inputs, and use the resulting hash output as randomness for an underlying PKE scheme. The idea actually goes back to the Fujisaki-Okamoto transform for turning CPA-secure encryption into CCA-secure encryption, and is also used to build deterministic PKE schemes.
In practice, implementing this simple construction is surprisingly difficult, as the high- and mid-level APIs presented by the most commonly used crypto libraries (e.g. OpenSSL and forks thereof) do not permit one to specify the per-encryption randomness. Thus application developers are forced to piece together low-level functionalities and attend to any associated, security-critical algorithmic choices. Other approaches to hedged PKE present similar problems in practice.
We reconsider the matter of building hedged PKE schemes, and the security notions they aim to achieve. We lift the current best-possible security notion for hedged PKE (IND-CDA) from the CPA setting to the CCA setting, and then show how to achieve it using primitives that are readily available from high-level APIs. We also propose a new security notion, MM-CCA, which generalizes traditional IND-CCA to admit imperfect randomness. Like IND-CCA, and unlike IND-CDA, our notion gives the adversary the public key. We show that MM-CCA is achieved by RSA-OAEP in the random-oracle model; this is significant in practice because RSA-OAEP is directly available from high-level APIs across all libraries we surveyed. We sort out relationships among the various notions, and also develop new results for existing hedged PKE constructions.
19 Oct: Tamzidul Hoque
Title: DyVerT: A Dynamic Machine Learning Framework for IP Trust Verification
Venue: SRC TECHCON 2017
Abstract: Design houses often integrate Intellectual Property (IP) cores obtained from third-party vendors to reduce hardware design costs. While the design could be verified for a specified functionality, it is extremely hard to guarantee that no hidden, and possibly malicious capability exists in form of a hardware Trojan in the untrusted third-party IP (3PIP) blocks. Several previously proposed countermeasures identify a group of suspect nets or gates based on commonly observed functional or structural properties of publicly available hardware Trojans. Though various machine learning classifiers could be trained to diagnose suspect 3PIPs for detecting Trojans based on such properties, the detection coverage is limited to the quality of the training set available. Besides, the availability of static training sets allows an attacker to design Trojans that could evade a trained model. While existing methods treat all types of Trojans with identical features and a common trained model, the highest level of confidence cannot be achieved unless the suspect design is verified with different classifiers trained with judiciously chosen properties for each Trojan class. In this work, for the first time, we introduce a dynamic and systematic framework to apply machine learning for trust verification of 3PIP. The proposed framework includes a Trojan insertion tool that generates a large number of diverse implementations of different Trojan classes. The tool-generated dynamic database improves the detection coverage and the attacker is no longer aware of the classes of Trojans detectable. A systematic feature selection method is also incorporated that provides the best possible set of properties for each class of Trojans to ensure the highest classification accuracy. We implemented the framework and demonstrate that the proposed approach is capable of significantly reducing false positives compared to similar trust verification techniques. Besides, Trojans with conflicting classes are detectable with greater confidence using dedicated sets of features and trained models.
26 Oct: Animesh Chhotaray
Title: Standardizing Bad Cryptographic Practice – A teardown of the IEEE standard for protecting electronic-design intellectual property
Venue: CCS 2017
Abstract: We provide an analysis of IEEE standard P1735, which describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. We find a surprising number of cryptographic mistakes in the standard. In the most egregious cases, these mistakes enable attack vectors that allow us to recover the entire underlying plaintext IP. Some of these attack vectors are well-known, e.g. padding-oracle attacks. Others are new, and are made possible by the need to support the typical uses of the underlying IP; in particular, the need for commercial system-on-chip (SoC) tools to synthesize multiple pieces of IP into a fully specified chip design and to provide syntax errors. We exploit these mistakes in a variety of ways, leveraging a commercial SoC tool as a black-box oracle. In addition to being able to recover entire plaintext IP, we show how to produce standard-compliant ciphertexts of IP that have been modified to include targeted hardware Trojans. For example, IP that correctly implements the AES block cipher on all but one (arbitrary) plaintext that induces the block cipher to return the secret key. We outline a number of other attacks that the standard allows, including on the cryptographic mechanism for IP licensing. Unfortunately, we show that obvious “quick fixes” to the standard (and the tools that support it) do not stop all of our attacks. This suggests that the standard requires a significant overhaul, and that IP-authors using P1735 encryption should consider themselves at risk.