Tuesday, April 6, 2021
| 12:00PM | 12:15PM | Welcoming Remarks |
|---|---|
| 12:15PM | 12:45PM | Keynote Address Hardening the Physical Design Against Unauthorized Access to Achieve Security Closure Serge Leef MTO Program Manager, DARPA |
| 12:45PM | 01:15PM | Demo 1: ACED-IT Assuring Confidential Electronic Design Against Insider Threats To prevent IP piracy, we redefine the modern threat landscape by considering nearly every individual in the IC design and fabrication process untrusted. ACED-IT leverages the industry SoC design flow to provide a more secure development environment for all entities throughout the supply chain. By integrating encryption, logic locking, TILEs, access controls, and action logging, ACED-IT protects the design IP from insider threats originating from any entity in the process. Andrew Stern |
| 01:15PM | 01:45PM | Demo 2: Backside Protection Optical attacks, e.g., optical probing, exploit optically transparent silicon substrate to probe the assets in system-on-chip (SoC). In this demo, we present a novel chip activity masking technique against optical probing to increase the time-cost of backside attacks. The technique is evaluated using device and laser physics driven security metrics. We will also present the silicon results for the masking implementation. Tanjid Rahman |
| 01:45PM | 02:15PM | Demo 3: Automated Detection of Malicious Implants in Hardware Models Malicious implants (such as hardware Trojans) are serious threat to security and reliability of computing systems. It is hard to detect these malicious implants using traditional validation methods since an adversary is likely to hide them under rare trigger conditions. We will discuss two promising alternatives for detecting malicious implants. Specifically, the demo will show how statistical test generation as well as maximal clique sampling can be effectively used for detecting stealthy Trojans. Miranda Overstreet |
| 02:15PM | 02:45PM | Invited Talk: Provenance and Traceability in Secure Cloud-Based Microelectronics Workflows Dr. Ken Merkel Nimbis Services |
| 02:45PM | 03:15PM | Demo 4: Assessing the Security of Cellular Baseband Processors Modern smartphones achieve mobility through dedicated cellular protocol processors known as basebands. Baseband processors are usually highly proprietary, dedicated chips, running custom real-time operating systems (RTOS). Unfortunately, effective security testing of on-target baseband implementations is limited due to a lack of memory introspection and slow test case setup time, and the need to set up many devices. To overcome these limitations, we have developed the FirmWire baseband analysis platform that enables full-system emulation of unmodified baseband firmware. FirmWire uses domain knowledge of the cellular protocols and baseband RTOS structures to provide seamless interaction with tasks and internal messaging APIs.We apply FirmWire to Samsung’s Shannon baseband to perform message API and state machine recovery for LTE and GSM, along with coverage-guided fuzzing of GSM and GPRS radio messages. Our fuzzing discovered three buffer overflows, one of which was previously unknown, which we replicated over the air to crash a Samsung S7 and S10, demonstrating the efficacy and accuracy of FirmWire as an analysis platform. Kevin Butler |
| 03:15PM | 03:45PM | Demo 5: Locked and Unlocked Benchmark Generation Framework In order to evaluate and validate hardware security features, benchmarks are key requirement. Benchmarks with protection scheme enabled, or obfuscated ones are necessary for testing attack efficiency. To analyze obfuscation techniques and other security features, benchmarks that are not locked are required. In order to fulfill these needs, we have developed two tools. The first tool is SynthGen, a synthetic benchmark generator. The tool utilizes linear programming to determine the structure of a synthetic circuit that is most different than the set of provided sample benchmarks. The structure is then translated into a workable netlist with a supplementary tool. The second tool is KIT (Key Inserting Tool) which generates locked benchmarks from existing unlocked ones. Both of these tools have been analyzed for applications in hardware obfuscation research. Sarah Amir |
| 03:45PM | 04:15PM | Demo 6: Security Property-Driven Vulnerability Assessments of ICs Against Fault-Injection Attacks (SoFI) In this demo, a security property driven fault injection assessment tool, called SoFI, would be introduced. The tool can identify the critical locations in the gate-level netlist of ICs to fault injection attacks. Huanyu Wang |
| 04:15PM | 04:45PM | Short Students Presentations Automated Security Assessment of FSM Bulbul Ahmad Obfuscated HLL: Logic locking at High Level Language leveraging the Power of HLS Rafid Muttaki |
| 04:45PM | 04:55PM | Michael (Mike) McConnell, Retired U.S. Navy vice admiral and former director of the National Security Agency (NSA), Executive Director of Cyber Florida, University of South Florida. |
| 04:55PM | 05:00PM | Concluding Remarks Mark Tehranipoor |
Wednesday, April 7, 2021
| 12:00PM | 12:15PM | Welcoming Remarks |
|---|---|
| 12:15PM | 12:45PM | Keynote Address Hardware Security in the Era of Information Parity Dr. Matt Casto Division Chief, Aerospace Components and Subsystems, AFRL |
| 12:45PM | 01:15PM | Demo 7: FICS-eChain: A Consortium Blockchain for Electronic Supply-Chain Assurance This demo presents a blockchain-centric framework for semiconductor supply chain to ensure the authenticity of electronic devices. The underlying approach is to collect provenance records of electronic devices in a distributed ledger data storage while they travel across the supply-chain. It offers traceability of authentic devices and detection of different counterfeit devices using data-centric approaches hosted on the blockchain ledger. Rakib Shahriar |
| 01:15PM | 01:45PM | Demo 8: Automated Detection of Don’t Care Transitions in RTL Designs We present an automated approach to the detection of don’t-care transitions in the RTL level Finite-State Machine (FSM) designs using symbolic execution. Our approach works in two steps. In the first step, it performs forward symbolic execution to compute the set of reachable states. In the second step, it performs abstract backward symbolic execution to compute the don’t care transitions. Our preliminary results on various FSM benchmarks show that our approach is both precise and scalable. Ruochen Dai |
| 01:45PM | 02:15PM | Demo 9: Security Verification of FPGA-as-a-Service This demo addresses the security risks linked to the evolving infrastructure that provides FPGAs on the cloud as accelerators. We demonstrate denial-of-service attacks that exploit driver vulnerabilities responsible for providing communication channel between the FPGA and the user application. Nitin Pundir |
| 02:15PM | 02:45PM | Invited Talk: Secure Silicon: The Cornerstone of Silicon Lifecycle Management Mike Borza Synopsys Inc. |
| 02:45PM | 03:15PM | Demo 10: S3A S3A’s purpose is to simplify the process of pixel-level image labeling. It increases labeling accuracy, decreases manual annotation times and requirements, is free and open-source, extensible, and generalizes to multiple problem domains. Its demo will show the key features and general workflow involved in annotating an image, as well as some of the many ways it can be configured to suit user and application needs. Nathan Jessurun |
| 03:15PM | 03:45PM | Demo 11: Protecting Intellectual Property Cores Against Piracy Logic locking has emerged as a promising solution to protect integrated circuits (ICs) against piracy and tampering. However, the security provided by existing logic locking techniques is often thwarted by oracle-guided attacks. In this demo, we show mathematically and experimentally how Dynamically Obfuscated Scan Chain (DOSC) makes logic locked design resilient against SAT and other oracle-guided attacks. Sazadur Rahman |
| 03:45PM | 04:15PM | Demo 12: Transparent Voting Machine: Making Every Vote Count Allegation of voting machines flipping votes were made in the wake of the 2020 Presidential Election. Researchers have demonstrated few voters notice votes flipped on a ballot marking device. The transparent voting machine is an innovative device designed to address these issues. A demonstration of the transparent voting machine prototype will be given followed by questions. Juan E. Gilbert |
| 04:15PM | 04:45PM | Demo 13: Cross-Coupled Impedance-Based PUF With 1.06% Native Instability This work presents an ASIC implementation of a weak physically unclonable function (PUF) with a bimodal output distribution. The PUF, termed negative impedance-based PUF, is formed using a Wheatstone-bridge which employs a combination of positive and negative feedbacks to greatly amplify normally small mismatches due to process variation. The PUF is fabricated in 65-nm TSMC LP process and show a 1.06% native instability without the use of any digital calibration techniques. Nima Maghari |
| 04:45PM | 05:00PM | Concluding Remarks |
Thursday, April 8, 2021
| 12:00PM | 12:15PM | Welcoming Remarks |
|---|---|
| 12:15PM | 12:45PM | Keynote Address Efficient FI Attacks Through Optical Emission Analysis Erwin in ‘t Veld Riscure |
| 12:45PM | 01:15PM | Demo 14: Automatic Generation of Secured SoC with enforced Hardware IP Firewall In this Demo, we show the design flow of a secured SoC where the Mandatory Access Control policies are enforced through hardware IP firewall. A demonstration of the implemented SoC is presented on a real-world example case. Also, an associated tool flow automating the process will be demonstrated as well. Christophe Bobda Sujan Kumar Saha |
| 01:15PM | 01:45PM | Demo 15: Leveraging Symbolic Execution for Trojan Detection via Logic Testing In this demo, we show how to use symbolic execution in C/C++ level to activate hidden malicious functionality in RTL designs. Our approach is based on mapping of RTL design to C-level and leveraging the existing powerful symbolic execution engine, KLEE, to generate tests. The threat model for Trojan insertion is based on the fact of rareness of trojan statements in a design, and this observation is used to steer the Symbolic engine towards specific branches for Test Generation. Arash Vafaei |
| 01:45PM | 02:15PM | Demo 17: Automated PCB Reverse Engineering using X-ray Tomography Robust PCB design verification and reverse engineering are often complex processes requiring tools and experienced personnel. X-ray imaging is most commonly used in this effort for collecting and analyzing 3D volumes of the sample under test. The Auto-3D system attempts to reduce these requirements by performing automated and assisted PCB netlist extraction, processing a full stack of X-ray data to retrieve layer information, connectivity, and more. These details are later combined to output a GERBER or DXF file. Our demonstration would consider 3 types of PCBs for this workflow: 1) An unpopulated non-complex PCB (4 layers, ideal case), 2) An unpopulated complex PCB (6 layers), 3) A populated PCB (6 layers). John True Dhwani Mehta |
| 02:15PM | 02:45PM | Demo 16: RTL Power Side-Channel Assessment with Test Generation This demo aims to show our tool PSC-TG for RTL power side-channel assessment. We show how formal tools will be used to generate patterns that would enforce the sensitive variables in the design to manifest the maximum leakage. We also show how pre-silicon SCV metric is calculated based on the derived patterns with RTL power estimation tools like Synopsys Spyglass as the indication of the side-channel vulnerabilities. Tao Zhang |
| 03:00PM | 03:30PM | Demo 18: Automated Reverse Engineering of X-ray CT Imaged PCBs While external and topical PCB design information can be extracted from optical images, only through X-ray CT imaging can a multi-layered PCB’s internal connectivity information be extracted for a thorough high fidelity reverse engineering. This demo serves to present our work in the automation of the internal PCB RE process from slice-to-layer identification, to via and trace detection/localization. And the consolidation of all this information detected in an unsupervised fashion (no prior knowledge or user intervention needed) on a 6 layered PCB. Ulbert J. Botero |
| 03:30PM | 04:00PM | Demo 19: AutoBoM This demo presents automated bill of material generation for PCBs. Nathan Jessurun Olivia Paradis Jacob Harrison |
| 04:00PM | 04:30PM | Demo 19: PCB Assurance This demo presents automated assessment of PCB vulnerabilities. Marino Guzman |
| 04:30PM | 05:00PM | Demo 20: STV Automated SoC Trust Validation Using Dynamic Trojan Benchmark Generation STV is designed to advance the state-of-the-art for the design, validation, and testing of trustworthy hardware. This automated toolset dynamically assesses the likelihood of hardware Trojan detection through standard testing methods and to harden the design against potential Trojan insertion. Andrew Stern Dan Capecci |
| 05:00PM | Concluding Remarks |