On Sunday, August 25, there will be a total of six tutorials; three running in parallel in the morning and three running in parallel in the afternoon.
Tutorials on Sunday morning3>
Jakub Szefer (Yale University):
Design of Secure Processor Architectures
Abstract: The objective of this tutorial is to present the principles that processor architects and hardware designers should use when developing secure processor architectures. Secure processor architectures typically extend commodity processors with new hardware (and related software) features for protection of enclaves, trusted software modules, or even whole operating systems inside virtual machines. Since typical secure processor architectures extend the main processor in the system with security features, hence performance is an important aspect of the design process. In addition, however, they must isolate the protect software from other untrusted user software, possibly untrusted management software, and in many cases a variety of physical attacks, usually on memory. The isolation should also cover all types of possible ways for information leaks, such as through architectural state, micro-architectural state, or due to spatial or temporal sharing of hardware. And, transient execution attacks (Spectre, Meltdown, and their variants), also needs to be finely controlled to mitigate the new types of transient execution threats. In this tutorial, various design patterns will be presented and discussed. First, the tutorial will overview the secure processor architectures and their features. It will discuss various protection mechanisms for isolation and protection of the software from other, untrusted software. Second, tutorial will discuss various timing channels and protection mechanisms, such as secure caches, secure TLBs, or secure branch predictors to defend these attacks. This part will be grounded in a new 3-step model developed for timing channel vulnerability evaluation. Third, the tutorial will present details of Spectre and Meltdown attacks (and their various variants presented to date) and hardware defenses (and estimations of performance impact of each). This tutorial will thus cover the three main contemporary research areas of secure processor architectures: the architectures themselves, timing channels, and transient execution attacks.
Bio: Jakub Szefer’s research focuses on improving computer systems security at the architecture and hardware levels. His work explores how to leverage physical properties of hardware as security primitives, and has resulted in, for example, different new types of Physically Uncloneable Functions (PUFs) using commodity Dynamic Random Access Memories (DRAMs). His work also aims to improve security at the architecture level, including recent development of a novel 3-step framework for modeling all possible cache and TLB timing attacks, as well as new types of cache-related timing attacks; and mitigations. Large number of his projects involve Field-Programmable Gate Arrays (FPGAs), including implementations of post-quantum cryptographic (PQC) algorithms, and novel attacks and defense for the new Cloud FPGA computing paradigm. His group regularly open-sources hardware code. He is a recipient of NSF’s CAREER award in 2017, and was elected IEEE Senior Member in 2019. Jakub Szefer has written a book on “Principles of Secure Processor Architecture Design” (2018). He joined Yale University in summer 2013 as an Assistant Professor of Electrical Engineering, where he started the Computer Architecture and Security Laboratory (CAS Lab). Prior to joining Yale, he received Ph.D. and M.A. degrees in Electrical Engineering from Princeton University and worked with Prof. Ruby B. Lee on secure processor architectures. He received B.S. with highest honors in Electrical and Computer Engineering from University of Illinois at Urbana-Champaign.
Prabhat Mishra (University of Florida): Verification of Hardware IP Security and Trust
Abstract: System-on-Chip (SoC) is the brain behind computing and communication in a wide variety of systems, starting from simple IoT devices in smart homes to complex navigation systems in airplanes. Cars are full of them, as are airplanes, satellites, and advanced military and medical devices. Reusable hardware Intellectual Property (IP) based System-on-Chip (SoC) design has emerged as a pervasive design practice in the industry to dramatically reduce design and verification cost while meeting aggressive time-to-market constraints. Growing reliance on these pre-verified hardware IPs, often gathered from untrusted third-party vendors, severely affects the security and trustworthiness of SoC computing platforms. An important emerging concern with the hardware IPs acquired from external sources is that they may come with deliberate malicious implants to incorporate undesired functionality (e.g. hardware Trojan), undocumented test/debug interface working as hidden backdoor, or other integrity issues. It is extremely difficult to verify integrity and trust for hardware IPs, due to (a) lack of a golden reference model or incomplete specifications, and (b) exponential space of diverse types of complex IPs and IP-specific vulnerabilities. This tutorial will provide a comprehensive overview of both fundamental concepts and recent advances in hardware IP trust validation using formal methods, simulation-based approaches as well as side channel analysis. The tutorial will consist of five parts. The first part will introduce security vulnerabilities (threats) and various challenges associated with trust validation of hardware IPs. It will highlight recent advances in developing trust metrics and benchmarks. The second part will cover efficient test generation techniques for simulation-based trust validation. The third part will describe how formal verification techniques (including model checking, SAT solving, theorem proving and equivalence checking) can be effectively utilized for IP trust validation. The fourth part will demonstrate the usefulness of side channel analysis for SoC security and trust validation. Finally, it will conclude with a discussion on emerging SoC security threats and effective countermeasures in order to design trustworthy systems.
Bio: Prabhat Mishra is a Professor in the Department of Computer and Information Science and Engineering at the University of Florida. He is a UF Preeminence Term Professor, an active member of the Florida Institute of Cybersecurity, and a code member of the Nelms Institute for the Connected World. His research interests include embedded and cyber-physical systems, hardware security and trust, energy-aware computing, formal verification, system-on-chip validation, and post-silicon debug. He received his Ph.D. in Computer Science and Engineering from the University of California, Irvine. He has published 7 books, 25 book chapters, and more than 150 research articles in premier international journals and conferences. His research has been recognized by several awards including the NSF CAREER Award, IBM Faculty Award, three best paper awards, and EDAA Outstanding Dissertation Award from the European Design Automation Association. He has led several projects related to design and validation of trustworthy systems funded by National Science Foundation, Semiconductor Research Corporation, Raytheon and Cisco Systems. Prof. Mishra currently serves as an Associate Editor of ACM Transactions on Design Automation of Electronic Systems, IEEE Transactions on VLSI Systems, and Journal of Electronic Testing. He is also serving as an ACM Distinguished Speaker. Prof. Mishra is an ACM Distinguished Scientist and a Senior Member of IEEE.
Marilyn Wolf (Georgia Tech): Safe and Secure Cyber-Physical and IoT Systems
Cyber-physical and IoT systems combine computers with the physical
world. The result of this combination is that we can no longer treat
physical safety and information security as separate topics.
Security and safety are traditionally practiced by separate
disciplines in very different ways. We need new methods to ensure
that our critical infrastructure, medial systems, and transportation
systems protect our physical well-being, our privacy, and our
This half-day tutorial will cover basic and advanced topics related to CPS/IoT safety and security:
- Traditional approaches to safety and security: fault models, hazard analysis, attack models.
- How safety methods affect information security and how security methodologies affect physical safety.
- Case studies of failures in safety and security.
- Design methodologies for safe and secure systems: threat models, model-based design, serviceoriented architectures.
- Run-time methods for safe and secure systems: monitors, device fingerprinting, diagnosis and repair.
Bio: Marilyn Wolf is Farmer Distinguished Chair and Georgia Research Alliance Eminient Scholar at the Georgia Institute of Technology. She received her BS, MS, and PhD in electrical engineering from Stanford University in 1980, 1981, and 1984, respectively. She was with AT&T Bell Laboratories from 1984 to 1989. She was on the faculty of Princeton University from 1989 to 2007. Her research interests included embedded computing, embedded video and computer vision, and VLSI systems. She has received the IEEE Computer Society Goode Memorial Award, the ASEE Terman Award and IEEE Circuits and Systems Society Education Award. She is a Fellow of the IEEE and ACM and an IEEE Computer Society Golden Core member.
Tutorials on Sunday afternoon3>
Reza Azarderaksh (Florida Atlantic University):
Isogeny-Based Cryptography in Hardware
Abstract: Supersingular Isogeny Key Encapsulation (SIKE) is one of the candidates submitted to NIST’s post-quantum cryptography standardization program. Isogenies on elliptic curves have been studied since 1997 by mathematicians and cryptologists which led to the the invention of quantum-safe key exchange method by David Jao and Luca DeFeo. SIKE which offers stronger security model is the only quantum-safe candidate with smallest keysize in comparison to the other candidates and has received more attentions in the past few years as they look more suitable for embedded devices. In this talk, we will start with the basics of isogeny-based cryptography and underlying finite field arithmetic computations and describe the SIDH/SIKE algorithms. We will discuss secret kernel computations for isogeny maps based on various double point multiplication algorithms. We will also provide higher level arithmetic overview for isogeny evaluations and isogeny computations based on Velue’s formulae. More specifically, we will provide discussions about isogeny graphs and for both Alice and Bob and show how they walk on supersingular isogeny graphs and end up getting a shared secret. We will also provide hardware architectures and illustrate how higher level protocols could get translated and implemented in RTL and programmed in FPGAs. We will provide performance and area usage results and compare them to the result of other quantumsafe candidates in similar platforms. Finally, open research problems will be discussed from cryptographic engineering and physical attacks point of view. During the talk, a toy example will be provided in SAGE. Bring your laptops!
Bio: Dr. Reza Azarderakhsh is an assistant professor and I-SENSE Fellow in the Department of Computer Science and Engineering at Florida Atlantic University. He received his PhD. in Computer Engineering from Western University, Canada. After that, he was an NSERC post-doc research fellow at the Center for Applied Cryptographic Research, Department of Combinatorics and Optimization at the University of Waterloo which he is currently affiliated as a supervisor member of CryptoWorks21 there. Dr. Azarderakhsh serves as an Associate Editor of IEEE Transactions on Circuits and Systems (TCAS-I) Cryptographic Engineering track. He is author/coauthor of more than 80 journals and conference papers in the area of applied cryptography and cryptographic engineering. His research has been supported by NSF, NIST, ARO, and Texas Instruments among others. He has developed several algorithms and architectures for classical and post-quantum cryptography including elliptic curve cryptography, isogeny-based cryptography, and lattice-based cryptography. He was a recipient of the prestigious Natural Sciences and Engineering Research Council of Canada Post-Doctoral Research Fellowship and the Texas Instruments Faculty Award (Douglas Harvey).
Shreyas Sen (Purdue University) and Arijit Raychowdhury (Georgia Tech): Electromagnetic and Machine Learning Side-Channel Attacks and Low-overhead Generic Countermeasures
Abstract: Computationally secure Cryptographic algorithms, when implemented on physical hardware leak correlated physical signatures (e.g. power supply current, electromagnetic radiation, acoustic, thermal) which could be utilized to break the crypto engine in linear time. While the existence of such side-channel attacks have been known for decades, the impact of them have been increasing with the proliferation of billions of IoT edge-devices with resource constraints. Recently, it was shown that the AES-256 key could be broken non-invasively in just 5 minutes from a 1-meter distance using EM side-channels. The complexity of breaking AES-256 reduced from ~2^256 to ~2^13 when side-channels are utilized. An attacker does not need to know specific implementation details of the cryptographic device to perform these attacks and extract keys. Going from AES128 to AES 256 only improves protection by 2x when side-channel attacks are employed, making physical side-channel attacks a significant threat. Existing countermeasures (e.g. algorithmic, masking, power balancing, shielding) generally suffer from high overheads, sometimes performance degradations and often is algorithm specific. Generic low-overhead countermeasures require white-box modeling of the physical emissions and low-level countermeasures. Current statistical techniques for power and EM side-channel attacks during secure computation require multiple traces to be collected; and for low SNR, requires thousands of cycles. Recent advances in Deep Learning based power/EM Side-Channel Analysis (DL-SCA) allows an attack with a single or a few encryptions. Thus DL-SCA increases the attack surface massively, as an attacker who has access to a device for minutes can now attack; instead of hours of possession that were required with previous attacks like CPA. Recent work has shown how training on multiple devices can be used to generalize a DL-SCA machine learning (ML) model and can be used to carry out attack on a new and similar device in a very few encryptions. This puts a huge dent to the security of embedded devices. In this tutorial, we will cover the following (a) Threats and impacts of physical side-channels (b) In-depth analysis of power side-channel and low-overhead generic power-side channel countermeasure through attenuated signature noise injection (ASNI) using in-line current domain signature attenuation (c) White-box modeling of EM leakage from cryptographic ICs starting from Maxwell’s equations and accelerating electrons and analysis of the impact of metal layers on EM information leakage (d) Generic low-overhead EM side-channel countermeasures (e) Intelligent EM sniffing using automated algorithmic automated detection of highest leakage-point (f) Machine-Leaning Side-channel attack and techniques for cross-device DL-SCA and (g) countermeasures for ML-SCA (h) a summary of open problems and future research directions for side-channel attacks and defenses.
Fatemeh Ganji (University of Florida) and Shahin Tajik (University of Florida): Security of PUFs: Lessons Learned after Two Decades of Research
Abstract: Physically Unclonable Functions (PUFs) are a type of hardware root-of-trusts (RoTs) designed to ensure the achievement of security-related goals. To overcome inherent problems associated with conventional hardware RoTs, PUFs have been introduced as promising solutions. For PUFs, the manufacturing process variations lead eventually to instance- specific and inherent physical properties that can generate virtually unique responses, when the instance is given some challenges. Therefore, PUFs can be utilized as either device fingerprints for secure authentication or a source of entropy in secure key generation scenarios. Regarding the instance-specific and inherent physical properties of the PUFs, they are assumed to be unclonable, unpredictable, and tamper-evident, and therefore, trustworthy and robust against attacks. While it is more straightforward to quantify the quality of PUFs in terms of cost and reliability, the security of PUFs against different attacks should be considered more carefully. These attacks range from fully invasive to non-invasive ones, with the aim of cloning a PUF physically or mathematically. Despite these attacks, PUFs have been widely employed in key generation and authentication protocols. This widespread use in conjunction with various (even unknown attack) further increase the complexity of the task of defining an appropriate measure indicating the resistance of PUFs to attacks. Given the lack of consistency between metrics used in various studies, PUFs are not assessed adequately, and as a result, PUF designers/manufacturers have to face ever-evolving challenges imposed by adversaries mounting mathematical and/ or physical attacks. In this tutorial, we cover the following: (a) An introduction to PUFs and their quality- and security-related metrics (b) A taxonomy of State-of-the-art mathematical attacks (e.g., machine learning, lattice-basis reduction, etc.) against PUFs. (c) A taxonomy of physical/side-channel attacks against PUFs (d) Architectural and Protocol-level countermeasures to prevent both mathematical and physical attacks, (e) Introduction of a benchmark for security evaluation of PUFs, (f) Real-world implementation of PUFs in embedded devices, such as FPGAs and smartcards (g) an insight for future application of the PUFs in cybersecurity. (h) A summary of open problems and future research directions.
Fatemeh Ganji is a postdoctoral fellow at the Florida Institute for
Cybersecurity (FICS) Research at the University of Florida. She
received her Ph.D. degree in Electrical Engineering from the
Technical University of Berlin in 2017. She has focused her research
activities on the applied and theoretical machine learning
techniques as well as mathematical tools for the security assessment
of hardware primitives, for instance, Physically Unclonable
Functions (PUFs). For her work on the learnability of PUFs, she has
received BIMoS PhD Award in 2018. Before joining FICS, Dr. Ganji
was a postdoctoral research fellow at T-Labs, Telekom Innovation
Laboratories and the Technical University of Berlin. She has
co-/authored a book and several papers that have appeared in
publications of Springer, International Association for Cryptologic
Research (IACR) and IEEE journals and conference
Shahin Tajik is a postdoctoral fellow at the Florida Institute for Cybersecurity (FICS) Research at the University of Florida. Before coming to the University of Florida, Dr. Tajik was a postdoctoral fellow at the working group SECT, a collaboration of the Technical University of Berlin and Deutsche Telekom Innovation Laboratories in Germany. He received his Ph.D. degree in Electrical Engineering in 2017 from the Technical University of Berlin. His field of research includes non-invasive and semiinvasive attacks, Physically Unclonable Functions (PUFs), security evaluation of FPGAs, and providing tamper protection mechanisms against attacks conducted from the IC backside. His ACM CCS’17 paper with the title "On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs" was awarded the 1st place in Applied Research Competition of European Cyber Security Awareness Week (CSAW) in 2017.