PROOFS 2018:Papers with Abstracts

Abstract. Malware detection is still one of the difficult problems in computer security because of the occurrence of newer varieties of malware programs. There has been an enormous effort in developing a generalised solution to this problem, but a little has been done considering the security of resource constraint embedded devices. In this paper, we at- tempt to develop a lightweight malware detection tool designed specifically for embedded platforms using micro-architectural side-channel information obtained through Hardware Performance Counters (HPCs). The methodology aims to develop a distance metric, called λ, for a given program from a benign set of programs which are expected to execute in the embedded environment. The distance metric is decided based on observations from carefully chosen features, which are tuples of high-level system calls along with low-level HPC events. An ideal λ-value for a malicious program is 1, as opposed to 0 for a benign program. However, in reality, the efficacy of λ to classify a malware largely depends on the proper assignment of weights to the features. We employ a gradient-descent based learning mechanism to determine optimal choices for these weights. We justify through experimental results on an embedded Linux running on an ARM processor that such a side-channel based learning mechanism improves the classification accuracy significantly compared to an ad-hoc selection of the weights, and leads to significantly low false positives and false negatives in all our test cases.

Abstract. Models and tools developed by the semiconductor community have matured over decades of use. As a result, hardware simulations can yield highly accurate and easily automated pre-silicon estimates for e.g. timing and area figures. In this work we design, implement, and evaluate CASCADE, a framework that combines a largely automated full-stack standard-cell design flow with the state of the art techniques for side channel analysis. We show how it can be used to efficiently evaluate side channel leakage prior to chip manufacturing. Moreover, it is independent of the underlying countermeasure and it can be applied starting from the earliest stages of the design flow. Additionally, we provide experimental validation through assessment of the side channel security of representative cryptographic circuits. We discuss aspects related to the performance, scalability, and utility to the designers. In particular, we show that CASCADE can evaluate information leakage with 1 million simulated traces in less than 4 hours using a single desktop workstation, for a design larger than 100kGE.

Abstract. Modern Implantable Medical Devices (IMDs) are low-power embedded systems with life-critical functionalities. Almost all of these devices are equipped with wireless- communication capabilities in order to aid in diagnosis, in updating the functional settings and firmware and so on, without any surgical procedure to perform these tasks manually. There is, thus, a rising trend towards increased connectivity of these devices. The down- side of this trend is, however, a proportional increase in the attack surface that can be exploited by a malicious entity. In effect, threat modeling of IMDs becomes ever more important. This is reflected by an increase in the number of vulnerabilities being found consistently in the IMDs available in market. This paper proposes a threat-modeling analysis based on attack trees to evaluate the security of these devices. As an example, three recent lightweight IMD security protocols from literature are analyzed using this approach to demonstrate its effectiveness in suggesting security improvements.

Abstract. This paper presents a non-reversible method for stealthily inserting hardware Tro- jan (HT) based on a path delay fault called Path Delay HT (PDHT). While PDHT is hardly detected by the conventional methods including Monte-Carlo tests, its practicality is still unclear because a rarely sensitized path used for PDHT is selected and exploited in a deterministic manner. Such deterministic method indicates that we can find possible PDHT-inserted paths by its reversed method. In addition, the conventional method uses a genetic algorithm to add extra delays onto the selected path for inducing a path delay fault, and therefore, we have a difficulty in evaluating the resistance/vulnerability of a circuit to PDHT. This paper first presents a new method for selecting sufficiently rare paths to insert PDHT at random. We then show that the detectability/stealthiness of PDHT is related to switching activity (i.e., glitch effect), and present a new systematic method for inducing a path delay fault instead of GA. We demonstrate through an experimental PDHT-insertion and a Monte-Carlo test that the PDHT inserted by our method is sufficiently undetectable in comparison with the conventional method.

Abstract. Today’s electronic systems must simultaneously fulfill strict requirements on security and reliability. In particular, their cryptographic modules are exposed to faults, which can be due to natural failures (e.g., radiation or electromagnetic noise) or malicious fault- injection attacks. We present an architecture based on a new class of error-detecting codes that combine robustness properties with a minimal distance. The new architecture guarantees (with some probability) the detection of faults injected by an intelligent and strategic adversary who can precisely control the disturbance. At the same time it supports automatic correction of low-multiplicity faults. To this end, we discuss an efficient technique to correct single errors while avoiding full syndrome analysis. We report experimental results obtained by physical fault injection on the SAKURA-G FPGA board.