2024 TCAD

DETERRENT: Detecting Trojans Using Reinforcement Learning

Author: Vasudev Gohil, Satwik Patnaik, Hao Guo, Dileep Kalathil, Jeyavijayan Rajendran

Affiliation: Department of Electrical and Computer Engineering, Texas A&M University at College Station, College Station, TX, USA

Abstract:

The globalized nature of the integrated circuits supply chain has given rise to several security problems. The insertion of malicious components, called hardware Trojans, is one such serious problem. Since Trojans are activated only under extremely rare trigger conditions and the search space is exponentially large, detecting them is arduous. Researchers have attempted to detect Trojans by querying the design-under-test using appropriate test patterns and monitoring its logical or side-channel response. However, techniques in both these categories lack either in terms of detection accuracy or scalability for larger designs. In this work, we investigate why existing techniques fall short and use our findings to propose a new reinforcement learning (RL) framework for detecting Trojans. We carefully design two RL agents (one for each category) that navigate the exponential search space of the test patterns and return minimal sets of patterns that are most likely to detect Trojans. We overcome challenges related to scalability and efficacy through appropriate solutions. Experimental results on a variety of benchmarks demonstrate the scalability and efficacy of our RL agents, which reduce the number of test patterns significantly(169.68×and34.73×on average overall and27.59×and3.72×on average over large benchmarks) while maintaining or improving the Trojan-detection success rate compared to the state-of-the-art techniques.

 

 

 

 

2023 DAC

ExploreFault: Identifying Exploitable Fault modes in Block Ciphers with Reinforcement Learning.

Author: Hao Guo, Sayandeep Saha, Vasudev Gohil, Satwik Patnaik, Debdeep Mukhopadhyay, Jeyavijayan (JV) Rajendran

Affiliation: Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, India; Electrical & Computer Engineering, Texas A&M University, College Station, Texas, USA; UCL Crypto Group, ICTEAM/ELEN, Université Catholique de Louvain, Belgium

Abstract:

Exploitable fault modes for block ciphers are typically cipher-specific, and their identification is essential for evaluating and certifying fault attack-protected implementations. However, identifying exploitable fault modes has been a complex manual process. In this work, we utilize reinforcement learning (RL) to identify exploitable fault modes generically and automatically. In contrast to the several weeks/months of tedious analyses required from experts, our RL-based approach identifies exploitable fault modes for protected/unprotected AES and GIFT ciphers within 12 hours. Notably, in addition to all existing fault modes, we identify/discover a novel fault mode for GIFT, illustrating the power and promise of our approach in exploring new attack avenues.

 

 

 

 

2023 DATE

MANTIS: Machine Learning-Based Approximate modeliNg of RedacTed Integrated CircuitS.

Author: Chaitali Sathe, Yiorgos Makris, Benjamin Carrion Schafer

Affiliation: Department of Electrical and Computer Engineering, The University of Texas at Dallas

Abstract:

With most hardware (HW) design companies now relying on third parties to fabricate their integrated circuits (ICs) it is imperative to develop methods to protect their Intellectual Property (IP). One popular approach is logic locking. One of the problems with traditional locking mechanisms is that the locking circuitry is built into the netlist that the (HW) design company delivers to the foundry which has now access to the entire design including the locking mechanism. This implies that they could potentially tamper with this circuitry or reverse engineer it to obtain the locking key. One relatively new approach that has been coined as hardware redaction is to map a portion of the design to an embedded FPGA (eFPGA). The bitstream of the eFPGA now acts as the locking key. In this case the fab receives the design without the bitstream and hence, cannot reverse engineer the functionality of the design. In this work we propose, to the best of our knowledge, the first attack on eFPGA HW redacted ICs by substituting the exact logic mapped onto the eFPGA by a synthesizable predictive mode that replicates the behavior of the exact logic. This approach is particularly applicable in the context of approximate computing where hardware accelerators tolerate certain degrees of error at their outputs. One of the main issues addressed in this work is how to generate the training data to generate the synthesizable predictive mode. For this we use SAT/SMT solvers as the potential attacker only has access to primary I0 of the IP. Experimental results for various degrees of maximum allowable output errors show that our proposed approach is very effective finding suitable predictive modes.

 

 

 

 

2023 MICRO

NeuroLPM - Scaling Longest Prefix Match Hardware with Neural Networks

Author: Alon Rashelbach, Igor de Paula, Mark Silberstein

Affiliation: Technion, Israel

Abstract:

Covert channels enable information leakage between security domains that should be isolated by observing execution differences in shared hardware. These channels can appear in any stateful shared resource, including caches, predictors, and accelerators. Previous works have identified many vulnerable components, demonstrating and defending against attacks via reverse engineering. However, this approach requires much human effort and reasoning. With the Cambrian explosion of specialized hardware, it is becoming increasingly difficult to identify all vulnerabilities manually. To tackle this challenge, we propose AutoCC, a methodology that leverages formal property verification (FPV) to automatically discover covert channels in hardware that is shared between processes. AutoCC operates at the register-transfer level (RTL) to exhaustively examine any machine state left by a process after a context switch that creates an execution difference. Upon finding such a difference, AutoCC provides a precise execution trace showing how the information was encoded into the machine state and recovered. Leveraging AutoCC’s flow to generate FPV testbenches that apply our methodology, we evaluated it on four open-source hardware projects, including two RISC-V cores and two accelerators. Without hand-written code or directed tests, AutoCC uncovered known covert channels (within minutes instead of many hours of test-driven emulations) and unknown ones. Although AutoCC is primarily intended to find covert channels, our evaluation has also found RTL bugs, demonstrating that AutoCC is an effective tool to test both the security and reliability of hardware designs.

 

 

 

 

2023 arXiv

Fixing hardware security bugs with large language models

Author: Baleegh Ahmad, Shailja Thakur, Benjamin Tan, Ramesh Karri, and Hammond Pearce

Affiliation: NewYork University; University of Calgary

Abstract:

Novel AI-based code-writing Large Language modes (LLMs) such as OpenAI's Codex have demonstrated capabilities in many coding-adjacent domains. In this work we consider how LLMs maybe leveraged to automatically repair security relevant bugs present in hardware designs. We focus on bug repair in code written in the Hardware Description Language Verilog. For this study we build a corpus of domain-representative hardware security bugs. We then design and implement a framework to quantitatively evaluate the performance of any LLM tasked with fixing the specified bugs. The framework supports design space exploration of prompts (i.e., prompt engineering) and identifying the best parameters for the LLM. We show that an ensemble of LLMs can repair all ten of our benchmarks. This ensemble outperforms the state-of-the-art Cirfix hardware bug repair tool on its own suite of bugs. These results show that LLMs can repair hardware security bugs and the framework is an important step towards the ultimate goal of an automated end-to-end bug repair framework.

 

 

 

 

2023 arXiv

LLM-assisted generation of hardware assertions

Author: Rahul Kande, Hammond Pearce, Benjamin Tan, Brendan Dolan-Gavitt, Shailja Thakur, Ramesh Karri, and Jeyavijayan Rajendran

Affiliation: Texas A&M University, University of New South Wales, University of Calgary, New York University

Abstract:

The security of computer systems typically relies on a hardware root of trust. As vulnerabilities in hardware can have severe implications on a system, there is a need for techniques to support security verification activities. Assertion-based verification is a popular verification technique that involves capturing design intent in a set of assertions that can be used in formal verification or testing-based checking. However, writing security-centric assertions is a challenging task. In this work, we investigate the use of emerging large language modes (LLMs) for code generation in hardware assertion generation for security, where primarily natural language prompts, such as those one would see as code comments in assertion files, are used to produce SystemVerilog assertions. We focus our attention on a popular LLM and characterize its ability to write assertions out of the box, given varying levels of detail in the prompt. We design an evaluation framework that generates a variety of prompts, and we create a benchmark suite comprising real-world hardware designs and corresponding golden reference assertions that we want to generate with the LLM.

 

 

 

 

2022 ICCAD

Embracing Graph Neural Networks for Hardware Security

Author: Lilas Alrahis, Satwik Patnaik, Muhammad Shafique, Ozgur Sinanoglu

Affiliation: New York University Abu Dhabi, UAE; Texas A&M University

Abstract:

Graph neural networks (GNNs) have attracted increasing attention due to their superior performance in deep learning on graph-structured data. GNNs have succeeded across various domains such as social networks, chemistry, and electronic design automation (EDA). Electronic circuits have a long history of being represented as graphs, and to no surprise, GNNs have demonstrated state-of-the-art performance in solving various EDA tasks. More importantly, GNNs are now employed to address several hardware security problems, such as detecting intellectual property (IP) piracy and hardware Trojans (HTs), to name a few.In this survey, we first provide a comprehensive overview of the usage of GNNs in hardware security and propose the first taxonomy to divide the state-of-the-art GNN-based hardware security systems into four categories: (i) HT detection systems, (ii) IP piracy detection systems, (iii) reverse engineering platforms, and (iv) attacks on logic locking. We summarize the different architectures, graph types, node features, benchmark data sets, and mode evaluation of the employed GNNs. Finally, we elaborate on the lessons learned and discuss future directions.

 

 

 

 

2022 MICRO

EVAX: Towards a Practical, Pro-active & Adaptive Architecture for High Performance & Security.

Author: Samira Mirbagher Ajorpaz, Daniel Moghimi, Jeffrey Neal Collins, Gilles Pokam, Nael B. Abu-Ghazaleh, Dean M. Tullsen

Affiliation: University of California Riverside, USA; Independent Author, USA; North Carolina State University, USA; Intel Labs, USA; University of California San Diego, USA

Abstract:

This paper provides an end-to-end solution to defend against known microarchitectural attacks such as speculative execution attacks, fault-injection attacks, covert and side channel attacks, and unknown or evasive versions of these attacks. Current defenses are attack specific and can have unacceptably high performance overhead. We propose an approach that reduces the overhead of state-of-art defenses by over 95%, by applying defenses only when attacks are detected. Many current proposed mitigations are not practical for deployment; for example, InvisiSpec has 27% overhead and Fencing has 74% overhead while protecting against only Spectre attacks. Other mitigations carry similar performance penalties. We reduce the overhead for InvisiSpec to 1.26% and for Fencing to 3.45% offering performance and security for not only spectre attacks but other known transient attacks as well, including the dangerous class of LVI and Rowhammer attacks, as well as covering a large set of future evasive and zero-day attacks. Critical to our approach is an accurate detector that is not fooled by evasive attacks and that can generalize to novel zero-day attacks. We use a novel Generative framework, Evasion Vaccination (EVAX) for training ML modes and engineering new security-centric performance counters. EVAX significantly increases sensitivity to detect and classify attacks in time for mitigation to be deployed with low false positives (4 FPs in every 1M instructions in our experiments). Such performance enables efficient and timely mitigations, enabling the processor to automatically switch between performance and security as needed.

 

 

 

 

2021 TCAD

GNN-RE Graph Neural Networks for Reverse Engineering of Gate-Level Netlists

Author: Lilas Alrahis, Abhrajit Sengupta, Johann Knechtel, Satwik Patnaik, Hani Saleh, Baker Mohammad, Mahmoud Al-Qutayri, Ozgur Sinanoglu,

Affiliation: System on Chip Center, Khalifa University, Abu Dhabi, UAE; Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University, Brooklyn, NY, USA; Division of Engineering, New York University Abu Dhabi, Abu Dhabi, UAE; Texas A&M University, College Station, TX, USA

Abstract:

This work introduces a generic, machine learning (ML)-based platform for functional reverse engineering (RE) of circuits. Our proposed platform GNN-RE leverages the notion of graph neural networks (GNNs) to: 1) represent and analyze flattened/unstructured gate-level netlists; 2) automatically identify the boundaries between the modules or subcircuits implemented in such netlists; and 3) classify the subcircuits based on their functionalities. For GNNs in general, each graph node is tailored to learn about its own features and its neighboring nodes, which is a powerful approach for the detection of any kind of subgraphs of interest. For GNN-RE , in particular, each node represents a gate and is initialized with a feature vector that reflects on the functional and structural properties of its neighboring gates. GNN-RE also learns the global structure of the circuit, which facilitates identifying the boundaries between subcircuits in a flattened netlist. Initially, to provide high-quality data for training of GNN-RE , we deploy a comprehensive dataset of foundational designs/components with differing functionalities, implementation styles, bit widths, and interconnections. GNN-RE is then tested on the unseen shares of this custom dataset, as well as the EPFL benchmarks, the ISCAS-85 benchmarks, and the 74X series benchmarks. GNN-RE achieves an average accuracy of 98.82% in terms of mapping individual gates to modules, all without any manual intervention or postprocessing. We also release our code and source data.

 

 

 

 

2021 ICCAD

Graph Learning-Based Arithmetic Block Identification

Author: Zhuolun He, Ziyi Wang, Chen Bai, Haoyu Yang, Bei Yu

Affiliation: The Chinese University of Hong Kong; NVIDIA

Abstract:

Arithmetic block identification in gate-level netlist is an essential procedure for malicious logic detection, functional verification, or macro-block optimization. We argue that existing methods suffer either scalability or performance issues. To address the problem, we propose a graph learning-based solution that promises to extract desired logic components from a complete design netlist. We further design a novel asynchronous bidirectional graph neural network (ABGNN) dedicated to representation learning on directed acyclic graphs. Experimental results on open-source RISC-V CPU designs demonstrate that our proposed solution significantly outperforms several state-of-the-art arithmetic block identification flows.

 

 

 

 

2021 ICCAD

ReIGNN State Register Identification Using Graph Neural Networks for Circuit Reverse Engineering

Author: Subhajit Dutta Chowdhury, Kaixin Yang, Pierluigi Nuzzo

Affiliation: Ming Hsieh Department of Electrical and Computer Engineering, University of Southern California, Los Angeles, CA

Abstract:

Reverse engineering an integrated circuit netlist is a powerful tool to help detect malicious logic and counteract design piracy. A critical challenge in this domain is the correct classification of data-path and control-logic registers in a design. We present ReIGNN, a novel learning-based register classification methodology that combines graph neural networks (GNNs) with structural analysis to classify the registers in a circuit with high accuracy and generalize well across different designs. GNNs are particularly effective in processing circuit netlists in terms of graphs and leveraging properties of the nodes and their neighborhoods to learn to efficiently discriminate between different types of nodes. Structural analysis can further rectify any registers misclassified as state registers by the GNN by analyzing strongly connected components in the netlist graph. Numerical results on a set of benchmarks show that ReIGNN can achieve, on average, 96.5% balanced accuracy and 97.7% sensitivity across different designs.

 

 

 

 

2021 ASP-DAC

Automated Test Generation for Hardware Trojan Detection using Reinforcement Learning

Author: Zhixin Pan, Prabhat Mishra

Affiliation: University of Florida, Gainesville, Florida, USA

Abstract:

Due to globalized semiconductor supply chain, there is an increasing risk of exposing System-on-Chip (SoC) designs to malicious implants, popularly known as hardware Trojans. Unfortunately, traditional simulation-based validation using millions of test vectors is unsuitable for detecting stealthy Trojans with extremely rare trigger conditions due to exponential input space complexity of modern SoCs. There is a critical need to develop efficient Trojan detection techniques to ensure trustworthy SoCs. While there are promising test generation approaches, they have serious limitations in terms of scalability and detection accuracy. In this paper, we propose a novel logic testing approach for Trojan detection using an effective combination of testability analysis and reinforcement learning. Specifically, this paper makes three important contributions. 1) Unlike existing approaches, we utilize both controllability and observability analysis along with rareness of signals to significantly improve the trigger coverage. 2) Utilization of reinforcement learning considerably reduces the test generation time without sacrificing the test quality. 3) Experimental results demonstrate that our approach can drastically improve both trigger coverage (14.5% on average) and test generation time (6.5 times on average) compared to state-of-the-art techniques.

 

 

 

 

2021 ASP-DAC

Learning Assisted Side Channel Delay Test for Detection of Recycled ICs.

Author: Ashkan Vakil, Farzad Niknia, Ali Mirzaeian, Avesta Sasan, Naghmeh Karimi

Affiliation: George Mason University; University of Maryland Baltimore County

Abstract:

With the outsourcing of design flow, ensuring the security and trustworthiness of integrated circuits has become more challenging. Among the security threats, IC counterfeiting and recycled ICs have received a lot of attention due to their inferior quality, and in turn, their negative impact on the reliability and security of the underlying devices. Detecting recycled ICs is challenging due to the effect of process variations and process drift occurring during the chip fabrication. Moreover, relying on a golden chip as a basis for comparison is not always feasible. Accordingly, this paper presents a recycled IC detection scheme based on delay side-channel testing. The proposed method relies on the features extracted during the design flow and the sample delays extracted from the target chip to build a Neural Network mode using which the target chip can be truly identified as new or recycled. The proposed method classifies the timing paths of the target chip into two groups based on their vulnerability to aging using the information collected from the design and detects the recycled ICs based on the deviation of the delay of these two sets from each other.

 

 

 

 

2021 ASP-DAC

ML-augmented Methodology for Fast Thermal Side-channel Emission Analysis

Author: Norman Chang, Deqi Zhu, Lang Lin, Dinesh Selvakumaran, Jimin Wen, Stephen H. Pan, Wenbo Xia, Hua Chen, Calvin Chow, Gary Chen

Affiliation: ANSYS, Inc., San Jose, USA; National Taiwan University, Taiwan

Abstract:

Accurate side-channel attacks can non-invasively or semi-invasively extract secure information from hardware devices using "side- channel" measurements. The thermal profile of an IC is one class of side channel that can be used to exploit the security weaknesses in a design. Measurement of junction temperature from an on-chip thermal sensor or top metal layer temperature using an infrared thermal image of an IC with the package being removed can disclose secret keys of a cryptographic design through correlation power analysis. In order to identify the design vulnerabilities to thermal side channel attacks, design time simulation tools are highly important. However, simulation of thermal side-channel emission is highly complex and computationally intensive due to the scale of simulation vectors required and the multi-physics simulation modes involved. Hence, in this paper, we have proposed a fast and comprehensive Machine Learning (ML) augmented thermal simulation methodology for thermal Side-Channel emission Analysis (SCeA). We have developed an innovative tile-based Delta-T Predictor using a data-driven DNN-based thermal solver. The developed tile based Delta-T Predictor temperature is used to perform the thermal side-channel analysis which modes the scenario of thermal attacks with the measurement of junction temperature. This method can be 100-1000x faster depending on the size of the chip compared to traditional FEM-based thermal solvers with the same level of accuracy. Furthermore, this simulation allows for the determination of location- dependent wire temperature on the top metal layer to validate the scenario of thermal attack with top metal layer temperature. We have demonstrated the leakage of the encryption key in an 128-bit AES chip using both proposed tile-based temperature calculations and top metal wire temperature calculations, quantified by simulation MTD (Measurements-to-Disclosure).

AI+EDA

Hardware security