Hardware Security : A Look into the Future.
Tehranipoor, Mark.
Hardware Security : A Look into the Future. - 1st ed. - 1 online resource (538 pages)
Intro -- Preface -- Contents -- 1 Quantifiable Assurance in Hardware -- 1.1 Motivational Example and Corresponding Threat Models -- 1.2 IP-Level Security Metrics and Design Parameters -- 1.2.1 Metrics for IP Piracy and Reverse Engineering -- 1.2.2 IP-Level Parameters for IP Piracy Security Metrics -- 1.2.3 Metrics for IP-level Power Side-Channel(PSC) Attacks -- 1.2.4 IP-Level Parameters for PSC Security Metrics -- 1.2.5 Metrics for IP-Level Fault Injection Attacks -- 1.2.6 Metrics for IP-Level Malicious Hardware -- 1.2.7 IP-Level Parameters for Malicious Hardware Metrics -- 1.2.8 Metrics for IP-Level Supply Chain Attacks -- 1.3 Transition from IP to Platform -- 1.3.1 Platform-Level Parameters for IP Piracy -- 1.3.2 Platform-Level Parameters for Power Side-Channel Analysis -- 1.3.3 Platform-Level Parameters for Fault Injection -- 1.3.4 Platform-Level Parameters for Malicious Hardware -- 1.3.5 Platform-Level Parameters for Supply Chain -- 1.4 Security Measurement and Estimation: Definition -- 1.5 Showcasing Security Measurement and Estimation -- 1.5.1 Security Measurement/Estimation for IP Piracy -- 1.5.1.1 Platform-Level SAT Resiliency Measurement Flow -- 1.5.1.2 Platform-Level SAT Resiliency Estimation Flow -- 1.5.2 Security Measurement for Power Side-Channel Analysis -- 1.5.2.1 PSC Vulnerability Measurement Flow -- 1.5.2.2 PSC Vulnerability Estimation -- 1.5.2.3 Results -- 1.6 The Notion of Security Optimization -- 1.7 Challenges in Security Measurement and Estimation -- 1.7.1 Challenges for Quantifiable Platform-Level Security -- 1.7.2 Challenges in Achieving Accurate Estimation -- 1.7.3 Challenges in Security Optimization -- References -- 2 Advances in Logic Locking -- 2.1 Introduction to Logic Locking -- 2.2 Background of Models and Assumptions in Logic Locking -- 2.2.1 Basic Definitions of Logic Locking. 2.2.2 Models/Assumptions in Attacks on Logic Locking -- 2.3 Logic Locking: Countermeasures -- 2.3.1 Primitive Logic Locking -- 2.3.2 Point Function Logic Locking -- 2.3.2.1 Compound Logic Locking -- 2.3.3 Cyclic-Based Logic Locking -- 2.3.4 LUT/Routing-Based Logic Locking -- 2.3.5 Scan Chain Logic Locking/Blocking -- 2.3.6 FSM/Sequential Logic Locking -- 2.3.7 Behavioral Timing-Based Locking -- 2.3.7.1 Beyond-CMOS and Mixed-Signal Logic Locking -- 2.3.8 High-Level Logic Locking -- 2.3.9 eFPGA-Based IP-Level Locking -- 2.4 Logic Locking: Attacks -- 2.4.1 Oracle-Guided (OG) on Combinational Circuits -- 2.4.1.1 OG Combinational ATPG-Based Attacks -- 2.4.1.2 OG Combinational Algorithmic (SAT)-Based Attacks -- 2.4.1.3 OG Combinational Structural/Functional Attacks -- 2.4.1.4 Summary of OG Combinational Attacks -- 2.4.2 Oracle-Guided (OG) on Sequential Circuits -- 2.4.2.1 OG Sequential Unrolling-Based Attacks -- 2.4.2.2 OG/OL Sequential on FSM Locking -- 2.4.2.3 OG Sequential Scan/Leakage-BasedAttacks -- 2.4.2.4 Summary of OG Sequential Attacks -- 2.4.3 Oracle-Less (OL) Attacks -- 2.4.3.1 OL Structural Synthesis-Based Attacks -- 2.4.3.2 OL Structural ATPG-Based Attacks -- 2.4.3.3 OL Structural ML-Based Attacks -- 2.4.3.4 OL Tampering Attacks -- 2.4.3.5 OL Probing Attacks -- 2.4.3.6 Summary of Oracle-Less (OL) Attacks -- 2.5 What to Expect from Future Studies -- 2.5.1 Vulnerabilities/Requirements of Logic Locking -- 2.5.2 Possible Research Opportunities in Logic Locking -- References -- 3 Rethinking Hardware Watermark -- 3.1 Introduction -- 3.2 Existing IP Watermarking Techniques -- 3.2.1 Constraint-Based Watermarking -- 3.2.1.1 System Synthesis Level -- 3.2.1.2 Behavioral Synthesis Level -- 3.2.1.3 Logic Synthesis Level -- 3.2.1.4 Physical Synthesis Level -- 3.2.2 Digital Signal Processing Watermarking -- 3.2.3 FSM-Based Watermarking. 3.2.3.1 State-Based FSM Watermarking -- 3.2.3.2 Transition-Based FSM Watermarking -- 3.2.4 Test Structure-Based Watermarking -- 3.2.5 Side-Channel-Based Watermarking -- 3.3 Assessment of Existing Watermarks -- 3.3.1 General Requirements for HardwareIP Watermarking -- 3.3.2 Attack Analysis for IP Watermarking -- 3.3.2.1 Removal Attacks -- 3.3.2.2 Tampering Attacks -- 3.3.2.3 Forging Attacks -- 3.3.2.4 Reverse Engineering (RE) Attacks -- 3.3.2.5 Countermeasures -- 3.4 Comprehensive Threat Models -- 3.5 Futuristic Solutions in Watermarking -- 3.5.1 Digital Watermark -- 3.5.1.1 Access to the IP and IC -- 3.5.1.2 Access to the IC But Not the IP -- 3.5.1.3 Access to the IP But Not the IC -- 3.5.2 Universal Watermark -- 3.5.3 Active Watermark -- 3.5.4 Watermark for Trojan Detection -- 3.5.5 Side-Channel-Based Watermark -- 3.5.6 Emerging Topics in AMS Watermarking -- 3.5.7 Automatic Cost-Effective IP Watermarking -- 3.5.8 Watermark Security Assessment -- References -- 4 SoC Security Verification Using Fuzz, Penetration, and AI Testing -- 4.1 Introduction to SoC Security Verification -- 4.1.1 Security Assets in SoC -- 4.1.2 Security Policies/Properties in SoC -- 4.1.3 Security Policy/Property Languages in SoC -- 4.1.4 Pre-silicon vs. Post-silicon Verification in SoC -- 4.1.5 Adversarial Model in SoC -- 4.1.6 Verification Model in SoC -- 4.1.7 Scope of Security Verification in SoC -- 4.2 SoC Security Verification: Challenges -- 4.3 SoC Security Verification: Assumptions -- 4.4 SoC Security Verification: Flow -- 4.5 SoC Security Verification: Fuzzing -- 4.5.1 Formal Definition of Fuzz Testing -- 4.5.1.1 Black-Box Fuzzing -- 4.5.1.2 White-Box Fuzzing -- 4.5.1.3 Gray-Box Fuzzing -- 4.5.2 Fuzzing Hardware Like Software -- 4.5.2.1 Hardware to Software Abstraction -- 4.5.2.2 Prior Art HW-to-SW Fuzzing -- 4.5.2.3 Limitations and Challenges. 4.5.3 Direct Fuzzing on Hardware RTL -- 4.6 SoC Security Verification: Penetration -- 4.6.1 Higher Abstraction Penetration Testing -- 4.6.2 Formal Definition of Penetration Testing -- 4.6.2.1 Black-Box Pen Testing -- 4.6.2.2 White-Box Pen Testing -- 4.6.2.3 Gray-Box Pen Testing -- 4.6.3 Penetration Testing on Hardware: Definition -- 4.6.4 Penetration Testing on Hardware: Framework -- 4.6.4.1 Binary Particle SwarmOptimization (BPSO) -- 4.6.4.2 BPSO-Based Hardware PenetrationTesting -- 4.6.4.3 Validity of Gray-Box Assumptions -- 4.7 SoC Security Verification: AI Testing -- 4.7.1 Higher Level Machine Learning -- 4.7.2 AI for Hardware Verification -- 4.7.2.1 Requirements/Workflow for Using ML in Verification -- 4.7.2.2 Challenges of ML-Based Verification -- 4.8 Future of SoC Security Verification -- 4.8.1 Fuzz Testing -- 4.8.2 Pen Testing -- 4.8.3 AI Testing -- References -- 5 Runtime SoC Security Validation -- 5.1 Introduction -- 5.2 Background of Security Vulnerabilities and Monitoring -- 5.3 ``ilities'' Needed for Security Monitoring -- 5.4 Possible Avenues of SoC Security Monitoring -- 5.4.1 Solution 1: Synthesizable Assertions -- 5.4.2 Solution 2: Coarse-Grained eFPGA-BasedMonitoring -- 5.4.3 Solution 3: Multi-application eFGPA Used for Monitoring -- 5.4.4 Solution 4: Distributed Monitoring Units + eFPGA -- 5.5 Distributed Monitoring with Centralized Checker: A Case Study -- 5.5.1 Experimental Evaluation -- 5.6 Takeaways and Future Possibilities -- References -- 6 Large Language Models for SoC Security -- 6.1 Introduction -- 6.2 SoC Security -- 6.2.1 Information Flow Tracking -- 6.2.2 Fuzzing -- 6.2.3 Penetration Testing -- 6.2.4 Concolic Testing -- 6.2.5 AI-Based Verification -- 6.3 Large Language Model -- 6.3.1 Evolution of GPT -- 6.3.2 Model Architecture -- 6.3.3 Learning Settings -- 6.3.4 Prompt Engineering -- 6.3.5 LLM for Coding Task. 6.4 Interaction Between LLM and SoC Security -- 6.4.1 Capability of LLM in SoC Security -- 6.4.2 Role of Learning Setting in SoC Security -- 6.4.3 Choice of Model Architecture in SoC Security -- 6.4.4 Fidelity Check in SoC Security -- 6.4.5 LLM-Based Works on Hardware Design and Security -- 6.5 Case Studies -- 6.5.1 Case Study I: Vulnerability Insertion -- 6.5.2 Case Study II: Vulnerability Detection in RISC-V SoCs -- 6.5.3 Case Study III: Security Evaluation in FSM Design -- 6.5.3.1 Case Study III-A: Security Metric Calculation -- 6.5.3.2 Case Study III-C: Security Assessment through Open-Ended Question -- 6.5.4 Case Study IV: Countermeasure Development -- 6.6 Prospects and Challenges of LLM-Based Security Verification -- 6.6.1 Prospects in Employing LLM in SoC Security -- 6.6.2 Challenges in Employing LLM in SoC Security -- 6.7 Conclusion -- References -- 7 Power Side-Channel Evaluation in Post-quantum Cryptography -- 7.1 Introduction -- 7.2 Preliminaries -- 7.2.1 Notation -- 7.2.2 NIST Round 3 Candidates -- 7.2.3 Lattice-Based KEM/Encryption Schemes -- 7.2.3.1 SABER -- 7.2.3.2 CRYSTALS-KYBER -- 7.3 Prevailing Side-Channel Attacks -- 7.3.1 Algorithmic-Level Attacks -- 7.3.2 Implementation-Level Attacks -- 7.3.3 AI-Based Side-Channel Attacks -- 7.4 PQC Side-Channel Evaluation Platform (SEP) -- 7.4.1 Pre-silicon Side-Channel Leakage Assessment -- 7.4.1.1 RTL-PAT -- 7.4.1.2 GL-PAT -- 7.4.1.3 PL-PAT -- 7.4.2 Post-silicon Side-Channel Leakage Assessment -- 7.4.2.1 Leakage Assessment -- 7.4.3 AI-Based SCA Attacks -- 7.4.3.1 Roadmap for AI-based Side-Channel Analysis -- 7.4.3.2 DL-Based Framework Using Signal Decomposition -- 7.4.3.3 Training Scheme -- 7.5 Experimental Results -- 7.5.1 Pre-silicon Side-Channel Analysis Results -- 7.5.2 Post-silicon Side-Channel Analysis Results -- 7.5.2.1 SW Implementations -- 7.5.2.2 HW Implementations. 7.5.2.3 AI-Based SCA Attacks.
9783031586873
Electronic books.
TK7867-7867.5
005.8
Hardware Security : A Look into the Future. - 1st ed. - 1 online resource (538 pages)
Intro -- Preface -- Contents -- 1 Quantifiable Assurance in Hardware -- 1.1 Motivational Example and Corresponding Threat Models -- 1.2 IP-Level Security Metrics and Design Parameters -- 1.2.1 Metrics for IP Piracy and Reverse Engineering -- 1.2.2 IP-Level Parameters for IP Piracy Security Metrics -- 1.2.3 Metrics for IP-level Power Side-Channel(PSC) Attacks -- 1.2.4 IP-Level Parameters for PSC Security Metrics -- 1.2.5 Metrics for IP-Level Fault Injection Attacks -- 1.2.6 Metrics for IP-Level Malicious Hardware -- 1.2.7 IP-Level Parameters for Malicious Hardware Metrics -- 1.2.8 Metrics for IP-Level Supply Chain Attacks -- 1.3 Transition from IP to Platform -- 1.3.1 Platform-Level Parameters for IP Piracy -- 1.3.2 Platform-Level Parameters for Power Side-Channel Analysis -- 1.3.3 Platform-Level Parameters for Fault Injection -- 1.3.4 Platform-Level Parameters for Malicious Hardware -- 1.3.5 Platform-Level Parameters for Supply Chain -- 1.4 Security Measurement and Estimation: Definition -- 1.5 Showcasing Security Measurement and Estimation -- 1.5.1 Security Measurement/Estimation for IP Piracy -- 1.5.1.1 Platform-Level SAT Resiliency Measurement Flow -- 1.5.1.2 Platform-Level SAT Resiliency Estimation Flow -- 1.5.2 Security Measurement for Power Side-Channel Analysis -- 1.5.2.1 PSC Vulnerability Measurement Flow -- 1.5.2.2 PSC Vulnerability Estimation -- 1.5.2.3 Results -- 1.6 The Notion of Security Optimization -- 1.7 Challenges in Security Measurement and Estimation -- 1.7.1 Challenges for Quantifiable Platform-Level Security -- 1.7.2 Challenges in Achieving Accurate Estimation -- 1.7.3 Challenges in Security Optimization -- References -- 2 Advances in Logic Locking -- 2.1 Introduction to Logic Locking -- 2.2 Background of Models and Assumptions in Logic Locking -- 2.2.1 Basic Definitions of Logic Locking. 2.2.2 Models/Assumptions in Attacks on Logic Locking -- 2.3 Logic Locking: Countermeasures -- 2.3.1 Primitive Logic Locking -- 2.3.2 Point Function Logic Locking -- 2.3.2.1 Compound Logic Locking -- 2.3.3 Cyclic-Based Logic Locking -- 2.3.4 LUT/Routing-Based Logic Locking -- 2.3.5 Scan Chain Logic Locking/Blocking -- 2.3.6 FSM/Sequential Logic Locking -- 2.3.7 Behavioral Timing-Based Locking -- 2.3.7.1 Beyond-CMOS and Mixed-Signal Logic Locking -- 2.3.8 High-Level Logic Locking -- 2.3.9 eFPGA-Based IP-Level Locking -- 2.4 Logic Locking: Attacks -- 2.4.1 Oracle-Guided (OG) on Combinational Circuits -- 2.4.1.1 OG Combinational ATPG-Based Attacks -- 2.4.1.2 OG Combinational Algorithmic (SAT)-Based Attacks -- 2.4.1.3 OG Combinational Structural/Functional Attacks -- 2.4.1.4 Summary of OG Combinational Attacks -- 2.4.2 Oracle-Guided (OG) on Sequential Circuits -- 2.4.2.1 OG Sequential Unrolling-Based Attacks -- 2.4.2.2 OG/OL Sequential on FSM Locking -- 2.4.2.3 OG Sequential Scan/Leakage-BasedAttacks -- 2.4.2.4 Summary of OG Sequential Attacks -- 2.4.3 Oracle-Less (OL) Attacks -- 2.4.3.1 OL Structural Synthesis-Based Attacks -- 2.4.3.2 OL Structural ATPG-Based Attacks -- 2.4.3.3 OL Structural ML-Based Attacks -- 2.4.3.4 OL Tampering Attacks -- 2.4.3.5 OL Probing Attacks -- 2.4.3.6 Summary of Oracle-Less (OL) Attacks -- 2.5 What to Expect from Future Studies -- 2.5.1 Vulnerabilities/Requirements of Logic Locking -- 2.5.2 Possible Research Opportunities in Logic Locking -- References -- 3 Rethinking Hardware Watermark -- 3.1 Introduction -- 3.2 Existing IP Watermarking Techniques -- 3.2.1 Constraint-Based Watermarking -- 3.2.1.1 System Synthesis Level -- 3.2.1.2 Behavioral Synthesis Level -- 3.2.1.3 Logic Synthesis Level -- 3.2.1.4 Physical Synthesis Level -- 3.2.2 Digital Signal Processing Watermarking -- 3.2.3 FSM-Based Watermarking. 3.2.3.1 State-Based FSM Watermarking -- 3.2.3.2 Transition-Based FSM Watermarking -- 3.2.4 Test Structure-Based Watermarking -- 3.2.5 Side-Channel-Based Watermarking -- 3.3 Assessment of Existing Watermarks -- 3.3.1 General Requirements for HardwareIP Watermarking -- 3.3.2 Attack Analysis for IP Watermarking -- 3.3.2.1 Removal Attacks -- 3.3.2.2 Tampering Attacks -- 3.3.2.3 Forging Attacks -- 3.3.2.4 Reverse Engineering (RE) Attacks -- 3.3.2.5 Countermeasures -- 3.4 Comprehensive Threat Models -- 3.5 Futuristic Solutions in Watermarking -- 3.5.1 Digital Watermark -- 3.5.1.1 Access to the IP and IC -- 3.5.1.2 Access to the IC But Not the IP -- 3.5.1.3 Access to the IP But Not the IC -- 3.5.2 Universal Watermark -- 3.5.3 Active Watermark -- 3.5.4 Watermark for Trojan Detection -- 3.5.5 Side-Channel-Based Watermark -- 3.5.6 Emerging Topics in AMS Watermarking -- 3.5.7 Automatic Cost-Effective IP Watermarking -- 3.5.8 Watermark Security Assessment -- References -- 4 SoC Security Verification Using Fuzz, Penetration, and AI Testing -- 4.1 Introduction to SoC Security Verification -- 4.1.1 Security Assets in SoC -- 4.1.2 Security Policies/Properties in SoC -- 4.1.3 Security Policy/Property Languages in SoC -- 4.1.4 Pre-silicon vs. Post-silicon Verification in SoC -- 4.1.5 Adversarial Model in SoC -- 4.1.6 Verification Model in SoC -- 4.1.7 Scope of Security Verification in SoC -- 4.2 SoC Security Verification: Challenges -- 4.3 SoC Security Verification: Assumptions -- 4.4 SoC Security Verification: Flow -- 4.5 SoC Security Verification: Fuzzing -- 4.5.1 Formal Definition of Fuzz Testing -- 4.5.1.1 Black-Box Fuzzing -- 4.5.1.2 White-Box Fuzzing -- 4.5.1.3 Gray-Box Fuzzing -- 4.5.2 Fuzzing Hardware Like Software -- 4.5.2.1 Hardware to Software Abstraction -- 4.5.2.2 Prior Art HW-to-SW Fuzzing -- 4.5.2.3 Limitations and Challenges. 4.5.3 Direct Fuzzing on Hardware RTL -- 4.6 SoC Security Verification: Penetration -- 4.6.1 Higher Abstraction Penetration Testing -- 4.6.2 Formal Definition of Penetration Testing -- 4.6.2.1 Black-Box Pen Testing -- 4.6.2.2 White-Box Pen Testing -- 4.6.2.3 Gray-Box Pen Testing -- 4.6.3 Penetration Testing on Hardware: Definition -- 4.6.4 Penetration Testing on Hardware: Framework -- 4.6.4.1 Binary Particle SwarmOptimization (BPSO) -- 4.6.4.2 BPSO-Based Hardware PenetrationTesting -- 4.6.4.3 Validity of Gray-Box Assumptions -- 4.7 SoC Security Verification: AI Testing -- 4.7.1 Higher Level Machine Learning -- 4.7.2 AI for Hardware Verification -- 4.7.2.1 Requirements/Workflow for Using ML in Verification -- 4.7.2.2 Challenges of ML-Based Verification -- 4.8 Future of SoC Security Verification -- 4.8.1 Fuzz Testing -- 4.8.2 Pen Testing -- 4.8.3 AI Testing -- References -- 5 Runtime SoC Security Validation -- 5.1 Introduction -- 5.2 Background of Security Vulnerabilities and Monitoring -- 5.3 ``ilities'' Needed for Security Monitoring -- 5.4 Possible Avenues of SoC Security Monitoring -- 5.4.1 Solution 1: Synthesizable Assertions -- 5.4.2 Solution 2: Coarse-Grained eFPGA-BasedMonitoring -- 5.4.3 Solution 3: Multi-application eFGPA Used for Monitoring -- 5.4.4 Solution 4: Distributed Monitoring Units + eFPGA -- 5.5 Distributed Monitoring with Centralized Checker: A Case Study -- 5.5.1 Experimental Evaluation -- 5.6 Takeaways and Future Possibilities -- References -- 6 Large Language Models for SoC Security -- 6.1 Introduction -- 6.2 SoC Security -- 6.2.1 Information Flow Tracking -- 6.2.2 Fuzzing -- 6.2.3 Penetration Testing -- 6.2.4 Concolic Testing -- 6.2.5 AI-Based Verification -- 6.3 Large Language Model -- 6.3.1 Evolution of GPT -- 6.3.2 Model Architecture -- 6.3.3 Learning Settings -- 6.3.4 Prompt Engineering -- 6.3.5 LLM for Coding Task. 6.4 Interaction Between LLM and SoC Security -- 6.4.1 Capability of LLM in SoC Security -- 6.4.2 Role of Learning Setting in SoC Security -- 6.4.3 Choice of Model Architecture in SoC Security -- 6.4.4 Fidelity Check in SoC Security -- 6.4.5 LLM-Based Works on Hardware Design and Security -- 6.5 Case Studies -- 6.5.1 Case Study I: Vulnerability Insertion -- 6.5.2 Case Study II: Vulnerability Detection in RISC-V SoCs -- 6.5.3 Case Study III: Security Evaluation in FSM Design -- 6.5.3.1 Case Study III-A: Security Metric Calculation -- 6.5.3.2 Case Study III-C: Security Assessment through Open-Ended Question -- 6.5.4 Case Study IV: Countermeasure Development -- 6.6 Prospects and Challenges of LLM-Based Security Verification -- 6.6.1 Prospects in Employing LLM in SoC Security -- 6.6.2 Challenges in Employing LLM in SoC Security -- 6.7 Conclusion -- References -- 7 Power Side-Channel Evaluation in Post-quantum Cryptography -- 7.1 Introduction -- 7.2 Preliminaries -- 7.2.1 Notation -- 7.2.2 NIST Round 3 Candidates -- 7.2.3 Lattice-Based KEM/Encryption Schemes -- 7.2.3.1 SABER -- 7.2.3.2 CRYSTALS-KYBER -- 7.3 Prevailing Side-Channel Attacks -- 7.3.1 Algorithmic-Level Attacks -- 7.3.2 Implementation-Level Attacks -- 7.3.3 AI-Based Side-Channel Attacks -- 7.4 PQC Side-Channel Evaluation Platform (SEP) -- 7.4.1 Pre-silicon Side-Channel Leakage Assessment -- 7.4.1.1 RTL-PAT -- 7.4.1.2 GL-PAT -- 7.4.1.3 PL-PAT -- 7.4.2 Post-silicon Side-Channel Leakage Assessment -- 7.4.2.1 Leakage Assessment -- 7.4.3 AI-Based SCA Attacks -- 7.4.3.1 Roadmap for AI-based Side-Channel Analysis -- 7.4.3.2 DL-Based Framework Using Signal Decomposition -- 7.4.3.3 Training Scheme -- 7.5 Experimental Results -- 7.5.1 Pre-silicon Side-Channel Analysis Results -- 7.5.2 Post-silicon Side-Channel Analysis Results -- 7.5.2.1 SW Implementations -- 7.5.2.2 HW Implementations. 7.5.2.3 AI-Based SCA Attacks.
9783031586873
Electronic books.
TK7867-7867.5
005.8