protecting reprogrammable hardware with polymorphic
play

Protecting Reprogrammable Hardware with Polymorphic Circuit - PowerPoint PPT Presentation

Oct 09, 2022 •145 likes •422 views

Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Protecting Reprogrammable Hardware with Polymorphic Circuit Variation* J. Todd McDonald, Yong C. Kim, and Michael R. Grimaila Center for Cyberspace Research Air

  1. Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Protecting Reprogrammable Hardware with Polymorphic Circuit Variation* J. Todd McDonald, Yong C. Kim, and Michael R. Grimaila Center for Cyberspace Research Air Force Institute of Technology WPAFB, OH * The views expressed in this article are those of the authors and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the U.S. Government Air University: The Intellectual and Leadership Center of the Air Force 1 Integrity - Service - Excellence

  2. Outline Develop America's Airmen Today ... for Tomorrow • Protection Context • Polymorphic Variation as Protection • Hiding Properties of Interest • Framework and Experimental Results Air University: The Intellectual and Leadership Center of the Air Force 2 Integrity - Service - Excellence

  3. Protection Context Develop America's Airmen Today ... for Tomorrow • Embedded Systems / “Hardware” • Increasingly represented as reprogrammable logic (i.e., software!) • We used to like hardware because it offered “hard” solutions for protection (physical anti-tamper, etc.) • Our beginning point: what happens if hardware-based protections fail? • Hardware protection: I try to keep you from physically getting the netlist/machine code • Software protection: I give you a netlist/machine code listing and ask you questions pertaining to some protection property of interest • Protection/exploitation both exist in the eye of the beholder Air University: The Intellectual and Leadership Center of the Air Force 3 Integrity - Service - Excellence

  4. Protection Context Develop America's Airmen Today ... for Tomorrow • Critical military / commercial systems vulnerable to malicious reverse engineering attacks • Financial loss • National security risk • Reverse Engineering and Digital Circuit Abstractions Air University: The Intellectual and Leadership Center of the Air Force 4 Integrity - Service - Excellence

  5. Polymorphic Variation as Protection Develop America's Airmen Today ... for Tomorrow • Experimental Approach: • Consider practical / real-world / theoretic circuit properties related to security • Use a variation process to create polymorphic circuit versions • Polymorphic = many forms of circuits with semantically equivalent or semantically recoverable functionality • Characterize algorithmic effects: • Empirically demonstrate properties • Prove as intractable • Prove as undecidable Air University: The Intellectual and Leadership Center of the Air Force 5 Integrity - Service - Excellence

  6. Polymorphic Variation as Protection Develop America's Airmen Today ... for Tomorrow Algorithm and Variant Characterization: Selection: 1) Random 2) Deterministic Replacement 1) Random 2) Deterministic Air University: The Intellectual and Leadership Center of the Air Force 6 Integrity - Service - Excellence

  7. Hiding Properties of Interest General Intuition and Hardness of Obfuscation Develop America's Airmen Today ... for Tomorrow The ONLY true “Virtual Black Box” 1 1 2 5 3 2 6 4 7 4 3 6 7 “The How” Semantic Behavior Air University: The Intellectual and Leadership Center of the Air Force 7 Integrity - Service - Excellence

  8. Hiding Properties of Interest Develop America's Airmen Today ... for Tomorrow • Since we can’t hide all information leakage…. • Can we protect intent? • Tampering with code in order to get specific results • Manipulating input in order to get specific results • Correlating input/output with environmental context • Can we impede identical exploits on functionally equivalent versions? • Can we define and measure any useful definition of hiding short of absolute proof and not based solely on variant size ? Air University: The Intellectual and Leadership Center of the Air Force 8 Integrity - Service - Excellence

  9. Hiding Properties of Interest Develop America's Airmen Today ... for Tomorrow Functional Hiding Logical Control Hiding View Component Hiding Signal Hiding Topology Hiding (Gate Replacement) Side Channel Properties Physical Manifestation Air University: The Intellectual and Leadership Center of the Air Force 9 Integrity - Service - Excellence

  10. Framework and Experimental Results Develop America's Airmen Today ... for Tomorrow • When does (random/deterministic) iterative selection and replacement: 1) Manifest hiding properties of interest? 2) Cause an adversarial reverse engineering task to become intractable or undecidable? • What role does logic reduction and adversarial reversal play in the outcome (ongoing) • Are there circuits which will fail despite the best variation we can produce? (yes) Air University: The Intellectual and Leadership Center of the Air Force 10 Integrity - Service - Excellence

  11. Framework and Experimental Results Develop America's Airmen Today ... for Tomorrow • Is perfect or near topology recovery useful (therefore, is topology hiding useful)? • In some cases, yes • Foundation for other properties (signal / component hiding) • For certain attacks, it is all that is required • Accomplishing topology hiding • Change basis type (normalizing distributions, removing all original) • Guarantee every gate is replaced at least once • Multiple / overlapping replacement = diffusion Topology: Gate fan-in Gate fan-out Gate type Air University: The Intellectual and Leadership Center of the Air Force 11 Integrity - Service - Excellence

  12. Experiment 1: Measuring “Replacement” Basis Change Develop America's Airmen Today ... for Tomorrow c432 c432 120 gates ( 4 ANDs + 79 NANDs + 19 NORs + 18 XORs + 40 inverters ) Decomposed 230 gates ( 60 ANDs + 151 NANDs + 19 NORs + 40 inverters ) Decomposed 843 gates ( 843 NORs) NOR Air University: The Intellectual and Leadership Center of the Air Force 12 Integrity - Service - Excellence

  13. Experiment 1a: Measuring “Replacement” Basis Change Develop America's Airmen Today ... for Tomorrow  = {NOR}   = {AND, NAND, OR, XOR, NXOR} Air University: The Intellectual and Leadership Center of the Air Force 13 Integrity - Service - Excellence

  14. Experiment 1b: Measuring “Replacement” Basis Change Develop America's Airmen Today ... for Tomorrow  = {NAND}   = {AND, NOR, OR, XOR, NXOR} Air University: The Intellectual and Leadership Center of the Air Force 14 Integrity - Service - Excellence

  15. Experiment 2: Measuring “Replacement” Uniform Basis Distribution Develop America's Airmen Today ... for Tomorrow ISCAS-85 c1355 C1355 506 gates ( 56 ANDs + 416 NANDs + 2 ORs + 32 buffers + 40 inverters ) Decomposed 550 gates ( 96 ANDs + 416 NANDs + 6 ORs + 32 buffers + 40 inverters ) Decomposed 730 gates ( 730 NANDs ) NAND Air University: The Intellectual and Leadership Center of the Air Force 15 Integrity - Service - Excellence

  16. Experiment 2: Measuring “Replacement” Uniform Basis Distribution Develop America's Airmen Today ... for Tomorrow  = {NAND}   = {AND, NAND, OR, NOR, XOR, NXOR} “Single 4000 Iteration Experiment” Air University: The Intellectual and Leadership Center of the Air Force 16 Integrity - Service - Excellence

  17. Experiment 2: Measuring “Replacement” Uniform Basis Distribution Develop America's Airmen Today ... for Tomorrow  = {NAND}   = {AND, NAND, OR, NOR, XOR, NXOR} Iteration 100 900 800 700 XNOR 600 XOR # of Gates 500 NOR OR 400 NAND 300 AND 200 100 0 1 2 3 4 5 6 7 9 10 12 13 14 Experiment “Multiple 4000 Iteration Experiments” Air University: The Intellectual and Leadership Center of the Air Force 17 Integrity - Service - Excellence

  18. Experiment 2: Measuring “Replacement” Uniform Basis Distribution Develop America's Airmen Today ... for Tomorrow  = {NAND}   = {AND, NAND, OR, NOR, XOR, NXOR} Iteration 4000 5000 4500 4000 3500 XNOR XOR # of Gates 3000 NOR 2500 OR 2000 NAND AND 1500 1000 500 0 1 2 3 4 5 6 7 9 10 12 13 14 Experiment “Multiple 4000 Iteration Experiments” Air University: The Intellectual and Leadership Center of the Air Force 18 Integrity - Service - Excellence

  19. Experiment 3: Measuring “Replacement” Smart Random Selection Develop America's Airmen Today ... for Tomorrow ISCAS-85 c432 Iterative Smart Random 2-Gate Selection Algorithm: Selection Strategy: Replacement Strategy: Smart Two Gate Random Random Equivalent Air University: The Intellectual and Leadership Center of the Air Force 19 Integrity - Service - Excellence

  20. Experiment 3: Measuring “Replacement” Smart Random Selection Develop America's Airmen Today ... for Tomorrow  = {NOR}   = {AND, NAND, OR, XOR, NXOR} Air University: The Intellectual and Leadership Center of the Air Force 20 Integrity - Service - Excellence

  21. Things We’ve Learned Along the Way Develop America's Airmen Today ... for Tomorrow • What algorithmic factors influence hiding properties the most? • Iteration number • Selection size • Replacement circuit generation (redundant vs. non-redundant) • Ongoing work in: • Increasing selection size • Determinist generation • Integrated logic reduction • Formal models: term rewriting systems, abstract interpretation, graph partitioning Air University: The Intellectual and Leadership Center of the Air Force 21 Integrity - Service - Excellence

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Explicit Loop Specialization & Polymorphic Hardware Specialization Christopher Batten and

Explicit Loop Specialization & Polymorphic Hardware Specialization Christopher Batten and

Explicit Loop Specialization & Polymorphic Hardware Specialization Christopher Batten and Zhiru Zhang Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University June 2015 Explicit Loop Specialization

363 views • 10 slides
Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N.

Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N.

Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N. Asokan Aalto University, Finland This work was supported by the Cloud Security Services (CloSer) project funded by Tekes - the Finnish Funding

351 views • 20 slides
This time on Types ... Polymorphic -calculus (polymorphic -binding). Lets us type: f ((

This time on Types ... Polymorphic -calculus (polymorphic -binding). Lets us type: f ((

This time on Types ... Polymorphic -calculus (polymorphic -binding). Lets us type: f (( f true ) :: ( f nil )) -bound variables in ML cannot be used polymorphically within a function abstraction E.g. f (( f true ) :: ( f nil ))

945 views • 23 slides
Polymorphic Lists & Trees Department of Computer Science University of Maryland, College Park

Polymorphic Lists & Trees Department of Computer Science University of Maryland, College Park

CMSC 132: Object-Oriented Programming II Polymorphic Lists & Trees Department of Computer Science University of Maryland, College Park Polymorphic Binary Search Trees Second approach to implement BST What do we mean by polymorphic?

329 views • 9 slides
Polymorphic & Metamorphic Viruses CS4440/7440 Spring 2015 Evolution of Polymorphic Viruses

Polymorphic & Metamorphic Viruses CS4440/7440 Spring 2015 Evolution of Polymorphic Viruses

Polymorphic & Metamorphic Viruses CS4440/7440 Spring 2015 Evolution of Polymorphic Viruses (1) } Why polymorphism? } Anti-virus scanners detect viruses by looking for signatures (snippets of known virus code) } Virus writers

641 views • 40 slides
Efficient Reprogrammable Architecture for Boolean Functions and Cellular Automata Content

Efficient Reprogrammable Architecture for Boolean Functions and Cellular Automata Content

Harald Richter, Christian Siemers: Efficient Reprogrammable Architecture for Boolean Functions and Cellular Automata Content Basic ideas Definition of the architecture Summary and outlook September 23rd, 2004 IWSBP2004 2 Basic

123 views • 11 slides
A Polymorphic Data Visualization for Spatiotemporal Database Makoto Hanashima Institute for

A Polymorphic Data Visualization for Spatiotemporal Database Makoto Hanashima Institute for

A Polymorphic Data Visualization for Spatiotemporal Database Makoto Hanashima Institute for Areal Studies, Foundation Tokyo, Japan Outline of Presentation 2 An Introduction to Reki-Show Authoring Tools Conceptual design of polymorphic

325 views • 14 slides
Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is

Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is

Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is monomorphic, Extends simply-typed : i.e. a type has no flexible pieces ::= * | type syntax expression/value syntax

328 views • 4 slides
Untyped general polymorphic functions Martin Pettai February 5, 2010 Introduction We would

Untyped general polymorphic functions Martin Pettai February 5, 2010 Introduction We would

Untyped general polymorphic functions Martin Pettai February 5, 2010 Introduction We would like to have a functional language where it is possible to define general polymorphic functions Return type of a function is uniquely determined

476 views • 22 slides
The Didactics of Science The Didactics of Science Through Polymorphic Polymorphic Self Self- -

The Didactics of Science The Didactics of Science Through Polymorphic Polymorphic Self Self- -

The Didactics of Science The Didactics of Science Through Polymorphic Polymorphic Self Self- - Through Made Experimental Apparatus Experimental Apparatus Made of Quantitative Determinations of Quantitative Determinations An alternative

442 views • 29 slides
Pr Protecting Ourselves, Pr Protecting Ot Other hers Pa Part 1: Wha What to Wear at Work k

Pr Protecting Ourselves, Pr Protecting Ot Other hers Pa Part 1: Wha What to Wear at Work k

6/2/20 HealthMatters in our Homes Pr Protecting Ourselves, Pr Protecting Ot Other hers Pa Part 1: Wha What to Wear at Work k and nd Wh Why 1 During this presentation, we will: Summarize what COVID-19 is, how it spreads, and who

463 views • 19 slides
Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014 richard.lamb@icann.org Hardware Security Modules Cool but what are you protecting? This works fine in many cases ..but this may be the real problem No

255 views • 12 slides
VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

The Business of Making Strategies for Success from Startup to Exit Hardware and Robotic Startup Accelerator what hardware used to be . VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to Entry Open

604 views • 32 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Induction-Recursion Capretta University of A polymorphic representation Nottingham IR

Induction-Recursion Capretta University of A polymorphic representation Nottingham IR

Induction- Recursion A polymorphic representation Venanzio Induction-Recursion Capretta University of A polymorphic representation Nottingham IR definitions Leftist Heaps Venanzio Capretta Slice Categories University of Nottingham

815 views • 69 slides
CSE 120 Hardware How hardware works Operating Systems Layer What the kernel does API

CSE 120 Hardware How hardware works Operating Systems Layer What the kernel does API

Overview CSE 120 Hardware How hardware works Operating Systems Layer What the kernel does API What the programmer does July 27, 2006 Day 8 Input/Output Instructor: Neil Rhodes 2 Hardware Hardware Kinds Bus : a set of wires

613 views • 6 slides
Defining Functions Functions in SML Amtoft from Hatcliff Defining values of simple types from

Defining Functions Functions in SML Amtoft from Hatcliff Defining values of simple types from

Defining Functions Functions in SML Amtoft from Hatcliff Defining values of simple types from Leavens val i = 3; Defining Functions val i = 3 : i n t Functions as Values Multiple Arguments Defining function values: Currying

450 views • 19 slides
Polymoprhic Algebraic Theoreis - Syntax, Semantics, Translations, and Eqational Logic - LICS

Polymoprhic Algebraic Theoreis - Syntax, Semantics, Translations, and Eqational Logic - LICS

Polymoprhic Algebraic Theoreis - Syntax, Semantics, Translations, and Eqational Logic - LICS 2013, June, Tulane University University of Cambridge, UK Marcelo Fiore Makoto Hamana Gunma University, Japan W h a t i s P o l y m o r p h i s m

346 views • 23 slides
Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the

Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the

Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the question of type checking and type reconstruction. Given , t and T , check whether t : T Type checking: Given and t , find a type T

518 views • 28 slides
Strong normalization for the parameter-free Strong polymorphic lambda calculus based on the

Strong normalization for the parameter-free Strong polymorphic lambda calculus based on the

Strong Normalization Akiyoshi and Terui Introduction Our Results Strong normalization for the parameter-free Strong polymorphic lambda calculus based on the -rule Normalization Theorem Previous Results Buchholz -Rule Ryota

706 views • 35 slides
Mining Existing Software Product Line Artifacts using Polymorphic Dependency Relations

Mining Existing Software Product Line Artifacts using Polymorphic Dependency Relations

Mining Existing Software Product Line Artifacts using Polymorphic Dependency Relations Presented by Igor Ivkovi Ivkovi Presented by Igor Email: iivkovic@swen.uwaterloo.ca iivkovic@swen.uwaterloo.ca Email: Web:

408 views • 23 slides
abstract classes, generics Prichard Ch. 9 CS200 - Advanced OO 1 Basic Component: Class A Class

abstract classes, generics Prichard Ch. 9 CS200 - Advanced OO 1 Basic Component: Class A Class

CS200: Advanced OO in Java interfaces, inheritance, abstract classes, generics Prichard Ch. 9 CS200 - Advanced OO 1 Basic Component: Class A Class is a software bundle of related states ( properties , or variables ) and behaviors ( methods )

589 views • 55 slides
Polymorphism In the simply typed lambda calculus, a term can have many types. But a variable or

Polymorphism In the simply typed lambda calculus, a term can have many types. But a variable or

Polymorphism In the simply typed lambda calculus, a term can have many types. But a variable or parameter has only one type. Example: ( x.xx )( y.y ) is untypable. But if we substitute actual parameter for formal, we obtain ( y.y )( y.y

278 views • 14 slides
Polymorphism and Type Inference Liam OConnor CSE, UNSW (and data61) Term 3 2019 1

Polymorphism and Type Inference Liam OConnor CSE, UNSW (and data61) Term 3 2019 1

Motivation Polymorphism Implementation Parametricity Implicitly Typed MinHS Inference Algorithm Unification Polymorphism and Type Inference Liam OConnor CSE, UNSW (and data61) Term 3 2019 1 Motivation Polymorphism Implementation

693 views • 55 slides

More recommend