Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer - - PowerPoint PPT Presentation

secure and trustworthy cyber physical system design a
SMART_READER_LITE
LIVE PREVIEW

Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer - - PowerPoint PPT Presentation

Nov 06, 2022 358 likes •607 views

Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective Pierluigi Nuzzo Ming Hsieh Department of Electrical and Computer Engineering University of Southern California, Los Angeles nuzzo@usc.edu In Honor of Alberto

slide-1
SLIDE 1

Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective

Pierluigi Nuzzo

Ming Hsieh Department of Electrical and Computer Engineering University of Southern California, Los Angeles nuzzo@usc.edu

In Honor of Alberto Sangiovanni-Vincentelli

International Symposium on Physical Design, San Francisco, April 16, 2019

slide-2
SLIDE 2

Pierluigi Nuzzo, USC

Physical system Embedded system Networking

What is a Cyber-Physical System (CPS)?

Controller

2

A system characterized by the tight integration of computation, communication, and control with physical processes via feedback loops where physical processes affect computation and vice versa

slide-3
SLIDE 3

Pierluigi Nuzzo, USC

Power generation and distribution

Military systems:

Transportation (Air traffic control) Telecommunications Autonomous Driving Buildings

CPSs Interconnect the World Around Us and Make It “Smarter”

Factory automation Avionics

3

Health care

slide-4
SLIDE 4

Pierluigi Nuzzo, USC

4

Resilient Cyber-Physical System Design: What Can Go Wrong?

slide-5
SLIDE 5

Pierluigi Nuzzo, USC

5

Resilient Cyber-Physical System Design: What Can Go Wrong?

Highly-dynamical unknown environment and the lack of prior information System and components are susceptible to faults, both known and unknown Control-theoretic approach: Design a system “robust” to faults and adversarial inputs Fault-tolerance approach: Build redundancies into the system Malicious agents can break design assumptions and trigger unexpected behaviors Cryptographic approach: Authenticate agents and embed trust into components and platforms

slide-6
SLIDE 6

Pierluigi Nuzzo, USC

6

Resilient Cyber-Physical System Design: Data Injection Attacks

Need a cross-layer approach:

  • Develop algorithms

that exploit dynamics and redundancy

  • Build trust in HW and

SW platforms

  • Co-design algorithms

with platforms

Traditional information security is ineffective!

slide-7
SLIDE 7

Pierluigi Nuzzo, USC

Outline

Reasoning About Software and Dynamics: Satisfiability Modulo Convex Programming (SMC) Principled System-Level Design of Hardware Obfuscation: Obfuscation Design Space Exploration Engine (ODSEE) Conclusions

7

slide-8
SLIDE 8

Pierluigi Nuzzo, USC

8

Boolean Constraints Convex Constraints Convex Optimization Mixed Integer Programming SAT + Convex SAT Solvers SMT Solvers

Reasoning About Software and Dynamics: Satisfiability Modulo Convex Programming (SMC)

“CalCS: SMT Solving for Non-Linear Convex Constraints,” FMCAD 2010 “SMC: Satisfiabiity Modulo Convex Programming,” Proc. IEEE 2018

slide-9
SLIDE 9

Pierluigi Nuzzo, USC

9

Example: Secure State Estimation Against Data Injection Attacks

slide-10
SLIDE 10

Pierluigi Nuzzo, USC

10

Secure State Estimation: Problem Formulation

slide-11
SLIDE 11

“Lazy” Coordination of SAT and Convex Programming for Monotone SMC

Step 1: Solve the Boolean abstraction of the formula Step II: Extract involved convex constraints and check their feasibility Step IV: Generate UNSAT certificate:

slide-12
SLIDE 12

UNSAT Certificate Minimality Complexity

(number of convex problems)

Trivial No Constant Minimum Irreducible Inconsistent Set (IIS) Yes Exponential Minimal IIS Yes* Linear/Logarithmic Sum of Slacks Yes* Linear/Logarithmic Minimum Prefix Yes* Constant

* under additional assumptions

Generating Compact UNSAT Certificates

slide-13
SLIDE 13

Pierluigi Nuzzo, USC

13

Under attack - no protection Under attack - with protection

Secure State Estimation: Scalability

#Boolean variables = 4800 #Real variables = 100 #Boolean variables = 4800 #Boolean constraints = 7000

slide-14
SLIDE 14

Pierluigi Nuzzo, USC

Outline

Reasoning About Software and Dynamics: Satisfiability Modulo Convex Programming (SMC) Principled System-Level Design of Hardware Obfuscation: Obfuscation Design Space Exploration Engine (ODSEE) Conclusions

14

slide-15
SLIDE 15

DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited

15

Trusted Platform Via IC Obfuscation

▪ Circuit obfuscation is a potentially viable Trust solution, however

  • No common metrics exist to

evaluate techniques

  • No design tools exist to

guide and validate implementation.

Placement and Routing Backend Checks Synthesis

Design Specifications

Source Code External IP Functional Verification Timing Analysis

Traditional Design Flow

Secure Device?

Camouflaged Gates Keyed Logic

Obfuscation IP Which IP? Where? What are the metrics? How secure is it?

▪ Mirage Project: A tool set which treats

  • bfuscation as a first class design constraint and

relate it to system-level concerns A scientifically based, systematic development and verification environment for hardware

  • bfuscation security
slide-16
SLIDE 16

DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited

16

Example: Logic Locking (Encryption)

Attack progression timeline [Rajendran, ECLIPSE, 2018] [Jin, Feb 2019] Sample Locked Circuit [Yasin TCAD 2015]

slide-17
SLIDE 17

DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited

17

ODSEE’s Architecture

Obfuscated Netlist Optimization-Based Selection Constraints Formalization Netlist Top-level Security & Overhead Specs

UART RSA SHA256 MD5 DES3 AES RAM DSP GPS RAM UART RSA SHA256 MD5 DES3 AES RAM DSP GPS UART SHA256 MD5 RSA DES3 AES RAM DSP GPS

Obfuscation Library

  • Obf. 1
  • Obf. 2
  • Obf. 3
  • Obf. 4
slide-18
SLIDE 18

DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited

18

Security Specifications: Disentangling Functional and Structural Properties of Circuits

Obfuscated Netlist Optimization-Based Selection Constraints Formalization Top-level Security & Overhead Specs

Obfuscation Library

  • Obf. 1
  • Obf. 2
  • Obf. 3
  • Obf. 4

Netlist

ODSEE rethinks the taxonomy and metrics for capturing security requirements:

  • What would we like to protect?
  • Logic/functional properties
  • Output/functional

corruptibility

  • SAT-attack resiliency
  • Structural properties
  • What is the attack model?
  • Targets logic properties: e.g.,

SAT attack, Approximate SAT- based attacks, …

  • Targets structural properties:

e.g., removal attack

slide-19
SLIDE 19

DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited

19

Obfuscation Library: Disentangling Functional and Structural Properties of Obfuscation Schemes

Obfuscated Netlist Optimization-Based Selection Constraints Formalization Top-level Security & Overhead Specs

Obfuscation Library

  • Obf. 1
  • Obf. 2
  • Obf. 3
  • Obf. 4

Netlist

ODSEE rethinks the taxonomy and metrics for modeling obfuscation schemes:

  • Targeting high error rates
  • XOR/XNOR based: e.g., Fault-based

analysis Logic Locking (FLL), Random Logic Locking (RLL), Strong Logic Locking, …

  • LUT based
  • Targeting SAT resilience
  • SARLock
  • Anti-SAT
  • Targeting structural attacks
  • Hybrid schemes targeting a mixture
  • f metrics
slide-20
SLIDE 20

DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited

20

Obfuscation Library: Accurately Representing Implementation Aspects of Obfuscation Schemes

Obfuscated Netlist Optimization-Based Selection Constraints Formalization Top-level Security & Overhead Specs

Obfuscation Library

  • Obf. 1
  • Obf. 2
  • Obf. 3
  • Obf. 4

Netlist

ODSEE incorporates accurate circuit- aware compact models of

  • bfuscation techniques, their

effectiveness, and their cost

18619 gates

𝑢𝑇𝐵𝑆𝑀𝑝𝑑𝑙 ≈ 𝛾𝐻 ⋅ 22𝐿+ 2𝛿𝐻 K is the number of key bits G is the gate count Relative error is below 30% for most cases

slide-21
SLIDE 21

DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited

21

Mapping Specifications to Implementations: Constraint-Driven Logic Locking (CDLL)

Obfuscated Netlist Optimization-Based Selection Constraints Formalization Top-level Security & Overhead Specs

Obfuscation Library

  • Obf. 1
  • Obf. 2
  • Obf. 3
  • Obf. 4

Netlist

ODSEE captures constraints from different concerns and

  • bfuscation schemes using a

uniform language

  • Constraints from fault analysis
  • Conditions on controllability

and observability

  • Conditions involving fan-

in/fan-out cones

  • Can protect specific input

patterns

  • Can identify and select specific

locations in the netlist

  • Enables hybrid obfuscation

Current ODSEE implementation is based on mixed integer linear constraints and leverages mathematical programming to select Pareto optimal obfuscation schemes

slide-22
SLIDE 22

Pierluigi Nuzzo, USC

Conclusions

Orchestrating billions of devices around our body, transportation systems, critical infrastructures, and the planet presents unprecedented design challenges High-assurance cyber-physical system design will require cross-disciplinary, cross-layer approaches SMC and ODSEE are formal frameworks that enable reasoning across the algorithms/HW/physical boundaries

22

slide-23
SLIDE 23

Thank you.

23