Viewing entries tagged
assurance

GOMAC 2023 - Booth and Session Information

GOMAC 2023 - Booth and Session Information

Come see our presentations, posters, and booth at GOMAC 2023! Click here for the full GOMAC 2023 program schedule.

Poster Session: The poster session is at 10:30am – 12:10pm, Thurs March 23. We hope to see you there!

  • Poster P50-38: “Generating Statistically Relevant Trojan Benchmarks for Microelectronics Quantifiable Assurance”

  • Poster P50-39: “Facilitating Assurance and Collaboration through Digital Threads in Microelectronics Experiments”

Presentation Session: We’re presenting our third paper in Session 38: Side-Channel Analysis, at 1:30 – 3:10pm, Thurs March 23.

  • Session 38-5: “Determining Residual Risk from Optimized Selection of Hardware Trojan Detection Strategies”

We will also be present in the ongoing Exhibits session at Booth 713 where you can talk to our experts about the software tools we offer, including Enverite design assurance solutions and our OpTrust service. We’ll be available at our booth all day on Tues March 21 and Wed March 22.

GOMAC 2023 - Three Papers

GOMAC 2023 - Three Papers

We’re presenting three papers at GOMAC 2023 in March – two posters and one presentation. Our papers discuss the quality of trojan benchmarks for microelectronics quantifiable assurance as well as a methodology for calculating the risk in hardware trojan detection strategies. We are also discussing our microelectronics lab experimentation platform, Benches, and how it can be used to capture digital threads of experiments. We will be demoing Benches at our booth, so definitely come check that out!

We’ll send out another update soon with information on our session numbers and dates. The team has put in significant effort, and we can’t wait for you to see it.

Poster

Generating Statistically Relevant Trojan Benchmarks for Microelectronics Quantifiable Assurance

Margaret Winslow, Whitney Bachelor, James Koiner, Kevin Paar, Scott Harper, Jonathan Graf

Abstract: Hardware trojan horse (HTH) detection metrics are used to quantify the value of trojan detection methods. These metrics, often in terms of probability of detection and probability of false alarm, can be used to help quantify the impact on design assurance when applying mitigations to a microelectronics circuit. A question arises, however, regarding how statistically sound the metric values must be to make reasonable trust and assurance decisions. Statistical relevance metrics have been used in many fields to justify confidence in claims, and benchmarks that can produce statistically relevant detection metrics are necessary to trust the quantification of microelectronics assurance. This work defines the requirements for generating statistically relevant detection metrics that are useful for quantifying microelectronics design assurance via testing with a strategically implemented circuit design benchmark set.

-----

Presentation

Determining Residual Risk from Optimized Selection of Hardware Trojan Detection Strategies

Zachary A. Collier, Whitney Batchelor, Margaret Winslow, Scott Harper, Jonathan Graf

Abstract: Game theory has been shown to have practical applications in the optimal selection of hardware trojan detection and prevention strategies for circuit design. Previous work has used quantitative metrics measuring performance and cost of a countermeasure to predict optimal defense strategy selections, while considering the goals and actions of an adversary. This was accomplished with a game theoretic model of the response of a defender and an attacker to possible design assurance strategy selections. To date, no concrete quantification of the changes in risk associated with the resulting design decisions has been presented. This work introduces a methodology for deriving and calculating the inherent risk, residual risk, and risk reduction that result from the game theoretic models of design decisions when evaluating hardware trojan detection and prevention strategies.

-----

Poster

Facilitating Assurance and Collaboration through Digital Threads in Microelectronics Experiments

Edward Carlisle IV, Scott Harper, Jonathan Graf

Abstract: Laboratory experimentation with circuits and systems can be a complex process. Exact repetition of processes such as radiation testing, second-party verification of conclusions drawn from side channel analysis, and preservation of experimental processes all require the full detail of an experiment to be captured when it is run. Capturing a digital thread of an experiment provides this capability but can be a complex process that is prone to human error if not fully automated. This paper presents an automated microelectronics lab experimentation platform called Benches. We describe how Benches automates the capture of the digital thread of a microelectronics experiment and how these digital threads facilitate assurance and collaboration.

Anti-Tamper Conference 2022 – Two Papers

We’re presenting two papers at the 2022 Anti-Tamper Conference in Laurel, Maryland.

-----

Anti-Tamper Implementation – An Irrefutable Logger in Microchip Polarfire Devices

Kevin Paar, Jonathan Graf, Scott Harper, Tim Dunham

Abstract: This paper discusses the implementation of a rich, irrefutable tamper logging solution for the Microchip Polarfire family of flash-based Field Programmable Gate Array (FPGA) ICs. Leveraging the unique capabilities of the Polarfire FPGA, the solution immediately journals incoming log entries into secure internal storage and later archives the log entries to an external non-volatile storage media. The solution utilizes rolling-key encryption, authentication, and chained hashing of the externally stored log entries to support verification and validation of log integrity. Implementing this system in Polarfire FPGAs requires a vastly different solution than similar logs implemented in Xilinx Kintex and Zynq UltraScale+ devices.

-----

Modernizing FPGA Design Assurance Software

Jonathan Graf, Scott Harper, Ali Asgar Sohanghpurwala, and Edward Carlisle IV

Abstract: We present five principles for modern FPGA design assurance tools: verification, auditing, quantification, automation, and interoperability. We claim these principles are mandatory for such tooling and explore three software tools in this context – DELV, Trace, and PV‐Bit. Our conclusion is that it is possible to create tools that follow the principles and that this approach quantifiably impacts FPGA design assurance.

GOMAC 2022: Four more papers!

The team has done it again! Last year we presented three papers at GOMAC, and this year, we’ll be presenting four! The whole team has put so much effort into this research, and we can’t wait to show off our achievements. GOMAC will be hosted in Miami, so the team hopes to thaw out a bit from winter in addition to giving great presentations on our latest work. Take a look below to learn more about what we’ll discuss.  Come out and see us in our first in-person conference in 2 years!

-----

Modernizing FPGA Design Assurance Software

Jonathan Graf, Scott Harper, Ali Asgar Sohanghpurwala, Edward Carlisle IV

Abstract: This paper presents five key principles for modern FPGA design assurance tools: verification, auditing, quantification, automation, and interoperability. We claim these principals are mandatory for such tooling and explore three hardware design assurance software tools in this context – DELV, Trace, and PV-Bit. Our conclusion is that it is possible to create tools that follow the principles and that adherence to these principles quantifiably impacts design assurance.

-----

Advancing Strategy Selection for Hardware Trojan Detection with Subrational Behavior Models

Whitney Batchelor, Meg Winslow, Cody Crofford, Michael Blacconiere, Scott Harper, Jonathan Graf

Abstract: Game theory has been shown to have practical applications in the optimization of hardware Trojan detection and prevention strategy selection in circuit design. In previous work, metrics measuring the performance and cost of a countermeasure when considering the action of an adversary given their goals are quantified to predict optimal defense strategy selections. Those models assume an encounter between two rational players and build upon a security economic approach in the context of empirically derived countermeasure efficacy metrics. That is, both offensive and defensive players act in a rational manner, choosing the action resulting in their greatest financial gain (or lowest loss) when considering the likely action of their opponent. The assumption of rational players allows for a baseline analysis when optimizing detection strategy selection but does not consider human behaviors that may drive a sub-optimal decision. These behaviors may result from having risk adverse/seeking players, carrying bias towards certain methods, understanding the results from prior attacks and defensive mechanisms, and/or additional motivations. In this paper, we extend the rational game theoretic model previously evaluated in the quantitative assurance space with the concept of subrationality; that is, when the players have the option of making an informed but less optimal choice due to some definable bias. This work introduces three subrational models that simulate risk adverse and risk seeking players, knowledge of prior play, and random error with application to the previously developed models pertaining to the optimal selection of hardware Trojan detection strategies.

-----

Trace: Towards a Traceable Microelectronics Implementation Flow

Ali Asgar Sohanghpurwala, Carlton Fraley, Jonathan Graf, Scott Harper

Abstract: Microelectronics design processes often include implementation flows that perform incremental steps to convert human-readable source code or schematics into a binary executable or hardware circuit that can be deployed on the desired Microprocessor, FPGA, PCB, or ASIC technology. Available tools help users partially verify the output of these implementation flows, but a gap exists in assuring and preserving the integrity of those output products along with the source code and implementation settings that were used to produce them. Ideally, a security auditor should be able to prove or disprove the trustworthiness of specific design implementations deployed in the face of an advanced adversary. What is proposed here is progression towards a fully traceable and reproducible implementation flow that uses proven cryptographic principles to enable a tamper-resistant audit trail for Microelectronic design implementation along with companion tools for auditing and precisely reproducing the implementation process.

-----

Automated Analysis of a Thermally Triggered FPGA Hardware Trojan

Edward Carlisle IV, Scott Harper, James Koiner, Kevin Paar, Michael Capone, and Jonathan Graf

Abstract: This paper presents a remote hardware-in-the-loop Hardware Trojan Horse (HTH) analysis approach that automates the process of examining HTH effects and characterizing detection/mitigation effectiveness. We frame the discussion around a novel HTH that is triggered by variations in temperature and is implemented in the fabric of a Field Programmable Gate Array device. We demonstrate the characterization and activation of the HTH using a fully automated web-based lab bench platform.