publications

PhD Thesis

1. Research on Pre-Silicon Security Evaluation and Protection Techniques for Cryptographic Chip

   Haocheng Ma

   2023

   Ph.D Thesis, Tianjin University, Advisor: Prof. Yiqiang Zhao

   Abs HTML PDF

   Cryptographic integrated circuits (ICs) provide services of data encryption and identity authentication, playing an essential role in modern information security scenarios. However, cryptographic ICs will leak side-channel information including power consumption,timing delay, electromagnetic (EM) emanations, etc. This information can be exploited by an attacker to steal secret information from fabricated ICs, causing side-channel analysis (SCA) attacks. Among them, EM emanations contain rich information in spatial and temporal domains and can be measured without direct physical contact. This makes cryptographic ICs more vulnerable to EM SCA attacks. To address this threat, security evaluation and protection on cryptographic ICs are important. Current security evaluation and protection technologies face the following issues. On one hand, existing security evaluations often happen at the post-silicon stage. Any identification of side channel vulnerability may lead to high costs and delay the time-tomarket. On the other hand, many existing countermeasures are costly in terms of area, power or performance, and may require full-custom circuit design for proper implementations. Therefore, we propose the EM simulation framework and optimize the security evaluation method, which supports security evaluations at the early design stage. Meanwhile, through leaky paths identification and obfuscation, we design the protection scheme balancing security and overheads. Due to a large number of metal wires and standard cells, it is hard to predict the EM behavior of ICs at the design stage, even for those commercial tools. We develop the EM simulation framework at the layout level, making pre-silicon security verification practical. To achieve this goal, we provide an in-depth view of EM emanations from ICs and an understanding of which elements contribute with more proportion. Guiding by this, we implement multiple techniques, including device model approximation and parasitic network reduction for the current analysis and GPU acceleration for EM computation. These techniques speed up the EM simulation process by a factor of 32. To verify the efficacy of the simulation framework, we fabricate S-Box and AES chips using SMIC 180nm CMOS technology. Results show that simulation results are consistent with physical measurements. Specifically, the intrinsic accuracy reaches 74% in the time domain and 98% in the spatial domain. Also, the security evaluation results have a prediction accuracy of 93%. For evaluation scenarios with large data volumes, we integrate the layout-level EM simulation with machine learning, and optimize the security evaluation via the generative adversarial network (GAN). The designed GAN model will extract the mapping from the physical layout to EM emanations. Thereinto, the generator creates EM emanations while the discriminator evaluates them. Through iterative adversarial training between them, predicted data from the generator are close to real EM distributions. Then in process of the security evaluation, the GAN model can quickly produce specified amounts of EM emanations. The validation experiments are performed using AES, Kyber and other two protected designs. Results show that the optimized framework improves the efficiency of security measurements with large-scale data, while maintaining accurate evaluation results. When evaluation data increase to 100K, this prompts the efficiency by a factor of 73.48   86.05. Most of the existing countermeasures result in high circuit overhead and design costs. To address these issues, we propose side-channel protection through automatic leaky paths identification and obfuscation. In techniques of path identification, we first locate partial logic cells that leak the most information through dynamic correlation analysis. Then we exploit static security checking to construct complete leaky paths based on these cells. In techniques of path obfuscation, we design the local path masking by combining Boolean masking and random precharge. Logic transformation is exploited to deploy protection solutions on leaky paths automatically. Based on the above techniques, we design a hardened AES circuit against EM SCA attacks. Experimental results demonstrate more than 1066x improvements in side-channel resistance. With respect to area, power and performance, this hardware protection only incurs 6.53%, 4.51% and 3.1% overheads.

Peer-reviewed Publications

2024

1. EMSim+: Accelerating Electromagnetic Security Evaluation With Generative Adversarial Network and Transfer Learning

   Ya Gao, Haocheng Ma, Qizhi Zhang, Xintong Song, Yier Jin, Jiaji He, and Yiqiang Zhao

   IEEE Transactions on Information Forensics and Security, 2024

   Abs HTML PDF

   Electromagnetic side-channel analysis (EM SCA) attack poses a serious threat to integrated circuits (ICs), necessitating timely vulnerability detection before deployment to enhance EM side-channel security. Various EM simulation methods have emerged for analyzing EM side-channel leakage, providing sufficiently accurate results. However, these simulator-based methods still face two principal challenges in the design process of high security chips. Firstly, the large volume of measurement data required for a single security evaluation results in substantial time overhead. Secondly, design iterations lead to repetitive security evaluations, thus increasing the evaluation cost. In this paper, we propose EMSim+ which includes two efficient and accurate layout-level EM side-channel leakage evaluation frameworks named EMSim+GAN and EMSim+GAN+TL to mitigate the above challenges, respectively. EMSim+GAN integrates a Generative Adversarial Network (GAN) model that utilizes the chip’s cell current and power grid information to predict EM emanations quickly. EMSim+GAN+TL further incorporates transfer learning (TL) within the framework, leveraging the experience of existing designs to reduce the training datasets for new designs and achieve the target accuracy. We compare the simulation results of EMSim+ with the state-of-the-art EM simulation tool, EMSim as well as silicon measurements. Experimental results not only prove the high efficiency and high simulation accuracy of EMSim+, but also verify its generalization ability across different designs and technology nodes.

2. EO-Shield: A Shield-Based Protection Scheme Against Both Invasive and Non-Invasive Attacks

   Ya Gao, Qizhi Zhang, Xintong Song, Haocheng Ma, Jiaji He, and Yiqiang Zhao

   IEEE Transactions on Circuits and Systems I: Regular Papers, 2024

   Abs HTML PDF

   Smart devices, especially Internet-connected devices, typically incorporate security protocols and cryptographic algorithms to ensure the control flow integrity and information security. However, various types of attacks try to tamper with these devices, including invasive and non-invasive. Chip-level shields have been proven effective against invasive attacks, but the potential of shields as a protection mechanism against side-channel analysis (SCA) attacks remains under-explored. To bridge this gap, we propose a shield-based multi-functional protection scheme, named, capable of simultaneously thwarting invasive and non-invasive attacks. is implemented using the chip’s top metal layer and includes an Information Leakage Obfuscation Module (ILOM) underneath. This module generates its protection patterns based on the operating conditions of the circuit that need to be protected, thus reducing the correlation between electromagnetic (EM) emanations and cryptographic data. Additionally, we introduce a simulation technique to test the protection efficacy of at the layout level, utilizing commercial Electronic Design Automation (EDA) tools and the EMSim/EMSim + tool. Simulation experiments demonstrate that the ILOM decreases the signal-to-noise (SNR) ratio to below 0.6 and improves the difficulty of SCA attacks by more than 100 times. Compared to existing single-function protection methods against physical attacks, leverages the EM protection potential of shields to offer multi-functional protection.

3. Hardware Phi-1.5B: A Large Language Model Encodes Hardware Domain Specific Knowledge

   Weimin Fu, Shijie Li, Yifang Zhao, Haocheng Ma, Raj Dutta, Xuan Zhang, Kaichen Yang, Yier Jin, and Xiaolong Guo

   In 2024 29th Asia and South Pacific Design Automation Conference (ASP-DAC), 2024

   Abs HTML PDF

   In the rapidly evolving semiconductor industry, where research, design, verification, and manufacturing are intricately linked, the potential of Large Language Models to revolutionize hardware design and security verification is immense. The primary challenge, however, lies in the complexity of hardware-specific issues that are not adequately addressed by the natural language or software code knowledge typically acquired during the pretraining stage. Additionally, the scarcity of datasets specific to the hardware domain poses a significant hurdle in developing a foundational model. Addressing these challenges, this paper introduces Hardware Phi-1.5B, an innovative large language model specifically tailored for the hardware domain of the semiconductor industry. We have developed a specialized, tiered dataset—comprising small, medium, and large subsets—and focused our efforts on pretraining using the medium dataset. This approach harnesses the compact yet efficient architecture of the Phi-1.5B model. The creation of this first pre-trained, hardware domain-specific large language model marks a significant advancement, offering improved performance in hardware design and verification tasks and illustrating a promising path forward for AI applications in the semiconductor sector.

2023

1. Research on Pre-Silicon Security Evaluation and Protection Techniques for Cryptographic Chip

   Haocheng Ma

   2023

   Ph.D Thesis, Tianjin University, Advisor: Prof. Yiqiang Zhao

   Abs HTML PDF

   Cryptographic integrated circuits (ICs) provide services of data encryption and identity authentication, playing an essential role in modern information security scenarios. However, cryptographic ICs will leak side-channel information including power consumption,timing delay, electromagnetic (EM) emanations, etc. This information can be exploited by an attacker to steal secret information from fabricated ICs, causing side-channel analysis (SCA) attacks. Among them, EM emanations contain rich information in spatial and temporal domains and can be measured without direct physical contact. This makes cryptographic ICs more vulnerable to EM SCA attacks. To address this threat, security evaluation and protection on cryptographic ICs are important. Current security evaluation and protection technologies face the following issues. On one hand, existing security evaluations often happen at the post-silicon stage. Any identification of side channel vulnerability may lead to high costs and delay the time-tomarket. On the other hand, many existing countermeasures are costly in terms of area, power or performance, and may require full-custom circuit design for proper implementations. Therefore, we propose the EM simulation framework and optimize the security evaluation method, which supports security evaluations at the early design stage. Meanwhile, through leaky paths identification and obfuscation, we design the protection scheme balancing security and overheads. Due to a large number of metal wires and standard cells, it is hard to predict the EM behavior of ICs at the design stage, even for those commercial tools. We develop the EM simulation framework at the layout level, making pre-silicon security verification practical. To achieve this goal, we provide an in-depth view of EM emanations from ICs and an understanding of which elements contribute with more proportion. Guiding by this, we implement multiple techniques, including device model approximation and parasitic network reduction for the current analysis and GPU acceleration for EM computation. These techniques speed up the EM simulation process by a factor of 32. To verify the efficacy of the simulation framework, we fabricate S-Box and AES chips using SMIC 180nm CMOS technology. Results show that simulation results are consistent with physical measurements. Specifically, the intrinsic accuracy reaches 74% in the time domain and 98% in the spatial domain. Also, the security evaluation results have a prediction accuracy of 93%. For evaluation scenarios with large data volumes, we integrate the layout-level EM simulation with machine learning, and optimize the security evaluation via the generative adversarial network (GAN). The designed GAN model will extract the mapping from the physical layout to EM emanations. Thereinto, the generator creates EM emanations while the discriminator evaluates them. Through iterative adversarial training between them, predicted data from the generator are close to real EM distributions. Then in process of the security evaluation, the GAN model can quickly produce specified amounts of EM emanations. The validation experiments are performed using AES, Kyber and other two protected designs. Results show that the optimized framework improves the efficiency of security measurements with large-scale data, while maintaining accurate evaluation results. When evaluation data increase to 100K, this prompts the efficiency by a factor of 73.48   86.05. Most of the existing countermeasures result in high circuit overhead and design costs. To address these issues, we propose side-channel protection through automatic leaky paths identification and obfuscation. In techniques of path identification, we first locate partial logic cells that leak the most information through dynamic correlation analysis. Then we exploit static security checking to construct complete leaky paths based on these cells. In techniques of path obfuscation, we design the local path masking by combining Boolean masking and random precharge. Logic transformation is exploited to deploy protection solutions on leaky paths automatically. Based on the above techniques, we design a hardened AES circuit against EM SCA attacks. Experimental results demonstrate more than 1066x improvements in side-channel resistance. With respect to area, power and performance, this hardware protection only incurs 6.53%, 4.51% and 3.1% overheads.

2. NNLeak: An AI-Oriented DNN Model Extraction Attack through Multi-Stage Side Channel Analysis

   Ya Gao, Haocheng Ma, Mingkai Yan, Jiaji He, Yiqiang Zhao, and Yier Jin

   In 2023 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2023

   Abs HTML PDF

   Side channel analysis (SCA) attacks have become emerging threats to AI algorithms and deep neural network (DNN) models. However, most existing SCA attacks focus on extracting models deployed on embedded devices, such as microcontrollers. Accurate SCA attacks on extracting DNN models deployed on AI accelerators are largely missing, leaving researchers with an (improper) assumption that DNNs on AI accelerators may be immune to SCA attacks due to their complexity. In this paper, we propose a novel method, namely NNLeak to extract complete DNN models on FPGA-based AI accelerators. To achieve this goal, NNLeak first exploits simple power analysis (SPA) to identify model architecture. Then a multi-stage correlation power analysis (CPA) is designed to recover model weights accurately. Finally, NNLeak determines the activation functions of DNN models through an AI-oriented classifier. The efficacy of NNLeak is validated on FPGA implementations of two DNN models, including multilayer perceptron (MLP) and LeNet. Experimental results show that NNLeak can successfully extract complete DNN models within 2000 power traces.

3. EMSim+: Accelerating Electromagnetic Security Evaluation with Generative Adversarial Network

   Ya Gao, Haocheng Ma, Jindi Kong, Jiaji He, Yiqiang Zhao, and Yier Jin

   In 2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD), 2023

   Abs HTML PDF Code

   Electromagnetic side-channel analysis (EM SCA) attack is a serious threat to integrated circuits (ICs). In order to detect vulnerabilities in time at the pre-silicon stage and to improve the chip’s robustness to EM SCA attacks, several EM simulation methods have emerged for EM side-channel leakage evaluation. Although the simulated results are accurate, the chip security evaluation in practice requires up to hundreds of millions simulation traces, which imposes an unrealistic computational and time overhead on these simulator-based methods. In this paper, we develop a tool named EMSim+. Different from the general EM security evaluation process, EMSim+ introduces machine learning (ML) to accelerate the simulation of layout-level EM emanations. Based on the generative adversarial network (GAN), a well-trained EMSim+ model can accept the cell current and power grid information of the chip and rapidly predict the EM emanation of the chip surface. We apply EMSim+ to a series of representative cryptographic circuits and compare the simulation results with the state-of-the-art EM simulation method and silicon measurements. The experimental results prove that EMSim+ has high simulation accuracy and achieves more than 242 times evaluation time reduction for 1 M sample data.

4. Side Channel Security Oriented Evaluation and Protection on Hardware Implementations of Kyber

   Yiqiang Zhao, Shijian Pan, Haocheng Ma, Ya Gao, Xintong Song, Jiaji He, and Yier Jin

   IEEE Transactions on Circuits and Systems I: Regular Papers, 2023

   Abs HTML PDF

   The emergence of quantum computing and its impact on current cryptographic algorithms has triggered the migration to post-quantum cryptography (PQC). Among the PQC candidates, CRYSTALS-Kyber is a key encapsulation mechanism (KEM) that stands out from the National Institute of Standards and Technology (NIST) standardization project. While software implementations of Kyber have been developed and evaluated recently, Kyber’s hardware implementations especially those designed with parallel architecture, are rarely discussed. To help better understand Kyber hardware designs and their security against side-channel analysis (SCA) attacks, in this paper, we first adapt the two most recent Kyber hardware designs for FPGA implementations. We then perform SCA attacks against these hardware designs with different architectures, i.e., parallelization and pipelining. Our experimental results show that Kyber designs on FPGA boards are vulnerable to SCA attacks including electromagnetic (EM) and power side channels. An attacker only needs 27∼1,600 power traces or 60∼2,680 EM traces to recover the decryption key successfully. Furthermore, we propose two first-order IND-CPA Kyber decapsulation masking protected designs, and then we evaluate their securities and overheads. The experimental results demonstrate that the side channel security of masked Kyber designs has increased by more than 10x.

5. EMSim: A Fast Layout Level Electromagnetic Emanation Simulation Framework for High Accuracy Pre-Silicon Verification

   Haocheng Ma, Max Panoff, Jiaji He, Yiqiang Zhao, and Yier Jin

   IEEE Transactions on Information Forensics and Security, 2023

   Abs HTML PDF Code Slides

   Electromagnetic (EM) emanation measurement and evaluation is one important testing for modern integrated circuits (ICs). Severe electromagnetic interference may degrade the performance of electronic devices or even cause system crashes. As a result, modern ICs need to follow strict electromagnetic compatibility (EMC) requirements. Moreover, EM emanations offer a covert channel for adversaries to steal secret information from fabricated ICs, causing side channel attacks. Due to the lack of fast and high-accuracy EM simulation tools, existing EM measurements often happen at the post-silicon stage. Any identification of side channel vulnerability or EM incompatibility may lead to high cost and delay the time-to-market. As a result, design-time EM simulation tools with fast simulation speed and high accuracy for pre-silicon designs are urgently needed. To this end, we propose EMSIM, a layout-level EM simulation framework that significantly speeds up the EM simulation process while maintaining high accuracy of the simulated EM emanations. To achieve this goal, we provide the theoretical explanation for the root cause of EM emanations from ICs. Guiding by this, EMSIM leverages techniques of parasitic network reduction and device model approximation to reduce the computation complexities while still ensuring high simulation accuracy. EMSIM further leverages Graphics Processing Unit (GPU) resources to solve equations for EM simulation. The efficiency and effectiveness of EMSIM are validated by showing the consistency between simulation results and physical measurements obtained from fabricated circuit designs.

6. EO-Shield: A Multi-Function Protection Scheme against Side Channel and Focused Ion Beam Attacks

   Ya Gao, Qizhi Zhang, Haocheng Ma, Jiaji He, and Yiqiang Zhao

   In Proceedings of the 28th Asia and South Pacific Design Automation Conference, Tokyo, Japan, 2023

   Abs HTML PDF

   Smart devices, especially Internet-connected devices, typically incorporate security protocols and cryptographic algorithms to ensure the control flow integrity and information security. However, there are various invasive and non-invasive attacks trying to tamper with these devices. Chip-level active shield has been proved to be an effective countermeasure against invasive attacks, but existing active shields cannot be utilized to counter side-channel attacks (SCAs). In this paper, we propose a multi-function protection scheme and an active shield prototype to against invasive and non-invasive attacks simultaneously. The protection scheme has a complex active shield implemented using the top metal layer of the chip and an information leakage obfuscation module underneath. The leakage obfuscation module generates its protection patterns based on the operating conditions of the circuit that needs to be protected, thus reducing the correlation between electromagnetic (EM) emanations and cryptographic data. We implement the protection scheme on one Advanced Encryption Standard (AES) circuit to demonstrate the effectiveness of the method. Experiment results demonstrate that the information leakage obfuscation module decreases SNR below 0.6 and reduces the success rate of SCAs. Compared to existing single-function protection methods against physical attacks, the proposed scheme provides good performance against both invasive and non-invasive attacks.

2022

1. Vulnerable PQC against Side Channel Analysis - A Case Study on Kyber

   Haocheng Ma, Shijian Pan, Ya Gao, Jiaji He, Yiqiang Zhao, and Yier Jin

   In 2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2022

   Abs HTML PDF Slides

   The emergence of quantum computing and its impact on current cryptographic algorithms has triggered the migration to post-quantum cryptography (PQC). Among the PQC candidates, CRYSTALS-Kyber is a key encapsulation mechanism (KEM) that stands out from the National Institute of Standards and Technology (NIST) standardization project. While software implementations of Kyber have been developed and evaluated recently, Kyber’s hardware implementations, especially designs with parallel architecture, are rarely discussed. To help better understand Kyber hardware designs and their security against side-channel analysis (SCA) attacks, in this paper, we first adapt the two most recent Kyber hardware designs for FPGA implementations. We then perform SCA attacks against these hardware designs with different architectures, i.e., parallelization and pipelining. Our experimental results show that Kyber designs on FPGA boards are vulnerable to SCA attacks including electromagnetic (EM) and power side channels. An attacker only needs 27   1600 power traces or 60   2680 EM traces to recover the decryption key successfully.

2. PathFinder: side channel protection through automatic leaky paths identification and obfuscation

   Haocheng Ma, Qizhi Zhang, Ya Gao, Jiaji He, Yiqiang Zhao, and Yier Jin

   In Proceedings of the 59th ACM/IEEE Design Automation Conference, San Francisco, California, 2022

   Abs HTML PDF Slides

   Side-channel analysis (SCA) attacks show an enormous threat to cryptographic integrated circuits (ICs). To address this threat, designers try to adopt various countermeasures during the IC development process. However, many existing solutions are costly in terms of area, power and/or performance, and may require full-custom circuit design for proper implementations. In this paper, we propose a tool, namely PathFinder, to automatically identify leaky paths and protect the design, and is compatible with the commercial design flow. The tool first finds out partial logic cells that leak the most information through dynamic correlation analysis. PathFinder then exploits static security checking to construct complete leaky paths based on these cells. After leaky paths are identified, PathFinder will leverage proper hardware countermeasures, including Boolean masking and random precharge, to eliminate information leakage from these paths. The effectiveness of PathFinder is validated both through simulation and physical measurements on FPGA implementations. Results demonstrate more than 1000X improvements on side-channel resistance, with less than 6.53% penalty to the power, area and performance.

3. A Comprehensive Evaluation of Integrated Circuits Side-Channel Resilience Utilizing Three-Independent-Gate Silicon Nanowire Field Effect Transistors-Based Current Mode Logic

   Yanjiang Liu, Jiaji He, Haocheng Ma, Tongzhou Qu, and Zibin Dai

   IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2022

   Abs HTML PDF

   Side-channel attack (SCA) is one of the physical attacks, which will reveal the confidential information from cryptographic circuits by statistically analyzing physical manifestations. Various circuit-level countermeasures have been proposed as fundamental solutions to eliminate the correlations between side-channel information and circuit’s internal operations. The existing solutions, however, will introduce nonnegligible power and area overheads, making them difficult to be deployed in resource-constrained applications. In this article, a novel three-independent-gate silicon nanowire field effect transistor (TIGFET) with the intrinsic SCA-resilience characteristics is introduced to balance the tradeoffs among cost, performance, and security of cryptographic implementations. We construct six TIGFET-based current mode logic (CML) gates that can retain lower power variation under all possible transitions compared to the CMOS counterparts. As a proof of concept, advanced encryption standard (AES), SM4 block cipher algorithm (SM4), and lightweight cryptographic algorithm PRESENT are implemented utilizing the TIGFET-based CML gates. Correlation power attack is performed to evaluate the improvement of SCA resilience. Simulation results verify that the TIGFET-based cryptographic implementations decrease 42.37% area usage, lower 61.16% energy efficiency, reduce 5.35× power variation, and achieve a similar level of SCA resistance compared to the CMOS counterpart, which is applicable for the resource-constrained applications.

4. Security Oriented Design Framework for EM Side-Channel Protection in RTL Implementations

   Jiaji He, Haocheng Ma, Max Panoff, Hanning Wang, Yiqiang Zhao, Leibo Liu, Xiaolong Guo, and Yier Jin

   IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2022

   Abs HTML PDF Code

   Electromagnetic (EM) side-channel analysis is a powerful attack for extracting secret information from cryptographic hardware implementations. Countermeasures have been proposed at the register-transfer level (RTL), layout level, and device level. However, existing EM radiation modeling and side-channel vulnerability mitigation methods do not consider the structural resilience of original designs, nor do they provide fine-grained security enhancements to those vulnerable submodules/components. These universal solutions may introduce unnecessary overheads on the circuit under protection and may not be optimized for individual designs. In this article, we propose a design/synthesis for side-channel security evaluation and optimization framework based on the t -test evaluation results derived from RTL hardware implementations. While the framework apply to different side-channel leakage, we focus more on EM side channels. Supported by this framework, different RTL implementations of the same cryptographic algorithm will be evaluated for their side-channel resistance. In vulnerable implementations, submodules with the most significant side-channel leakages will be identified. Security design/synthesis rules will then be applied to these vulnerable submodules for security enhancements against side-channel attacks (SCAs). Experiments, including simulations and FPGA implementations on different AES designs, are performed to validate the effectiveness of the proposed framework as well as the security design/synthesis rules.

2021

1. Automatic On-Chip Clock Network Optimization for Electromagnetic Side-Channel Protection

   Haocheng Ma, Jiaji He, Max Panoff, Yier Jin, and Yiqiang Zhao

   IEEE Journal on Emerging and Selected Topics in Circuits and Systems, 2021

   Abs HTML PDF

   Commercial electronic design automation (EDA) tools typically focus on optimizing the power, area, and speed of integrated circuits (ICs). They rarely consider hardware security requirements. As such, existing EDA tools often directly or indirectly introduce security vulnerabilities. These security vulnerabilities can later be exploited by attackers to leak information or compromise the hardware root-of-trust. In this paper, we show how traditional EDA tools optimize power, area and speed (PAS) metrics in cryptographic circuits at the cost of introducing vulnerabilities to side-channel analysis (SCA) attacks. To balance hardware security with traditional performance metrics, we propose an automatic tool, called CAD4EM-CLK, to secure ICs against power and electromagnetic (EM) SCA attacks. The tool optimizes clock networks for both traditional design requirements and security constraints. To achieve this goal, we first theoretically analyze and model the relationship between on-chip clock networks and side-channel security. The developed model will then guide the CAD4EM-CLK tool to adjust clock network structures to spread the leakage out temporally, also lower its amplitude proportion, so as to help reduce the leaked information. The proposed automatic tool is then validated on various cryptographic circuits. We use layout-level simulation to assess side-channel leakage and the experimental results prove the effectiveness of our proposed tool for power and EM side-channel protection.

2. Test Generation for Hardware Trojan Detection Using Correlation Analysis and Genetic Algorithm

   Zhendong Shi, Haocheng Ma, Qizhi Zhang, Yanjiang Liu, Yiqiang Zhao, and Jiaji He

   ACM Trans. Embed. Comput. Syst., Mar 2021

   Abs HTML PDF

   Hardware Trojan (HT) is a major threat to the security of integrated circuits (ICs). Among various HT detection approaches, side channel analysis (SCA)-based methods have been extensively studied. SCA-based methods try to detect HTs by comparing side channel signatures from circuits under test with those from trusted golden references. The pre-condition for SCA-based HT detection to work is that the testers can collect extra signatures/anomalies introduced by activated HTs. Thus, activation of HTs and amplification of the differences between circuits under test and golden references are the keys to SCA-based HT detection methods. Test vectors are of great importance to the activation of HTs, but existing test generation methods have two major limitations. First, the number of test vectors required to trigger HTs is quite large. Second, the HT circuit’s activities are marginal compared with the whole circuit’s activities. In this article, we propose an optimized test generation methodology to assist SCA-based HT detection. Considering the HTs’ inherent surreptitious nature, inactive nodes with low transition probability are more likely to be selected as HT trigger nodes. Therefore, the correlations between circuit inputs and inactive nodes are first exploited to activate HTs. Then a test reordering process based on the genetic algorithm (GA) is implemented to increase the proportion of the HT circuit’s activities to the whole circuit’s activities. Experiments on 10 selected ISCAS benchmarks, wb_conmax benchmark, and b17 benchmark demonstrate that the number of test vectors required to trigger HTs reduces 28.8% on average compared with the result of MERO and MERS methods. After the test vector reordering process, the proportion of the HT circuit’s activities to the whole circuit’s activities is improved by 95% on average, compared with the result of MERS method.

3. On-Chip Trust Evaluation Utilizing TDC-Based Parameter-Adjustable Security Primitive

   Haocheng Ma, Jiaji He, Yanjiang Liu, Jun Kuai, He Li, Leibo Liu, and Yiqiang Zhao

   IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, Mar 2021

   Abs HTML PDF Code

   Field-programmable gate arrays (FPGAs) are integrated circuits (ICs) that can be reconfigured to the desired functionalities, without manufacturing dedicated chips. Due to their programmable nature, FPGAs have been prevalent in the large majority of modern systems. This raises high demands for verifying the security of circuit implementations on FPGAs, since they are vulnerable to hardware trojans (HTs) that can be inserted through modified configuration files. In this article, we propose an on-chip security framework to ensure the trustworthiness of circuit implementations on FPGAs at runtime. The core of the framework is a time-to-digital converter (TDC)-based hardware security primitive that can be predeployed on FPGAs to verify whether the FPGA-based designs are tampered with or corrupted by HTs. The parameter-adjustable TDC sensor, which is the primary component of the primitive, is carefully designed, adjusted, and implemented, thus the TDC sensor can monitor the transient voltage fluctuations within FPGAs with a high resolution. Versus statistical data analysis, tiny abnormal variations introduced by the Trojan insertion and activation are distinguished. Experimental results on Xilinx Spartan-6 FPGAs demonstrate the effectiveness of the proposed TDC-based on-chip trust evaluation framework and HT detection method.

4. Security-Driven Placement and Routing Tools for Electromagnetic Side-Channel Protection

   Haocheng Ma, Jiaji He, Yanjiang Liu, Leibo Liu, Yiqiang Zhao, and Yier Jin

   IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, Mar 2021

   Abs HTML PDF

   Side-channel analysis (SCA) attacks are major threats to hardware security. Upon this security threat, various countermeasures at different design layers have been proposed against SCA attacks. These approaches often introduce significant overheads and impose high requirements of side-channel security backgrounds to integrated circuit (IC) designers. In this article, we propose an automatic computer-aided design (CAD) tool that can be utilized to enhance the circuit resistance against electromagnetic (EM) SCA attacks. This new tool will guide security-driven placement and routing processes and can be seamlessly integrated into the modern IC design flow. The protected IC design will be resilient to SCA attacks with negligible area and power overheads. In order to develop this tool, we first investigate the root-cause of EM leakage at the layout level and mathematically demonstrate the feasibility of security-driven placement and routing through the EM leakage modeling. We then identify that the correlation between the data under protection and the EM leakage can be significantly reduced through data-dependent register reallocation and wire length adjustments. Simulation results on cryptographic circuits prove the effectiveness of both the constructed EM leakage model and the EM model-based CAD tool for EM side-channel security.

2020

1. DeepEM: Deep Neural Networks Model Recovery through EM Side-Channel Information Leakage

   Honggang Yu, Haocheng Ma, Kaichen Yang, Yiqiang Zhao, and Yier Jin

   In 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Mar 2020

   Abs HTML PDF

   Neural Network (NN) accelerators are currently widely deployed in various security-crucial scenarios, including image recognition, natural language processing and autonomous vehicles. Due to economic and privacy concerns, the hardware implementations of structures and designs inside NN accelerators are usually inaccessible to the public. However, these accelerators still tend to leak crucial information through Electromagnetic (EM) side channels in addition to timing and power information. In this paper, we propose an effective and efficient model stealing attack against current popular large-scale NN accelerators deployed on hardware platforms through side-channel information. Specifically, the proposed attack approach contains two stages: 1) Inferring the underlying network architecture through EM sidechannel information; 2) Estimating the parameters, especially the weights, through a margin-based, adversarial active learning method. The experimental results show that the proposed attack approach can accurately recover the large-scale NN through EM side-channel information leakages. Overall, our attack highlights the importance of masking EM traces for large-scale NN accelerators in real-world applications.

2. WaLo: Security Primitive Generator for RT-Level Logic Locking and Watermarking

   Jun Kuai, Jiaji He, Haocheng Ma, Yiqiang Zhao, Yumin Hou, and Yier Jin

   In 2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), Mar 2020

   Abs HTML PDF

   Various hardware security solutions have been developed recently to help counter hardware level attacks such as hardware Trojan, integrated circuit (IC) counterfeiting and intellectual property (IP) clone/piracy. However, existing solutions often provide specific types of protections. While these solutions achieve great success in preventing even advanced hardware attacks, the compatibility of among these hardware security methods are rarely discussed. The inconsistency hampers with the development of a comprehensive solution for hardware IC and IP from various attacks. In this paper, we develop a security primitive generator to help solve the compatibility issue among different protection techniques. Specifically, we focus on two modern IC/IP protection methods, logic locking and watermarking. A combined locking and watermarking technique is developed based on enhanced finite state machines (FSMs). The security primitive generator will take user-specified constraints and automatically generate an FSM module to perform both logic locking and watermarking. The generated FSM can be integrated into any designs for protection. Our experimental results show that the generator can facilitate circuit protection and provide the flexibility for users to achieve a better tradeoff between security levels and design overheads.

3. Golden Chip-Free Trojan Detection Leveraging Trojan Trigger’s Side-Channel Fingerprinting

   Jiaji He, Haocheng Ma, Yanjiang Liu, and Yiqiang Zhao

   ACM Trans. Embed. Comput. Syst., Dec 2020

   Abs HTML PDF

   Hardware Trojans (HTs) have become a major threat for the integrated circuit industry and supply chain and have motivated numerous developments of HT detection schemes. Although the side-channel HT detection approach is among the most promising solutions, most of the previous methods require a trusted golden chip reference. Furthermore, detection accuracy is often influenced by environmental noise and process variations. In this article, a novel electromagnetic (EM) side-channel fingerprinting-based HT detection method is proposed. Different from previous methods, the proposed solution eliminates the requirement of a trusted golden fabricated chip. Rather, only the genuine RTL code is required to generate the EM signatures as references. A factor analysis method is utilized to extract the spectral features of the HT trigger’s EM radiation, and then a k-means clustering method is applied for HT detection. Experimentation on two selected sets of Trust-Hub benchmarks has been performed on FPGA platforms, and the results show that the proposed framework can detect all dormant HTs with a high confidence level.

4. Runtime Trust Evaluation and Hardware Trojan Detection Using On-Chip EM Sensors

   Jiaji He, Xiaolong Guo, Haocheng Ma, Yanjiang Liu, Yiqiang Zhao, and Yier Jin

   In 2020 57th ACM/IEEE Design Automation Conference (DAC), Dec 2020

   Abs HTML PDF

   It has been widely demonstrated that the utilization of postdeployment trust evaluation approaches, such as side-channel measurements, along with statistical analysis methods is effective for detecting hardware Trojans in fabricated integrated circuits (ICs). However, more sophisticated Trojans proposed recently invalidate these methods with stealthy triggers and very-low side-channel signatures. Upon these challenges, in this paper, we propose an electromagnetic (EM) side-channel based post-fabrication trust evaluation framework which monitors EM radiations at runtime. The key component of the runtime trust evaluation framework is an on-chip EM sensor which can constantly measure and collect EM side-channel information of the target circuit. The simulation results validate the capability of the proposed framework in detecting stealthy hardware Trojans. Further, we fabricate an AES circuit protected by the proposed trust evaluation framework along with four different types of hardware Trojans. The measurements on the fabricated chips prove two key findings. First, the on-chip EM sensor can achieve a higher signal to noise ratio (SNR) and thus facilitate a better Trojan detection accuracy. Second, the trust evaluation framework can help detect different hardware Trojans at runtime.

5. Design for EM Side-Channel Security through Quantitative Assessment of RTL Implementations

   Jiaji He, Haocheng Ma, Xiaolong Guo, Yiqiang Zhao, and Yier Jin

   In 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC), Dec 2020

   Abs HTML PDF

   Electromagnetic (EM) side-channel attacks aim at extracting secret information from cryptographic hardware implementations. Countermeasures have been proposed at device level, register-transfer level (RTL) and layout level, though efficient, there are still requirements for quantitative assessment of the hardware implementations’ resistance against EM side-channel attacks. In this paper, we propose a design for EM side-channel security evaluation and optimization framework based on the t-test evaluation results derived from RTL hardware implementations. Different implementations of the same cryptographic algorithm are evaluated under different hypothesis leakage models considering the driven capabilities of logic components, and the evaluation results are validated with side-channel attacks on FPGA platform. Experimental results prove the feasibility of the proposed side-channel leakage evaluation method at pre-silicon stage. The remedies and suggested security design rules are also discussed.

2019

1. CAD4EM-P: Security-Driven Placement Tools for Electromagnetic Side Channel Protection

   Haocheng Ma, Jiaji He, Yanjiang Liu, Yiqiang Zhao, and Yier Jin

   In 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), Dec 2019

   Abs HTML

   Side-Channel Analysis (SCA) attacks are major threats to hardware security. Upon this security threat, various countermeasures at different design layers have been proposed against SCA attacks. These approaches often introduce significant performance overheads and impose high requirements of side-channel security backgrounds to IC designers. In this paper, we propose an automatic computer-aided design (CAD) tool that can enhance the circuit resistance against electromagnetic (EM) SCA attacks. This new tool will guide a security-driven placement process and can be seamlessly integrated into the modern IC design flow. The protected IC design will be resilient to SCA attacks with negligible area and power overheads. In order to develop this tool, we first investigate the root-cause of EM leakage at layout level and mathematically demonstrate the feasibility of security-driven placement through the EM leakage modeling. We then identify that the correlation between the data under protection and the EM leakage can be significantly reduced through data-dependent registers reallocation. Simulation results on cryptographic circuits prove the effectiveness of both the constructed EM leakage model and the EM model based CAD tool for EM security.

2. An Enhanced Logic Encryption Method with a Fully Correlated Key Interdependency Block

   Jiaji He, Haocheng Ma, Kaiyue Song, and Yiqiang Zhao

   Electronics, Dec 2019

   Abs HTML PDF

   Logic encryption, as a hardware security technique, can protect integrated circuits (ICs) by inserting additional gates. The inserted gates guarantee that predefined outputs are only generated when correct key inputs are provided, preventing IC counterfeiting, intellectual property (IP) theft, and IC overproduction. To evaluate the logic encryption’s robustness, two major criteria are usually utilized, which are (1) the interdependency between the keys and (2) the output corruption against attacks, including path sensitization attack, SATbased attack, hill-climbing attack, etc. However, the majority of existing logic encryption methods emphasize one criterion over the other. In this paper, an enhanced logic encryption method with a fully correlated key interdependency block is proposed. The method enhances the interdependency of keys and determines the locations of key-gates utilizing a rare node analysis method. Experimental results validate that the proposed method can withstand path sensitization attack and ensure 50% Hamming distance with reasonable design overheads.

3. Hardware trojan detection leveraging a novel golden layout model towards practical applications

   Yanjiang Liu, Jiaji He, Haocheng Ma, and Yiqiang Zhao

   Journal of Electronic Testing, Dec 2019

   Abs HTML PDF

   Globalization trend in integrated circuit design and manufacturing process has increased the vulnerability of integrated circuit. These vulnerabilities mainly caused by hardware Trojan have a serious impact on the security of integrated circuits. Although side-channel analysis approach is the most promising Trojan detection approach, nearly all side-channel analysis approaches rely heavily on the availability of golden chips, which are extremely difficult to obtain. In this paper, a golden layout model instead of fabricated golden chips is introduced for the practical application of hardware Trojan detection approaches. The simulated voltage variations generated from the golden layout model at different process corners serve as golden reference, thus fabricated golden chips are not required during detection. Further, silicon measurements are performed to obtain the voltage variations of fabricated chips, and a model calibration algorithm is utilized to calibrate the golden model in the presence of process variations and random noise. Finally, the Trojan detection is formulated as a two-class classification problem, and the Trojan is identified using the partitioning around medoids algorithm. Experimental results demonstrate that the similarities between the simulated traces and measured traces are greater than 98.81%, and the proposed approach distinguishes the Trojan chips correctly even under ± 15% process variation.

2018

1. Fringing Electric Field Sensors for Anti-Attack at System-Level Protection

   Xiang Gao, Yiqiang Zhao, and Haocheng Ma

   Sensors, Dec 2018

   Abs HTML PDF

   Information system security has been in the spotlight of individuals and governments in recent years. Integrated Circuits (ICs) function as the basic element of communication and information spreading, therefore they have become an important target for attackers. From this perspective, system-level protection to keep chips from being attacked is of vital importance. This paper proposes a novel method based on a fringing electric field (FEF) sensor to detect whether chips are dismantled from a printed circuit board (PCB) as system-level protection. The proposed method overcomes the shortcomings of existing techniques that can be only used in specific fields. After detecting a chip being dismantled from PCB, some protective measures like deleting key data can be implemented to be against attacking. Fringing electric field sensors are analyzed through simulation. By optimizing sensor’s patterns, areas and geometrical parameters, the methods that maximize sensitivity of fringing electric field sensors are put forward and illustrated. The simulation is also reproduced by an experiment to ensure that the method is feasible and reliable. The results of experiments are inspiring in that they prove that the sensor can work well for protection of chips and has the advantage of universal applicability, low cost and high reliability.