Visible to the public Biblio

Filters: Author is Makris, Y.  [Clear All Filters]
2020-11-09
Zaman, M., Sengupta, A., Liu, D., Sinanoglu, O., Makris, Y., Rajendran, J. J. V..  2018.  Towards provably-secure performance locking. 2018 Design, Automation Test in Europe Conference Exhibition (DATE). :1592–1597.
Locking the functionality of an integrated circuit (IC) thwarts attacks such as intellectual property (IP) piracy, hardware Trojans, overbuilding, and counterfeiting. Although functional locking has been extensively investigated, locking the performance of an IC has been little explored. In this paper, we develop provably-secure performance locking, where only on applying the correct key the IC shows superior performance; for an incorrect key, the performance of the IC degrades significantly. This leads to a new business model, where the companies can design a single IC capable of different performances for different users. We develop mathematical definitions of security and theoretically, and experimentally prove the security against the state-of-the-art-attacks. We implemented performance locking on a FabScalar microprocessor, achieving a degradation in instructions per clock cycle (IPC) of up to 77% on applying an incorrect key, with an overhead of 0.6%, 0.2%, and 0% for area, power, and delay, respectively.
2018-10-26
Subramani, K. S., Antonopoulos, A., Abotabl, A. A., Nosratinia, A., Makris, Y..  2017.  INFECT: INconspicuous FEC-based Trojan: A hardware attack on an 802.11a/g wireless network. 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :90–94.

We discuss the threat that hardware Trojans (HTs) impose on wireless networks, along with possible remedies for mitigating the risk. We first present an HT attack on an 802.11a/g transmitter (TX), which exploits Forward Error Correction (FEC) encoding. While FEC seeks to protect the transmitted signal against channel noise, it often offers more protection than needed by the actual channel. This margin is precisely where our HT finds room to stage an attack. We, then, introduce a Trojan-agnostic method which can be applied at the receiver (RX) to detect such attacks. This method monitors the noise distribution, to identify systematic inconsistencies which may be caused by an HT. Lastly, we describe a Wireless open-Access Research Platform (WARP) based experimental setup to investigate the feasibility and effectiveness of the proposed attack and defense. More specifically, we evaluate (i) the ability of a rogue RX to extract the leaked information, while an unsuspecting, legitimate RX accurately recovers the original message and remains oblivious to the attack, and (ii) the ability of channel noise profiling to detect the presence of the HT.