Hardware Security and Trust

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information and Communications Technology".

Deadline for manuscript submissions: closed (31 May 2024) | Viewed by 9950

Special Issue Editor


E-Mail Website
Guest Editor
TIMA Laboratory, CNRS, 38031 Grenoble, France
Interests: hardware security; physical attacks; RTL countermeasures; secure test
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The presence of security functions at any level is becoming more and more pervasive in every aspect of society due the increasing number of connected devices and heavy data processing. Moreover, the advances in processing power and computing paradigms also push for research into novel schemes and protocols, which pose new challenges in terms of implementations. The search for new cryptographic schemes, in order to find strong successors to the existing standards, and for novel computing approaches requires continuous effort from the engineering community in order to achieve the best results.

In many domains, the need for adequate performance will require recurring hardware acceleration, at least partially: the presence of cryptographic functions in embedded processors as software or hardware implementations is now established, and the trend shows that all sorts of devices will soon be equipped with security features to guarantee confidentiality and authenticity. On the other hand, the possibilities available to attackers aiming to bypass the security of a system have also increased. Microarchitectural vulnerabilities found in modern CPUs (e.g., Spectre, Meltdown, Spoiler, RowHammer) are very recent, proving that possible breaches may be discovered at any time. “Traditional” implementation attacks (side channel analysis, fault attacks) are still a major concern, which needs continuous efforts from the research community in both directions: attacks and countermeasures, from the lowest to the highest level of abstraction.

This Special Issue seeks novel contributions to improve the current state-of-the-art literature on methodologies, tools, and results on architectures, experimental attacks, and countermeasures for embedded systems in the field of hardware security and trust. Topics of interest include but are not limited to the following:

  • Embedded implementation of cryptographic algorithms;
  • Physical attacks against embedded implementations and related countermeasures;
  • Security of test infrastructures;
  • Hardware Trojans and detection techniques;
  • Hardware security primitives;
  • Secure processors and architectures;
  • Microarchitectural attacks: characterization, exploitation, protections;
  • Post-quantum cryptographic implementations;
  • Lightweight cryptographic implementations;
  • Secure implementation in constrained environments.

Dr. Paolo Maistri
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • secure hardware
  • physical attacks
  • IC trust

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Related Special Issue

Published Papers (6 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

12 pages, 1035 KiB  
Article
A Methodology to Distribute On-Chip Voltage Regulators to Improve the Security of Hardware Masking
by Soner Seçkiner and Selçuk Köse
Information 2024, 15(8), 488; https://doi.org/10.3390/info15080488 - 16 Aug 2024
Viewed by 709
Abstract
Hardware masking is used to protect against side-channel attacks by splitting sensitive information into different parts, called hardware masking shares. Ideally, a side-channel attack would only work if all these parts were completely independent. But in real-world VLSI implementations, things are not perfect. [...] Read more.
Hardware masking is used to protect against side-channel attacks by splitting sensitive information into different parts, called hardware masking shares. Ideally, a side-channel attack would only work if all these parts were completely independent. But in real-world VLSI implementations, things are not perfect. Information from a hardware masking share can leak to another, making it possible for side-channel attacks to succeed without needing data from every hardware masking share. The theoretically supposed independence of these shares often does not hold up in practice. The effectiveness of hardware masking is reduced because of the parasitic impedance that stems from power delivery networks or the internal structure of the integrated circuit. When the coupling effect and noise spread among the hardware masking shares powered by the same power delivery network, side-channel attacks can be carried out with fewer measurements. To address this, we propose a new method of distributing on-chip voltage regulators to improve hardware masking security. The benefits of distributed on-chip voltage regulators are evident. Placing the regulators close to the load minimizes power loss due to resistive losses in the power delivery network. Localized regulation allows for more efficient adjustments to the varying power demands of different chip sections, improving overall power efficiency. Additionally, distributed regulators can quickly respond to power demand changes, maintaining stable voltage levels for high-performance circuits, leading to improved control over noise. We introduce a new DLDO voltage regulator that uses random clocking and randomizing limit cycle oscillations to enhance security. Our simulations show that with these distributed DLDO regulators, the t-test value can be as low as 2.019, and typically, a circuit with a t-test value below 4.5 is considered secure. Full article
(This article belongs to the Special Issue Hardware Security and Trust)
Show Figures

Figure 1

17 pages, 1286 KiB  
Article
FEINT: Automated Framework for Efficient INsertion of Templates/Trojans into FPGAs
by Virinchi Roy Surabhi, Rajat Sadhukhan, Md Raz, Hammond Pearce, Prashanth Krishnamurthy, Joshua Trujillo, Ramesh Karri and Farshad Khorrami
Information 2024, 15(7), 395; https://doi.org/10.3390/info15070395 - 8 Jul 2024
Viewed by 904
Abstract
Field-Programmable Gate Arrays (FPGAs) play a significant and evolving role in various industries and applications in the current technological landscape. They are widely known for their flexibility, rapid prototyping, reconfigurability, and design development features. FPGA designs are often constructed as compositions of interconnected [...] Read more.
Field-Programmable Gate Arrays (FPGAs) play a significant and evolving role in various industries and applications in the current technological landscape. They are widely known for their flexibility, rapid prototyping, reconfigurability, and design development features. FPGA designs are often constructed as compositions of interconnected modules that implement the various features/functionalities required in an application. This work develops a novel tool FEINT, which facilitates this module composition process and automates the design-level modifications required when introducing new modules into an existing design. The proposed methodology is architected as a “template” insertion tool that operates based on a user-provided configuration script to introduce dynamic design features as plugins at different stages of the FPGA design process to facilitate rapid prototyping, composition-based design evolution, and system customization. FEINT can be useful in applications where designers need to tailor system behavior without requiring expert FPGA programming skills or significant manual effort. For example, FEINT can help insert defensive monitoring, adversarial Trojan, and plugin-based functionality enhancement features. FEINT is scalable, future-proof, and cross-platform without a dependence on vendor-specific file formats, thus ensuring compatibility with FPGA families and tool versions and being integrable with commercial tools. To assess FEINT’s effectiveness, our tests covered the injection of various types of templates/modules into FPGA designs. For example, in the Trojan insertion context, our tests consider diverse Trojan behaviors and triggers, including key leakage and denial of service Trojans. We evaluated FEINT’s applicability to complex designs by creating an FPGA design that features a MicroBlaze soft-core processor connected to an AES-accelerator via an AXI-bus interface. FEINT can successfully and efficiently insert various templates into this design at different FPGA design stages. Full article
(This article belongs to the Special Issue Hardware Security and Trust)
Show Figures

Graphical abstract

35 pages, 1616 KiB  
Article
Decentralized Zone-Based PKI: A Lightweight Security Framework for IoT Ecosystems
by Mohammed El-Hajj and Pim Beune
Information 2024, 15(6), 304; https://doi.org/10.3390/info15060304 - 24 May 2024
Cited by 1 | Viewed by 1279
Abstract
The advent of Internet of Things (IoT) devices has revolutionized our daily routines, fostering interconnectedness and convenience. However, this interconnected network also presents significant security challenges concerning authentication and data integrity. Traditional security measures, such as Public Key Infrastructure (PKI), encounter limitations when [...] Read more.
The advent of Internet of Things (IoT) devices has revolutionized our daily routines, fostering interconnectedness and convenience. However, this interconnected network also presents significant security challenges concerning authentication and data integrity. Traditional security measures, such as Public Key Infrastructure (PKI), encounter limitations when applied to resource-constrained IoT devices. This paper proposes a novel decentralized PKI system tailored specifically for IoT environments to address these challenges. Our approach introduces a unique “zone” architecture overseen by zone masters, facilitating efficient certificate management within IoT clusters while reducing the risk of single points of failure. Furthermore, we prioritize the use of lightweight cryptographic techniques, including Elliptic Curve Cryptography (ECC), to optimize performance without compromising security. Through comprehensive evaluation and benchmarking, we demonstrate the effectiveness of our proposed solution in bolstering the security and efficiency of IoT ecosystems. This contribution underlines the critical need for innovative security solutions in IoT deployments and presents a scalable framework to meet the evolving demands of IoT environments. Full article
(This article belongs to the Special Issue Hardware Security and Trust)
Show Figures

Figure 1

46 pages, 5660 KiB  
Article
A Quantum-Safe Software-Defined Deterministic Internet of Things (IoT) with Hardware-Enforced Cyber-Security for Critical Infrastructures
by Ted H. Szymanski
Information 2024, 15(4), 173; https://doi.org/10.3390/info15040173 - 22 Mar 2024
Viewed by 1924
Abstract
The next-generation “Industrial Internet of Things” (IIoT) will support “Machine-to-Machine” (M2M) communications for smart Cyber-Physical-Systems and Industry 4.0, and require guaranteed cyber-security. This paper explores hardware-enforced cyber-security for critical infrastructures. It examines a quantum-safe “Software-Defined-Deterministic IIoT” (SDD-IIoT), with a new forwarding-plane (sub-layer-3a) for [...] Read more.
The next-generation “Industrial Internet of Things” (IIoT) will support “Machine-to-Machine” (M2M) communications for smart Cyber-Physical-Systems and Industry 4.0, and require guaranteed cyber-security. This paper explores hardware-enforced cyber-security for critical infrastructures. It examines a quantum-safe “Software-Defined-Deterministic IIoT” (SDD-IIoT), with a new forwarding-plane (sub-layer-3a) for deterministic M2M traffic flows. A “Software-Defined Networking” (SDN) control plane controls many “Software-Defined-Deterministic Wide-Area Networks” (SDD-WANs), realized with FPGAs. The SDN control plane provides an “Admission-Control/Access-Control” system for network-bandwidth, using collaborating Artificial Intelligence (AI)-based “Zero Trust Architectures” (ZTAs). Hardware-enforced access-control eliminates all congestion, BufferBloat, and DoS/DDoS attacks, significantly reduces buffer-sizes, and supports ultra-reliable-low-latency communications in the forwarding-plane. The forwarding-plane can: (i) Encrypt/Authenticate M2M flows using quantum-safe ciphers, to withstand attacks by Quantum Computers; (ii) Implement “guaranteed intrusion detection systems” in FPGAs, to detect cyber-attacks embedded within billions of IIoT packets; (iii) Provide guaranteed immunity to external cyber-attacks, and exceptionally strong immunity to internal cyber-attacks; (iv) Save USD 100s of billions annually by exploiting FPGAs; and (v) Enable hybrid Classical-Quantum networks, by integrating a “quantum key distribution” (QKD) network with a classical forwarding plane with exceptionally strong cyber-security, determined by the computational hardness of cracking Symmetric Key Cryptography. Extensive experimental results for an SDD-WAN over the European Union are reported. Full article
(This article belongs to the Special Issue Hardware Security and Trust)
Show Figures

Figure 1

15 pages, 4624 KiB  
Article
CAPTIVE: Constrained Adversarial Perturbations to Thwart IC Reverse Engineering
by Amir Hosein Afandizadeh Zargari, Marzieh AshrafiAmiri, Minjun Seo, Sai Manoj Pudukotai Dinakarrao, Mohammed E. Fouda and Fadi Kurdahi
Information 2023, 14(12), 656; https://doi.org/10.3390/info14120656 - 11 Dec 2023
Cited by 1 | Viewed by 1590
Abstract
Reverse engineering (RE) in Integrated Circuits (IC) is a process in which one will attempt to extract the internals of an IC, extract the circuit structure, and determine the gate-level information of an IC. In general, the RE process can be done for [...] Read more.
Reverse engineering (RE) in Integrated Circuits (IC) is a process in which one will attempt to extract the internals of an IC, extract the circuit structure, and determine the gate-level information of an IC. In general, the RE process can be done for validation as well as Intellectual Property (IP) stealing intentions. In addition, RE also facilitates different illicit activities such as the insertion of hardware Trojan, pirating, or counterfeiting a design, or developing an attack. In this work, we propose an approach to introduce cognitive perturbations, with the aid of adversarial machine learning, to the IC layout that could prevent the RE process from succeeding. We first construct a layer-by-layer image dataset of 45 nm predictive technology. With this dataset, we propose a conventional neural network model called RecoG-Net to recognize the logic gates, which is the first step in RE. RecoG-Net is successful in recognizing the gates with more than 99.7% accuracy. Our thwarting approach utilizes the concept of adversarial attack generation algorithms to generate perturbation. Unlike traditional adversarial attacks in machine learning, the perturbation generation needs to be highly constrained to meet the fab rules such as Design Rule Checking (DRC) Layout vs. Schematic (LVS) checks. Hence, we propose CAPTIVE as a constrained perturbation generation satisfying the DRC. The experiments show that the accuracy of reverse engineering using machine learning techniques can decrease from 100% to approximately 30% based on the adversary generator. Full article
(This article belongs to the Special Issue Hardware Security and Trust)
Show Figures

Figure 1

17 pages, 3708 KiB  
Article
Attacking Deep Learning AI Hardware with Universal Adversarial Perturbation
by Mehdi Sadi, Bashir Mohammad Sabquat Bahar Talukder, Kaniz Mishty and Md Tauhidur Rahman
Information 2023, 14(9), 516; https://doi.org/10.3390/info14090516 - 19 Sep 2023
Viewed by 2193
Abstract
Universal adversarial perturbations are image-agnostic and model-independent noise that, when added to any image, can mislead the trained deep convolutional neural networks into the wrong prediction. Since these universal adversarial perturbations can seriously jeopardize the security and integrity of practical deep learning applications, [...] Read more.
Universal adversarial perturbations are image-agnostic and model-independent noise that, when added to any image, can mislead the trained deep convolutional neural networks into the wrong prediction. Since these universal adversarial perturbations can seriously jeopardize the security and integrity of practical deep learning applications, the existing techniques use additional neural networks to detect the existence of these noises at the input image source. In this paper, we demonstrate an attack strategy that, when activated by rogue means (e.g., malware, trojan), can bypass these existing countermeasures by augmenting the adversarial noise at the AI hardware accelerator stage. We demonstrate the accelerator-level universal adversarial noise attack on several deep learning models using co-simulation of the software kernel of the Conv2D function and the Verilog RTL model of the hardware under the FuseSoC environment. Full article
(This article belongs to the Special Issue Hardware Security and Trust)
Show Figures

Figure 1

Back to TopTop