DeepSecurity - Applying Deep Learning to Hardware Security

Lead Research Organisation: Queen's University of Belfast
Department Name: Electronics Electrical Eng and Comp Sci

Abstract

With the globalisation of supply chains the design and manufacture of today's electronic devices are now distributed worldwide, for example, through the use of overseas foundries, third party intellectual property (IP) and third party test facilities. Many different untrusted entities may be involved in the design and assembly phases and therefore, it is becoming increasingly difficult to ensure the integrity and authenticity of devices. The supply chain is now considered to be susceptible to a range of hardware-based threats, including hardware Trojans, IP piracy, integrated circuit (IC) overproduction or recycling, reverse engineering, IC cloning and side-channel attacks. These attacks are major security threats to military, medical, government, transportation, and other critical and embedded systems applications. The proposed project will use a common approach to investigate two of these threats, namely the use of deep-learning in the context of side-channel attacks and hardware Trojans.

Side-channel attacks (SCAs) exploit physical signal leakages, such as power consumption, electromagnetic emanations or timing characteristics, from cryptographic implementations, and have become a serious security concern with many practical real-world demonstrations, such as secret key recovery from the Mifare DESFire smart card used in public transport ticketing applications and from encrypted bitstreams on Xilinx Virtex-4/5 FPGAs. A hardware Trojan (HT) is a malicious modification of a circuit in order to control, modify, disable, monitor or affect the operation of the circuit. Although there have been no public reports of HTs detected in practice, in 2008 it was speculated that a critical failure in a Syrian radar may have been intentionally triggered via a hidden 'back door' inside a commercial off-the-shelf (COTS) microprocessor.

The proposed project seeks to investigate the application of deep learning in SCA and HT detection, with the ultimate goal of utilising deep learning based verification processes in Electronic Design Automation tools to provide feedback to designers on the security of their designs. In relation to the call, the project addresses the challenge of 'maintaining confidence in security through the development process', and more specifically 'building supply chain confidence' and 'novel hardware analysis toolsets and techniques'.

Planned Impact

The overall goal of the DeepSecurity research project is to investigate the use of deep learning for security verification in EDA tools, specifically in relation to hardware Trojan detection and side channel analysis, to allow non-security experts receive feedback on how to improve the security of their designs prior to fabrication. Hence, the research outputs will be of immediate relevance to entities for which supply chain confidence is of critical importance, for example, military, medical, government, transportation, and other critical infrastructure organisations.

In terms of direct economic impact, the project partners, BAE Systems and Cryptography Research (CRI) will be the first users and beneficiaries of the research outputs, but further beneficiaries will naturally ensue. Securing an untrustable hardware supply chain is an area of significant interest for BAE. CRI offers side channel countermeasures in addition to independent testing of devices to evaluate their side-channel resistance. Therefore, for them the research into DL-based attacks is particularly relevant, in addition to the proposed DL-based automated side-channel secure verification framework.

Hardware security is regarded as the foundation of effective IoT security and is essential to realising the IoT value proposition. A common theme in all the realms of IoT is the need for dependability and security. This was highlighted in the 2015 HiPEAC Vision report as a primary challenge for IoT. It outlines that security has to become one of the primary design features of whole systems, thus, underlining the importance of the proposed DeepSecurity project. Hence, the provision of security assurances to IoT devices, acts as an enabling layer for IoT applications and analytics, which when in full deployment will result in significant societal impact through, for example, more intelligent food production, energy consumption, traffic congestion/collision avoidance and remote healthcare applications.

The project will also enrich the skills pool in the UK with uniquely skilled researchers in the areas of hardware Trojan detection, side channel analysis and (secure) hardware design processes. CRI has offered to provide internship opportunities for the PhD students working on the project. In addition, experiences and insights developed in the project will be reflected back into the teaching curriculum of the MSc in Applied Cyber Security at QUB.

Publications

10 25 50
 
Description Hardware Trojans (HTs) are acknowledged as a significant emerging security concern in the IC industry resulting from the globalization of the semiconductor supply chain. Recently, taking advantage of the exponential growth in computing power, machine learning (ML) approaches are being considered for HT detection.
However, the circuit structure and components of an integrated circuit (IC) design are different from the data types in the ML models. To efficiently extract HT features from complex IC designs and utilize common ML-based detection approaches is challenging. A novel HT feature extraction strategy based on gate-level circuit netlists is proposed to tackle the challenges. The detection results show high recall in nearly all tested benchmarks, achieving at most 97.7% recall on sequential Trojans and 84.8% on combinational ones.
Exploitation Route We are working with industry partners (BAE Systems) on this research project who may be in a position to take this research forward in the future.
We also have an extensive Industry Advisory Board as part of the NCSC/EPSRC-funded Research Institute in Secure Hardware and Embedded Systems (RISE) to whom we have opportunities to disseminate our research outputs.
Sectors Digital/Communication/Information Technologies (including Software),Security and Diplomacy

 
Title An Improved Automatic Hardware Trojan Generation Platform 
Description A new method to generate Hardware Trojans (HTs) using a highly configurable generation platform based on transition probability. The generation platform is highly configurable in terms of the HT trigger condition, trigger type, payload type and in the number and variety of HT-infected circuits that can be generated. The generated HT samples will support the training and evaluation of HT detection model based on Deep Learning. 
Type Of Material Improvements to research infrastructure 
Year Produced 2019 
Provided To Others? Yes  
Impact We developed a novel feature extraction strategy for machine learning (ML)-based Hardware Trojan (HT) detection based on the HT samples generated from this HT generation platform and also evaluated the ML-based HT detection model on this platform. 
URL https://doi.org/10.1109/ISVLSI.2019.00062