DeepSecurity - Applying Deep Learning to Hardware Security
Lead Research Organisation:
Queen's University Belfast
Department Name: Sch of Electronics, Elec Eng & Comp Sci
Abstract
With the globalisation of supply chains the design and manufacture of today's electronic devices are now distributed worldwide, for example, through the use of overseas foundries, third party intellectual property (IP) and third party test facilities. Many different untrusted entities may be involved in the design and assembly phases and therefore, it is becoming increasingly difficult to ensure the integrity and authenticity of devices. The supply chain is now considered to be susceptible to a range of hardware-based threats, including hardware Trojans, IP piracy, integrated circuit (IC) overproduction or recycling, reverse engineering, IC cloning and side-channel attacks. These attacks are major security threats to military, medical, government, transportation, and other critical and embedded systems applications. The proposed project will use a common approach to investigate two of these threats, namely the use of deep-learning in the context of side-channel attacks and hardware Trojans.
Side-channel attacks (SCAs) exploit physical signal leakages, such as power consumption, electromagnetic emanations or timing characteristics, from cryptographic implementations, and have become a serious security concern with many practical real-world demonstrations, such as secret key recovery from the Mifare DESFire smart card used in public transport ticketing applications and from encrypted bitstreams on Xilinx Virtex-4/5 FPGAs. A hardware Trojan (HT) is a malicious modification of a circuit in order to control, modify, disable, monitor or affect the operation of the circuit. Although there have been no public reports of HTs detected in practice, in 2008 it was speculated that a critical failure in a Syrian radar may have been intentionally triggered via a hidden 'back door' inside a commercial off-the-shelf (COTS) microprocessor.
The proposed project seeks to investigate the application of deep learning in SCA and HT detection, with the ultimate goal of utilising deep learning based verification processes in Electronic Design Automation tools to provide feedback to designers on the security of their designs. In relation to the call, the project addresses the challenge of 'maintaining confidence in security through the development process', and more specifically 'building supply chain confidence' and 'novel hardware analysis toolsets and techniques'.
Side-channel attacks (SCAs) exploit physical signal leakages, such as power consumption, electromagnetic emanations or timing characteristics, from cryptographic implementations, and have become a serious security concern with many practical real-world demonstrations, such as secret key recovery from the Mifare DESFire smart card used in public transport ticketing applications and from encrypted bitstreams on Xilinx Virtex-4/5 FPGAs. A hardware Trojan (HT) is a malicious modification of a circuit in order to control, modify, disable, monitor or affect the operation of the circuit. Although there have been no public reports of HTs detected in practice, in 2008 it was speculated that a critical failure in a Syrian radar may have been intentionally triggered via a hidden 'back door' inside a commercial off-the-shelf (COTS) microprocessor.
The proposed project seeks to investigate the application of deep learning in SCA and HT detection, with the ultimate goal of utilising deep learning based verification processes in Electronic Design Automation tools to provide feedback to designers on the security of their designs. In relation to the call, the project addresses the challenge of 'maintaining confidence in security through the development process', and more specifically 'building supply chain confidence' and 'novel hardware analysis toolsets and techniques'.
Planned Impact
The overall goal of the DeepSecurity research project is to investigate the use of deep learning for security verification in EDA tools, specifically in relation to hardware Trojan detection and side channel analysis, to allow non-security experts receive feedback on how to improve the security of their designs prior to fabrication. Hence, the research outputs will be of immediate relevance to entities for which supply chain confidence is of critical importance, for example, military, medical, government, transportation, and other critical infrastructure organisations.
In terms of direct economic impact, the project partners, BAE Systems and Cryptography Research (CRI) will be the first users and beneficiaries of the research outputs, but further beneficiaries will naturally ensue. Securing an untrustable hardware supply chain is an area of significant interest for BAE. CRI offers side channel countermeasures in addition to independent testing of devices to evaluate their side-channel resistance. Therefore, for them the research into DL-based attacks is particularly relevant, in addition to the proposed DL-based automated side-channel secure verification framework.
Hardware security is regarded as the foundation of effective IoT security and is essential to realising the IoT value proposition. A common theme in all the realms of IoT is the need for dependability and security. This was highlighted in the 2015 HiPEAC Vision report as a primary challenge for IoT. It outlines that security has to become one of the primary design features of whole systems, thus, underlining the importance of the proposed DeepSecurity project. Hence, the provision of security assurances to IoT devices, acts as an enabling layer for IoT applications and analytics, which when in full deployment will result in significant societal impact through, for example, more intelligent food production, energy consumption, traffic congestion/collision avoidance and remote healthcare applications.
The project will also enrich the skills pool in the UK with uniquely skilled researchers in the areas of hardware Trojan detection, side channel analysis and (secure) hardware design processes. CRI has offered to provide internship opportunities for the PhD students working on the project. In addition, experiences and insights developed in the project will be reflected back into the teaching curriculum of the MSc in Applied Cyber Security at QUB.
In terms of direct economic impact, the project partners, BAE Systems and Cryptography Research (CRI) will be the first users and beneficiaries of the research outputs, but further beneficiaries will naturally ensue. Securing an untrustable hardware supply chain is an area of significant interest for BAE. CRI offers side channel countermeasures in addition to independent testing of devices to evaluate their side-channel resistance. Therefore, for them the research into DL-based attacks is particularly relevant, in addition to the proposed DL-based automated side-channel secure verification framework.
Hardware security is regarded as the foundation of effective IoT security and is essential to realising the IoT value proposition. A common theme in all the realms of IoT is the need for dependability and security. This was highlighted in the 2015 HiPEAC Vision report as a primary challenge for IoT. It outlines that security has to become one of the primary design features of whole systems, thus, underlining the importance of the proposed DeepSecurity project. Hence, the provision of security assurances to IoT devices, acts as an enabling layer for IoT applications and analytics, which when in full deployment will result in significant societal impact through, for example, more intelligent food production, energy consumption, traffic congestion/collision avoidance and remote healthcare applications.
The project will also enrich the skills pool in the UK with uniquely skilled researchers in the areas of hardware Trojan detection, side channel analysis and (secure) hardware design processes. CRI has offered to provide internship opportunities for the PhD students working on the project. In addition, experiences and insights developed in the project will be reflected back into the teaching curriculum of the MSc in Applied Cyber Security at QUB.
Publications
Dou Y
(2021)
Design and analysis of hardware Trojans in approximate circuits
in Electronics Letters
Hoang A
(2022)
Stacked Ensemble Model for Enhancing the DL based SCA
Xue M
(2020)
Ten years of hardware Trojans: a survey from the attacker's perspective
in IET Computers & Digital Techniques
Yu S
(2022)
Deep Learning-Based Hardware Trojan Detection With Block-Based Netlist Information Extraction
in IEEE Transactions on Emerging Topics in Computing
| Description | This project funded two activities: (1) Hosting the RISE Institute; and (2) Undertaking research on the application of Deep Learning in Hardware Security. (1) In relation to RISE, we have made excellent progress across our funded research projects, we kicked-off an international collaboration between the core RISE partners and NTU and NUS in Singapore, and launched a UK competition targeting final year UG/MSc students, sponsored by ARM, to help stimulate the next generation of UK hardware security experts. However, given a key focus of RISE is to grow the UK hardware and embedded systems community by bringing academia and industry together through networking events, the pandemic made this particularly challenging to deliver effectively. However, we did manage to host a number of spring/summer schools and Annual Conferences. Significant research outputs to date include: • Plundervolt - an attack developed as part of the University of Birmingham funded project which exploited vulnerabilities with Intel's Software Guard Extensions, leading to errors that could leak secret information such as encryption keys. • Thunderclap - research by the University of Cambridge team that identified vulnerabilities with USB and Thunderbolt interface standards and which provided security recommendations for hardening systems that were incorporated into the USB 4 standard. • The Apple Pay vulnerability discovered by the University of Surrey's RISE project which showed that Apple Pay in Express Transit mode if used with a Visa card could be abused to make an Apple Pay payment to any shop terminal, of any value, without the need for user authentication In 2020 we kicked-off a collaborative project, Secure IoT Processor Platform with Remote Attestation (SIPP), which was funded under the EPSRC International Centre-to-centre call. The SIPP project brings together the core RISE partners, namely Queen's University Belfast and the Universities of Cambridge, Bristol and Birmingham, with leading academics in the field of hardware security and security architecture design from the National University of Singapore and Nanyang Technological University, Singapore, to develop a novel secure IoT processor platform with remote attestation implemented on a RISC-V architecture. We also published a call for Proof of Concept projects (funded by NCSC), seeking to support the pre-commercialisation of leading-edge technologies arising from RISE-funded projects. The funding is expected to be used to develop an idea through to a stage where a route to commercialisation is clear, either as a spin out, or via licensing or open-sourcing. Two projects were successful, FPGADefender4Clouds - an FPGA Virus Scanner for FPGA Cloud Environments, from Professor Dirk Koc at the University of Manchester and GUPT: A Hardware-Assisted Secure and Private Data Analytics Service, from Professor Markulf Kohlweiss and Dr Michia Honda at the University of Edinburgh. (2) The research project seeks to investigate the application of deep learning in Side Channel Analysis and Hardware Trojan detection. Deep-Learning based Hardware Trojan (HT) Detection Various functional Hardware Trojan detection techniques have been proposed over the past decade. However, approaches based on simulation, side channel analysis (SCA), reverse engineering and logic testing have shortcomings. Both simulation and logic testing have difficulties in generating comprehensive test vectors. SCA approaches usually need a 'golden' circuit and are sensitive to process variation. Moreover, for both the reverse engineering and SCA attacks, the preparation cost of test platforms or the extra overhead of the integration of detection sensors in integrated circuits (ICs) could make the detection very expensive. In this research work, we propose a data-driven HT detection system based on gate-level netlists which requires no prior knowledge of the circuit. The proposed HT detection system provides an extremely simplified detection process without the need for any pre-processing or extra circuit overheads, and it is also effective for various types of circuits. A Natural language processing (NLP) technique is utilized for feature extraction from the circuit netlist for HT detection. To the best of the authors' knowledge, this is the first time NLP has been applied on raw gate-level netlist data for HT detection. Data-driven DL models, namely LSTM and CNN, are utilized for data training based on the extracted features using the NLP algorithm. The results are verified using the Trust-Hub database, an open-source HT benchmarking library. Experimental results show that both the LSTM and CNN DL models achieve good HT detection performance for various Trojan netlists. Deep Learning (DL) in Side-Channel Analysis DL has proven to be very effective for image recognition tasks, with a large body of research on various model architectures for object classification. The application of DL to side-channel analysis has shown promising success, with experimentation on open-source variable key datasets showing that secret keys can be revealed with 100s of traces even in the presence of countermeasures. In this project we further improve the application of DL for SCA, by enhancing the power of DL when targeting the secret key of cryptographic algorithms that are protected with SCA countermeasures. We propose a new model, a CNN-based model with a Plaintext feature extension (CNNP) together with multiple convolutional filter kernel sizes and structures with deeper and narrower neural networks. This approach has empirically proven its effectiveness by outperforming reference profiling attack methods such as template attacks (TAs), convolutional neural networks (CNNs) and multilayer perceptron (MLP) models. This research culminated in a publication in IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES) in August 2020. More recent work further improved the performance of CNN-based SCA models and reduced the number of attack traces needed to successfully recover the key to 24. |
| Exploitation Route | We have an extensive Industry Advisory Board as part of the NCSC/EPSRC-funded Research Institute in Secure Hardware and Embedded Systems (RISE) to whom we have opportunities to disseminate the research outputs of all RISE-funded projects. |
| Sectors | Digital/Communication/Information Technologies (including Software) |
| URL | https://www.ukrise.org/ |
| Title | An Improved Automatic Hardware Trojan Generation Platform |
| Description | A new method to generate Hardware Trojans (HTs) using a highly configurable generation platform based on transition probability. The generation platform is highly configurable in terms of the HT trigger condition, trigger type, payload type and in the number and variety of HT-infected circuits that can be generated. The generated HT samples will support the training and evaluation of HT detection model based on Deep Learning. |
| Type Of Material | Improvements to research infrastructure |
| Year Produced | 2019 |
| Provided To Others? | Yes |
| Impact | We developed a novel feature extraction strategy for machine learning (ML)-based Hardware Trojan (HT) detection based on the HT samples generated from this HT generation platform and also evaluated the ML-based HT detection model on this platform. |
| URL | https://doi.org/10.1109/ISVLSI.2019.00062 |
| Description | 2018 Annual Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | The 1st RISE Annual Conference was held on 14th November in London with approximately 80 National and International participants. The core RISE partners (Universities of Cambridge, Bristol and Birmingham and Queen's) presented updates on their RISE-funded projects and the latest set of funded projects (U. Manchester, Edinburgh, Cambridge and Surrey) were also introduced. We had 2 international keynote speakers, Jo Van Bulck, KU Leuven, and Patrick Koeberl, Principal Engineer, Security and Privacy Research, Intel Labs. The event also included lightning talks from early career researchers from across UK academia. The conference provided an opportunity for the exchange of views between industry, academic, and government representatives. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.ukrise.org/rise-2018-annual-conference/ |
| Description | 2018 RISE Spring School |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Postgraduate students |
| Results and Impact | The UK Research Institute in Secure Hardware and Embedded Systems (RISE) hosted a Spring School at the University of Cambridge on 28-29 March 2018 with approximate 80 attendees. The Spring school brought together the hardware security community, both academic and industry, in the UK. The programme was delivered over the two days, with talks made available online at: https://www.ukrise.org/springschool/. The aim of the spring school was to increase the skillset in the UK in the area of hardware security. The online talks have also been used by RISE industry partners for internal training purposes. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.ukrise.org/springschool/ |
| Description | 2019 Annual Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | The RISE 2019 annual conference took place at the National Liberal Club in London, on 21st November 2019. The full day plenary program included a keynote from Professor Cetin Koç (University of California, Santa Barbara), lightening talks from early-stage researchers and updates from each of the RISE projects. The conference was well attended, with over 80 participants and concluded with a closed session Industry Stakeholder and Advisory Board (ISAB) meeting. This session proving a useful opportunity for the exchange of views between industry, academic, and government representatives. |
| Year(s) Of Engagement Activity | 2019 |
| URL | https://www.ukrise.org/rise-2019-annual-conference/ |
| Description | 2019 RISE Spring School |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Postgraduate students |
| Results and Impact | RISE held its 2nd Spring School at the Centre for Secure Information Technologies (CSIT), Queen's University Belfast, on 28 Feb - 1 Mar 2019. The Spring school brought together the hardware security community, both academic and industry, in the UK. The programme was delivered over the two days, with talks made available online at: https://www.ukrise.org/springschool2019/ The aim of the spring school was to increase the skillset in the UK in the area of hardware security. The online talks have also been used by RISE industry partners for internal training purposes. |
| Year(s) Of Engagement Activity | 2019 |
| URL | https://www.ukrise.org/springschool2019/ |
| Description | 2021 RISE Annual Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | The UK Research Institute in Secure Hardware and Embedded Systems (RISE) 4th Annual Conference was held as an online event on 13th December 2021. The agenda included project updates on all 8 RISE-funded projects in addition to 2 keynote talks by Aaron Hogan, Director of Engineering, Qualcomm, and Professor Herbert Bos, Vrije Universiteit Amsterdam. The conference provided an opportunity for the exchange of views between industry, academic, and government representatives. The talks are available online at: https://www.ukrise.org/conference-videos-2021/ |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.ukrise.org/2021-annual-conference/ |
| Description | 2022 RISE Annual Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | The RISE 5th Annual Conference was held at the Royal Academy of Engineering, London, on 2nd December 2022. Each of the RISE-funded partners presented updates on their projects and there were 2 x keynote speakers: Prof Mark M. Tehranipoor, the Intel Charles E. Young Preeminence Endowed Chair Professor in Cybersecurity, University of Florida, and Dr Patrik Ekdahl, Manager of Platform Security Research, Ericsson. The conference provided an opportunity for the exchange of views between industry, academic, and government representatives. |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://www.ukrise.org/2022-annual-conference/ |
| Description | 2022 RISE Summer School |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Postgraduate students |
| Results and Impact | RISE hosted a Summer School at the Centre for Secure Information Technology (CSIT), Belfast, 20th - 21st July 2022. The Spring school brought together the hardware security community, both academic and industry, in the UK. The programme was delivered over the two days, with talks made available online at: https://www.ukrise.org/summer-school-videos-2022/ The aim of the spring school was to increase the skillset in the UK in the area of hardware security. The online talks have also been used by RISE industry partners for internal training purposes. |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://www.ukrise.org/summer-school-videos-2022/ |
| Description | Is Engineering Significant Difference the Key to Enhanced Cybersecurity? |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Joint event with the EPSRC-funded EFutures network on 'Is Engineering Significant Difference the Key to Enhanced Cybersecurity?' with the following Speakers: Peter Davies - Thales, UK Dr Weiqiang Liu, NUAA, China Dr Dan Page, U. Bristol Dr Chongyan Gu, QUB Prof Kerstin Eder, U. Bristol The aim of the event was to promote the importance of engineering significant differences in enhancing cybersecurity. |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.ukrise.org/cybersecurities-of-the-future-engineering-significant-difference/ |
| Description | RISE 2020 Annual Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | The RISE 2020 annual conference was held as a virtual event on 30th November 2020. The event started with an invited tutorial session by Ilhan Gurel of Erricson, on the subject of Confidential Computing. The afternoon session included a keynote by Prof. Patrick Schaumont of Worcester Polytechnic Institute on EDA tools for security testing and countermeasure synthesis. Alongside these talks were updates from the RISE projects and updates on entry to academic/industry competition by ISCF on Digital Security by Design (DSbD) Software Ecosystems. The conference provided an opportunity for the exchange of views between industry, academic, and government representatives. |
| Year(s) Of Engagement Activity | 2020 |
| URL | https://www.ukrise.org/rise-2020-annual-conference/ |