Refine
Department, Institute
Document Type
- Conference Object (7)
- Article (1)
- Report (1)
Keywords
- IP protection (3)
- Embedded software (2)
- Fault analysis (2)
- Side-channel analysis (2)
- Antifuse memory (1)
- Authorship watermark (1)
- Chip ID (1)
- Code similarity analysis (1)
- Counterfeit protection (1)
- DFA Lab (1)
We present a new method for protecting chips against counterfeits that makes the IC identification more accessible to the end user. Our method requires the original chip manufacturer to frequently publish identification sequences for each IC. These sequences are excerpts from the output of a stream cipher that is embedded in the protected chip and parameterized by a secret unique key. The key initialization is done by a trusted party after manufacturing. For IC verification, the end user measures the side channel leakage of the chip under test. The chip is assessed to be genuine if the end user finds a significant correlation between the observed side channel leakage and several previously published identification sequences.
Fault-Channel Watermarks
(2016)
We introduce a new approach for securing intellectual property in embedded software implementations by using the response of an implementation to fault injections. In our approach, the implementation serves as its own watermark that is recorded through its fault effects. There is no additional code for the watermark. A simulator that maps the fault injections to the executed instructions aids an automated characterization of program code. We provide a proof-of-concept implementation of our watermarking approach using an 8-bit ATMega163 microcontroller and several assembly implementations of AES encryption. The results show that our method is well-suited for detection of identical software copies. In addition, our method shows robust performance in detection of software copies with a large number of added dummy instructions.
This paper presents a new method for protecting netlist-based Intellectual Property (IP) cores in FPGAs by actively using voltage-controlled side-channel receivers. The receivers are realized by modulating the supply voltage of the chip, while at the same time detecting these changes from within the chip using a ring oscillator. The levels of the supply voltage can be determined by constantly monitoring the frequency of the ring oscillator. To prove authorship of an IP core, the verifier authenticates himself to the core over the voltage side-channel and sends commands that limit the core's functionality. By monitoring the regular outputs of the overall system, it is possible to detect illegitimately used cores after repeatedly turning them on and off. The working principle of our method is demonstrated by a case study, in which we protect several IP cores and place them on a Spartan 3 FPGA, and show the steps necessary for successful proof of ownership verification.
We introduce the use of timing channels for digital watermarking of embedded hardware and software components. In addition to previous side channel watermarking schemes, timing analysis offers new perspectives for a remote verification of mobile and embedded products. Timing channels make it possible to detect the presence of a watermark solely by measuring program execution times.
We present new methods for detecting plagiarized code segments using side-channel leakage of microcontrollers. Our approach uses the dependency of side-channel leakage on processed data and requires that the implementation under test accepts varying known input data. Detection tools are built upon a similarity matrix that contains the absolute correlation coefficient for each combination of time samples of the two possibly different implementations as result of side channel measurements. These methods are evaluated on smartcards with ATMega163 microcontroller using different test applications written in assembly language. We show that our methods are highly robust even against a skilled adversary who modifies the original assembly code in various ways. Our approach is non-intrusive, so that the application does not need to be additionally watermarked in order to be protected—the resulting pattern of data leakage of the microcontroller executing the code is considered as its own watermark.
Given two embedded systems that perform the same task, how can we tell without looking at their source code whether or not they have been independently developed? This is a serious problem that might cause large monetary loss for embedded software companies that distribute their intellectual property (IP) without taking countermeasures against plagiarists. By committing IP violation, the plagiarist can save the cost and time that it took to develop the original software and bring a system with the same functionality but for a cheaper price to market.We address this problem by making use of side channels and faults — properties of physical systems that allow us to distinguish some of the performed instructions and computations. By passively observing the side channels, or even by actively creating them, we can detect plagiarized IP and prove or disprove its existence. In this work we present an overview of our research for IP protection in software.Related lab set-ups for teaching side channel and fault analysis in undergraduate and graduate studies at universities are described. This includes our regularly used Differential Power Analysis (DPA) Lab and Differential Fault Analysis (DFA) Lab as well as advanced labs that result from our research in side channel and fault channel watermarking.
In this work we present a new approach for counterfeit protection against remarked, overproduced, and out-of-spec integrated circuits (ICs). Our approach uses identification sequences that are regularly published by the original chip manufacturer and hidden in the electromagnetic (EM) leakage of authentic chips. A portion of the chip area is dedicated to a crypto engine running in stream cipher mode that is initialized with a unique key and initialization vector stored in one-time-programmable antifuse memory. IC identification is carried out in the field, by obtaining EM measurements of deployed ICs and by proving the presence of the genuine identification sequences in the measurements. We evaluate our approach using a proof-of-concept implementation on three FPGA boards by capturing EM leakage of the FPGAs under test at their decoupling capacitors. The results show that the user can carry out IC identification on-site, using standard lab equipment in short amount of time.
