Hardware Security Projects

To evaluate the risk of security attacks on a system, one should be able to define them. Unfortunately, such a tool does not exist.
This project is based on the Master Thesis of Mr. Kfir Girstein and on the SW package he developed. The purpose of the project is to extend the tool and add a graphical interface to it.
Students who decide to continue their research could add to the tool additional sophisticated features such as internal and external events.  

This project aims to examine the effectiveness of HTM algorithms in order to detect security attacks on systems.
The project will have 2 parts:

1. Run an existing HTM algorithm on tagged data.
2. Improve the algorithm.

If successful, the work can be extended into a Master Thesis

Traditionally, side-channel attacks are performed using measurement tools which are attached to the DUT (device under test).
Recently, we published a paper “The Use of Performance-Countersto Perform Side-Channel Attacks” that shows that under some conditions, a user can use performance counters to perform remote attacks (i.e., without physical access to the device).
This project aims to extend the experiments being presented in the paper and extend the usage model from Intel X86 to ARM-based platforms.
The code being used for the paper will be provided. 

The Integrated Circuit (IC) reverse engineering is an important tool in IC development, verification, searching for IP piracy and detection of injected malicious circuits (hardware Trojans). The common approach to the circuit reverse engineering is searching for sub-circuits that implement specific functions (like arithmetic blocks, FSMs, register files and more). Due to the size, complexity and lack of structure of the modern circuits, sub-circuit recognition presents a complex task. The recently emerged Graph Neural Network (GNN) discipline may provide a solution for effective subcircuit recognition.
In this project, we will evaluate a GNN-based method of sub-circuit recognition proposed by a recent research paper.

RISC-V is a popular modern open-source CPU architecture. One of its implementations, IBEX, proposes a set of security features, one of which is ‘dummy instruction insertion’. This feature serves two goals. It prevents from attacks that extract information from execution timing, and it hinders synchronization required to mount other attacks, such as power analysis.
The goal of this project is investigation and potentially an enhancement of effectiveness of this feature against real attacks.

In this project we will implement a protected ALU based on the paper by H. Gross “Sharing is Caring — On the Protection of Arithmetic Logic Units against Passive Physical Attacks”. The implementation will be done in System Verilog and will be synthesized using Synopsys tools. The resulting module will be verified in simulation and the overhead in area and performance will be estimated. Finally, using a simple power consumption emulation technique, the circuit’s protection against attacks will be assessed.

Physically unclonable functions (PUFs) are special hardware primitives that produce responses on challenges, which are unique for every PUF instance. PUFs are widely used for the integrated circuit (IC) identification and secret key generation. The special PUF behavior comes from the process variation phenomenon. Small variation in the electrical parameters between individual chips makes the same PUF design produce different results. Ideally, the PUF behavior cannot be modeled. In practice, various attacks on PUFs have been introduced, such as using machine learning to characterize the PUF behavior.
In this project, we are interested to learn about a parametric attack on PUFs mounted by a malicious manufacturing facility.

Security verification, particularly for hardware, is a challenging task, since it requires to cover a wide variety of scenarios. To assist the hardware security verification of software, the Common Weaknesses Enumeration database was recently introduced. While the classical verification approach requires writing tests to cover each of the scenarios, this approach is known as dynamic verification. This task is both labor-intensive and incomplete. The community is seeking alternatives to the dynamic verification approach, exploring various types of static verification. In static verification, rather than writing tests to cover scenarios, we define rules and try to prove these rules on a circuit using analytical methods.
In this project, we are interested to check the machine learning ability to detect security vulnerabilities. In particular, we will apply the Graph Neural Network techniques to that task.

Research in computer science and engineering requires data for evaluation. This data should be consistent, organized, and unbiased in order to serve as a base line for evaluation of tools, algorithms, and general research. Hardware security and reverse engineering, in particular, need benchmarks for research and evaluation. Recently, with the introduction of machine learning to these fields, another important use of benchmarks has emerged, training set.
However, the number of logical circuits openly available is limited and therefore cannot serve a sound base for training. The industry needs a way to obtain benchmarks in large amounts. A possible solution is creating synthetic benchmarks based on reference authentic examples.