Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

3 1
4
Reset filters

Settings
Now showing 1 - 4 of 4
  • Publication
    GRAIN - Truly Privacy-friendly and Self-sovereign Trust Establishment with GNS and TRAIN
    ( 2024)
    Schanzenbach, Martin
    ;
    Nadler, Sebastian
    ;
    Johnson Jeyakumar, Isaac Henderson orcid-logo
    Robust and secure trust establishment is an open problem in the domain of self-sovereign identities (SSI). The TRAIN [KR21] concept proposes to leverage the security guarantees and trust anchor of the DNS to publish and resolve pointers to trust lists from DNS. While the DNS is a corner stone of the Internet, its continued use is primarily a consequence of inertia due to its crucial function as the address discovery system for existing Internet services. Research and development in the area of SSI is — for the most part — green field. The choice of DNS as a core building block appears fainthearted given its open security issues. Recently, the IETF paved the way to experiment with alternative name systems in real world deployments by reserving the special-use top-level domain ".alt" in the domain name space [KH23]. This allows us to use alternative name systems such as the GNU Name System (GNS) [SGF23a] without intruding into the domain name space reserved for DNS. In this paper, we show how we can use the GNS as a drop-in replacement for DNS in TRAIN. We show how TRAIN-over-GNS (GRAIN) can deliver security and privacy improvements the security concept of TRAIN-over DNS and show that it is practically feasible with limited modifications of existing software stacks.
  • Publication
    CompaSeC: A Compiler-Assisted Security Countermeasure to Address Instruction Skip Fault Attacks on RISC-V
    ( 2023-01-31)
    Geier, Johannes
    ;
    Auer, Lukas orcid-logo
    ;
    Mueller-Gritschneder, Daniel
    ;
    Sharif, Uzair
    ;
    Schlichtmann, Ulf
    Fault-injection attacks are a risk for any computing system executing security-relevant tasks, such as a secure boot process. While hardware-based countermeasures to these invasive attacks have been found to be a suitable option, they have to be implemented via hardware extensions and are thus not available in most Commonly used Off-The-Shelf (COTS) components. Software Implemented Hardware Fault Tolerance (SIHFT) is therefore the only valid option to enhance a COTS system’s resilience against fault attacks. Established SIHFT techniques usually target the detection of random hardware errors for functional safety and not targeted attacks. Using the example of a secure boot system running on a RISC-V processor, in this work we first show that when the software is hardened by these existing techniques from the safety domain, the number of vulnerabilities in the boot process to single, double, triple, and quadruple instruction skips cannot be fully closed. We extend these techniques to the security domain and propose Compiler-assisted Security Countermeasure (CompaSeC). We demonstrate that CompaSeC can close all vulnerabilities for the studied secure boot system. To further reduce performance and memory overheads we additionally propose a method for CompaSeC to selectively harden individual vulnerable functions without compromising the security against the considered instruction skip faults.
  • Publication
    Golden Model-Free Hardware Trojan Detection by Classification of Netlist Module Graphs
    ( 2022)
    Hepp, A.
    ;
    Baehr, J.
    ;
    Sigl, Georg
    In a world where increasingly complex integrated circuits are manufactured in supply chains across the globe, hardware Trojans are an omnipresent threat. State-of-the-art methods for Trojan detection often require a golden model of the device under test. Other methods that operate on the netlist without a golden model cannot handle complex designs and operate on Trojan-specific sets of netlist graph features. In this work, we propose a novel machine-learning-based method for hardware Trojan detection. Our method first uses a library of known malicious and benign modules in hierarchical designs to train an eXtreme Gradient Boosted Tree Classifier (XGBClassifier). For training, we generate netlist graphs of each hierarchical module and calculate feature vectors comprising structural characteristics of these graphs. After the training phase, we can analyze the synthesized hierarchical modules of an unknown design under test. The method calculates a feature vector for each module. With this feature vector, each module can be classified into either benign or malicious by the previously trained XGBClassifier. After classifying all modules, we derive a classification for all standard cells in the design under test. This technique allows the identification of hardware Trojan cells in a design and highlights regions of interest to direct further reverse engineering efforts. Experiments show that this approach performs with >97 % Sensitivity and Specificity across available and newly generated hardware Trojan benchmarks and can be applied to more complex designs than previous netlist-based methods while maintaining similar computational complexity.
  • Publication
    Counteract Side-Channel Analysis of Neural Networks by Shuffling
    ( 2022)
    Brosch, M.
    ;
    Probst, M.
    ;
    Sigl, Georg
    Machine learning is becoming an essential part in almost every electronic device. Implementations of neural networks are mostly targeted towards computational performance or memory footprint. Nevertheless, security is also an important part in order to keep the network secret and protect the intellectual property associated to the network. Especially, since neural network implementations are demonstrated to be vulnerable to side-channel analysis, powerful and computational cheap countermeasures are in demand. In this work, we apply a shuffling countermeasure to a microcontroller implementation of a neural network to prevent side-channel analysis. The countermeasure is effective while the computational overhead is low. We investigate the extensions necessary for our countermeasure, and how shuffling increases the effort for an attack in theory. In addition, we demonstrate the increase in effort for an attacker through experiments on real side-channel measurements. Based on the mechanism of shuffling and our experimental results, we conclude that an attack on a commonly used neural network with shuffling is no longer feasible in a reasonable amount of time.