PROACT Training School

To tackle the issues with on-chip IP protections, the role of a trusted entity, which can unlock the IP, is often played by electronic design automation (EDA) tools. Although EDA tools have often been assumed to be trusted, the security and privacy of IPs have not been involved in their specifications. In an attempt to provide such capabilities, the IEEE P1735 standard for encryption and management of IPs was created. Unfortunately, it was demonstrated that this standard suffers from side-channel leakage by EDA tools and, accordingly, the disclosure and undetectable tampering of the IPs. This lecture will discuss the issue with the security-aware EDA tools and introduce a new generation of them, where secure and private multi-party computation has been applied to guarantee the security and privacy of IPs.

Bio: Fatemeh Ganji is an Assistant Professor at the Department of Electrical and Computer Engineering at Worcester Polytechnic Institute (WPI). She defended her dissertation with the title "On the Learnability of Physically Unclonable Functions" at the Technical University of Berlin, with an overall grade of "distinction" (= summa cum laude). For her dissertation, she was awarded the BIMoS Ph.D. Award 2018 and nominated by the Technical University of Berlin for the ACM Dissertation Award. She also received the NSF Engineering Research Initiation (ERI) award. Her research focuses on interdisciplinary approaches covering two main angles of hardware security, namely machine learning and cryptography, for the design and evaluation of security-critical hardware. Her research has been funded by the European Union (Horizon 2020 and Seventh Framework Program), the German Federal Ministry of Education and Research (BMBF), the National Science Foundation, and the National Institute of Standards and Technology. To contribute to the community, she has served as a reviewer for IEEE and ACM journals, as well as a technical program committee member of the ACM Conference on Computer and Communications Security (CCS, 2023), Conference on Cryptographic Hardware and Embedded Systems (CHES, 2020-2023), Design, Automation, and Test in Europe Conference (DATE 2021-23), to name a few.

Deep learning-based side-channel attacks entered the profiling attack field in recent years, promising more competitive performance than other techniques. Indeed, such attacks are powerful as they can break targets protected with countermeasures but are also "easier" to deploy as they do not require pre-processing and feature selection.

This tutorial will provide an overview of the developments in deep learning-based side-channel attacks. We will cover relevant topics like data augmentation, neural network selection, hyperparameter tuning, evaluation of the attack performance, explainability, and custom neural network elements (loss functions, activation functions).

The tutorial will cover both the theoretical and the practical aspects. The attendees can run the code on their laptops and tweak some well-known approaches presented in the last few years.

Bio: Stjepan Picek is an associate professor at Radboud University, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Prior to the associate professor position, Stjepan was an assistant professor at TU Delft, and a postdoctoral researcher at MIT, USA and KU Leuven, Belgium. Stjepan finished his PhD in 2015 with a topic on cryptology and evolutionary computation techniques. Stjepan also has several years of experience working in industry and government. Up to now, Stjepan has given more than 30 invited talks and published more than 150 refereed papers. He is a program committee member and reviewer for a number of conferences and journals, and a member of several professional societies. His work has been featured in the mainstream media and on popular technology blogs.

In the second part of the presentation, we focus on combination of fault attack with power attacks. We demonstrate one of the first practical combined attacks (laser + power) on bit permutation based ciphers like PRESENT and GIFT as well as on widely used redundancy countermeasure. The attack methodology can be further adapted to perform deep round attacks on algorithms like AES. The power of combined side-channel and fault attacks is further shown to evaluate advanced countermeasures like DOMREP, which individually provides side-channel and fault protection of arbitrary order. We show that higher order masking of DOMREP can leak at first order in presence of faults.

Bio: Dr. Shivam Bhasin is a Senior Research Scientist and Programme Manager (Cryptographic Engineering) at Centre for Hardware Assurance, Temasek Laboratories, Nanyang Technological University Singapore. He received his PhD in Electronics & Communication from Telecom Paristech in 2011, Advanced Master in Security of Integrated Systems & Applications from Mines Saint-Etienne, France in 2008. Before NTU, Shivam held position of Research Engineer in Institut Mines-Telecom, France. He was also a visiting researcher at UCL, Belgium (2011) and Kobe University (2013). His research interests include embedded security, trusted computing and secure designs. He has co-authored several publications at recognized journals and conferences. Some of his research now also forms a part of ISO/IEC 17825 standard.

We discuss how to sense such impedance variations using a well-known RF/microwave method called scattering parameter analysis, in which we inject sine wave signals with high frequencies into the system's PDN and measure the echo of the signals. In the first part of the talk, we demonstrate how impedance analysis can be used as a unified technique for tamper/Trojan detection at PCB, package, and die levels. In the second part of the talk, we show how the impedance can be deployed as a powerful side-channel attack tool to break the security of masked hardware-based cryptographic implementations.

Bio: Dr. Shahin Tajik is an Assistant Professor at Worcester Polytechnic Institute (WPI). Before joining WPI, Dr. Tajik was an Assistant Research Professor at the Florida Institute for Cybersecurity (FICS) Research at the University of Florida. He received his Ph.D. in Electrical Engineering in 2017 from the working group SECT, a collaboration of the Technical University of Berlin and Deutsche Telekom Innovation Laboratories in Germany. His field of research includes non-invasive and semi-invasive attacks, Physically Unclonable Functions (PUFs), security evaluation of FPGAs, and tamper protection mechanisms. His ACM CCS'17 paper "On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs" was awarded 1st place in the Applied Research Competition of European Cyber Security Awareness Week (CSAW) in 2017. He was also awarded the best hardware demo at IEEE HOST 2020.

Bio: Currently, I am working for Intel. Before that, I worked for Lamarr Security Research, the Radboud University in Nijmegen, and the Graz University of Technology. So far, I have done research in cryptography (analysis and design of symmetric cryptography) and implementation security (side-channel and fault attacks). However, my interests are not limited to these topics. I am a co-designer of the authenticated encryption schemes Ascon, Elephant, and ISAP.

These attacks can be difficult to detect and prevent, and can have serious consequences for both individuals and organizations. Moreover, as devices become more complex and powerful, meeting the performance demands while balancing the security requirements becomes challenging. In this talk, we'll discuss various countermeasures against side-channel attacks as well as the related tradeoffs they present for a secure hardware design.

Bio: My name is Begul Bilgin and I'm working in Rambus as a hardware security engineer since 2017. While my main focus is protection against side-channel and fault attacks, I enjoy various challenges related to crypto including high performance implementations, symmetric-key designs and random number generators. Before joining Rambus, I first completed my PhD on threshold implementations, then worked as a post-doctoral researcher in KU-Leuven, COSIC.

With Post-Silicon security analysis, we can fix the next chip. With Pre-Silicon security analysis, we can fix the current chip. Pre-silicon is going to be the next revolution in the semiconductor industry and we would like to enable the vendors of utilizing this technology in the best way possible.

Bio: Durga Ramachandran is an Innovation Manager at Riscure. Innovation Hub is a dedicated unit within Riscure that focuses on research and disruptive innovation. In this role, she focusses on realizing ideas into prototypes. Her educational background includes double Master's degree, one in Electrical Engineering and another as Executive MBA. She has been in security industry for a decade and in Riscure for 5 years.