Patanjali SLPSK

Christopher Vega, Shubhra Deb Paul, Patanjali SLPSK et al.

Physically Unclonable Functions (PUFs) are used for securing electronic devices across the implementation spectrum ranging from Field Programmable Gate Array (FPGA) to system on chips (SoCs). However, existing PUF implementations often suffer from one or more significant deficiencies: (1) significant design overhead; (2) difficulty to configure and integrate based on application-specific requirements; (3) vulnerability to model-building attacks; and (4) spatial locality to a specific region of a chip. These factors limit their application in the authentication of designs used in diverse applications. In this work, we propose MeLPUF: Memory-in-Logic PUF; a low-overhead, distributed PUF that leverages the existing logic gates in a design to create cross-coupled inverters (i.e., memory cells) in a logic circuit as an entropy source. It exploits these memory cells' power-up states as the entropy source to generate device-specific unique fingerprints. A dedicated control signal governs these on-demand memory cells. They can be dispersed across the combinational logic of a design to achieve distributed authentication. They can also be synthesized with a standard logic synthesis tool to meet the target area, power, and performance constraints. We evaluate the quality of MeLPUF signatures with circuit-level simulations and experimental measurements using FPGA silicon (TSMC 55nm process). Our analysis shows the high quality of the PUF in terms of uniqueness, randomness, and robustness while incurring modest overhead. We further demonstrate the scalability of MeLPUF by aggregating power-up states from multiple memory cells, thus creating PUF signatures or digital identifiers of varying lengths. Additionally, we suggest optimization techniques that can be leveraged to boost the performance of MeLPUF further.

Abhishek Nair, Patanjali SLPSK, Chester Rebeiro et al.

The emergence of distributed manufacturing ecosystems for electronic hardware involving untrusted parties has given rise to diverse trust issues. In particular, IP piracy, overproduction, and hardware Trojan attacks pose significant threats to digital design manufacturers. Watermarking has been one of the solutions employed by the semiconductor industry to overcome many of the trust issues. However, current watermarking techniques have low coverage, incur hardware overheads, and are vulnerable to removal or tampering attacks. Additionally, these watermarks cannot detect Trojan implantation attacks where an adversary alters a design for malicious purposes. We address these issues in our framework called SIGNED: Secure Lightweight Watermarking Scheme for Digital Designs. SIGNED relies on a challenge-response protocol based interrogation scheme for generating the watermark. SIGNED identifies sensitive regions in the target netlist and samples them to form a compact signature that is representative of the functional and structural characteristics of a design. We show that this signature can be used to simultaneously verify, in a robust manner, the provenance of a design, as well as any malicious alterations to it at any stage during design process. We evaluate SIGNED on the ISCAS85 and ITC benchmark circuits and obtain a detection accuracy of 87.61\% even for modifications as low as 5-gates. We further demonstrate that SIGNED can benefit from integration with a logic locking solution, where it can achieve increased protection against removal/tempering attacks and incurs lower overhead through judicious reuse of the locking logic for watermark creation.

Gargi Mitra, Prasanna Karthik Vairam, Patanjali SLPSK et al.

Privacy leaks from Netflix videos/movies is well researched. Current state-of-the-art works have been able to obtain coarse-grained information such as the genre and the title of videos by passive observation of encrypted traffic. However, leakage of fine-grained information from encrypted traffic has not been studied so far. Such information can be used to build behavioural profiles of viewers. On 28th December 2018, Netflix released the first mainstream interactive movie called 'Black Mirror: Bandersnatch'. In this work, we use this movie as a case-study to show for the first time that fine-grained information (i.e., choices made by users) can be revealed from encrypted traffic. We use the state information exchanged between the viewer's browser and Netflix as the side-channel. To evaluate our proposed technique, we built the first interactive video traffic dataset of 100 viewers; which we will be releasing. Preliminary results indicate that the choices made by a user can be revealed 96% of the time in the worst case.

Gnanambikai Krishnakumar, Patanjali SLPSK, Prasanna Karthik Vairam et al.

Reading or writing outside the bounds of a buffer is a serious security vulnerability that has been exploited in numerous occasions. These attacks can be prevented by ensuring that every buffer is only accessed within its specified bounds. In this paper we present Gandalf, a compiler-assisted hardware extension for the OpenRISC processor that thwarts all forms of memory based attacks including buffer overflows and over-reads.The feature associates lightweight base and bound capabilities to all pointer variables, which are checked at run time by the hardware. Gandalf is transparent to the user and does not require significant OS modifications. Moreover, it achieves locality, thus resulting in small performance penalties.