research-article

Digital Watermarking for Detecting Malicious Intellectual Property Cores in NoC Architectures

Authors:

Subodha Charles,

Vincent Bindschaedler,

Prabhat MishraAuthors Info & Claims

IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Volume 30, Issue 7

Pages 952 - 965

https://doi.org/10.1109/TVLSI.2022.3167606

Published: 01 July 2022 Publication History

Abstract

System-on-chip (SoC) developers utilize intellectual property (IP) cores from third-party vendors due to increasing design complexity, cost, as well as time-to-market constraints. A typical SoC consists of a wide variety of IP cores [such as processor, memory, controller, and field-programmable gate array (FPGA)] that interact using a network-on-chip (NoC). This global trend of designing SoCs using third-party IPs raises serious concerns about security vulnerabilities. Since NoC facilitates communication between all IPs in an SoC, NoC is the ideal place for any hardware Trojans to hide and launch a plethora of attacks. Due to the resource-constrained nature of SoCs, developing security solutions against such attacks is a major challenge. In particular, in an eavesdropping attack, a Trojan-infected router copies packets transferred through the NoC and reroutes the duplicated packets to an accompanying malicious application running on another IP in an attempt to extract confidential information. While authenticated encryption can thwart such attacks, it incurs unacceptable overhead in resource-constrained SoCs. In this article, we propose a lightweight alternative defense based on digital watermarking techniques. We develop theoretical models to provide security guarantees. Experiments using realistic SoC models and diverse applications demonstrate that our approach can significantly outperform state-of-the-art methods.

References

[1]

A. Sodaniet al., “Knights landing: Second-generation product,” IEEE Micro, vol. 36, no. 2, pp. 34–46, Mar./Apr. 2016.

Digital Library

[2]

V. Y. Raparti and S. Pasricha, “Lightweight mitigation of hardware trojan attacks in NoC-based manycore computing,” in Proc. 56th Annu. Design Automat. Conf., Jun. 2019, p. 48.

[3]

D. M. Ancajas, K. Chakraborty, and S. Roy, “Fort-NoCs: Mitigating the threat of a compromised NoC,” in Proc. 51st Annu. Design Automat. Conf. (DAC), 2014, pp. 1–6.

[4]

S. Charles, Y. Lyu, and P. Mishra, “Real-time detection and localization of DoS attacks in NoC based SoCs,” in Proc. Design, Automat. Test Eur. Conf. Exhib. (DATE), Mar. 2019, pp. 1160–1165.

[5]

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Accessed: Nov.16, 2021. [Online]. Available: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

[6]

S. T. Kinget al., “Designing and implementing malicious hardware,” in Proc. 1st Usenix Workshop Large-Scale Exploits Emergent Threats (LEET), vol. 8, 2008, pp. 1–8.

[7]

M. Hussain, A. Malekpour, H. Guo, and S. Parameswaran, “EETD: An energy efficient design for runtime hardware trojan detection in untrusted network-on-chip,” in Proc. IEEE Comput. Soc. Annu. Symp. VLSI (ISVLSI), Jul. 2018, pp. 345–350.

[8]

S. Charles, M. Logan, and P. Mishra, “Lightweight anonymous routing in NoC based SoCs,” in Proc. Design, Automat. Test Eur. Conf. Exhib. (DATE), Mar. 2020, pp. 334–337.

[9]

J. Y. V. M. Kumar, A. K. Swain, S. Kumar, S. R. Sahoo, and K. Mahapatra, “Run time mitigation of performance degradation hardware trojan attacks in network on chip,” in Proc. IEEE Comput. Soc. Annu. Symp. VLSI (ISVLSI), Jul. 2018, pp. 738–743.

[10]

T. Boraten and A. K. Kodi, “Packet security with path sensitization for NoCs,” in Proc. Design, Automat. Test Eur. Conf. Exhib. (DATE), 2016, pp. 1136–1139.

[11]

J. Sepúlveda, A. Zankl, D. Flórez, and G. Sigl, “Towards protected MPSoC communication for information protection against a malicious NoC,” Proc. Comput. Sci., vol. 108, pp. 1103–1112, Jan. 2017.

[12]

S. Charles and P. Mishra, “A survey of network-on-chip security attacks and countermeasures,” ACM Comput. Surv., vol. 54, no. 5, pp. 1–36, Jun. 2022.

Digital Library

[13]

K. Sajeesh and H. K. Kapoor, “An authenticated encryption based security framework for NoC architectures,” in Proc. Int. Symp. Electron. Syst. Design, Dec. 2011, pp. 134–139.

[14]

J. Porquet, A. Greiner, and C. Schwarz, “NoC-MPU: A secure architecture for flexible co-hosting on shared memory MPSoCs,” in Proc. Design, Automat. Test Eur., Mar. 2011, pp. 1–4.

[15]

Y. Wang and G. E. Suh, “Efficient timing channel protection for on-chip networks,” in Proc. IEEE/ACM 6th Int. Symp. Netw.-Chip, May 2012, pp. 142–151.

[16]

H. K. Kapoor, G. B. Rao, S. Arshi, and G. Trivedi, “A security framework for NoC using authenticated encryption and session keys,” Circuits, Syst., Signal Process., vol. 32, no. 6, pp. 2605–2622, 2013.

Digital Library

[17]

Q. Yu and J. Frey, “Exploiting error control approaches for hardware trojans on network-on-chip links,” in Proc. IEEE Int. Symp. Defect Fault Tolerance VLSI Nanotechnol. Syst. (DFTS), Oct. 2013, pp. 266–271.

[18]

A. Saeed, A. Ahmadinia, M. Just, and C. Bobda, “An ID and address protection unit for NoC based communication architectures,” in Proc. 7th Int. Conf. Secur. Inf. Netw. (SIN), 2014, pp. 288–294.

[19]

J. Sepúlveda, D. Florez, and G. Gogniat, “Reconfigurable security architecture for disrupted protection zones in NoC-based MPSoCs,” in Proc. 10th Int. Symp. Reconfigurable Commun.-Centric Syst.-Chip (ReCoSoC), Jun. 2015, pp. 1–8.

[20]

R. Js, D. M. Ancajas, K. Chakraborty, and S. Roy, “Runtime detection of a bandwidth denial attack from a rogue network-on-chip,” in Proc. 9th Int. Symp. Netw.-Chip, Sep. 2015, p. 8.

[21]

A. K. Biswas, S. K. Nandy, and R. Narayan, “Router attack toward NoC-enabled MPSoC and monitoring countermeasures against such threat,” Circuits, Syst., Signal Process., vol. 34, no. 10, pp. 3241–3290, Oct. 2015.

Digital Library

[22]

C. Reinbrecht, A. Susin, L. Bossuet, and J. Sepulveda, “Gossip NoC—Avoiding timing side-channel attacks through traffic management,” in Proc. IEEE Comput. Soc. Annu. Symp. VLSI (ISVLSI), Jul. 2016, pp. 601–606.

[23]

N. Prasad, R. Karmakar, S. Chattopadhyay, and I. Chakrabarti, “Runtime mitigation of illegal packet request attacks in networks-on-chip,” in Proc. IEEE Int. Symp. Circuits Syst. (ISCAS), May 2017, pp. 1–4.

[24]

J. Frey and Q. Yu, “A hardened network-on-chip design using runtime hardware trojan mitigation methods,” Integration, vol. 56, pp. 15–31, Jan. 2017.

Digital Library

[25]

L. S. Indrusiak, J. Harbin, and M. J. Sepulveda, “Side-channel attack resilience through route randomisation in secure real-time networks-on-chip,” in Proc. 12th Int. Symp. Reconfigurable Commun.-Centric Syst.-Chip (ReCoSoC), Jul. 2017, pp. 1–8.

[26]

J. Sepúlveda, D. Aboul-Hassan, G. Sigl, B. Becker, and M. Sauer, “Towards the formal verification of security properties of a network-on-chip router,” in Proc. IEEE 23rd Eur. Test Symp. (ETS), May 2018, pp. 1–6.

[27]

S. V. R. Chittamuru, I. G Thakkar, V. Bhat, and S. Pasricha, “SOTERIA: Exploiting process variations to enhance hardware security with photonic NoC architectures,” in Proc. 55th ACM/ESDA/IEEE Design Automat. Conf. (DAC), Jun. 2018, pp. 1–6.

[28]

B. Lebiednik, S. Abadal, H. Kwon, and T. Krishna, “Architecting a secure wireless network-on-chip,” in Proc. 12th IEEE/ACM Int. Symp. Netw.-Chip (NOCS), Oct. 2018, pp. 1–8.

[29]

L. S. Indrusiak, J. Harbin, C. Reinbrecht, and J. Sepúlveda, “Side-channel protected MPSoC through secure real-time networks-on-chip,” Microprocessors Microsyst., vol. 68, pp. 34–46, Jul. 2019.

Digital Library

[30]

A. K. Biswas, “Network-on-chip intellectual property protection using circular path-based fingerprinting,” ACM J. Emerg. Technol. Comput. Syst., vol. 17, no. 1, pp. 1–22, Jan. 2021.

Digital Library

[31]

A. Iacovazzi and Y. Elovici, “Network flow watermarking: A survey,” IEEE Commun. Surveys Tuts., vol. 19, no. 1, pp. 512–530, 1st Quart., 2017.

Digital Library

[32]

H. Deng, X. Sun, B. Wang, and Y. Cao, “Selective forwarding attack detection using watermark in WSNs,” in Proc. ISECS Int. Colloq. Comput., Commun., Control, Manage., vol. 3, Aug. 2009, pp. 109–113.

[33]

X. Wanget al., “Robust network-based attack attribution through probabilistic watermarking of packet flows,” Dept. Comput. Sci., North Carolina State Univ., Raleigh, NC, USA, Tech. Rep., 2005. [Online]. Available: https://www.csc2.ncsu.edu/techreports/tech/2005/TR-2005-10.pdf

[34]

Z. Ling, X. Fu, W. Jia, W. Yu, D. Xuan, and J. Luo, “Novel packet size-based covert channel attacks against anonymizer,” IEEE Trans. Comput., vol. 62, no. 12, pp. 2411–2426, Dec. 2013.

Digital Library

[35]

A. Houmansadr and N. Borisov, “BotMosaic: Collaborative network watermark for the detection of IRC-based botnets,” J. Syst. Softw., vol. 86, no. 3, pp. 707–715, Mar. 2013.

Digital Library

[36]

A. Houmansadret al., “Rainbow: A robust and invisible non-blind watermark for network flows,” in Proc. NDSS, vol. 47, 2009, pp. 406–422.

[37]

A. Zand, G. Vigna, R. Kemmerer, and C. Kruegel, “Rippler: Delay injection for service dependency detection,” in Proc. IEEE Conf. Comput. Commun. (INFOCOM), Apr. 2014, pp. 2157–2165.

[38]

P. Mishra, Hardware IP Security and Trust. Springer, 2017.

[39]

Arteris. (2009). Flexnoc Resilience Package. [Online]. Available: https://www.arteris.com/flexnoc-resilience-package-functional-safety

[40]

K. Shuler, “Majority of leading China semiconductor companies rely on arteris network-on-chip interconnect IP,” Tech. Rep., 2013. [Online]. Available: https://www.prnewswire.com/news-releases/majority-of-leading-china-semiconductor-companies-rely-on-arteris-network-on-chip-interconnect-ip-220171881.html

[41]

F. Farahmandi, System-On-Chip Security Validation and Verification. Springer, 2020.

[42]

P. Mishra and S. Charles, Network-On-Chip Security and Privacy. Berlin, Germany: Springer, 2021.

[43]

S. C. Woo, M. Ohara, E. Torrie, J. P. Singh, and A. Gupta, “The SPLASH-2 programs: Characterization and methodological considerations,” ACM SIGARCH Comput. Archit. News, vol. 23, no. 2, pp. 24–36, Jun. 1995.

Digital Library

[44]

N. Binkertet al., “The gem5 simulator,” ACM SIGARCH Comput. Archit. News, vol. 39, no. 2, pp. 1–7, 2011.

Digital Library

[45]

W. Hoeffding, “Probability inequalities for sums of bounded random variables,” in The Collected Works of Wassily Hoeffding. New York, NY, USA: Springer, 1994, pp. 409–426.

[46]

R. M. Roth and G. Seroussi, “Bounds for binary codes with narrow distance distributions,” IEEE Trans. Inf. Theory, vol. 53, no. 8, pp. 2760–2768, Aug. 2007.

Digital Library

[47]

I. Dumer, D. Micciancio, and M. Sudan, “Hardness of approximating the minimum distance of a linear code,” IEEE Trans. Inf. Theory, vol. 49, no. 1, pp. 22–37, Jan. 2003.

Digital Library

[48]

M. Best,A. Brouwer, F. J. MacWilliams, A. M. Odlyzko, and N. J. A. Sloane, “Bounds for binary codes of length less than 25,” IEEE Trans. Inf. Theory, vol. IT-24, no. 1, pp. 81–93, Jan. 1978.

[49]

N. Agarwal, T. Krishna, L.-S. Peh, and N. K. Jha, “GARNET: A detailed on-chip network model inside a full-system simulator,” in Proc. IEEE Int. Symp. Perform. Anal. Syst. Softw., Apr. 2009, pp. 33–42.

[50]

A. Van Herrewege and I. Verbauwhede, “Software only, extremely compact, Keccak-based secure PRNG on ARM cortex-M,” in Proc. 51st Annu. Design Automat. Conf. Design Automat. Conf. (DAC), 2014, pp. 1–6.

[51]

M. Bakiri, C. Guyeux, J.-F. Couchot, and A. K. Oudjida, “Survey on hardware implementation of random number generators on FPGA: Theory and experimental analyses,” Comput. Sci. Rev., vol. 27, pp. 135–153, Feb. 2018.

[52]

A. May and I. Ozerov, “On computing nearest neighbors with applications to decoding of binary linear codes,” in Proc. Annu. Int. Conf. Theory Appl. Cryptograph. Techn. Berlin, Germany: Springer, 2015, pp. 203–228.

[53]

S. Charles, C. A. Patil, U. Y. Ogras, and P. Mishra, “Exploration of memory and cluster modes in directory-based many-core CMPs,” in Proc. 12th IEEE/ACM Int. Symp. Netw.-Chip (NOCS), Oct. 2018, pp. 1–8.

[54]

Intel. Intel Xeon Phi Processor 7210. Accessed: Oct.2, 2021. [Online]. Available: https://ark.intel.com/content/www/us/en/ark/products/94033/intel-xeon-phi-processor-7210-16gb-1-30-ghz-64-core.html

Cited By

Liu SChauhan SKaranth A(2024)SNAC: Mitigation of Snoop-Based Attacks with Multi-Tier Security in NoC ArchitecturesProceedings of the Great Lakes Symposium on VLSI 202410.1145/3649476.3658769(560-563)Online publication date: 12-Jun-2024
https://dl.acm.org/doi/10.1145/3649476.3658769
Weerasena HMishra P(2024)Security of Electrical, Optical, and Wireless On-chip Interconnects: A SurveyACM Transactions on Design Automation of Electronic Systems10.1145/363111729:2(1-41)Online publication date: 14-Feb-2024
https://dl.acm.org/doi/10.1145/3631117

Index Terms

Digital Watermarking for Detecting Malicious Intellectual Property Cores in NoC Architectures

Index terms have been assigned to the content through auto-classification.

Recommendations

Interconnect intellectual property for network-on-chip (NoC)
Special issue: Networks on chip

As technology scales down, the interconnect for on-chip global communication becomes the delay bottleneck. In order to provide well-controlled global wire delay and efficient global communication, a Network-on-Chip (NoC) architecture was proposed by ...
Bandwidth-Constrained Mapping of Cores onto NoC Architectures
DATE '04: Proceedings of the conference on Design, automation and test in Europe - Volume 2

We address the design of complex monolithic systems, where processing cores generate and consume a varying and large amount of data, thus bringing the communication links to the edge of congestion. Typical applications are in the area of multi-media ...
Network-on-chip (noc) architectures for exa-scale chip-multi-processors (cmps)

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Very Large Scale Integration (VLSI) Systems

IEEE Transactions on Very Large Scale Integration (VLSI) Systems Volume 30, Issue 7

July 2022

144 pages

ISSN:1063-8210

Issue’s Table of Contents

1063-8210 © 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 July 2022

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu SChauhan SKaranth A(2024)SNAC: Mitigation of Snoop-Based Attacks with Multi-Tier Security in NoC ArchitecturesProceedings of the Great Lakes Symposium on VLSI 202410.1145/3649476.3658769(560-563)Online publication date: 12-Jun-2024
https://dl.acm.org/doi/10.1145/3649476.3658769
Weerasena HMishra P(2024)Security of Electrical, Optical, and Wireless On-chip Interconnects: A SurveyACM Transactions on Design Automation of Electronic Systems10.1145/363111729:2(1-41)Online publication date: 14-Feb-2024
https://dl.acm.org/doi/10.1145/3631117

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents