Showing papers by "V. Kamakoti published in 2019"

Karna: A Gate-Sizing based Security Aware EDA Flow for Improved Power Side-Channel Attack Protection

Abstract: Power side-channel attacks pose a serious threat to the security of embedded devices. Most available countermeasures have significant overheads resulting in the application not meeting its requirements of low-power, high-performance and small area. We propose an algorithm called Karna11Karna, much like Achilles from Greek mythology, was born with a shield that protected him from attacks. Similarly, Our proposed scheme, Karna protects the design from power side-channel attacks in the manufacturing phase or in other words the chip is manufactured(born) with a shield. that can be incorporated in the Electronic Design Automation (EDA) flow, in order to significantly improve the side-channel security of the device, without impacting the other device characteristics. Karna does not add additional logic but rather achieves this by first identifying vulnerable gates in the design and then reconfiguring these gates to increase side-channel resistance. Unlike contemporary works, Karna does not require any specialized gate library but uses the gates available in the standard cell library. We integrate Karna into the Synopsys Design Compiler and demonstrate its efficacy at reducing side-channel leakage in implementations of AES, PRESENT and Simon block ciphers, synthesized for a 28nm technology node. An interesting observation is that Karna only uses the available space around the gates to perform this optimization and does not incur any additional area overheads. We showcase the side-channel resistance of these optimized designs using a Differential Power Analysis attack. Our proposed approach is able to reduce the power side-channel of the designs while incurring no penalty in delay, power and gate-count.

PROLEMus: A Proactive Learning-Based MAC Protocol Against PUEA and SSDF Attacks in Energy Constrained Cognitive Radio Networks

Abstract: Malicious users can exploit vulnerabilities in cognitive radio networks (CRNs) and cause heavy performance degradation by denial of service (DoS) attacks. During operation, cognitive radios (CRs) spend a considerable amount of time to identify idle (free) channels for transmission. In addition, CRs also need additional security mechanisms to prevent malicious attacks. Proactive model predictive control (MPC)-based medium access control (MAC) protocols for CRs can quicken the idle channel identification by predicting future states of channels in advance. This provides enough time for CRs to carry out other calculations like DoS attack detection. However, such external detection techniques use additional power that makes them inappropriate for energy constrained applications. As a solution, this paper proposes a proactive learning-based MAC protocol (PROLEMus) that shows immunity to two prominent CR-based DoS attacks, namely, primary user emulation attack (PUEA) and spectrum sensing data falsification (SSDF) attack, without any external detection mechanism. PROLEMus shows an average of 6.2%, 8.9%, and 12.4% improvement in channel utilization, backoff rate, and sensing delay, respectively, with low prediction errors (≤1.8%) saving 19.65% energy, when compared to recently proposed MAC protocols like ProMAC aided with additional DoS attack detection mechanism.

PERI: A Posit Enabled RISC-V Core.

Abstract: Owing to the failure of Dennard's scaling the last decade has seen a steep growth of prominent new paradigms leveraging opportunities in computer architecture. Two technologies of interest are Posit and RISC-V. Posit was introduced in mid-2017 as a viable alternative to IEEE 754-2008. Posit promises more accuracy, higher dynamic range, and fewer unused states along with simpler hardware designs as compared to IEEE 754-2008. RISC-V, on the other hand, provides a commercial-grade open-source ISA. It is not only elegant and simple but also highly extensible and customizable, thereby facilitating novel micro-architectural research and exploration. In this paper, we bring these two technologies together and propose the first Posit Enabled RISC-V core. The paper provides insights on how the current 'F' extension and the custom op-code space of RISC-V can be leveraged/modified to support Posit arithmetic. We also present implementation details of a parameterized and feature-complete Posit FPU which is integrated with the RISC-V compliant SHAKTI C-class core either as an execution unit or as an accelerator. To fully leverage the potential of Posit, we further enhance our Posit FPU, with minimal overheads, to support two different exponent sizes (with posit-size being 32-bits). This allows applications to switch from high-accuracy computation mode to a mode with higher dynamic-range at run-time. In the absence of viable software tool-chain to enable porting of applications in the Posit domain, we present a workaround on how certain applications can be modified minimally to exploit the existing RISC-V tool-chain. We also provide examples of applications which can perform better with Posit as compared to IEEE 754-2008. The proposed Posit FPU consumes 3507 slice LUTs and 1294 slice registers on an Artix-7-100T Xilinx FPGA while capable of operating at 100 MHz.

White Mirror: Leaking Sensitive Information from Interactive Netflix Movies using Encrypted Traffic Analysis

Abstract: Privacy leaks from Netflix videos/movies are well researched. Current state-of-the-art works have been able to obtain coarse-grained information such as the genre and the title of videos by passive observation of encrypted traffic. However, leakage of fine-grained information from encrypted video traffic has not been studied so far. Such information can be used to build behavioral profiles of viewers. Recently, Netflix released the first mainstream interactive movie called 'Black Mirror: Bandersnatch'. In this work, we use this movie as a case-study to develop techniques for revealing information from encrypted interactive video traffic. We show for the first time that information such as the choices made by viewers can be revealed based on the characteristics of encrypted control traffic exchanged with Netflix. To evaluate our proposed technique, we built the first interactive video traffic dataset of 100 viewers; which we will be releasing. Our technique was able to reveal the choices 96% of the time in the case of 'Black Mirror: Bandersnatch' and they were also equally or more successful for all other interactive movies released by Netflix so far.