Secure computing systems using emerging technologies
The rapid progress in computational technology has led to the extensive generation and processing of massive datasets, driving accelerated advancements. Energy-efficient, high-capacity computational devices, integrated with intelligent algorithms, can now operate in any environment. These devices ar...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2025
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/182642 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | The rapid progress in computational technology has led to the extensive generation and processing of massive datasets, driving accelerated advancements. Energy-efficient, high-capacity computational devices, integrated with intelligent algorithms, can now operate in any environment. These devices are interconnected using advanced communication technologies, contributing to the concept of the Internet of Things (IoT). Ongoing research is geared towards developing efficient devices and circuits to enhance computational speed while maximizing energy and spatial efficiency. However, the commercial deployment of these computational units necessitates significant financial investments and collaboration among vendors at various levels. As participants seek to safeguard their contributions from reverse engineering, the hardware systems cater to a diverse user base with varying security needs. The focus is currently on the Trusted Execution Environment (TEE) as a means to protect runtime states and stored data during execution, based on the Hardware Root of Trust (HROT) made up of hardware components that establish trust. Common threats include side and covert channel attacks, fault attacks, hardware trojans, reverse engineering techniques, unintentional design flaws, and bugs. HROT development requires specialized hardware cryptographic primitives and accelerators. Moreover, the exploration of emerging device technologies presents opportunities for the development of new kinds of hardware cryptographic primitives and accelerators for future intelligent hardware systems.
The first purpose of this thesis is to assess the potential security vulnerabilities stemming from the use of commercial hardware in the deployment of cryptographic schemes. The focus is particularly on the study of side-channel attacks on the implementation of post-quantum cryptography (PQC) in hardware. The decision by NIST to select CRYSTALS-Kyber as the exclusive candidate for standardizing Key Encapsulation Mechanisms (KEMs) in the third round of the PQC standardization process has paved the way for widespread integration of Kyber KEM across diverse computational platforms and applications. NIST has urged for a more thorough evaluation of the security of PQC schemes against side-channel attacks, actively prompting the cryptographic community to investigate new attacks on lattice-based schemes like Kyber KEM and to devise effective side-channel protection methods. We present novel side-channel attacks that can efficiently uncover the secret key of the Kyber KEM using fewer queries. Our experiments demonstrated enhancements of around 2.89× and 7.65× in query counts compared to currently available binary PC oracle attacks. Furthermore, a determined attacker could achieve even greater improvements due to the adaptable nature of the proposed methods. Our proposed attacks are accompanied by a comprehensive discussion, analysis, and experimental validation.
The majority of contemporary device authentication and data transfer protocols predominantly utilize security measures implemented through software, which are resource-intensive and susceptible to persistent attackers with significant computational power. This underscores the inadequacy of software-based security mechanisms for resource-constrained IoT devices, emphasizing the imperative for robust hardware-based security solutions. The intricate and globally distributed nature of the semiconductor industry's supply chain necessitates rigorous scrutiny and assurance management throughout fabrication and system integration processes. Presently, research in hardware security predominantly focuses on the development of security primitives that exploit manufacturing variations to address these challenges. This pursuit has given rise to advancements in hardware security primitives such as True Random Number Generators (TRNG) and Physical Unclonable Functions (PUF). The utilization of CMOS technologies to establish PUFs requires the employment of error correction codes to guarantee reliable and unique outputs. Moreover, the generation of multi-bit responses using CMOS technologies poses a noteworthy technical challenge. In-memory computing architectures, which are based on emerging non-volatile memory technologies like Resistive Random Access Memory (RRAM), are currently under exploration due to their superior computational performance within constrained resource environments. Furthermore, these technologies hold promise in providing foundational security primitives. In this dissertation, we conduct an extensive examination of the most recent developments in device technologies, particularly RRAM, with the goal of utilizing them for the creation of hardware security primitives. We introduce novel implementations for PUF and RNG utilizing memristive crossbars. Our focus is not only on enhancing performance but also on addressing critical challenges in hardware security attributes, such as writing-free reconfiguration and unified design. We undertook an in-depth analysis of the characteristics of our proposed designs, utilizing standard evaluation criteria, including the NIST SP 800-22 test suite. Furthermore, we systematically evaluated their resilience against machine learning attacks, ensuring comprehensive assessment of the effectiveness of the designs.
Binarized neural networks (BNNs) represent a specialized class of deep neural networks designed to operate with reduced computational and energy requirements. Recent research indicates that memristor-based in-memory computing architectures have the potential to enhance the performance of BNNs compared to conventional CMOS technologies. However, the non-volatile characteristics of memristors in in-memory computing give rise to concerns about potential security vulnerabilities, particularly in the event of physical access by malicious entities. Our final contribution in this thesis is on utilizing newly developed hardware cryptomodules to safeguard the trained model parameters of BNN when deployed in advanced RRAM in-memory computing accelerators. We explore various protection methodologies, detailing their respective circuit-level hardware designs and associated overheads. |
|---|