secure and trustworthy cyber physical system design a
play

Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer - PowerPoint PPT Presentation

Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective Pierluigi Nuzzo Ming Hsieh Department of Electrical and Computer Engineering University of Southern California, Los Angeles nuzzo@usc.edu In Honor of Alberto


  1. Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective Pierluigi Nuzzo Ming Hsieh Department of Electrical and Computer Engineering University of Southern California, Los Angeles nuzzo@usc.edu In Honor of Alberto Sangiovanni-Vincentelli International Symposium on Physical Design, San Francisco, April 16, 2019

  2. What is a Cyber-Physical System (CPS)? A system characterized by the tight integration of computation, communication, and control with physical processes via feedback loops where physical processes Controller affect computation and vice versa Networking Embedded system Physical system 2 Pierluigi Nuzzo, USC

  3. CPSs Interconnect the World Around Us and Make It “Smarter” Avionics Autonomous Driving Transportation (Air traffic control) Telecommunications Health care Buildings Factory Military systems: automation Power generation and distribution 3 Pierluigi Nuzzo, USC

  4. Resilient Cyber-Physical System Design: What Can Go Wrong? 4 Pierluigi Nuzzo, USC

  5. Resilient Cyber-Physical System Design: What Can Go Wrong? Highly-dynamical System and components Malicious agents can break unknown environment are susceptible to design assumptions and and the lack of prior faults , both known and trigger unexpected behaviors information unknown Control-theoretic Cryptographic approach: Fault-tolerance approach: Design a Authenticate agents and approach: Build system “robust” to embed trust into redundancies into faults and adversarial components and platforms the system inputs 5 Pierluigi Nuzzo, USC

  6. Resilient Cyber-Physical System Design: Data Injection Attacks Need a cross-layer approach: - Develop algorithms that exploit dynamics and redundancy - Build trust in HW and SW platforms - Co-design algorithms Traditional information security is with platforms ineffective! 6 Pierluigi Nuzzo, USC

  7. Outline Reasoning About Software and Dynamics: Satisfiability Modulo Convex Programming (SMC) Principled System-Level Design of Hardware Obfuscation: Obfuscation Design Space Exploration Engine (ODSEE) Conclusions 7 Pierluigi Nuzzo, USC

  8. Reasoning About Software and Dynamics: Satisfiability Modulo Convex Programming (SMC) Boolean Constraints SAT SAT + Convex Solvers SMT Solvers Mixed Integer Programming Convex Optimization Convex Constraints “ CalCS: SMT Solving for Non- Linear Convex Constraints,” FMCAD 2010 “SMC: Satisfiabiity Modulo Convex Programming,” Proc. IEEE 2018 8 Pierluigi Nuzzo, USC

  9. Example: Secure State Estimation Against Data Injection Attacks 9 Pierluigi Nuzzo, USC

  10. Secure State Estimation: Problem Formulation 10 Pierluigi Nuzzo, USC

  11. “Lazy” Coordination of SAT and Convex Programming for Monotone SMC Step 1 : Solve the Boolean abstraction of the formula Step II : Extract involved convex constraints and check their feasibility Step IV : Generate UNSAT certificate:

  12. Generating Compact UNSAT Certificates Complexity UNSAT Certificate Minimality (number of convex problems) Trivial No Constant Minimum Irreducible Yes Exponential Inconsistent Set (IIS) Minimal IIS Yes* Linear/Logarithmic Sum of Slacks Yes* Linear/Logarithmic Minimum Prefix Yes* Constant * under additional assumptions

  13. Secure State Estimation: Scalability #Boolean variables = 4800 #Boolean variables = 4800 #Real variables = 100 #Boolean constraints = 7000 Under attack - no protection Under attack - with protection 13 Pierluigi Nuzzo, USC

  14. Outline Reasoning About Software and Dynamics: Satisfiability Modulo Convex Programming (SMC) Principled System-Level Design of Hardware Obfuscation: Obfuscation Design Space Exploration Engine (ODSEE) Conclusions 14 Pierluigi Nuzzo, USC

  15. Trusted Platform Via IC Obfuscation Traditional Design Flow Obfuscation ▪ Circuit obfuscation is a Design IP Specifications potentially viable Trust Source Code solution, however External IP • No common metrics exist to Functional Verification evaluate techniques • Camouflaged Gates No design tools exist to Keyed Logic Synthesis Which IP? Where? guide and validate implementation. Placement and Routing ▪ Mirage Project: A tool set which treats Timing Analysis obfuscation as a first class design constraint and relate it to system-level concerns Backend Checks A scientifically based, systematic development What are the metrics? and verification environment for hardware How secure is it? obfuscation security Secure Device? DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited 15

  16. Example: Logic Locking (Encryption) Sample Locked Circuit [Yasin TCAD 2015] Attack progression timeline [Rajendran, ECLIPSE, 2018] [Jin, Feb 2019] DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited 16

  17. ODSEE’s Architecture UART SHA256 MD5 RSA RAM RAM Top-level Security & Netlist DES3 Overhead Specs DSP GPS AES Constraints Formalization Obf. 1 Obf. 2 Obf. 3 Optimization-Based Selection Obf. 4 Obfuscation Library UART UART SHA256 SHA256 MD5 MD5 Obfuscated RSA RSA Netlist RAM RAM DES3 DES3 DSP DSP GPS GPS AES AES DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited 17

  18. Security Specifications: Disentangling Functional and Structural Properties of Circuits ODSEE rethinks the taxonomy and Top-level Security Netlist & Overhead Specs metrics for capturing security requirements: • What would we like to protect? Obf. 1 • Constraints Formalization Logic/functional properties Obf. 2 • Output/functional Obf. 3 corruptibility Optimization-Based Selection Obf. 4 • SAT-attack resiliency Obfuscation • Structural properties Library Obfuscated • … Netlist • What is the attack model? • Targets logic properties: e.g., SAT attack, Approximate SAT- based attacks, … • Targets structural properties: e.g., removal attack DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited 18

  19. Obfuscation Library: Disentangling Functional and Structural Properties of Obfuscation Schemes ODSEE rethinks the taxonomy and Top-level Security metrics for modeling obfuscation Netlist & Overhead Specs schemes: • Targeting high error rates • XOR/XNOR based: e.g., Fault-based Obf. 1 analysis Logic Locking (FLL), Constraints Formalization Random Logic Locking (RLL), Strong Obf. 2 Logic Locking, … Obf. 3 • LUT based Optimization-Based Selection • Obf. 4 … Obfuscation Library • Targeting SAT resilience Obfuscated • SARLock Netlist • Anti-SAT • … • Targeting structural attacks • Hybrid schemes targeting a mixture of metrics DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited 19

  20. Obfuscation Library: Accurately Representing Implementation Aspects of Obfuscation Schemes ODSEE incorporates accurate circuit- Top-level Security Netlist & Overhead Specs aware compact models of obfuscation techniques, their effectiveness, and their cost Obf. 1 Constraints Formalization Obf. 2 Obf. 3 Optimization-Based Selection Obf. 4 Relative error is below 30% for most cases Obfuscation Library Obfuscated Netlist 18619 gates 𝑢 𝑇𝐵𝑆𝑀𝑝𝑑𝑙 ≈ 𝛾𝐻 ⋅ 2 2𝐿 + 2 𝛿𝐻 K is the number of key bits G is the gate count DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited 20

  21. Mapping Specifications to Implementations: Constraint-Driven Logic Locking (CDLL) ODSEE captures constraints from Top-level Security Netlist & Overhead Specs different concerns and obfuscation schemes using a uniform language Obf. 1 • Constraints from fault analysis Constraints Formalization Obf. 2 • Conditions on controllability Obf. 3 and observability Optimization-Based Selection Obf. 4 • Conditions involving fan- Obfuscation Library in/fan-out cones Obfuscated Netlist • Can protect specific input patterns Current ODSEE implementation is • Can identify and select specific based on mixed integer linear locations in the netlist constraints and leverages • Enables hybrid obfuscation mathematical programming to select Pareto optimal obfuscation schemes DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited 21

  22. Conclusions Orchestrating billions of devices around our body, transportation systems, critical infrastructures, and the planet presents unprecedented design challenges High-assurance cyber-physical system design will require cross-disciplinary, cross-layer approaches SMC and ODSEE are formal frameworks that enable reasoning across the algorithms/HW/physical boundaries 22 Pierluigi Nuzzo, USC

  23. Thank you. 23

Recommend


More recommend