verifiable asics trustworthy hardware with untrusted
play

Verifiable ASICs: trustworthy hardware with untrusted components - PowerPoint PPT Presentation

Jun 22, 2023 •279 likes •1.17k views

Verifiable ASICs: trustworthy hardware with untrusted components Riad S. Wahby , Max Howald , Siddharth Garg , abhi shelat , and Michael Walfish Stanford University New York University The Cooper Union

  1. Verifiable ASICs: trustworthy hardware with untrusted components Riad S. Wahby ◦ ⋆ , Max Howald † ⋆ , Siddharth Garg ⋆ , abhi shelat ‡ , and Michael Walfish ⋆ ◦ Stanford University ⋆ New York University † The Cooper Union ‡ The University of Virginia April 8, 2016

  2. You (probably) shouldn’t trust your hardware. . .

  3. You (probably) shouldn’t trust your hardware. . .

  4. You (probably) shouldn’t trust your hardware. . .

  5. You (probably) shouldn’t trust your hardware. . . . . . because fabs sometimes make mistakes

  6. You (probably) shouldn’t trust your hardware. . . . . . because fabs sometimes make “mistakes” [Tehranipoor and Koushanfar. “A survey of hardware Trojan taxon- omy and detection.” IEEE DTC, 2010.]

  7. What’s a chip designer to do? ◮ Post-fab testing ◮ Hardware obfuscation ◮ Trusted manufacturer [Bhunia, Hsiao, Banga, and Narasimhan. “Hardware Trojan attacks: threat analysis and countermeasures.” Proc. IEEE, Aug. 2014.]

  8. What’s a chip designer to do? ◮ Post-fab testing ◮ Hardware obfuscation ◮ Trusted manufacturer [Bhunia, Hsiao, Banga, and Narasimhan. “Hardware Trojan attacks: threat analysis and countermeasures.” Proc. IEEE, Aug. 2014.]

  9. What’s a chip designer to do? ◮ Post-fab testing ◮ Hardware obfuscation ◮ Trusted manufacturer – but a fab is expensive and hard to build. . . [Bhunia, Hsiao, Banga, and Narasimhan. “Hardware Trojan attacks: threat analysis and countermeasures.” Proc. IEEE, Aug. 2014.]

  10. What’s a chip designer to do? ◮ Post-fab testing ◮ Hardware obfuscation ◮ Trusted manufacturer – but a fab is expensive and hard to build. . . – . . . so trusted fab might have 10 8 × worse performance! [Bhunia, Hsiao, Banga, and Narasimhan. “Hardware Trojan attacks: threat analysis and countermeasures.” Proc. IEEE, Aug. 2014.]

  11. Roadmap 1. Problem statement: verifiable ASICs 2. Probabilistic proof systems, briefly 3. Zebra: a system for verifiable ASICs 4. Implementation and evaluation

  12. Roadmap 1. Problem statement: verifiable ASICs 2. Probabilistic proof systems, briefly 3. Zebra: a system for verifiable ASICs 4. Implementation and evaluation

  13. Problem statement: verifiable ASICs Principal Ψ → specs for P , V

  14. Problem statement: verifiable ASICs Principal Ψ → specs Supplier for P , V (foundry, Foundry processor vendor, etc.)

  15. Problem statement: verifiable ASICs Principal Ψ → specs Supplier for P , V (foundry, Foundry processor vendor, etc.) Integrator V P

  16. Problem statement: verifiable ASICs Principal Ψ → specs Supplier for P , V (foundry, Foundry processor vendor, etc.) Integrator Operator V P

  17. Problem statement: verifiable ASICs Operator V P

  18. Problem statement: verifiable ASICs Operator x V P

  19. Problem statement: verifiable ASICs Operator x V y P

  20. Problem statement: verifiable ASICs Operator x V y P proof

  21. Problem statement: verifiable ASICs Operator x V y P proof ◮ P is efficient, but can deviate arbitrarily from the protocol

  22. Problem statement: verifiable ASICs Operator x V y P proof ◮ P is efficient, but can deviate arbitrarily from the protocol ◮ Honest P always convinces V that y = Ψ( x )

  23. Problem statement: verifiable ASICs Operator x V y P proof ◮ P is efficient, but can deviate arbitrarily from the protocol ◮ Honest P always convinces V that y = Ψ( x ) ◮ V must catch dishonest P except with negligible probability

  24. Problem statement: verifiable ASICs Operator x V y P proof ◮ P is efficient, but can deviate arbitrarily from the protocol ◮ Honest P always convinces V that y = Ψ( x ) ◮ V must catch dishonest P except with negligible probability ◮ P cannot attack or disable V , or communicate with outside world (see paper for more discussion)

  25. Problem statement: verifiable ASICs Operator x V y P proof ◮ P is efficient, but can deviate arbitrarily from the protocol ◮ Honest P always convinces V that y = Ψ( x ) ◮ V must catch dishonest P except with negligible probability ◮ P cannot attack or disable V , or communicate with outside world (see paper for more discussion) ◮ Goal: V and P together should outperform Ψ executed in trusted substrate

  26. Roadmap 1. Problem statement: verifiable ASICs 2. Probabilistic proof systems, briefly 3. Zebra: a system for verifiable ASICs 4. Implementation and evaluation

  27. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover prover verifier program, inputs outputs [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

  28. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover prover verifier program, inputs outputs + proof Idea : checking proof should be easier for verifier than executing program [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

  29. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: ◮ Interactive arguments ◮ [Pepper12, Ginger12, Zaatar13] [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

  30. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: ◮ Interactive arguments ◮ [Pepper12, Ginger12, Zaatar13] ◮ Non-interactive arguments (SNARKs) ◮ [PGHR13, BCGTV13, BCTV14] [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

  31. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: ◮ Interactive arguments ◮ [Pepper12, Ginger12, Zaatar13] ◮ Non-interactive arguments (SNARKs) ◮ [PGHR13, BCGTV13, BCTV14] ◮ Interactive proofs ◮ [CMT12, TRMP12, Allspice13, Tha13] [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

  32. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: ◮ Interactive arguments ◮ [Pepper12, Ginger12, Zaatar13] + Low round complexity + Mild cryptograhic assumptions ◮ Non-interactive arguments (SNARKs) ◮ [PGHR13, BCGTV13, BCTV14] ◮ Interactive proofs ◮ [CMT12, TRMP12, Allspice13, Tha13] [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

  33. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: ◮ Interactive arguments ◮ [Pepper12, Ginger12, Zaatar13] + Low round complexity + Mild cryptograhic assumptions ◮ Non-interactive arguments (SNARKs) ◮ [PGHR13, BCGTV13, BCTV14] + Public verifiability, zero knowledge – Non-falsifiable cryptographic assumptions [GW10] ◮ Interactive proofs ◮ [CMT12, TRMP12, Allspice13, Tha13] [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

  34. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: ◮ Interactive arguments ◮ [Pepper12, Ginger12, Zaatar13] + Low round complexity + Mild cryptograhic assumptions ◮ Non-interactive arguments (SNARKs) ◮ [PGHR13, BCGTV13, BCTV14] + Public verifiability, zero knowledge – Non-falsifiable cryptographic assumptions [GW10] ◮ Interactive proofs ◮ [CMT12, TRMP12, Allspice13, Tha13] + Simple and efficient prover and verifier + Information theoretic guarantees (no crypto) [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

  35. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover For all systems, expressiveness is somewhat limited: ◮ Arguments (interactive & non-interactive) – Computation must be expressed as an arithmetic circuit ◮ Interactive proofs – Computation must be expressed as an arithmetic circuit [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

  36. Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover For all systems, expressiveness is somewhat limited: ◮ Arguments (interactive & non-interactive) – Computation must be expressed as an arithmetic circuit generalized boolean circuit over F p ∨ → + ∧ → × ◮ Interactive proofs – Computation must be expressed as an arithmetic circuit [Walfish and Blumberg. “Verifying computations without reexecuting them: from theoretical possibility to near practicality.” CACM, Feb. 2015.]

Recommend

Verifiable ASICs: trustworthy hardware with untrusted components Riad S. Wahby , Max

Verifiable ASICs: trustworthy hardware with untrusted components Riad S. Wahby , Max

Verifiable ASICs: trustworthy hardware with untrusted components Riad S. Wahby , Max Howald , Siddharth Garg , abhi shelat , and Michael Walfish Stanford University New York University The Cooper Union

1.26k views • 110 slides
Verifiable ASICs: trustworthy hardware with untrusted components Riad S. Wahby , Max

Verifiable ASICs: trustworthy hardware with untrusted components Riad S. Wahby , Max

Verifiable ASICs: trustworthy hardware with untrusted components Riad S. Wahby , Max Howald , Siddharth Garg , abhi shelat , and Michael Walfish Stanford University New York University The Cooper Union

1.04k views • 72 slides
Verifiable ASICs Aarhus Workshop on Secure Multiparty Computation 1 June 2016 Michael Walfish

Verifiable ASICs Aarhus Workshop on Secure Multiparty Computation 1 June 2016 Michael Walfish

Verifiable ASICs Aarhus Workshop on Secure Multiparty Computation 1 June 2016 Michael Walfish Dept. of Computer Science, Courant Institute, NYU This is joint work with: Riad S. Wahby (Stanford), Max Howald (Cooper Union and NYU), Siddharth

723 views • 44 slides
Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1 OReilly 2 Trusted or Trustworthy? An object is trusted if and only if it operates as expected An object is trustworthy if and only if it is

707 views • 45 slides
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware F LORIAN T

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware F LORIAN T

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware F LORIAN T RAMR & D AN B ONEH ICLR, New Orleans May 7 th 2019 2 Securely outsourcing ML inference with hardware isolation - Intel SGX input X -

554 views • 10 slides
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating scenarios 1. Outsourced ML Data

781 views • 21 slides
Hardware Enclaves & In Intel SGX CS261 Hardware Enclaves HW abstractions for

Hardware Enclaves & In Intel SGX CS261 Hardware Enclaves HW abstractions for

Hardware Enclaves & In Intel SGX CS261 Hardware Enclaves HW abstractions for distributing trusted execution to untrusted platforms 2 Hardware Enclaves HW abstractions for distributing trusted execution to untrusted platforms

1.06k views • 18 slides
SegSlice: new primitives for trustworthy computing Sergey Bratus, PKI/Trust Lab, Dartmouth

SegSlice: new primitives for trustworthy computing Sergey Bratus, PKI/Trust Lab, Dartmouth

SegSlice: new primitives for trustworthy computing Sergey Bratus, PKI/Trust Lab, Dartmouth College Michael Locasto, George Mason U. Brian Schulte, George Mason U. A policy should prevent the system transitions to untrusted states from

621 views • 13 slides
VERIFIABLE DELAY FUNCTIONS Benjamin Wesolowski VERIFIABLE DELAY FUNCTIONS How to slow things

VERIFIABLE DELAY FUNCTIONS Benjamin Wesolowski VERIFIABLE DELAY FUNCTIONS How to slow things

Confrence de lancement de l'ANR Ciao, Fvrier 2020, Bordeaux, France VERIFIABLE DELAY FUNCTIONS Benjamin Wesolowski VERIFIABLE DELAY FUNCTIONS How to slow things down VERIFIABLE DELAY FUNCTIONS [Boneh, Bonneau, Bnz, Fisch 2018] A VDF is

616 views • 32 slides
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules or library untrusted

797 views • 46 slides
When NOT to Use ASICs When NOT to Use ASICs Rick Van Berg HEPIC2013 When NOT to Use ASICs When

When NOT to Use ASICs When NOT to Use ASICs Rick Van Berg HEPIC2013 When NOT to Use ASICs When

When NOT to Use ASICs When NOT to Use ASICs Rick Van Berg HEPIC2013 When NOT to Use ASICs When NOT to Use ASICs Rick Van Berg HEPIC2013 When not to Put Effort Into ASICs When not to Put Effort Into ASICs Rick Van Berg HEPIC2013 Hieronymus Bosch

352 views • 14 slides
Jitk: A trustworthy in-kernel interpreter infrastructure Xi Wang, David Lazar, Nickolai Zeldovich,

Jitk: A trustworthy in-kernel interpreter infrastructure Xi Wang, David Lazar, Nickolai Zeldovich,

Jitk: A trustworthy in-kernel interpreter infrastructure Xi Wang, David Lazar, Nickolai Zeldovich, Adam Chlipala, Zachary Tatlock MIT and University of Washington Modern OSes run untrusted user code in kernel In-kernel interpreters

1k views • 30 slides
Verifiable Random Functions and Verifiable Delay Functions Caleb Smith University of

Verifiable Random Functions and Verifiable Delay Functions Caleb Smith University of

Verifiable Random Functions and Verifiable Delay Functions Caleb Smith University of Virginia Why do these matter? Alternative consensus protocols Applications to public randomness generation Leader election Bitcoin Proof of Work

355 views • 19 slides
ECON ASICs Gregory Deptuch, Zoltan Gecse, Jim Hirschauer, Sandeep Miryala, Paul Rubinov ASICs

ECON ASICs Gregory Deptuch, Zoltan Gecse, Jim Hirschauer, Sandeep Miryala, Paul Rubinov ASICs

ECON ASICs Gregory Deptuch, Zoltan Gecse, Jim Hirschauer, Sandeep Miryala, Paul Rubinov ASICs PMG 10 May 2019 Reminders Two Endcap Concentrator (ECON) ASICs on independent data paths: ECON-TRG : select and compress interesting data for

273 views • 10 slides
ECON ASICs Jim Hirschauer, Ralph Wickwire ASICs PMG 11 Nov 2019 DOE CD-1 IPR and CERN P2UG

ECON ASICs Jim Hirschauer, Ralph Wickwire ASICs PMG 11 Nov 2019 DOE CD-1 IPR and CERN P2UG

ECON ASICs Jim Hirschauer, Ralph Wickwire ASICs PMG 11 Nov 2019 DOE CD-1 IPR and CERN P2UG CD-1 / IPR went well on Oct 22-24. Reviewers clearly concerned about ECON: The ECON ASIC is a critical component for which the US has sole

376 views • 14 slides
Verifiable Cloud Outsourcing for Network Func9ons (+

Verifiable Cloud Outsourcing for Network Func9ons (+

Verifiable Cloud Outsourcing for Network Func9ons (+ Verifiable Resource Accoun9ng for Cloud Services) Vyas Sekar vNFO joint with Seyed Fayazbakhsh,

434 views • 28 slides
TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies for Local Responding To and Trust Assessment Area Monitoring and Area

291 views • 8 slides
Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Process

Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Process

Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Process Service Untrusted (IAS) Enclave Enclave Code Trusted Process Process Enclave Other Data Enclave OS and/or Hypervisor Off-chip devices 2

531 views • 24 slides
Get to ASICs Faster Get to ASICs Faster A Novel Mixed Signal Design Methodology Dr Greg

Get to ASICs Faster Get to ASICs Faster A Novel Mixed Signal Design Methodology Dr Greg

February 24-26, 2009 Get to ASICs Faster Get to ASICs Faster A Novel Mixed Signal Design Methodology Dr Greg Tumbush: Tumbush Enterprises Dr. Greg Tumbush: Tumbush Enterprises ON Semiconductor: Gareth Weale, Dustin Griesdorf, , , Alaa

447 views • 20 slides
Generating Verifiable Java Code from Verified PVS Specifications NFM2012 Generating Verifiable

Generating Verifiable Java Code from Verified PVS Specifications NFM2012 Generating Verifiable

Leonard Lensink, Sjaak Smetsers and Marko van Eekelen Generating Verifiable Java Code from Verified PVS Specifications NFM2012 Generating Verifiable Java Code from Verified PVS Specifications Overview Motivation Code generation

544 views • 26 slides
Post-Quantum EPID Signatures from Symmetric Primitives Dan Boneh Saba Eskandarian Ben Fisch

Post-Quantum EPID Signatures from Symmetric Primitives Dan Boneh Saba Eskandarian Ben Fisch

Post-Quantum EPID Signatures from Symmetric Primitives Dan Boneh Saba Eskandarian Ben Fisch Hardware Enclaves A trusted component in an untrusted system Protected memory isolates enclave from compromised OS Untrusted System Enclave

505 views • 34 slides
Trustworthy Technologies for Local Area Management, Monitoring, and Control Tom Overbye Number

Trustworthy Technologies for Local Area Management, Monitoring, and Control Tom Overbye Number

Trustworthy Technologies for Local Area Management, Monitoring, and Control Tom Overbye Number of Activities: 5 2012 Industry Workshop October 30, 2012 | 1 TCIPG Technical Clusters and Threads Trustworthy Technologies Trustworthy

419 views • 10 slides
Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT

Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT

Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT Verifiable Computation Verifiable Computation Verifiable Computation M(x)=? M(x) = y Verifiable Computation M(x)=? , challenge , proof

1.73k views • 119 slides
Trustworthy Computing * Reverse engineers agree on that! Trustworthy Computing Trustworthy

Trustworthy Computing * Reverse engineers agree on that! Trustworthy Computing Trustworthy

Trustworthy Computing * Reverse engineers agree on that! Trustworthy Computing Trustworthy Computing Trustworthy Computing Trustworthy Computing Trustworthy Computing Trustworthy Computing *

753 views • 63 slides

More recommend