research-article

Netlist Whisperer: AI and NLP Fight Circuit Leakage!

Authors:
Madhav Nair

Indian Institute of Technology Kharagpur, Kharagpur, India

Indian Institute of Technology Kharagpur, Kharagpur, India

0000-6307-0995
View Profile

,
Rajat Sadhukhan

Indian Institute of Technology Kharagpur, Kharagpur, India

Indian Institute of Technology Kharagpur, Kharagpur, India

0002-2922-9517
View Profile

,
Hammond Pearce

New York University, New York, NY, USA

New York University, New York, NY, USA

0002-3488-7004
View Profile

,
Debdeep Mukhopadhyay

Indian Institute of Technology Kharagpur, Kharagpur, India

Indian Institute of Technology Kharagpur, Kharagpur, India

0002-6499-8346
View Profile

,
Ramesh Karri

New York University, New York, NY, USA

New York University, New York, NY, USA

0001-7989-5617
View Profile

ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware SecurityNovember 2023Pages 83–92https://doi.org/10.1145/3605769.3623989

Published:26 November 2023Publication History

ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security

Pages 83–92

ABSTRACT

Side-channel attacks (SCA) represent a significant challenge when designing secure hardware. Currently, mitigating the risk of SCA requires costly human expertise. The OpenROAD project, an AI-based initiative, aims to expedite hardware design by eliminating the need for human intervention, reducing costs and expertise requirements. AI to prevent SCA is pertinent: in this work, we explore the usage of AI-based Natural Language Processing (NLP) tools like GPT-3 which provide novel capabilities for text-based tasks. We explore whether GPT-3 can effectively detect side-channel leaks and replace the need for human proficiency in designing secure hardware. We propose a two-phase AI-based pre-silicon design flow. In phase-1, our flow uses an Ada-based GPT-3 model to analyze the electrical properties of nets and classify them as leaky without simulating actual power traces. If security vulnerabilities are identified in the netlist, phase-2 recommends an SCA-protected netlist using a Curie-based GPT-3 model. We integrate a formal equivalence check to ensure functional equivalence between the suggested protected circuit and its unprotected version. Our AI models reduce side-channel evaluation time by evaluating nets without power-trace collection, accelerating design time, and generating secured hardware without human expertise in loop. We evaluate our design flow on benchmark netlists viz. ISCAS-85 circuits and unprotected S-Boxes. The protected-S-Box counterparts are generated using first-order Domain-Oriented-Masking.

References

Salvador Balkus and Donghui Yan. 2022. Improving Short Text Classification With Augmented Data Using GPT-3. arxiv: 2205.10981 [cs.CL]Google Scholar
Subhadeep Banik et al. 2017. GIFT: A Small Present. In Cryptographic Hardware and Embedded Systems -- CHES 2017, Wieland Fischer and Naofumi Homma (Eds.). Springer International Publishing, Cham, 321--345.Google Scholar
Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. 2013. Keccak. In Advances in Cryptology -- EUROCRYPT 2013, Thomas Johansson and Phong Q. Nguyen (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 313--314.Google ScholarCross Ref
J. Bhasker and Rakesh Chadha. 2009. Static Timing Analysis for Nanometer Designs: A Practical Approach 1st ed.). Springer Publishing Company, New York, NY.Google Scholar
Roderick Bloem et al. 2018. Formal Verification of Masked Hardware Implementations in the Presence of Glitches. In Advances in Cryptology -- EUROCRYPT 2019, , Jesper Buus Nielsen and Vincent Rijmen (Eds.). Springer International Publishing, Cham, 321--353.Google Scholar
A. Bogdanov et al. 2007. PRESENT: An Ultra-Lightweight Block Cipher. In Cryptographic Hardware and Embedded Systems - CHES 2007, Pascal Paillier and Ingrid Verbauwhede (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 450--466.Google Scholar
Paweł Budzianowski and Ivan Vulić. 2019. Hello, It's GPT-2 - How Can I Help You? Towards the Use of Pretrained Language Models for Task-Oriented Dialogue Systems. In Proceedings of the 3rd Workshop on Neural Generation and Translation. Association for Computational Linguistics, Hong Kong, 15--22. https://doi.org/10.18653/v1/D19--5602Google ScholarCross Ref
Anantha P. Chandrakasan and Robert W. Brodersen. 1995. Low Power Digital CMOS Design. Kluwer Academic Publishers, USA.Google Scholar
Mark Chen et al. 2021. Evaluating Large Language Models Trained on Code. arxiv: 2107.03374 [cs.LG]Google Scholar
Robert Dale. 2021. GPT-3: What's it good for? Natural Language Engineering , Vol. 27, 1 (2021), 113--118.Google ScholarCross Ref
Jacob Devlin et al. 2019. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers). Association for Computational Linguistics, Minneapolis, Minnesota, 4171--4186. https://doi.org/10.18653/v1/N19--1423Google ScholarCross Ref
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schl"affer. 2021. Ascon v1.2: Lightweight Authenticated Encryption and Hashing. Journal of Cryptology, Vol. 34, 3 (22 Jun 2021), 33. https://doi.org/10.1007/s00145-021-09398--9Google ScholarDigital Library
Hassan Eldib et al. 2014. Formal verification of software countermeasures against side-channel attacks. ACM TOSEM, Vol. 24, 2 (2014), 1--24.Google ScholarDigital Library
GitHub. 2021. Introducing GitHub Copilot: your AI pair programmer. https://copilot.github.com/Google Scholar
Gilbert Goodwill et al. 2011. A testing methodology for side-channel resistance validation. , bibinfonumpages115--136 pages. https://csrc.nist.gov/csrc/media/events/non-invasive-attack-testing-workshop/documents/08_goodwill.pdfGoogle Scholar
Hannes Gross et al. 2016a. Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. Cryptology ePrint Archive, Report 2016/486. https://eprint.iacr.org/2016/486.Google Scholar
Hannes Gross, Stefan Mangard, and Thomas Korak. 2016b. Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. In Proceedings of the 2016 ACM Workshop on Theory of Implementation Security (Vienna, Austria) (TIS '16). Association for Computing Machinery, New York, NY, USA, 3. https://doi.org/10.1145/2996366.2996426Google ScholarDigital Library
Michael Gruber and Georg Sigl. 2022. TOFU - Toggle Count Analysis made simple. Cryptology ePrint Archive, Paper 2022/129. https://eprint.iacr.org/2022/129 https://eprint.iacr.org/2022/129.Google Scholar
Miao He, Jungmin Park, Adib Nahiyan, Apostol Vassilev, Yier Jin, and Mark Tehranipoor. 2019. RTL-PSC: Automated Power Side-Channel Leakage Assessment at Register-Transfer Level. In 2019 IEEE 37th VLSI Test Symposium (VTS). Curran Associates, Inc., Red Hook, NY, 1--6. https://doi.org/10.1109/VTS.2019.8758600Google ScholarCross Ref
Raphaël Khoury, Anderson R. Avila, Jacob Brunelle, and Baba Mamadou Camara. 2023. How Secure is Code Generated by ChatGPT?arxiv: 2304.09655 [cs.CR]Google Scholar
Stefan Mangard et al. 2005. Side-Channel Leakage of Masked CMOS Gates. In Topics in Cryptology -- CT-RSA 2005, , Alfred Menezes (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 351--365.Google Scholar
Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2007. Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer-Verlag, Berlin, Heidelberg.Google ScholarDigital Library
Adib Nahiyan et al. 2020. Script: A cad framework for power side-channel vulnerability assessment using information flow tracking and pattern generation. ACM TODAES, Vol. 25, 3 (2020), 1--27.Google ScholarDigital Library
Madhav Nair et al. 2023. How Hardened is Your Hardware? Guiding ChatGPT to Generate Secure Hardware Resistant to CWEs. In Cyber Security, Cryptology, and Machine Learning, , Shlomi Dolev, Ehud Gudes, and Pascal Paillier (Eds.). Springer Nature Switzerland, Cham, 320--336.Google Scholar
Svetla Nikova et al. 2006. Threshold Implementations Against Side-Channel Attacks and Glitches. In Information and Communications Security, Peng Ning, Sihan Qing, and Ninghui Li (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 529--545.Google Scholar
Hammond Pearce, Benjamin Tan, and Ramesh Karri. 2020. DAVE: Deriving Automatically Verilog from English. In Proceedings of the 2020 ACM/IEEE Workshop on Machine Learning for CAD (Virtual Event, Iceland) (MLCAD '20). Association for Computing Machinery, New York, NY, USA, 27--32. https://doi.org/10.1145/3380446.3430634Google ScholarDigital Library
Rajat Sadhukhan et al. 2019. Count your toggles: A new leakage model for pre-silicon power analysis of crypto designs. Journal of Electronic Testing , Vol. 35 (2019), 605--619.Google ScholarDigital Library
Shailja Thakur et al. 2023. Benchmarking Large Language Models for Automated Verilog RTL Code Generation. In Design, Automation & Test in Europe Conference & Exhibition, DATE 2023, Antwerp, Belgium, April 17--19, 2023. IEEE, 1--6. https://doi.org/10.23919/DATE56975.2023.10137086Google ScholarCross Ref
Yaqing Wang et al. 2020. Generalizing from a few examples: A survey on few-shot learning. ACM CSUR, Vol. 53, 3 (2020), 1--34.Google Scholar
Neil Weste et al. 2010. CMOS VLSI Design: A Circuits and Systems Perspective 4th ed.). Addison-Wesley Publishing Company, USA.Google Scholar
Jules White et al. 2023. ChatGPT Prompt Patterns for Improving Code Quality, Refactoring, Requirements Elicitation, and Software Design. , bibinfonumpagesarXiv--2303 pages. https://arxiv.org/pdf/2303.07839.pdfGoogle Scholar
Yuan Yao and and others Kathuria. 2020. Architecture Correlation Analysis (ACA): Identifying the Source of Side-channel Leakage at Gate-level. In 2020 IEEE HOST. IEEE, Piscataway, NJ, 188--196. https://doi.org/10.1109/HOST45689.2020.9300271Google ScholarCross Ref

Index Terms

Netlist Whisperer: AI and NLP Fight Circuit Leakage!
1. Security and privacy
  1. Security in hardware
    1. Embedded systems security
    2. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Delay-on-Squash: Stopping Microarchitectural Replay Attacks in Their Tracks
MicroScope and other similar microarchitectural replay attacks take advantage of the characteristics of speculative execution to trap the execution of the victim application in a loop, enabling the attacker to amplify a side-channel attack by executing it ...
Read More
Proactive Detection of Query-based Adversarial Scenarios in NLP Systems
AISec'22: Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security

Adversarial attacks can mislead a Deep Learning (DL) algorithm into generating erroneous predictions via feeding maliciously-disturbed inputs called adversarial examples. DL-based Natural Language Processing (NLP) algorithms are severely threatened by ...
Read More
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

This paper analyzes the vulnerability space arising in Trusted Execution Environments (TEEs) when interfacing a trusted enclave application with untrusted, potentially malicious code. Considerable research and industry effort has gone into developing ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security
November 2023
138 pages
ISBN:9798400702624
DOI:10.1145/3605769
General Chairs:
Chip Hong Chang
NTU Singapore
,
Ulrich Ruhrmair
LMU Munich and U Connecticut
,
Program Chairs:
Lejla Batina
Radboud U
,
Domenic Forte
U of Florida
Copyright © 2023 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 26 November 2023
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
domain-oriented masking
gpt-3
natural language processing
side-channels
test vector leakage assessment
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate6of20submissions,30%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 183
  Total Downloads
- Downloads (Last 12 months)183
- Downloads (Last 6 weeks)26
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Netlist Whisperer: AI and NLP Fight Circuit Leakage!

ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Delay-on-Squash: Stopping Microarchitectural Replay Attacks in Their Tracks

Proactive Detection of Query-based Adversarial Scenarios in NLP Systems

A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes