We have experience with many tutorials/trainings in the past at large conferences such as ITC and DATE. In addition, we have been given tutorials/consultancy on hardware dependability at worldwide leading semiconductor companies in Europe (e.g., ST Microelectronics, DialogSemi, etc), USA (e.g., Intel, Lattice Semiconductors, etc) and Asia (e.g., Renesas).
The Centre for Strategic and International Studies has recently estimated the cyber-attacks and crime to cost the global economy over US$400 billion per year, while the Global Risks report, published by the World Economic Forum, started that 90 percent of companies worldwide recognize they are insufficiently prepared to protect themselves against cyber-attacks.
Moreover, more than 30 billion devices are connected to the Internet as of today, and it is going to reach over 75 billion by 2025 as reported by Statista. As a result, it is expected that attacks are going to increase in size and to diversify in nature, driven by the expanding number of services available online and the increasing sophistication of cyber criminals.. Therefore, having a secure system is crucial as a fragile security may lead to drastic disaster.
Hackers are gradually putting more and more effort in hardware attacks, especially with the growing IoT sector. In the past, software attacks were the main focus and industry has been providing solutions to minimize such attacks. Recently, people have been exploring different classes of hardware attacks with different purposes; e.g., targeting secret information by side channel analysis or fault injection. Therefore, deeply understanding the weakness of today’s systems (both from software and hardware perspective) is of critical importance not only for system developers and engineers but also for technical users to make them aware about the danger such that they can act properly if they are faced with the unexpected.
This training focuses on the hardware aspects and introduces attacks and countermeasures for different hardware attacks. The objective of the training is to get attendees familiar with hardware attacks, and create awareness on the topic to ensure that the attendees can act properly and minimize the risk in case they are faced with (cyber-) attacks. Attendees could range from security engineers, IC architecture designers, technicians, researchers and managers, students to anyone who could be interested in –or somehow connected to- security and its importance. The training consists of an introductory module followed by 3 advanced modules, and provides an overview of the most relevant hardware attacks.
The introductory module consists of three parts being:
- Introduction to cybersecurity,
- Cryptography and
- Hardware attack classification.
The advanced three modules are:
- IP attacks and countermeasures
- Functionality attacks and countermeasures
- Data attacks and countermeasures
State-of-the-art hardware protections are explained in the modules with a strong focus on both the theory and hands-on laboratory experiments. The impact of the different solutions are explored in order to provide a security vs cost trade-off analysis.. The training also discusses future outlook in attacks and countermeasures.
For the experimental part of the training, a hardware platform consisting of the PYNQ-Z1 board together with Vivado Design Suite from Xilinx will be used.
The training objectives after each module are as follows:
Objectives Module 0 (introductory module): After completion of this module the attendees will be able to:
Part 1
- Explain the importance of cybersecurity
- Distinguish between the different types of attacks in computer systems
- Explain the components of a cybersecurity system
- Classify the components according CIA security criteria
Part 2
- Explain the importance of cryptography
- Classify the different cryptographic algorithms
- Explain how the cryptographic algorithms are implemented
- Implement popular AES and RSA encryption algorithm in a hardware description language
Part 3
- Explain what a hardware attack is
- Identify the vulnerabilities of the IC design flow
- Classify a threat according to the target, method, phase and location of the attacker
Objectives Module 1 IP attacks and countermeasures. After completion of this module the attendees will be able to:
- Explain what Intellectual Property (IP) and a hardware Intellectual Property are and how existing IP Piracy and Counterfeit attacks work.
- Explain the techniques that could be used to detect or avoid IP Attacks.
- Explain how trust management can be used as a countermeasure against IP attacks.
- Describe the importance of root-of-trust for computer systems and enumerate the existing techniques that could be used to introduce trust into ICs
- Implement and evaluate the performance of Physical Unclonable Functions in FPGAs to create a root of trust primitive.
- Implement countermeasures on FPGA to prevent IP counterfeit attacks.
Objectives Module 2 Functionality attacks and countermeasures. After completion of this module the attendees will be able to:
- Classify functionality attacks in fault injection and chip modification attacks
- Explain how faults can be injected in a chip
- Explain how chips can be modified
- Explain the different countermeasures that could be used against functionality attacks.
- Attack an RSA implementation on FPGA by performing fault injection attacks and evaluate the efficiency of different countermeasures.
Objectives Module 3 Data attacks and countermeasures. After completion of this module the attendees will be able to:
- Apply techniques that can be used to extract keys from systems
- Perform differential fault analysis
- Explain the different types of side channel attacks
- Attack AES implementations using side channel attacks and analyse the result
- Evaluate and implement state-of-the-art countermeasures against data attacks
Each training consists of the introductory part and a specialization module. Attendees need to have some basic background in hardware (digital systems, computer architecture, etc.). In addition, they should be familiar with VHDL and have basic experience with using processors and FPGAs.
Said Hamdioui is currently Chair Professor on Dependable and Emerging Computer Technologies, Head of the Quantum and Computer Engineering department, and also serving as Head of the Computer Engineering Laboratory (CE-Lab) of the Delft University of Technology, the Netherlands. He is also co-founder and CEO of Cognitive-IC, a start-up focusing on hardware dependability solutions and consultancy.
Hamdioui received the MSEE and PhD degrees (both with honors) from TUDelft. Prior to joining TUDelft as a professor, Hamdioui spent about seven years within industry including Intel Corporation (Califorina, USA), Philips Semiconductors R&D (Crolles, France) and Philips/ NXP Semiconductors (Nijmegen, The Netherlands). His research focuses on two domains: Dependable CMOS nano-computing (including Testability, Reliability, Hardware Security) and emerging technologies and computing paradigms (including memristors for logic and storage, in-memory-computing for big-data applications).
Hamdioui owns two patents, has published one book and contributed to other two, and had co-authored over 200 conference and journal papers. He has consulted for many companies (such as Intel, ST, Altera, Atmel, Renesas, …) in the area of memory testing and has collaborated with many industry/research partners (examples are Intel, IBM, IMEC, NXP, Intrinsic ID, DS2, ST Microelectronics, Cadence, Politic di Torino, etc) in the field of dependable nano-computing and emerging technologies. He is strongly involved in the international community as a member of organizing committees or a member of the technical program committees of the leading conferences. He delivered dozens of keynote speeches, distinguished lectures, and invited presentations and tutorial at major international forums/conferences/schools and at leading semiconductor companies. Hamdioui is a Senior member of the IEEE, Associate Editor of IEEE Transactions on VLSI Systems (TVLSI), and he serves on the editorial board of IEEE Design & Test, Elsevier Microelectronic Reliability Journal, the Journal of Electronic Testing: Theory and Applications (JETTA), and ACM JETC He is also member of AENEAS/ENIAC Scientific Committee Council (AENEAS =Association for European NanoElectronics Activities).
Hamdioui is the recipient of many international/national awards. E.g., he is the recipient of European Design Automation Association Outstanding Dissertation Award 2001; Best Paper Award at the International Conference on Frontier of Computer Science and Technology FCST-2017; Teacher of the Year Award at the faculty of Electrical Engineering, Delft University of Technology, the Netherlands; Best Paper Award at IEEE Computer Society Annual Symposium on VLSI (IVLSI) 2016; the 2015 HiPEAC Technology Transfer Award, Best Paper Award at 33rd IEEE International Conference on Computer Design ICCD 2015, Best paper Award at International conference on Design and Test of Integrated Systems in the nano-era DTIS 2011, IEEE Nano and Nano Korea award at IEEE NANO 2010, Intel informal Award for developed test methods for embedded caches in Itanuim processors. In addition, he is a leading member of Cadence Academic Network on Dependability and Design-for-Testability, and he was nominated for The Young Academy of the Royal Netherlands Academy of Arts and Sciences (KNAW) in 2009.
Mottaqiallah Taouil received his Master of Science and Doctoral degree (with honors) from Delft University of Technology, Delft, the Netherlands, in 2009 and 2014, respectively. During his PhD, he developed 3D-COSTAR which has been awarded with Hipeach Technology Transfer Award in 2015. After his PhD, he has been working as a Post-Doctoral researcher at the Computer Engineering Lab of the same university until 2018 where he subsequently was appointed as an assistant professor. During this period, he has been collaborating with several academic and industrial and partners such as ESA (the Netherlands), IMEC (Belgium) etc. His research focuses on two domains: Dependability (including reliability, testability, hardware security) and emerging computer paradigms (3D stacked ICs, resistive architectures). Taouil published over 90 journal and conference papers in a variety of topics, with a total citations of 693, h-index=16 and i10-index=25. He has reviewed articles for many major journals and conferences and received several best papers awards in a variety of topics. Taouil has been involved in teaching several courses such as VLSI Test Technology & Reliability, Algorithms and Data Structures, System Programming in C and developed a new course on hardware security. Furthermore, he has been involved in many professional activities such as organizing conferences and summer schools, where he took several positions such as Program Chair, Publication Chair, Web Chair, etc.
Fethulah Smailbegovic is currently a CTO of CognitiveIC, a spin off from Quantum and Computer Engineering department at the Delft University of Technology, the Netherlands. He received his Diploma (MSc) in Informatik (Computer Science) from University in Bonn, Germany. Prior to co-founding CognitiveIC, Mr. Smailbegovic spent more than 17 years in semiconductor and embedded system industry working on different chip architectures for different applications (defense, automotive, audio and video, security). His working stations (as chip designer, technical leader or project manager managing multimillion € projects) include Thales Defence (Stuttgart, Germany), NXP Semiconductors (Hamburg, Germany), Renesas Electronics Europe (Dusseldorf, Germany), IntrinsicID (Eindhoven, The Netherlands), Escrypt (Bochum, Germany). His research focuses on novel chip architectures based on the models from nature (Swarm and Plant Intelligence) to significantly improve cybersecurity defenses.
Noureddin Iaabdlazizan: He is currently the CEO of the Belgian Company Arendtech BVBA. He studied Computer Engineering at The Delft University of Technology. The field of his experience ranges from program and project management of complex cross-border projects to strategic advice to top management in public and private sector. He acquired more than 22 years of experience in delivering and overseeing large and various projects/solutions, in Europe, Middle East and Africa. The served markets range from Defence: ERP (including C4ISR); Banking Sector: (Corporate Credit Risk Management), Government Sector (The Netherlands), the Flemish Government (Belgium) where he was the program manager for the biggest projects of Antwerp City , such as Master Plan Wilrijk, Den Bell and MAS. Besides management skills he possesses a strong technical background in Cyber Security, Internet Of things (IOT) platforms and technologies, Computer Engineering and a solid background in networking technologies.