Introduction to the Special Issue on the Digital Threats of Hardware Security

Digital threats to computing and network security continue their relentless advance, with malware growing in sophistication and frequently targeting the lower levels of the computing stack. Recently, these threats have evolved and started to target hardware vulnerabilities. Such attacks are hard to detect at the higher abstraction levels and even harder to mitigate given the challenges of changing the hardware infrastructure. To be effective, defensive measures must also consider the physical effects of computing at lower levels of the hardware stack, defending against hardware side-channel attacks, counterfeit chip production, untrusted foundries, and supply-chain security threats, as well as incorporating side-channel information and other hardware-layer behaviors in defensive tools.

This special issue invited submissions in this area, including novel research and experimentation results involving digital threats to hardware security. We selected six papers ranging from exploitation of hardware effects through software- and hardware-supported protections. Each submission was reviewed by at least three reviewers through multiple rounds, helping to strengthen and clarify the authors' contributions. Below we outline all six outstanding articles that are accepted for publication in this special issue.

The first article begins by considering an attack requiring no special privileges. “Classifying Co-Resident Computer Programs Using Information Revealed by Resource Contention” examines resource contention as a possible side channel from which to reveal information about programs running on a shared processor. The authors demonstrate that user-level privileges are sufficient to discover information about another running program.

In the never-ending game of cat and mouse, developers would like to make reverse engineering difficult, both for static and dynamic analysis of code. In the second article, “Code Polymorphism Meets Code Encryption: Confidentiality and Side-Channel Protection of Software Components”, the authors demonstrate the use of encrypted binaries, decrypted only inside the processor, which renders the task of reverse engineering the static binary quite difficult. The code also employs polymorphism, systematically changing its dynamic behavior, and thereby greatly complicating the task of dynamic analysis as well.

Physically Unclonable Functions (PUFs) are a technique to exploit device-unique fabrication imperfections for fingerprinting the hardware. Although there are many existing PUF-based protocols, their constructions are ad-hoc and without standardization or rigorous testing. The third article, “Lessons Learned: Analysis of PUF-based Authentication Protocols for IoT,” surveys numerous PUF-based authentication protocols and highlights their common weaknesses and design flaws. The paper thus informs future cryptographers and algorithm developers.

The issues with supply-chain security and counterfeit products can lead to economic loss or compromise critical cyber infrastructure. The fourth article, “Sensor Identification via Acoustic Physically Unclonable Function,” demonstrates a new PUF-based device authentication system through acoustic waves. The paper quantifies the feasibility of the proposed technique and enables a new solution for sensor authentication.

Logic locking tackles the circuit reverse engineering problem and aims to obfuscate digital circuits such that even untrusted foundries possessing the netlist information are unable to reverse engineer the circuit. The fifth article, “GALU: A Genetic Algorithm Framework for Logic Unlocking,” addresses fundamental computational limitations of earlier (satisfiability-based) attacks through genetic algorithms. The proposed attack, therefore, enforces building better circuit-level defenses for obfuscation.

With cyber threats, a defense that can observe the effects of an attack from outside the system being attacked holds an advantage. In the article “Towards Improving the Security of IoT and CPS Devices: An AI Approach”, the authors demonstrate the use of power consumption as a side channel, transforming the instantaneous power signal to a 2D image, thus unlocking many AI image recognition solutions to the problem of detecting anomalous behavior.

Articles in this issue emphasize a variety of new digital threats to hardware security and propose novel techniques to mitigate such threats. Through the publications in this edition, we aim to positively impact the future of this emerging threat landscape and help build more secure systems.

As guest editors, we are deeply grateful to the many authors who submitted articles to this special issue, as well as the volunteer reviewers who contributed valuable comments and suggestions. We would also like to thank the DTRAP Co-Editors-in-Chief, Arun Lakhotia and Leigh Metcalf, and ACM for their support and for giving us the opportunity to guide this special issue.