Secure and Efficient Initialization and Authentication Protocols for SHIELD
Speaker: Chenglu JinWith the globalization of semiconductor production, outsourcing IC fabrication has become a trend in various aspects. This, however, introduces serious threats from the entire untrusted supply chain. To combat these threats, DARPA (Defense Advanced Research Projects Agency) proposed in 2014 the SHIELD (Supply Chain Hardware Integrity for Electronics Defense) program to design a secure hardware rootoftrust, called dielet, to be inserted into the host package of legitimately produced ICs. Dielets are RF powered and communicate with the outside world through their RF antennas. They have sensors which allow them to passively (without the need for power) record malicious events which can later be read out during an authentication protocol between the dielet and server with a smartphone as intermediary. This paper introduces a general framework for the initialization and authentication protocols in SHIELD with different adversarial models based on formallydefined security games. We introduce a “tryandcheck” attack against DARPA’s example authentication protocol in their call for SHIELD proposals which nullifies the effectiveness of SHIELD’s main goal of being able to detect and trace adversarial activities with significant probability. We introduce the first concrete initialization protocol and, compared to DARPA’s example authentication protocol, introduce an improved authentication protocol which resists the tryandcheck attack. The area overhead of our authentication and initialization protocols together is only 64bit NVM, one 8bit counter and a TRNG based on a single SRAMcell together with corresponding control logic. Our findings and rigorous analysis are of utmost importance for the teams which received DARPA’s funding for implementing SHIELD.