Ever noticed how the grandest of ideas tend to be as simple as a cat chasing a laser pointer? Yup, they're often just basic equations, straightforward sentences, or a delightful combo of both. When I dive into the spaghetti bowl of technical jargon, I'm on a quest to fish out that golden 'Aha!' noodle from a paper. And guess what? I bookmark those papers right here, kinda like leaving breadcrumbs for my future brainy self.

  1. "Lend Me Your Ear: Passive Remote Physical Side Channels on PCs" USENIX'22.
    idea icon: Your PC's microphone(s) picks up a lot of noise that leaks information about your cpu workloads.
    comment: Computation dependent leakage through EM, captured by microphone: let that sink in.
  2. "Understanding Vmin Failures for Improved Testing of Timing Marginalities" ITC'22.
    idea icon: Investigates the run time failures due to Vmin-induced soft errors that go undetected during typical tests.
    comment: This paper says that most Vmin errors actually caused by one weak transistor in a path!
  3. "SecSoC: A Secure System on Chip Architecture for IoT Device" HOST'22.
    idea icon: Adding compile-and run-time security support to a program through a custom and tightly coupled co-processor.
    comment: The idea seems to be a very (very) expensive solution to a problem that already has a production level and awesome solution. Think about TrustZone-M with a crypto-engine, which should tackle IoT security breach easily (not nothing is perfect I know!) or at least provide a similar security guarantee as this paper. I wish the authors had included a little more discussion on SecSoc vs. TrustZone-M.
  4. "Abetting Planned Obsolescence by Aging 3D Networks-on-Chip" NOC'18.
    idea icon: Stress the TSV's in 3D SoC's NoC to induce runtime failure after a certain period to create a planned obsolescence scenario.
    comment: I find this threat model is a little funny. Why OEMs (e.g. Apple) need to design a shrewd attack to destroy their closed-sourced device? they can just implant some timing-based delay insertion blocks that can be activated with software (hey they have all the access in the world.)
  5. "PISTIS: Trusted Computing Architecture for Low-end Embedded Systems." Security'22.
    idea icon: Virtualize memory protection in embedded MUCs and replace unsafe brances (call *r1) with safe ones and verify that at compile time.
    comment: Feels like they tried to make an ARM-TZ in software (with compile time support). Boy the overhead is huge!
  6. "O’Clock: Lock the Clock via Clock-gating for SoC IP Protection." DAC'22.
    idea icon: Make the internal clock signals a function of a key so that in the absence of correct key clock network becomes non-functional.
    comment: If an attacker has access to a working chip and reversed net list, why can't he/she figure out the no-clock signal?
  7. A Robust Authentication Methodology Using Physically Unclonable Functions in DRAM Arrays
    idea icon If we look at the access time failure of a DRAM array, we should be able to design a signture out of it. This true beacuse manufacturing vartiation should introduce inter-cell access time variability.
  8. Colp, Patrick, et al. "Protecting data on smartphones and tablets from memory attacks." Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems. 2015.
    idea icon: Put sensitive code and data in the on-chip RAMs (e.g. iRAMs or Caches) to protect cold boot
    comment: Great paper. I am about to break it though.
  9. Luo, Lan, et al. "On runtime software security of trustZone-m based iot devices." arXiv preprint arXiv:2007.05876 (2020).
    idea icon: You lock everything but the door itself has a security problem so you can break-in.
    comment: The assumption that the door has a problem is already exploding my brain with a question: why are you exploring the property of a lock if door already has a bug?
  10. Karageorgos, Ioannis, et al. "Chip-to-Chip Authentication Method Based on SRAM PUF and Public Key Cryptography." Journal of Hardware and Systems Security 3.4 (2019): 382-396..
    idea icon: we can split an SoC into two to protect the usual attacks and apply PUF to authenticate untrusted portion.
    comment: I have to read more on split-chip to fully appreciate the solution.
  11. P. Poudel, B. Ray and A. Milenkovic, " Flashmark: Watermarking of NOR Flash Memories for Counterfeit Detection," 2020 57th ACM/IEEE Design Automation Conference (DAC), San Francisco, CA, USA, 2020, pp. 1-6, doi: 10.1109/DAC18072.2020.9218521.
    idea icon: Utilize flash memory cell's aging to make a watermark
    comment: This is actually an application of flash memory-based steganography system by Dr. Suh.
  12. J. McMahan, W. Cui, L. Xia, J. Heckey, F. T. Chong and T. Sherwood, "Challenging on-chip SRAM security with boot-state statistics," 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, 2017, pp. 101-105, doi: 10.1109/HST.2017.7951806.
    idea icon: SRAM wear burns in data in the boot statistics that we can use to break on-chip crypto
    comment: Wish they used a little more recent and practical devices to evalute the performace.
  13. Provelengios, George, Daniel Holcomb, and Russell Tessier. "Characterizing power distribution attacks in multi-user FPGA environments." 2019 29th International Conference on Field Programmable Logic and Applications (FPL). IEEE, 2019.
    idea icon: Exessive power consumption in one part of a partially configured FPGA can inject power glitches in another part to create timing failures in other parts.
    comment: Oh man! this is great threat fro shared FPGAs.
  14. Zuck, Aviad, et al. "Stash in a Flash." 16th {USENIX} Conference on File and Storage Technologies ({FAST} 18). 2018. Idea: Just define your own voltage level to hide information beyond what voltage is defined by the vendor Remark: The throughput and capacity is really high!
  15. Wang, Xinmu, et al. "Talukder, B. M. S., et al. "Towards the Avoidance of Counterfeit Memory: Identifying the DRAM Origin." arXiv preprint arXiv:1911.03395 (2019)." 2011 IEEE 29th International Conference on Computer Design (ICCD). IEEE, 2011.
    idea icon: DRAM timing violation depends on the manufacturer and its intrinsic properties.
    comment: The article is technically sound but why can't we burn the manufacturer ID to verify the source of DRAM?
  16. Yushi Cheng, Xiaoyu Ji, Juchuan Zhang, Wenyuan Xu, and Yi-Chao Chen. 2019. DeMiCPU: Device Fingerprinting with Magnetic Signals Radiated by CPU. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19). Association for Computing Machinery, New York, NY, USA, 1149–1170. DOI:https://doi.org/10.1145/3319535.3339810
    idea icon: CPU and power supply emits magnetic signals when current flows through the wire so look at that you have a device fingerprint.
    comment:I am surprised by the simplicity of the idea.
  17. Jeffrey Hicks, et al. "45nm Transistor Reliability" Intel Technology Journal, Volume 12, Issue 2, 2008 .
    idea icon: Authors tried to address some of the reliability issues of 45nm Node.
    comment: NBTI effect described here clearly indicated the progressive aging effect on threshold voltage and trans-conductance.
  18. Liu, Muqing, et al. "A data remanence based approach to generate 100% stable keys from an sram physical unclonable function." 2017 IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED). IEEE, 2017.
    idea icon: Just look at the cells who fails first when you power down the SRAM and those cells are the strongly biased to the flipped value.
    comment: Very good work if we consider this for key generation.
  19. Liu, Muqing, et al. "A data remanence based approach to generate 100% stable keys from an sram physical unclonable function." 2017 IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED). IEEE, 2017.
    idea icon: Just look at the cells who fails first when you power down the SRAM and those cells are the strongly biased to the flipped value.
    comment: Very good work if we consider this for key generation.
  20. Guin, Ujjwal, et al. "Detecting Recycled SoCs by Exploiting Aging Induced Biases in Memory Cells." 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, 2019.
    idea icon: Most data are biased towards 0s so it's going to age the cells in a way that makes it more likely to power-up as 1s.
    comment: A simple observation with a powerful implication-> no SRAM PUF is viable for very long time. This work is from my past lab, and I really think its great work. Bravo-> Wendong
  21. Holcomb, Daniel E., Wayne P. Burleson, and Kevin Fu. "Power-up SRAM state as an identifying fingerprint and source of true random numbers." IEEE Transactions on Computers 58.9 (2008): 1198-1210.
    idea icon: Use SRAM power up states to generate ID and Random numbers.
    comment: Probably this the pioneer work on SRAM based fingerprinting and TRNG generation.
  22. BRUCE C. BERNDT. "HOW TO WRITE MATHEMATICAL PAPERS "https://faculty.math.illinois.edu/~berndt/writingmath.pdf.
    idea icon: Describes some interesting aspects of typical writers and provides feedback in a real satirical way.
    comment: "...How long did it take you to develop this proof? You cannot expect readers to come to the same reasoning in a much shorter period of time without being aided along the way."
  23. Ghosh, Pallabi, and Rajat Subhra Chakraborty. "Counterfeit IC detection by image texture analysis." 2017 Euromicro conference on digital system design (DSD). IEEE, 2017.
    idea icon: A method to detect a counterfeit IC by comparing the texture and indents of an original package to other test ICs with 100% in detection accuracy.
    comment:This method uses no expensive hardware support except digital camera-sounds cool!.
  24. Chen, Shuai, et al. "Chip-level anti-reverse engineering using transformable interconnects." 2015 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS). IEEE, 2015.
    idea icon: Use Vertical interconnect Access (via) that can change and become indistinguishable from the passive layer of an IC so that an adversary cannot extract the netlist by reverse engineering.
    comment:I agree that the proposed method has strong reasoning to be secure against reverse engineering when the circuit is large.

Top