Federated learning (FL) is an emerging distributed machine paradigm which addresses critical data privacy issues in by enabling clients, using aggregation server (aggregator), to jointly train a global model without revealing their training data. Thereby, it improves not only but also efficient as uses the computation power and of potentially millions clients for parallel. However, FL vulnerable so-called inference attacks malicious aggregators can infer information about clients' from...

As embedded devices (under the guise of "smart-whatever") rapidly proliferate into many domains, they become attractive targets for malware. Protecting them from software and physical attacks becomes both important challenging. Remote attestation is a basic tool mitigating such attacks. It allows trusted party (verifier) to remotely assess integrity remote, untrusted, possibly compromised, device (prover).

In the recent years, secure computation has been subject of intensive research, emerging from theory to practice. order make usable by non-experts, Fairplay (USENIX Security 2004) initiated a line research in compilers that allow automatically generate circuits high-level descriptions functionality is be computed securely. Most recently, TinyGarble (IEEE S&P 2015) demonstrated it natural use existing hardware synthesis tools for this task. work, we present how industrial-grade are not only...

Remote attestation is an important security service that allows a trusted party (verifier) to verify the integrity of software running on remote and potentially compromised device (prover). The existing schemes relies assumption attacks are software-only prover's code cannot be modified at runtime. However, in practice, these can bypassed stronger more realistic adversary model hereby capable controlling modifying memory attest benign but execute malicious instead - leaving underlying system...

We present a side-channel attack based on remanence decay in volatile memory and show how it can be exploited effectively to launch noninvasive cloning against SRAM physically unclonable functions (PUFs) - an important class of PUFs typically proposed as lightweight security primitives, which use existing the underlying device. validate our approach using instantiated two 65-nm CMOS devices. discuss countermeasures propose constructive improve resistance PUFs. Moreover, further contribution...

Attacks targeting software on embedded systems are becoming increasingly prevalent. Remote attestation is a mechanism that allows establishing trust in devices. However, existing schemes either static and cannot detect control-flow attacks, or require instrumentation of incurring high performance overheads. To overcome these limitations, we present LO-FAT, the first practical hardware-based approach to attestation. By leveraging processor hardware features commonly-used IP blocks, our...

Remote attestation is a security service that typically realized by an interactive challenge-response protocol allows trusted verifier to capture the state of potentially untrusted remote device. However, existing schemes are vulnerable Denial Service (DoS) attacks, which can be carried out swamping targeted device with fake requests.

Remote attestation is an important security service that allows a trusted party (verifier) to verify the integrity of software running on remote and potentially compromised device (prover). The existing schemes relies assumption attacks are software-only prover's code cannot be modified at runtime. However, in practice, these can bypassed stronger more realistic adversary model hereby capable controlling modifying memory attest benign but execute malicious instead — leaving underlying system...

Secure two-party computation has witnessed significant efficiency improvements in the recent years.Current implementations of protocols with security against passive adversaries generate and process data much faster than it can be sent over network, even a single thread.This paper introduces novel methods to further reduce communication bottleneck round complexity semi-honest secure computation.Our new methodology creates trade-off between computation, we show that added computing cost for...

Field Programmable Gate Arrays (FPGAs) are increasingly deployed in datacenters due to their inherent flexibility over ASICs or GPUs that makes them an ideal processing unit for emerging and dynamic area of deep learning other techniques algorithms rapidly evolving. To maximize utilization the cloud, researchers have proposed spatial multi-tenant deployment model, where FPGA fabric is simultaneously shared among mutually distrusting tenants. This enabled by leveraging partial reconfiguration...

In this paper we tackle the open paradoxical challenge of FPGA-accelerated cloud computing: On one hand, clients aim to secure their Intellectual Property (IP) by encrypting configuration bitstreams prior uploading them cloud. other service providers disallow use encrypted mitigate rogue configurations from damaging or disabling FPGA. Instead, require a verifiable check on hardware design that is intended run FPGA at netlist-level before generating bitstream and loading it onto FPGA,...

We present GarbledCPU, the first framework that realizes a hardware-based general purpose sequential processor for secure computation. Our MIPS-based implementation enables development of applications (functions) in high-level language while performing function evaluation (SFE) using Yao's garbled circuit protocol hardware. GarbledCPU provides three degrees freedom SFE which allow leveraging trade-off between privacy and performance: public functions, private semi-private functions....

Hardware security architectures and primitives are becoming increasingly important in practice providing trust anchors trusted execution environment to protect modern software systems. Over the past two decades we have witnessed various hardware solutions trends from Trusted Platform Modules (TPM), performance counters for security, ARM's TrustZone, Physically Unclonable Functions (PUFs), very recent advances such as Intel's Software Guard Extension (SGX). Unfortunately, these rarely used by...

Hardware security architectures and primitives are becoming increasingly important in practice providing trust anchors trusted execution environment to protect modern software systems. Over the past two decades we have witnessed various hardware solutions trends from Trusted Platform Modules (TPM), performance counters for security, ARM's TrustZone, Physically Unclonable Functions (PUFs), very recent advances such as Intel's Software Guard Extension (SGX). Unfortunately, these rarely used by...

Physically Unclonable Functions (PUFs) are still considered promising technology as building blocks in cryptographic protocols. While most PUFs require dedicated circuitry, recent research leverages DRAM hardware for due to its intrinsic properties and wide deployment. Recently, a new memory-based PUF was proposed that utilizes the infamous Rowhammer effect DRAM. In this paper, we show two remote attacks on DRAM-based PUFs. First, DoS attack exploits manipulate responses. Second, modeling...

Memory-unsafe programming languages like C and C++ leave many (embedded) systems vulnerable to attacks control-flow hijacking. However, defenses against attacks, such as (fine-grained) randomization or integrity are in-effective data-oriented more expressive Data-oriented Programming (DOP) that bypass state-of-the-art defenses.

Widespread use of memory unsafe programming languages (e.g., C and C++) leaves many systems vulnerable to corruption attacks. A variety defenses have been proposed mitigate attacks that exploit errors hijack the control flow code at run-time, e.g., (fine-grained) randomization or Control Flow Integrity. However, recent work on data-oriented (DOP) demonstrated highly expressive (Turing-complete) attacks, even in presence these state-of-the-art defenses. Although multiple real-world DOP...

PUFs are cost-effective security primitives that extract unique identifiers from integrated circuits. However, since their introduction, have been subject to modeling attacks based on machine learning. Recently, researchers explored emerging nano-electronic technologies, e.g., memristors, construct hybrid-PUFs, which outperform CMOS-only and claimed be more resilient attacks. such PUF designs not open-source, the claims remain dubious. In this paper, we reproduce a set of memristor-PUFs...

Non-volatile Self-reconfiguring VLSI units with System-on-Chip (SoC) architecture are emerging as solutions for many modern applications. In this work, we propose a man-ufacturer and trusted authority-resistant, peer-to-peer protected Intellectual Property IP-exchange technique between SoC units. A Trusted Authority (TA) authenticates post-manufacturing self-created random unknown Hardware-Software (HW-SW) secret digital function in each unit. The function, being implemented non-volatile...

In their continuous growth and penetration into new markets, Field Programmable Gate Arrays (FPGAs) have recently made way hardware acceleration of machine learning among other specialized compute-intensive services in cloud data centers, such as Amazon Microsoft. To further maximize utilization the cloud, several academic works propose spatial multi-tenant deployment model, where FPGA fabric is simultaneously shared mutually mistrusting clients. This enabled by leveraging partial...

Federated Learning (FL) has become very popular since it enables clients to train a joint model collaboratively without sharing their private data. However, FL been shown be susceptible backdoor and inference attacks. While in the former, adversary injects manipulated updates into aggregation process; latter leverages clients' local models deduce Contemporary solutions address security concerns of are either impractical for real-world deployment due high-performance overheads or tailored...

Federated Learning (FL) has become very popular since it enables clients to train a joint model collaboratively without sharing their private data. However, FL been shown be susceptible backdoor and inference attacks. While in the former, adversary injects manipulated updates into aggregation process; latter leverages clients' local models deduce Contemporary solutions address security concerns of are either impractical for real-world deployment due high-performance overheads or tailored...