Thursday, September 26, 2019 HPSEC: High Performance Secure Extreme Computing 10:20-12:00 in Eden Vale C1/C2 Chair: Michael Vai / MIT-LL A Survey on Hardware Security Techniques Targeting Low- Power SoC Designs Alan Ehret (Boston Univ.), Karen Gettings (MIT-LL), Bruce R. Jordan Jr. (MIT-LL), Michel A. Kinsy (Boston Univ.) In this work we survey hardware-based security techniques applicable to low-power system-on-chip designs. Techniques related to a system’s processing elements, volatile main memory and caches, non-volatile memory and on-chip interconnects are examined. Threat models for each subsystem and technique are considered. Performance overheads and other tradeoffs for each technique are discussed. Defenses with similar threat models are compared. Securing HPC using Federated Authentication Andrew Prout, William Arcand, David Bestor, Bill Bergeron, Chansup Byun, Vijay Gadepally, Michael Houle, Matthew Hubbell, Michael Jones, Anna Klein, Peter Michaleas, Lauren Milechin, Julie Mullen, Antonio Rosa, Siddharth Samsi, Charles Yee, Albert Reuther, Jeremy Kepner (MIT-LL) Federated authentication can drastically reduce the overhead of basic account maintenance while simultaneously improving overall system security. Integrating with the user's more frequently used account at their primary organization both provides a better experience to the end user and makes account compromise or changes in affiliation more likely to be noticed and acted upon. Additionally, with many organizations transitioning to multi-factor authentication for all account access, the ability to leverage external federated identity management systems provides the benefit of their efforts without the additional overhead of separately implementing a distinct multi-factor authentication process. This paper describes our experiences and the lessons we learned by enabling federated authentication with the U.S. Government PKI and InCommon Federation, scaling it up to the user base of a production HPC system, and the motivations behind those choices. We have received only positive feedback from our users. Synthesis of Hardware Sandboxes for Trojan Mitigation in Systems on Chip Christophe Bobda (Univ. Florida), Taylor Whitaker (Univ. Arkansas), Joel Mandebi Mbongue (Univ. Florida) In this work, we propose a high-level synthesis approach for hardware sandboxes in system-on-chip. Using interface formalism to capture interactions between non-trusted IPs and trusted parts of a system on chip, along with the properties specification language to specify non-authorized actions of non-trusted IPs, sandboxes are generated and made ready for inclusion as IP in a system-on-chip design. The concepts of composition, compatibility, and refinement are used to capture illegal actions and optimize resources across the boundary of single IPs. We have designed a tool that automatically generates the sandbox and facilitates their integration into system-on chip. Our approach was validated with benchmarks from trusthub. com and FPGA implementations. All our results showed 100% Trojan detection and mitigation, with only a minimal increase in resource overhead and no performance decrease. Garbled Circuits in the Cloud using FPGA Enabled Nodes Kai Huang (Northeastern), Mehmet Gungor (Northeastern), Xin Fang (Qualcomm), Stratis Ioannidis (Northeastern), Miriam Leeser (Northeastern) Data privacy is an increasing concern in our interconnected world. Garbled circuits is an important approach used for Secure Function Evaluation (SFE); however it suffers from long garbling times. In this paper we present garbled circuits in the cloud using Amazon Web Services, and particularly Amazon F1 FPGA enabled nodes. We implement the garbler and evaluator in software, and show how F1 instances can accelerate the garbling process and rapidly adapt to several different applications. Experimental results, measured on AWS, indicate a 15 times speedup for garbling done using an FPGA. This results in total application speedup, including garbling, communications and evaluation, of close to three times over a large range of application sizes. BLAST: Blockchain-based Trust Management in Smart Cities and Connected Vehicles Setup Farah Kandah, Brennan Huber, Amani Altarawneh, Sai Medury, Anthony Skjellum (Univ. Tennessee Chattanooga) Advancement in communication technologies and the Internet of Things (IoT) is driving smart cities adoption that aims to increase operational efficiency of infrastructure, improve the quality of services, and citizen welfare, among other worthy goals. For instance, it is estimated that by 2020, 75% of cars shipped globally will be equipped with hardware to facilitate vehicle connectivity. The privacy, reliability, and integrity of communication must be ensured so that actions can be accurate and implemented promptly after receiving actionable information. Because vehicles are equipped with the ability to compute, communicate, and sense their environment, there is a concomitant critical need to create and maintain trust among network entities in the context of the network’s dynamism, an issue that requires building and validating the trust between entities in a small amount of time before entities leave each other’s range. In this work, we present a multi-tier scheme consisting of an authentication- and trust-building/distribution framework designed with blockchain technology to ensure the safety and validity of the information exchanged in the system. Through simulation, we illustrate the tradeoff between blockchain mining time and the number of blocks being generated as well as the effect of the vehicle speed on the number of blocks being generated.