Versions Compared

Version Old Version 2 New Version 3
Changes made by

Sara Faour

Sara Faour

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Title of the paper: A Primer on Hardware Security: Models, Methods, and Metrics

Available at: https://ieeexplore.ieee.org/abstract/document/6860363

Table of Contents
minLevel1
maxLevel7

Introduction

Motivation

  • All algorithmically secure cryptographic primitives and protocols rely on a hardware root of trust to deliver the expected protections when implemented in software.

  • This paper systematizes the knowledge for a number of important contemporary problems in hardware security. It classifies hardware-based threats, defenses, and metrics to evaluate the effectiveness of the developed defenses.

IC Supply Chain

Designing an IC involves:

  • Procuring intellectual property (IP) designs from thirdparty design houses, designing some components inhouse, combining both, and generating the IC layout.

  • A blueprint of the design (e.g., in terms of GDS-II layout format) is then sent to the foundry that develops a costly mask and manufactures the ICs.

  • The ICs are then tested at the manufacturing site and often also at third-party test facilities.

  • Finally, fault-free ICs are packaged and sold.

...

There are multiple points within this supply chain where things can go wrong. The following hardware-based threats are possible.

  • IP piracy and IC overbuilding: An IP user or a rogue foundry may illegally pirate the IP without the knowledge and consent of the designer. A malicious foundry may build more than the required number of ICs and sell the excess ICs in the gray market.

  • Reverse engineering (RE): An attacker can reverse engineer the IC/IP design to his/her desired abstraction
    level. He can then reuse the recovered IP or improve it.

  • Side-channel analysis: An attacker can extract the secret information by exploiting a physical modality (power consumption, timing, or electromangnetic emission) of the hardware that executes the target application.

  • Counterfeiting: An attacker illegally forges or imitates the original component/design.

Systematization of Hardware Security Knowledge

...

Paper Organization

  • Section II focuses on hardware Trojans.

  • Section III details IP piracy and IC overbuilding.

  • Section IV discusses reverse engineering.

  • Section V explains side-channel attacks, and

  • Section VI describes counterfeiting.

For each attack, the threat model, the state-of-the-art defenses, and the metrics used to evaluate the defenses are systematized.

Hardware Trojans

  • A hardware Trojan is a malicious modification to a circuit.

  • The Trojan may control, modify, disable, or monitor the contents and communications of the underlying computing device.

  • Trojan detection is difficult.

Threat Models

There is two common scenarios for a hardware Trojan attack.

  1. In the first scenario, an attacker in the foundry inserts a Trojan into the design by manipulating
    the lithographic masks. These Trojans are in the form of addition, deletion or modification of gates.

  2. In the second scenario, a malicious IP is designed either by a rogue in the third-party IP (3PIP) design house or by a rogue in the inhouse design team.

State-of-the-Art Defenses

  • Most techniques attempt to detect Trojans inserted in the foundry. There are at least two possible ways to detect this class of Trojans: invasive and noninvasive.

  • Defenses against malicious 3PIP and insider attacks include self-monitoring and static verification.

IP piracy and IC overbuilding

An attacker with access to an IP or an IC can steal and claim ownership and/or can overbuild and sell them illegally.

Threat Models

  1. In scenario 1, the attacker in the integration house may pirate the 3PIP or use more than the licensed number of 3PIP instances.

  2. In scenario 2, the attacker in the foundry may pirate the 3PIP after extracting it from the layout of the design.

  3. In scenario 3, the attacker in the foundry may pirate the IC design and/or overbuild.

State-of-the-Art Defenses

Five methods have been developed to thwart piracy and overbuilding: obfuscation, watermarking, fingerprinting, metering, and split manufacturing.

  • In scenarios 1 and 2, the 3PIP vendor may protect his IP by obfuscating it, or by embedding his watermark, or by inserting a separate watermark in each instance of the IP (also called a fingerprint).

  • In scenario 3, the integrator may obfuscate or embed his watermark or fingerprint the design before delivering it to the foundry.

  1. Watermarking:

    1. A designer’s signature is embedded into the design artifact. The designer can later
      reveal the watermark and claim ownership of an IC/IP. Watermarks may include addition of black-hole states to the finite state machine (FSM), addition of secret constraints during high level, logic and physical synthesis, and field-programmable gate array (FPGA) design.

  2. Fingerprinting:

    1. It helps the defender to track the source of piracy by embedding the signature of the buyer (for instance, his public key) along with the watermark of the designer. When challenged, the designer can reveal the watermark to claim the ownership and the buyer’s signature to reveal the source of piracy.

    2. Similar to watermarking, fingerprinting can also be applied during high-level, logic, and physical synthesis.

  3. Obfuscation:

    1. Obfuscation hides the functionality and implementation of a design by inserting additional gates into it. In one type of obfuscation, xor/xnor gates, and memory elements are added. The obfuscated design will function correctly only on applying the correct value to these gates and memory elements.

    2. In another type of obfuscation, the FSM of the design is obfuscated. An FSM can be obfuscated by adding extra states and/or transitions into it.

      1. Some states in the original FSM may be replicated

      2. invalid transitions between states may be added

      3. unused states can be utilized

      4. additional states with no outward transitions, referred to as black hole states, can be
        added

    3. In all these techniques, only a valid key leads to the correct functionality; an invalid key leads the design into invalid states or transitions, and maybe into
      black hole states where the design will be stuck.

  4. Metering:

    1. It is a set of tools, methodologies, and protocols used to track a manufactured IC. In passive metering, part of an IC’s functionality is used for metering. The identified ICs are matched against their record in
      a database. This will reveal unregistered ICs or overbuilt ICs. In active metering, parts of the IC’s functionality can be only accessed, locked, or unlocked by the designer and/or IP rights owners.

    2. The difference between metering and obfuscation is that while metering uses a unique unlock key per IC, obfuscation just locks the IC.

  5. Split Manufacturing:

    1. The layout of the design is split into the front-end-of-line (FEOL) layers and back-end-ofline
      (BEOL) layers. They are then fabricated separately in different foundries.

    2. Postfabrication, the FEOL and BEOL wafers are aligned and integrated together using either electrical, mechanical, or optical alignment techniques.

Reverse Engineering

RE of an IC involves:

  1. identifying the device technology used in it

  2. extracting its gate-level netlist

  3. inferring its functionality

Threat Models

  • In scenario 1, the attacker in the integration house can reverse engineer the 3PIP. The 3PIP vendor can protect his IP by obfuscating it. The foundry and the user are assumed to be untrustworthy.

  • In scenario 2, the attacker in the foundry can extract the 3PIP from the layout of the IC. Similar to RE scenario 1, the vendor can obfuscate his IP before delivering it to the untrustworthy system-on-chip (SoC)
    integrator.

  • In scenario 3, the attacker in the foundry can reverse engineer the IC. He can extract the transistor-level
    netlist from the layout, and then the gate-level netlist from it. The integrator can protect the design by
    obfuscating it.

  • In scenarios 4–8, the user is the reverse engineer. He may depackage the IC, delayer it, image the layers, stitch those images, and extract the netlist. While a 3PIP vendor may obfuscate his IP (RE scenario 4), an integrator may obfuscate the layout (RE scenario 5). A trusted foundry might camouflage the layout (RE scenarios 6–8). This will provide an additional layer of defense beyond obfuscation (RE scenarios 7 and 8).

State-of-the-Art Defenses

Obfuscation and camouflaging can thwart RE.

  • In scenarios 1, 2, 4, and 7, a 3PIP vendor can obfuscate his IP.

  • In scenarios 3, 5, and 6, an SoC integrator can obfuscate his design.

A trusted foundry can camouflage the layout (scenarios 6–8) and add a layer of defense beyond obfuscation.

Camouflaging: This is a layout-level technique to hamper image-processing-based extraction of gate-level netlist.

Side-Channel Attacks

Threat Models

State-of-the-Art Defenses

Counterfeiting

Threat Models

State-of-the-Art Defenses

New Terms

  • 3PIP: third-party IP