Versions Compared

Version Old Version 3 New Version 4
Changes made by

Sara Faour

Sara Faour

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Title of the paper: A Primer on Hardware Security: Models, Methods, and Metrics

Available at: https://ieeexplore.ieee.org/abstract/document/6860363

...

  • Procuring intellectual property (IP) designs from thirdparty design houses, designing some components inhouse, combining both, and generating the IC layout.

  • A blueprint of the design (e.g., in terms of GDS-II layout format) is then sent to the foundry that develops a costly mask and manufactures the ICs.

  • The ICs are then tested at the manufacturing site and often also at third-party test facilities.

  • Finally, fault-free ICs are packaged and sold.

...

Camouflaging: This is a layout-level technique to hamper image-processing-based extraction of gate-level netlist.

Side-Channel Attacks

  • Side-channel attacks exploit the leakage of secret information through a physical modality when an application is being executed on a system.

  • Side-channel attacks are powerful and have been able to break most existing important cryptographic algorithms

  • Timing consumption, power consumption, electromagnetic (EM) emanations, photonic emissions, and acoustic noise of the system can be used to extract the secret key.

  • Fault attacks can be launched using lasers, glitches in power supplies and clocks, and X-rays.

  • An attacker can scan out the secret key, when the key storing registers are connected as a scan chain. It has been shown that the power/timing consumption of PUF circuits is directly correlated with the process variation that PUF secrets are based upon. Therefore, PUFs are also shown to be susceptible to side-channel attacks.

Threat Models

A realistic threat model must be developed first, and the defense should then vary depending upon the
capabilities of the attacker in collecting the side-channel measurements.

State-of-the-Art Defenses

  1. Leakage Reduction: These techniques decrease the dependency between the side-channel traces of IF and the secret information k.

  2. Noise Injection: The SNR of the measurable sidechannel information can be reduced by injecting artificial noise. Therefore, noise injection does not provide a theoretical security but it does increase the required work of an attacker to extract the secret keys.

  3. Key Update: Frequently updating the secret key prevents the accumulation of side-channel information by the adversary. This method uses a predefined sequence of keys (e.g., the output of a pseudorandom
    number generator) plus synchronized timings to ensure that the sequence of keys is consistent for both communicating parties.

  4. Side-Channel-Resistant PUFs: Due to effectiveness of side-channel attacks against PUFs, it is imperative that circuit countermeasures be used in future implementations. These countermeasures mitigate
    the correlation between the secret information and the measurable circuit delay/power consumption.

  5. Secure Scan Chains: In a secure scan approach, mirror key registers are used in sensitive parts of the circuits. These registers block unauthorized access to value of sensitive registers in the test mode of operation. In another approach, scan chains are divided into smaller subchains and access to them for regular users is randomized.

Counterfeiting

  • A counterfeit semiconductor component is an illegal forgery or imitation of the original component.

  • Although the common incentive for selling fake ICs is financial, the ease of inserting intentional hardware Trojans or spyware in fake ICs makes them a real security threat for the whole system which would eventually integrate the fake components.

Threat Models

  1. In scenario 1, defective ICs, i.e., those which failed the manufacture-time testing and have been discarded, are used in consumer products. An untrustworthy entity at the test facility can be the source of leaking defective ICs.

  2. In scenario 2, a dishonest entity in the IC supply chain mislabels a product and sells it as another IC potentially through a vendor.

  3. Scenario 3 is similar to scenario 2 except for the following difference: While the designer employs proactive techniques to prevent counterfeiting in scenario 2, the assembly use reactive techniques to detect counterfeiting in scenario 3.

State-of-the-Art Defenses

  1. Hardware Metering and Auditing: Hardware metering is a set of tools, methodologies, and protocols that enable postfabrication tracking of the manufactured ICs. Hardware metering may be passive, or active.

    1. In passive metering, part of the functionality of each IC can be specifically identified and used for metering, even for the ICs coming from the same mask. The identified ICs may be matched against their record in a preformed database that could reveal unregistered ICs or overbuilt ICs (in case of
      collisions).

    2. In active metering, parts of the chip’s functionality can be only accessed, locked (disabled), or unlocked (enabled) by the designer and/or IP rights owners, using a high level knowledge of the design.

  2. IC Fingerprints or PUFs

  3. Device Aging Models/Sensors: IC lifetime is influenced by a variety of phenomena. By employing
    sensors in ICs to measure these phenomena, an estimate of chip lifetime can be found which would prevent counterfeiters from selling used chips as new ones.

  4. IP Watermarking

New Terms

  • 3PIP: third-party IP

  • PUF: Physically unclonable functions

    • PUF is dependent on random physical factors (unpredictable and uncontrollable) that exist natively and/or are incidentally introduced during a manufacturing process.