Hardware Testing and Security Requirements in the Nano Era

(1)

Secure Hardware in the

Secure Hardware in the Nano

Nano Era:

Era:

Some New Directions

S

Bh i

Swarup Bhunia

T. and A. Schroeder Associate Professor

Electrical Engineering and Computer Science

March ISQED 2015 1

SoC

SoC Security Issues & Protection

Security Issues & Protection

Trojan-resistant

S

D-f-S Solutions

design; improved

detectability

*

S

pans

a

Hardware

Obfuscation

#

_;

Protect IP Eval

all stag

e

_{Protect IP Eval.}

Copy

^

_{, PUF}

$

es in I

C

SCA resistant

Design

**

_{; Prevent}

C

life cy

c

_{Design ; Prevent}

scan-based

attack

***

cle

*_{Wang et al.,}_{DFT, 2012}_,*_{Narasimhan et al., Tcomp 2012,}*_{Chakraborty et al., CHES 2009, ^Narasimhan et al., D&T, 2012} $_{Krishna et al., CHES 2011;}$_{Zheng et al. ASP-DAC 2013,}$_{Zheng et al, DAC 2013,}***_{Paul et al, VTS 2007}

(2)

Protection against IP Piracy:

otect o aga st

acy

Hardware Obfuscation

March ISQED 2015 3

• Primarily protects the IP owner!

What are the challenges?

Hardware

Trojan Attacks!

Taxonomy of hardware IP security issues

ISQED 2015

(3)

Security Through

Security Through Obfuscation

Obfuscation

B

i Id

Basic Idea:

● Obfuscate the design

functionally and

structurally

● Achieved by modifying

y

y g

the state transition function

● Normal behavior is

enabled

only upon

enabled

only upon

application of a key!

P

t ill

l

f IP !

March ISQED 2015 5

Prevents illegal usage of IPs!

Chakraborty & Bhunia, ICCAD 2008

Chakraborty & Bhunia, TCAD 2009

Results: Trojan

Results: Trojan Detectability

Detectability

=

2 21% average

improvement in Trojan

S

ignals

=

coverage

T

rigger

S

11% area 11% po er

Overhead:

T

4 • ~11% area, 11% power

overhead at iso-delay

• Average run-time: ~1200

gnals =

_{Average run time: 1200}

seconds (90% of total run-time

taken by

Tetramax

)

igger Si

g

Tr

i

(4)

IP Vendor

Hardware IPs

From the SoC

designer’s

Memory Bus CPU Hardware IPs Trojan

designer s

perspective,

integrity of 3

rd

Party IPs need

S C D i

H

DSP

Backdoor

Party IPs need

to be checked!

SoC Design House

IP Trust Validation

tion

SoC Integration

a

lida

t

SoC Design Convergence

SoC DSP CPU

st

V

a

Foundry

DSP CPU Memory Bus

P

Tr

u

s

March ISQED 2015 7

IP

Anti

Anti--Counterfeiting Design Solutions

Counterfeiting Design Solutions

g

(5)

Threats & Vulnerabilities

Gl b ll di t ib t d

i

d t

b i

d l

• Globally distributed semiconductor business model

- Ample sneak paths to insert counterfeit chips

Semiconductor Business Model

Ways for Counterfeiting ICs

• Two Broad Categories:

-

Recycled/Remarked:

selling of used/aged chips as new

March ISQED 2015 9

-

Recycled/Remarked:

selling of used/aged chips as new

-

Cloned New Chips: IP piracy, reverse-eng, overproduction

Examples of Physical

Examples of Physical Unclonable

Unclonable

Functions (PUFs)

RO PUF

-Gassend

et al, 2002,

Suh

et al, 2007

Arbiter PUF

-Lee

et al, 2004

PUF using

on-chip

structure!

SRAM PUF

-Guajardo

et al,

Holcomb

et al,

2007

Butterfly PUF

-Kumar

et al,

2008

(6)

PUFs Using On

PUFs Using On--Chip Structure

Chip Structure

Good

for

legacy

chips

MECCA PUF

-Krishna

et al

-Krishna

et al,

CHES 2011

RESP PUF

-

Zheng et al, DAC

2013

Scan PUF

March ISQED 2015 11

-Zheng

et al,

ASP-DAC 2013

Active Defense against IC Cloning

• A chip locking approach with

antifuses (AF)

on I/O port

- AF is an

AF is an

OTP, normally open

switch

switch (R

1

(R

_off_off

~ 100M – 1G

100M 1G

ῼ

)

- AF program on

correct key input

(stored in on-chip NVM)

-

Active defense

against recycling/cloning

g

y

g

T

a

mper

-S

, 2014

-evident S

• Test path

provided for each

e

t al., VT

S

eal

locked pin through

e-fuse

2

• IC/Device

family specific key

Basak

e

ISQED 2015

1. W. T. Li et al., EDL, 2000

2. N. Robson et al., CICC, 2007

(7)

Hardware Trojan Attacks

Hardware Trojan Attacks:

:

““

A

P

bl

f

P

bl

f

H ll

**

””

Problem from

Problem from Hell

Hell

**

””

Bhunia et al.

PIEEE, 2014

March ISQED 2015 13 *

_{Michael Hayden}

HW Trojan Attacks: in

the News

(8)

HW Trojan Threats

jj

Most vulnerable stages!

Modern SoC Design and Manufacturing Flow*

March ISQED 2015 15

*http://www.darpa.mil/MTO/solicitations/baa07-24/index.html

HW Trojan Examples/Models

Comb Trojan Example

Seq Trojan Example

MOLES

*

_{: Info Leakage Trojan}

Comb Trojan Example

q

j

p

g

j

Comb Trojan model

Seq. Trojan Model

ISQED 2015

System level view

(9)

Introduction to Trojan Detection

jj

• Taxonomy of Existing Trojan Detection Approaches

Side-channel approaches do not require triggering the

March ISQED 2015 17

pp

q

gg

g

Trojan to observe its impact at primary input nodes.

Methodology

gy



Multiple-parameter Approach for Trojan

Detection



Due to process variations, it is extremely

p

,

y

challenging to detect the Trojan by

considering F

g

_max

or I

_DDT

individually.

y

(10)

Methodology

gy

• Multiple-parameter Approach for Trojan

Detection

–

Due to process variations, it is extremely challenging

to detect the Trojan by considering F

or I

alone

to detect the Trojan by considering F

_max

or I

_DDT

alone.

c880 from ISCAS-85 benchmark suite with 8-bit ALU circuit Trojan

March ISQED 2015 19

Methodology

gy

• Multiple-parameter Approach for Trojan

Detection

–

Consider the intrinsic relationship between I

_DDT

and

F

t

th

I

F

_max

together, I

_DDT

vs. F

_max

ISQED 2015

(11)

Statistical Approach



Feasible Trojan search space is inordinately

large!

−

Exhaustive enumeration impossible

−

Deterministic test generation computationally

infeasible



A Statistical Approach for Trojan Detection

−

Finds the rare events in the circuit

−

Finds the rare events in the circuit

−

Generates test vectors to trigger each trigger node

multiple times (N times)

p

(

)

−

Provides high confidence about detecting arbitrary

Trojans!

March ISQED 2015 21

Chakraborty et al, CHES 2009

Circuit Example

(i) Combinational Trojan

(ii) Sequential Trojan



Trojan Trigger Condition:

(i) a=0 b=1 c=1

(ii) a=1 b=0

(i) a=0, b=1, c=1 (ii) a=1, b=0



Generate vectors to satisfy each of these conditions

multiple (N) times

u t p e ( ) t

es



Probability of Trojan activation increases with N



The concept is similar to N-Detect Tests*

p

(12)

Self

Self--Referencing:

Referencing: Golden

Golden--Free Trojan &

Free Trojan &

Counterfeit Detection

ntel

courtesy: I

Image

c

010

104 C

HES 2

0 DAC 20

D

u

et al,

C

eng

et al,

March ISQED 2015 23

D

Zh

e

Supported by DARPA

Temporal Self

Temporal Self--Referencing

Referencing

• Seq. ckts have diff. switching currents based on both

input & state conditions

• Uncorrelated switching in

time is attributed to a seq

time is attributed to a seq.

Trojan!

• Seq Trojans impose greater

Seq. Trojans impose greater

threats!

DLX circuit w/o & w/ Trojan FSM

j

Noise th. is obtained from

experiments w/ any chip!

No golden chip is

required!!!

ISQED 2015

ALU circuit with Trojan

required!!!

(13)

Integrative Measures …

Design for Security

→

Trust Validation

→

Security Monitoring

SM

g

y

g

SM

Processor

Secure by design, test and run-time monitoring!

March ISQED 2015 25

Chakraborty, Narasimhan and Bhunia, Hardware IP protection, US Patent, 2013

Infrastructure IP for Security:

A Scalable Solution to

A Scalable Solution to SoC

SoC Security & Debug

Security & Debug

Wang et al IEEE Tcomp To Appear

(14)

Infrastructure IP for

Infrastructure IP for SoC

SoC Security (IIPS)

Security (IIPS)

• IIPS is a centralized

IP block for various security protections

• Major Features of IIPS

1 Ease of integration; plug n play using IEEE 1500 Standard

1. Ease of integration; plug-n-play using IEEE 1500 Standard

2. Reusable IP

3. Configurable

4. Functionally scalable & flexible

5. Minimal performance/power/area overhead

6 Does not affect IP level design & IP integration in SoC

6. Does not affect IP level design & IP integration in SoC

7. Can be merged with other (e.g. test / debug) infrastructure IPs

• X. Wang et al., IEEE TComp, 2014

March ISQED 2015 27

Custom Design of IIPS

• Target threat models:

scan-based attack

,

IP piracy

,

HT attacks …

• Mitigation strategies:

scan chain authentication

,

ScanPUF

,

path

delay based Trojan detection …

y

j

• IIPS contains a

Master Finite State Machine (M-FSM)

, a

scan

chain enabling FSM (SE-FSM)

, and a

clock control logic

• IIPS interface

– Inputs: standard SoC test inputs, an active low reset

IIPS_RSTN

– Outputs: a scan enable for each IP, test clock (

WRCK

) & test control signals (i.e.

ShiftWR, CaptureWR

)

• Locking states

SC_LOCK

and

TD_LOCK

designed to support

scan chain based SoC testing and delay fault testing

(15)

ScanPUF

ScanPUF Primitive

Primitive

• Desired features of PUF in IIPS: low-overhead,

IEEE 1500

compliant signature generation and extraction

p

g

, test reusable

via

Core Test Language (CTL)

• As a case study, we choose the ultralow-overhead ScanPUF

*

which exploits the existing scan chain DFT structures in an

SoC

March ISQED 2015 29

• Y. Zheng and S. Bhuina, ASPDAC, 2013

IIPS Test Protocol under IEEE Std. 1500

Th

t l f

M FSM

d

SE FSM

i

t S C l

l

• The control of

M-FSM

and

SE-FSM

is at SoC level

• ScanPUF and HT detection test sets are developed at core level and

expanded to SoC level

p

• Test procedure: (1) core test mode

configuration; (2) test initialization; (3)

signature gen ; (4) signature propagation

signature gen.; (4) signature propagation

• Trojans in a core: LOC & LOS; Trojans on

(16)

I t

it V lid ti

i P i t d

I t

it V lid ti

i P i t d

Integrity Validation in Printed

Circuit Boards (PCBs)

Courtesy: Andover Consulting Group

y

g

• Ghosh et al., IEEE D&T, To Appear

• Provisional Patent March ISQED 2015 31 Provisional Patent

Security Attacks in PCB

Security Attacks on PCB

Piracy/

Counterfeiting

Hardware Trojan

a

In-field

Alteration

Cloning/ Overproduc on Recycling Malicious modific on Hidden components Peripheral Exploita on