Infrastructure and Primitives for Hardware Security in Integrated Circuits

Infrastructure and Primitives for Hardware Security in Integrated Circuits

INFRASTRUCTURE AND PRIMITIVES FOR HARDWARE SECURITY IN INTEGRATED CIRCUITS by ABHISHEK BASAK Submitted in partial fulfillment for the degree of Doctor of Philosophy in Electrical Engineering and Computer Science CASE WESTERN RESERVE UNIVERSITY May 2016 CASE WESTERN RESERVE UNIVERSITY SCHOOL OF GRADUATE STUDIES We hereby approve the dissertation of ABHSIHEK BASAK Candidate for the degree of Doctor of Philosophy Committee Chair Swarup Bhunia Committee Member Frank Merat Committee Member Soumyajit Mandal Committee Member Ming-Chun Huang Committee Member Sandip Ray Date of Defense 03/15/2016 We also certify that any written approval has been obtained for any proprietary material contained therein. To my Family and Friends i Contents List of Tables vi List of Figures viii Abbreviations xii Acknowledgements xiv Abstract xvi 1 Introduction 1 1.1 What are Counterfeit ICs? . 3 1.2 Related Work on Countermeasures against Counterfeit ICs . 6 1.3 Major Contributions of Research (Part I) . 8 1.4 System-on-Chip (SoC) Security . 11 1.4.1 Background on SoC Security Policies . 13 1.4.2 Issues with Current SoC Design Trends . 15 1.4.3 Related Work . 17 1.5 Major Contributions of Research (Part II) . 18 1.6 Organization of Thesis . 21 2 Antifuse based Active Protection against Counterfeit ICs 22 2.1 C-Lock Methodology . 23 2.1.1 Business Model . 25 2.1.2 Pin Lock Structure . 26 2.1.3 Lock Insertion in I/O Port Circuitry . 27 2.1.4 Programming the Key . 28 2.1.5 Design Circuitry for Chip Unlocking . 29 2.1.5.1 Lock/Unlock Controller State Transitions . 30 2.2 Security and Overhead Analysis of C-Lock . 31 2.2.1 Security Analysis . 31 ii Table of Contents iii 2.2.1.1 Resistance against Side Channel Attacks . 32 2.2.1.2 Why not FSM based Unlocking ? . 32 2.2.2 Overhead Analysis . 33 2.2.3 Comparison with PUF and Aging Sensors . 34 2.3 Discussion . 35 2.4 P-Val Methodology . 36 2.5 P-Val Implementation . 39 2.5.1 Important AF Properties . 39 2.5.2 P-Val Component Selection . 40 2.5.2.1 Effect of AF/TF on Normal Pin Operation . 40 2.5.2.2 Antifuse (AF) Selection . 42 2.5.2.3 Test Fuse (TF) Selection . 43 2.5.2.4 Package Level Fabrication . 43 2.6 Pin Locking and IC Authentication in P-Val . 45 2.6.1 Pin Locking . 45 2.6.2 IC Authentication Methodology . 46 2.6.3 Signature Generation . 48 2.7 Security Analysis . 49 2.7.1 P-Val Security against Recycled Chips . 50 2.7.2 Security of P-Val against Cloned chips . 51 2.7.2.1 Precision Resistance Insertion . 52 2.7.2.2 AF Integration in Cloned ICs . 53 2.7.2.3 Protection against Overproduced ICs . 55 2.7.3 Uniqueness and Robustness of Signature . 55 2.7.3.1 Simulation Setup & Metrics . 56 2.7.3.2 Results . 57 2.7.4 Sample Cloning and Overhead Values . 57 2.8 Conclusion . 58 3 Nearly Free of Cost Protection against Cloned ICs 60 3.1 PiRA Methodology . 61 3.2 Implementation of PiRA . 64 3.2.1 Sources of Entropy . 64 3.2.2 Measurement Scheme . 65 3.2.3 Signature Generation . 67 3.3 Security Analysis . 70 3.3.1 PiRA Security . 70 3.3.2 Uniqueness and Robustness of Signature . 71 3.3.3 Discussion . 75 3.4 Conclusion . 76 4 A Flexible Architecture for Systematic Implementation of SoC Security Policies 78 4.1 Architecture . 79 Table of Contents iv 4.1.1 IP Security Wrappers . 81 4.1.2 Security Wrapper Implementation . 82 4.1.3 Security Policy Controller . 83 4.1.4 Secure Authenticated Policy Upgrades . 85 4.1.5 Policy Implementation in SoC Integration . 86 4.1.6 Alleviation of Issues . 86 4.2 Use Case Scenarios . 87 4.2.1 Use Case I: Secure Crypto . 88 4.2.2 Use Case II: Access Control . 90 4.3 Overhead Analysis . 92 4.4 Conclusion . 94 5 Exploiting Design-for-Debug in SoC Security Policy Architecture 95 5.1 On-Chip Debug Infrastructure . 96 5.2 Methodology . 98 5.3 DfD-Based Security Architecture . 100 5.3.1 Debug-Aware IP Security Wrapper . 100 5.3.2 SPC-Debug Infrastructure Interface . 101 5.3.3 Design Methodology . 103 5.4 Use Case Analysis . 104 5.4.1 An Illustrative Policy Implementation . 104 5.4.2 On-Field Policy Implementation/Patch . 105 5.5 Experimental Results . 106 5.6 Related Work . 109 5.7 Hardware Patch in SoCs . 109 5.8 Conclusion . 112 6 Security Assurance in SoC in presence of Untrusted IP Blocks 113 6.1 Problem of Untrustworthy IPs . 113 6.2 Background and Related Work . 116 6.3 System-level Security Issues Caused by Untrusted IPs . 118 6.4 SoC Security Architecture Resilient to Untrusted IP . 125 6.4.1 Assumptions . 125 6.4.2 Untrustworthy Security Wrappers . 127 6.4.2.1 Solution Methodology . 129 6.4.2.2 Implementation Details . 131 6.4.3 Untrustworthy IP Cores . 133 6.4.3.1 IP-Trust Aware Security Monitors: . 135 6.4.3.2 IP-Trust Aware Interface Triggers . 140 6.4.3.3 IP-Trust Aware Security Policies . 144 6.5 Use Case Analysis . 146 6.6 Overhead Analysis . 150 6.6.1 Security Monitor Implementations . 151 6.6.2 Results . 151 Table of Contents v 6.7 Conclusion . 153 7 Conclusion and Future Work 155 Bibliography 159 List of Tables 2.1 Major Electrical Properties of the Antifuse based Lock [1] . 26 2.2 Security & Area Overhead of proposed Locking at 45 nm . 33 2.3 Qualitative Comparison with Alternative Approaches . 34 2.4 Area Overhead Comparison at 45 nm. Process Technology . 34 2.5 Major Properties of the P-Val MIM Antifuse . 42 2.6 Security & Estimated Package Area Overhead of P-Val . 58 4.1 Representative set of security critical events according to IP type . 81 4.2 Policies for Usage Case Analysis . 87 4.3 Area & Power Overhead of IP Security Wrapper (at 32nm) . 93 4.4 Area & Power of Central Security Controller(at 32 nm) . 93 4.5 Die Area Overhead of Central Controller(at 32 nm) . 94 5.1 Typical Security Critical Events detected by DfD Trace Cell in Pro- cessor Core . 99 5.2 Example DfD Instrumentation Features by IP Type in SoC Model 107 5.3 Area (µm2), Power (µW) of DAP (SoC Area- ∼ 1:42X106µm2; SoC Power- > 30 mW )...........................107 5.4 Area (µm2), Power (µW) Overhead of DfD Trace Macrocells in SoC 107 5.5 Area (µm2) Savings of IP Security Wrapper . 108 5.6 Power (mW) Analysis in SoC on implementation of Debug Reuse . 109 6.1 Current trends in Trojan Research and Scope of this Work . 118 6.2 Assumptions Regarding Trustworthiness of Associated Components in Solution Methodology with respect to an Untrusted IP . 126 6.3 Categorization of MCE and Policies by IP Types . 137 6.4 Representative Interface Triggers for an Untrustworthy Processor . 144 6.5 Different Scenarios of Trojan (represented by payload) Coverage by Insertion of Security Monitors in three IP Cores of our framework . 150 6.6 Area & Power Overhead of Security Monitors in Processor IP (Orig. Area and Power with 1 KB inst., data memory at 32 nm - 352405 µm2 , 12.56 mW) . 152 6.7 Area & Power Overhead of Security Monitors in Memory Controller (MC) IP and SPI Controller IP (Orig. Area and Power of MC and SPI with wrappers at 32 nm - 629433 µm2, 13.81 mW;; 5456 µm2, 0.298 mW) . 152 vi List of Tables vii 6.8 Die Area Overhead (OVH) of Security Monitors (SMs) with maxi- mum Trojan coverage wrt. to our SoC framework (Area - 13.1X106), Apple A5 APL2498 (Area - 69.6X106), Intel Atom Z2520 (Area - 40.2X106), all at 32 nm process technology . 153 List of Figures 1.1 Different security threats in the modern electronic system design process, addressed by approaches proposed in this dissertation. 2 1.2 a) Present semiconductor business model; (b) possible sneak paths for adversaries to insert counterfeit ICs into the supply chain. 4 1.3 Percentage of reported counterfeit incidences by IC type in 2011 [2]; (b) Counterfeit ICs sold by VisionTech for different critical appli- cations, under name of various semiconductor vendors. 5 1.4 Classification of existing anti-counterfeiting protection schemes. 7 1.5 Some typical current application/usage scenarios where SoCs are utilized for implementing the corresponding electronic systems . 12 1.6 Schematic of a typical representative SoC architecture with the pro- posed framework for security policies . 12 1.7 Stages of a typical SoC front end (till fabrication) design process where system level security policies may be defined, refined or mod- ified. 16 2.1 Major stages of programming a Metal-Insulator-Metal antifuse with associated parameter values. 23 2.2 Schematic of the implementation of the proposed on-die locking mechanism in an IC. 24 2.3 a) Incorporation of the security mechanism in the current IC design cycle and b) the semiconductor business model to protect against diverse counterfeiting attacks. 25 2.4 Implementation of MIM antifuse in a 2 metal process. 26 2.5 Insertion of the lock unit in a general purpose input-output (GPIO) port of a state of the art microcontroller [3]. 27 2.6.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    187 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us