Requirements, Threat Models and Report on Building Blocks for Hardware Security Project number: 238811 Project acronym: UNIQUE Project title: Foundations for Forgery-Resistant Security Hardware Start date of the project: 01.09.2009 Duration: 30 months Deliverable type: Report Deliverable reference number: 238811/ D1.1 / Final |1.1 Deliverable title: Requirements, Threat Models and Report on Building Blocks for Hardware Security WP contributing to the deliverable: WP1 Due date: 2010-08-31 Actual submission date: 2010-08-31 Responsible organization: TUD (Heike Schröder, Stefan Katzenbeisser) Authors: All partners contributed Abstract: Deliverable D1.1 provides the basis for the foundation of the technical work in the UNIQUE project. For this purpose the identification of requirements, threat models, and building blocks has been done. Keywords: use cases, requirements, building blocks, hardware level technology, design technique Dissemination level: Public Revision: FINAL | 1.1 Instrument: STREP Thematic Priority: ICT D1.1 Table of Contents 1 Introduction ............................................................................................................................4 2 Threat Scenario .......................................................................................................................5 2.1 Counterfeiting .....................................................................................................................5 2.1.1 Semiconductor Device Re-marking ..................................................................................5 2.1.2 IC Overproduction .........................................................................................................6 2.1.3 Higher Level Overproduction ..........................................................................................7 2.1.4 IC Reverse Engineering by Delayering .............................................................................8 2.1.5 Counterfeit Higher Level Assemblies ................................................................................9 2.1.6 Summary of Counterfeiting ........................................................................................... 11 2.2 Cloning ............................................................................................................................ 12 2.2.1 IC Clones .................................................................................................................... 12 2.2.2 Mass Serialization IC Clones ......................................................................................... 12 2.2.3 Identification IC Clones ................................................................................................ 13 2.2.4 Higher Level Clones ..................................................................................................... 14 2.2.5 Summary of Cloning ..................................................................................................... 15 2.3 Unlicensed IP Use ............................................................................................................. 16 2.3.1 Hardware IP Cores ....................................................................................................... 16 2.3.2 CPLD/FPGA Configuration Data ..................................................................................... 17 2.3.3 Software ..................................................................................................................... 18 2.3.4 Malicious Circuits ......................................................................................................... 19 2.3.5 Additional Information .................................................................................................. 20 2.3.6 Summary of Unlicensed IP Use ..................................................................................... 22 2.4 Cryptographic Attacks ....................................................................................................... 23 2.4.1 Cryptographic Key Extraction ........................................................................................ 23 2.4.2 Loss of Cryptographic Keys ........................................................................................... 24 2.4.3 Summary of Cryptographic Attacks ............................................................................... 25 3 Cryptographic Primitives ........................................................................................................ 26 3.1 Symmetric Primitives ......................................................................................................... 26 3.1.1 Block Ciphers ............................................................................................................... 26 3.1.2 Stream Ciphers ............................................................................................................ 28 3.1.3 Hash Functions ............................................................................................................ 29 3.1.4 Message Authentication Codes ...................................................................................... 31 3.2 Asymmetric Primitives ....................................................................................................... 32 3.2.1 Public Key Encryption ................................................................................................... 32 3.2.2 Digital Signatures ......................................................................................................... 33 3.2.3 Public Key Authentication and Identification .................................................................. 35 3.2.4 Key Encapsulation Mechanisms ..................................................................................... 35 3.2.5 Key Agreement and Key Distribution ............................................................................. 36 4 Hardware Building Blocks ....................................................................................................... 37 4.1 Memory Considerations ..................................................................................................... 37 4.1.1 Mask ROMs ................................................................................................................. 37 4.1.2 Antifuse ROMs ............................................................................................................. 37 4.1.3 EEPROM / Flash ........................................................................................................... 37 4.1.4 SRAM .......................................................................................................................... 38 4.1.5 Security Fuses ............................................................................................................. 38 4.1.6 Resistance to Energy Probes ......................................................................................... 38 4.2 Tamper Detection ............................................................................................................. 39 4.2.1 Top Layer Sensor Meshes ............................................................................................. 39 4.2.2 Power Supply Monitors ................................................................................................. 39 UNIQUE D1.1 Requirements, Threat Models and Report on Building Blocks for Hardware Security 2/55 D1.1 4.2.3 Temperature Monitors .................................................................................................. 39 4.2.4 Clock Monitors ............................................................................................................. 39 4.2.5 Light Sensors ............................................................................................................... 40 4.2.6 Radiation Monitors ....................................................................................................... 40 4.3 Design Techniques ............................................................................................................ 40 4.3.1 Dynamic Logic ............................................................................................................. 40 4.3.2 Asynchronous Logic ..................................................................................................... 40 4.3.3 Bus Encryption............................................................................................................. 40 4.3.4 Flat Chip Layouts ......................................................................................................... 41 4.4 Debug and Test Structures ................................................................................................ 41 4.5 Process Technology .......................................................................................................... 41 4.5.1 Targeted Technology Node ........................................................................................... 41 4.5.2 Substrate Considerations .............................................................................................. 41 4.5.3 Protective Coatings and Passivation Layers .................................................................... 42 4.6 Higher Level Assemblies .................................................................................................... 42 4.6.1 Power Supplies ...........................................................................................................