Sandip Ray,Eric Peeters,Mark M. Tehranipoor,Swarup Bhunia

DOI: https://doi.org/10.1109/jproc.2017.2714641

IF: 20.6

2018-01-01

Proceedings of the IEEE

Abstract:Modern system-on-chip (SoC) designs include a wide variety of highly sensitive assets which must be protected from unauthorized access. A significant aspect of SoC design involves exploration, analysis, and evaluation of resiliency mechanisms against attacks to such assets. These attacks may arise from a number of sources, including malicious intellectualproperty blocks (IPs) in the hardware, malicious or vulnerable firmware and software, insecure communication of the system with other devices, and side-channel vulnerabilities through power and performance profiles. Countermeasures for these attacks are equally diverse, which include architecture, design, implementation, and validation-based protection. In this paper, we provide a comprehensive overview of the security infrastructure in modern SoC designs, including both resiliency techniques and their validation paradigms at presilicon and postsilicon stages. We identify gaps in current resiliency and analysis architectures and propose design and validation solutions to address them. Finally, we provide industry perspectives on the role and impact of current practices on SoC security, and discuss some emerging trends in this important area.

engineering, electrical & electronic

DOI: https://doi.org/10.1007/978-3-319-49025-0

2017-01-01

Abstract:This book provides an overview of current Intellectual Property (IP) based System-on-Chip (SoC) design methodology and highlights how security of IP can be compromised at various stages in the overall SoC design-fabrication-deployment cycle. Readers will gain a comprehensive understanding of the security vulnerabilities of different types of IPs. This book would enable readers to overcome these vulnerabilities through an efficient combination of proactive countermeasures and design-for-security solutions, as well as a wide variety of IP security and trust assessment and validation techniques. This book serves as a single-source of reference for system designers and practitioners for designing secure, reliable and trustworthy SoCs.

Atul Prasad Deb Nath,Sandip Ray,Abhishek Basak,Swarup Bhunia

DOI: https://doi.org/10.1109/aspdac.2018.8297409

2018-01-01

Abstract:System-on-Chip (SoC) security architectures targeted towards diverse applications including Internet of Things (IoT) and automotive systems enforce two critical design requirements: in-field configurability and low overhead. To simultaneously address these constraints, in this paper, we present a novel, flexible, and adaptable SoC security architecture that efficiently implements diverse security policies. The architecture and associated CAD flow enable “hardware patching” i.e. hardware security policy engine that can be seamlessly and securely upgraded in field to address unanticipated attacks or new security requirements. We implement (1) a centralized Reconfigurable Security Policy Engine (RSPE), (2) smart security wrappers, and (3) Design-for-Debug (DfD) infrastructure interface as the building blocks of the architecture. The proposed framework provides a systematic approach to represent and synthesize diverse security policies. Through extensive analysis using representative SoC models, we show, for the first time to our knowledge, that the proposed framework provides high level of patchability with minimal energy and performance overhead.

Sami Ul Islam Sami,Tao Zhang,Amit Mazumder Shuvo,Saad Ul Haque,Paul E. Calzada,Kimia Zamiri Azar,Hadi Mardani Kamali,Fahim Rahman,Farimah Farahmandi,Mark Tehranipoor,Md Sami Ul Islam Sami,Md Saad Ul Haque

DOI: https://doi.org/10.1109/access.2024.3375874

IF: 3.9

2024-04-09

IEEE Access

Abstract:The semiconductor industry has adopted heterogeneous integration (HI), incorporating modular intellectual property (IP) blocks (chiplets) into a unified system-in-package (SiP) to overcome the slowdown in Moore's Law and Dennard scaling and to respond to the increasing demand for advanced integrated circuits (ICs). Despite the manifold benefits of HI, such as enhanced performance, reduced area overhead, and improved yield, this transformation has also led to security vulnerabilities in the SiP supply chain and in-field operations, ranging from chiplet piracy and SiP reverse engineering (RE) to information leakage. Although conventional countermeasures provide the desired robustness for monolithic ICs, they are insufficient for addressing these challenges in the context of HI. To address these concerns, this paper presents a novel root-of-trust architecture, augmenting the process of integration using a centralized chiplet hardware security module (CHSM), aiming to provide comprehensive and robust protection throughout the SiP supply chain and in-field operations. Also, the proposed architecture equipped with the CHSM effectively addresses potential security breaches while providing robust protection against zero-day attacks through its reconfigurable capabilities. Throughout five detailed case studies, this paper performs a comprehensive security analysis to illustrate the resilience of CHSM against contemporary attack scenarios in the HI domain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Muhammed Kawser Ahmed,Sujan Kumar Saha,Christophe Bobda

DOI: https://doi.org/10.48550/arXiv.2209.12987

2022-09-27

Abstract:Secure and trustworthy execution in heterogeneous SoCs is a major priority in the modern computing system. Security of SoCs mainly addresses two broad layers of trust issues: 1. Protection against hardware security threats(Side-channel, IP Privacy, Cloning, Fault Injection, and Denial of Service); and 2. Protection against malicious software attacks running on SoC processors. To resist malicious software-level attackers from gaining unauthorized access and compromising security, we propose a root of trust-based trusted execution mechanism \textbf{\textit{(named as \textbf{TrustToken}) }}. TrustToken builds a security block to provide a root of trust-based IP security: secure key generation and truly random source. \textbf{TrustToken} only allows trusted communication between the non-trusted third-party IP and the rest of the SoC world by providing essential security features, i.e., secure, isolated execution, and trusted user interaction. The proposed design achieves this by interconnecting the third-party IP interface to \textbf{TrustToken} Controller and checking IP authorization(Token) signals \texttt{`correctness'} at run-time. \textbf{TrustToken} architecture shows a very low overhead resource utilization LUT (618, 1.16 \%), FF (44, 0.04 \%), and BUFG (2 , 6.25\%) in implementation. The experiment results show that TrustToken can provide a secure, low-cost, and trusted solution for non-trusted SoC IPs.

Cryptography and Security,Signal Processing

Mohammed Shayan,Kanad Basu,Ramesh Karri

DOI: https://doi.org/10.48550/arXiv.2010.13155

2020-10-25

Cryptography and Security

Abstract:With transistor scaling reaching its limits, interposer-based integration of dies (chiplets) is gaining traction. Such an interposer-based integration enables finer and tighter interconnect pitch than traditional system-on-packages and offers two key benefits: 1. It reduces design-to-market time by bypassing the time-consuming process of verification and fabrication. 2. It reduces the design cost by reusing chiplets. While black-boxing of the slow design stages cuts down the design time, it raises significant security concerns. We study the security implications of the emerging interposer-based integration methodology. The black-boxed design stages deploy security measures against hardware Trojans, reverse engineering, and intellectual property piracy in traditional systems-on-chip (SoC) designs and hence are not suitable for interposer-based integration. We propose using functionally diverse chiplets to detect and thwart hardware Trojans and use the inherent logic redundancy to shore up anti-piracy measures. Our proposals do not rely on access to the black-box design stages. We evaluate the security, time and cost benefits of our plan by implementing a MIPS processor, a DCT core, and an AES core using various IPs from the Xilinx CORE GENERATOR IP catalog, on an interposer-based Xilinx FPGA.

Sudipta Paria,Swarup Bhunia

2023-08-05

Abstract:The current zero trust model adopted in System-on-Chip (SoC) design is vulnerable to various malicious entities, and modern SoC designs must incorporate various security policies to protect sensitive assets from unauthorized access. These policies involve complex interactions between multiple IP blocks, which poses challenges for SoC designers and security experts when implementing these policies and for system validators when ensuring compliance. Difficulties arise when upgrading policies, reusing IPs for systems targeting different security requirements, and the subsequent increase in design time and time-to-market. This paper proposes a generic and flexible framework, called DiSPEL, for enforcing security policies defined by the user represented in a formal way for any bus-based SoC design. It employs a distributed deployment strategy while ensuring trusted bus operations despite the presence of untrusted IPs. It relies on incorporating a dedicated, centralized module capable of implementing diverse security policies involving bus-level interactions while generating the necessary logic and appending in the bus-level wrapper for IP-level policies. The proposed architecture is generic and independent of specific security policy types supporting both synthesizable and non-synthesizable solutions. The experimental results demonstrate its effectiveness and correctness in enforcing the security requirements and viability due to low overhead in terms of area, delay, and power consumption tested on open-source standard SoC benchmarks.

Cryptography and Security,Hardware Architecture

Bulbul Ahmed,Md Kawser Bepary,Nitin Pundir,Mike Borza,Oleg Raikhman,Amit Garg,Dale Donchin,Adam Cron,Mohamed A Abdel-moneum,Farimah Farahmandi,Fahim Rahman,Mark Tehranipoor

DOI: https://doi.org/10.48550/arXiv.2204.07909

2022-04-17

Cryptography and Security

Abstract:Hardware vulnerabilities are generally considered more difficult to fix than software ones because they are persistent after fabrication. Thus, it is crucial to assess the security and fix the vulnerabilities at earlier design phases, such as Register Transfer Level (RTL) and gate level. The focus of the existing security assessment techniques is mainly twofold. First, they check the security of Intellectual Property (IP) blocks separately. Second, they aim to assess the security against individual threats considering the threats are orthogonal. We argue that IP-level security assessment is not sufficient. Eventually, the IPs are placed in a platform, such as a system-on-chip (SoC), where each IP is surrounded by other IPs connected through glue logic and shared/private buses. Hence, we must develop a methodology to assess the platform-level security by considering both the IP-level security and the impact of the additional parameters introduced during platform integration. Another important factor to consider is that the threats are not always orthogonal. Improving security against one threat may affect the security against other threats. Hence, to build a secure platform, we must first answer the following questions: What additional parameters are introduced during the platform integration? How do we define and characterize the impact of these parameters on security? How do the mitigation techniques of one threat impact others? This paper aims to answer these important questions and proposes techniques for quantifiable assurance by quantitatively estimating and measuring the security of a platform at the pre-silicon stages. We also touch upon the term security optimization and present the challenges for future research directions.

Kaushik Vaidyanathan,Renzhi Liu,Ekin Sumbul,Qiuling Zhu,Franz Franchetti,Larry Pileggi

DOI: https://doi.org/10.1109/hst.2014.6855561

2014-05-01

Abstract:Split fabrication, the process of splitting an IC into an untrusted and trusted tier, facilitates access to the most advanced semiconductor manufacturing capabilities available in the world without requiring disclosure of design intent. While researchers have investigated the security of logic blocks in the context of split fabrication, the security of IP blocks, another key component of an SoC, has not been examined. Our security analysis of IP block designs, specifically embedded memory and analog components, shows that they are vulnerable to “recognition attacks” at the untrusted foundry due to the use of standardized floorplans and leaf cell layouts. We propose methodologies to design these blocks efficiently and securely, and demonstrate their effectiveness using 130nm split fabricated testchips.

Christian Pilato,Animesh Basak Chowdhury,Donatella Sciuto,Siddharth Garg,Ramesh Karri

DOI: https://doi.org/10.1109/tvlsi.2021.3074004

2021-07-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Semiconductor design companies are integrating proprietary intellectual property (IP) blocks to build custom integrated circuits (ICs) and fabricate them in a third-party foundry. Unauthorized IC copies cost these companies billions of dollars annually. While several methods have been proposed for hardware IP obfuscation, they operate on the gate-level netlist, i.e., after the synthesis tools embed most of the semantic information into the netlist. We propose ASSURE to protect hardware IP modules operating on the register-transfer level (RTL) description. The RTL approach has three advantages: 1) it allows designers to obfuscate IP cores generated with many different methods (e.g., hardware generators, high-level synthesis tools, and preexisting IPs); 2) it obfuscates the semantics of an IC before logic synthesis; and 3) it does not require modifications to EDA flows. We perform a cost and security assessment of ASSURE against state-of-the-art oracle-less attacks.

engineering, electrical & electronic,computer science, hardware & architecture

Subodha Charles,Prabhat Mishra

DOI: https://doi.org/10.1145/3406661

IF: 1.447

2020-10-12

ACM Transactions on Design Automation of Electronic Systems

Abstract:Growth of the Internet-of-things has led to complex system-on-chips (SoCs) being used in the edge devices in IoT applications. The increased complexity is demanding designers to consider several critical factors, such as dynamic requirement changes, long application life, mass production, and tight time-to-market deadlines. These requirements lead to more complex security concerns. SoC manufacturers outsource some of the intellectual property cores integrated on the SoC to untrusted third-party vendors. The untrusted intellectual properties can contain malicious implants, which can launch attacks using the resources provided by the on-chip interconnection network, commonly known as the network-on-chip (NoC). Existing efforts on securing NoC have considered lightweight encryption, authentication, and other attack detection mechanisms such as denial-of-service and buffer overflows. Unfortunately, these approaches focus on designing statically optimized security solutions. As a result, they are not suitable for many IoT systems with long application life and dynamic requirement changes. There is a critical need to design reconfigurable security architectures that can be dynamically tuned based on changing requirements. In this article, we propose a tier-based reconfigurable security architecture that can adapt to different use-case scenarios. We explore how to design an efficient reconfigurable architecture that can support three popular NoC security mechanisms (encryption, authentication, and denial-of-service attack detection and localization) and implement suitable dynamic reconfiguration techniques. We evaluate our proposed framework by running standard benchmarks enabling different tiers of security and provide a comprehensive analysis of how different levels of security can affect application performance, energy efficiency, and area overhead.

computer science, software engineering, hardware & architecture

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Mohammed Nabeel,Mohammed Ashraf,Satwik Patnaik,Vassos Soteriou,Ozgur Sinanoglu,Johann Knechtel

DOI: https://doi.org/10.1109/TC.2020.3020777

2020-09-30

Abstract:Dedicated, after acceptance and publication, in memory of the late Vassos Soteriou. For the first time, we leverage the 2.5D interposer technology to establish system-level security in the face of hardware- and software-centric adversaries. More specifically, we integrate chiplets (i.e., third-party hard intellectual property of complex functionality, like microprocessors) using a security-enforcing interposer. Such hardware organization provides a robust 2.5D root of trust for trustworthy, yet powerful and flexible, computation systems. The security paradigms for our scheme, employed firmly by design and construction, are: 1) stringent physical separation of trusted from untrusted components, and 2) runtime monitoring. The system-level activities of all untrusted commodity chiplets are checked continuously against security policies via physically separated security features. Aside from the security promises, the good economics of outsourced supply chains are still maintained; the system vendor is free to procure chiplets from the open market, while only producing the interposer and assembling the 2.5D system oneself. We showcase our scheme using the Cortex-M0 core and the AHB-Lite bus by ARM, building a secure 64-core system with shared memories. We evaluate our scheme through hardware simulation, considering different threat scenarios. Finally, we devise a physical-design flow for 2.5D systems, based on commercial-grade design tools, to demonstrate and evaluate our 2.5D root of trust.

Cryptography and Security,Hardware Architecture

Muhammed Kawser Ahmed,Sujan Kumar Saha,Christophe Bobda

DOI: https://doi.org/10.48550/arXiv.2209.11274

2022-09-23

Abstract:Because FPGAs outperform traditional processing cores like CPUs and GPUs in terms of performance per watt and flexibility, they are being used more and more in cloud and data center applications. There are growing worries about the security risks posed by multi-tenant sharing as the demand for hardware acceleration increases and gradually gives way to FPGA multi-tenancy in the cloud. The confidentiality, integrity, and availability of FPGA-accelerated applications may be compromised if space-shared FPGAs are made available to many cloud tenants. We propose a root of trust-based trusted execution mechanism called \textbf{TrustToken} to prevent harmful software-level attackers from getting unauthorized access and jeopardizing security. With safe key creation and truly random sources, \textbf{TrustToken} creates a security block that serves as the foundation of trust-based IP security. By offering crucial security characteristics, such as secure, isolated execution and trusted user interaction, \textbf{TrustToken} only permits trustworthy connection between the non-trusted third-party IP and the rest of the SoC environment. The suggested approach does this by connecting the third-party IP interface to the \textbf{TrustToken} Controller and running run-time checks on the correctness of the IP authorization(Token) signals. With an emphasis on software-based assaults targeting unauthorized access and information leakage, we offer a noble hardware/software architecture for trusted execution in FPGA-accelerated clouds and data centers.

Cryptography and Security,Systems and Control

Mohammed Nabeel,Mohammed Ashraf,Satwik Patnaik,Vassos Soteriou,Ozgur Sinanoglu,Johann Knechtel

DOI: https://doi.org/10.48550/arXiv.1906.02044

2019-06-05

Cryptography and Security

Abstract:Leveraging 2.5D interposer technology, we advocate the integration of untrusted commodity components/chiplets with physically separate, entrusted logic components. Such organization provides a modern root of trust for secure system-level integration. We showcase our scheme by utilizing industrial ARM components that are interconnected via a security-providing active interposer, and thoroughly evaluate the achievable security via different threat scenarios. Finally, we provide detailed end-to-end physical design results to demonstrate the efficacy of our proposed methodology.

Xingyu Meng,Kshitij Raj,Sandip Ray,Kanad Basu

DOI: https://doi.org/10.1109/tcad.2022.3179307

IF: 2.9

2023-01-21

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Modern System-on-Chip (SoC) designs include a variety of Network-on-Chip (NoC) fabrics to implement coordination and communication of integrated hardware intellectual property (IP) blocks. An important class of security vulnerabilities involves a rogue hardware IP interfering with this communication to compromise the integrity of the system. Such interference includes message mutation, misdirection, delivery prevention, or IP masquerading, among others. In this article, we propose a scalable RTL-level SoC validation scheme, SeVNoC, for the systematic detection of security violations in inter-IP communications for SoC designs with NoC fabrics. Given a target security property to be validated, SeVNoC entails extraction of the control-flow graph of the relevant SoC, which is analyzed through a security property-based model comparison, without incurring state-space explosion. Our experiments on full-scale realistic SoC designs with multiple IPs and NoC architecture indicate that SeVNoC detects security violations in NoC communications with near-perfect accuracy, within only a few minutes.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Yong-Qiang Lv,Qiang Zhou,Yi-Ci Cai,Gang Qu

DOI: https://doi.org/10.1007/s11390-014-1479-9

IF: 1.871

2014-01-01

Journal of Computer Science and Technology

Abstract:Hardware security has become more and more important in current information security architecture.Recently collected reports have shown that there may have been considerable hardware attacks prepared for possible military usage from all over the world.Due to the intrinsic difference from software security,hardware security has some special features and challenges.In order to guarantee hardware security,academia has proposed the concept of trusted integrated circuits,which aims at a secure circulation of IC design,manufacture and chip using.This paper reviews the main problems of trusted integrated circuits,and concludes four key domains of the trusted IC,namely the trusted IC design,trusted manufacture,trusted IP protection,and trusted chip authentication.The main challenges in those domains are also analyzed based on the current known techniques.Finally,the main limitations of the current techniques and possible future trends are discussed.

Benjamin Tan,Rana Elnaggar,Jason M. Fung,Ramesh Karri,Krishnendu Chakrabarty

DOI: https://doi.org/10.1109/tcad.2020.3019772

2021-06-01

Abstract:System integrators create heterogeneous systems-on-chip (SoCs) by integrating numerous third-party intellectual property blocks (3PIPs) to achieve application-specific design goals. With increasing intellectual property (IP) complexity, 3PIPs can suffer from hardware bugs or they can inadvertently introduce other software-exploitable security threats to the SoC. To ensure the ongoing survivability of new SoCs, we need infrastructure for patching newly discovered IP issues after an SoC has been deployed. To address the increasing risks from 3PIPs, we explore the feasibility and limitations of implementing monitoring and mitigation capabilities in hardware. Our proposed monitoring and mitigation patch (MoP) blocks provide a defensive foundation against critical IP-centric issues, focusing on situations where a system integrator only has interface-level visibility of 3PIP designs. The MoPs are distributed throughout the SoC to monitor and mitigate issues directly in hardware and transparently for potentially compromised software—the MoPs are resilient against run-time compromised software and firmware. We ensure that these monitors are reconfigurable after deployment by implementing them using embedded-FPGAs or as a reprogrammable, fixed-design module. We perform a case study of numerous IP-types and model a selection of security-relevant issues and bugs in the IPs, exploring the relative complexity and potential resource overhead. Our study shows the utility of our proposed approach, with MoP blocks requiring less than ~1.5% of the adaptive logic modules (ALMs) in a Cyclone V FPGA for interface monitoring and issue mitigation per IP.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Aditya Anshul,Anirban Sengupta

DOI: https://doi.org/10.1109/mcas.2023.3325607

IF: 4.04

2024-02-03

IEEE Circuits and Systems Magazine

Abstract:This paper presents a novel survey of high level synthesis (HLS) based hardware security approaches for reusable intellectual property (IP) cores used in consumer electronics and computing systems. A succinct review of all major HLS based hardware security approaches applied on reusable IP cores, along with their design flow and security analysis, is provided. The paper presents a detailed design flow of hardware integrated circuits (ICs) along with vulnerability points where potential attacks/threats are possible. Trustworthy and untrustworthy regimes in the design flow have also been highlighted in the discussion. Further, a discussion of detective and preventive control-based HLS hardware security approaches used for hardware IP cores has also been presented, including an analysis of prominent structural obfuscation, logic locking (logic encryption), and IP core protection (IPP) techniques. Each approach has been lucidly explained in terms of its threat model, algorithm, and security analysis. Finally, a security comparison of hardware IP obfuscation approaches in terms of strength of obfuscation security metric as well as a security comparison of IPP approaches in terms of probability of coincidence security metric, have also been introduced.

engineering, electrical & electronic