Mohammed Nabeel,Mohammed Ashraf,Satwik Patnaik,Vassos Soteriou,Ozgur Sinanoglu,Johann Knechtel

DOI: https://doi.org/10.48550/arXiv.1906.02044

2019-06-05

Cryptography and Security

Abstract:Leveraging 2.5D interposer technology, we advocate the integration of untrusted commodity components/chiplets with physically separate, entrusted logic components. Such organization provides a modern root of trust for secure system-level integration. We showcase our scheme by utilizing industrial ARM components that are interconnected via a security-providing active interposer, and thoroughly evaluate the achievable security via different threat scenarios. Finally, we provide detailed end-to-end physical design results to demonstrate the efficacy of our proposed methodology.

Mohammed Nabeel,Mohammed Ashraf,Satwik Patnaik,Vassos Soteriou,Ozgur Sinanoglu,Johann Knechtel

DOI: https://doi.org/10.1109/TC.2020.3020777

2020-09-30

Abstract:Dedicated, after acceptance and publication, in memory of the late Vassos Soteriou. For the first time, we leverage the 2.5D interposer technology to establish system-level security in the face of hardware- and software-centric adversaries. More specifically, we integrate chiplets (i.e., third-party hard intellectual property of complex functionality, like microprocessors) using a security-enforcing interposer. Such hardware organization provides a robust 2.5D root of trust for trustworthy, yet powerful and flexible, computation systems. The security paradigms for our scheme, employed firmly by design and construction, are: 1) stringent physical separation of trusted from untrusted components, and 2) runtime monitoring. The system-level activities of all untrusted commodity chiplets are checked continuously against security policies via physically separated security features. Aside from the security promises, the good economics of outsourced supply chains are still maintained; the system vendor is free to procure chiplets from the open market, while only producing the interposer and assembling the 2.5D system oneself. We showcase our scheme using the Cortex-M0 core and the AHB-Lite bus by ARM, building a secure 64-core system with shared memories. We evaluate our scheme through hardware simulation, considering different threat scenarios. Finally, we devise a physical-design flow for 2.5D systems, based on commercial-grade design tools, to demonstrate and evaluate our 2.5D root of trust.

Cryptography and Security,Hardware Architecture

Gino Chacon,Tapojyoti Mandal,Johann Knechtel,Ozgur Sinanoglu,Paul Gratz,Vassos Soteriou

DOI: https://doi.org/10.48550/arXiv.2105.02917

2021-05-06

Hardware Architecture

Abstract:Industry is moving towards large-scale systems where processor cores, memories, accelerators, etc.\ are bundled via 2.5D integration. These various components are fabricated separately as chiplets and then integrated using an interconnect carrier, a so-called interposer. This new design style provides benefits in terms of yield as well as economies of scale, as chiplets may come from various third-party vendors, and be integrated into one sophisticated system. The benefits of this approach, however, come at the cost of new challenges for the system's security and integrity when many third-party component chiplets, some from not fully trusted vendors, are integrated. Here, we explore these challenges, but also promises, for modern interposer-based systems of cache-coherent, multi-core chiplets. First, we introduce a new, coherence-based attack, GETXspy, wherein a single compromised chiplet can expose a high-bandwidth side/covert-channel in an ostensibly secure system. We further show that prior art is insufficient to stop this new attack. Second, we propose using an active interposer as generic, secure-by-construction platform that forms a physical root of trust for modern 2.5D systems. Our scheme has limited overhead, restricted to the active interposer, allowing the chiplets and the coherence system to remain untouched. We show that our scheme prevents a wide range of attacks, including but not limited to our GETXspy attack, with little overhead on system performance, $\sim$4\%. This overhead reduces as workloads increase, ensuring scalability of the scheme.

Benjamin Tan,Rana Elnaggar,Jason M. Fung,Ramesh Karri,Krishnendu Chakrabarty

DOI: https://doi.org/10.1109/tcad.2020.3019772

2021-06-01

Abstract:System integrators create heterogeneous systems-on-chip (SoCs) by integrating numerous third-party intellectual property blocks (3PIPs) to achieve application-specific design goals. With increasing intellectual property (IP) complexity, 3PIPs can suffer from hardware bugs or they can inadvertently introduce other software-exploitable security threats to the SoC. To ensure the ongoing survivability of new SoCs, we need infrastructure for patching newly discovered IP issues after an SoC has been deployed. To address the increasing risks from 3PIPs, we explore the feasibility and limitations of implementing monitoring and mitigation capabilities in hardware. Our proposed monitoring and mitigation patch (MoP) blocks provide a defensive foundation against critical IP-centric issues, focusing on situations where a system integrator only has interface-level visibility of 3PIP designs. The MoPs are distributed throughout the SoC to monitor and mitigate issues directly in hardware and transparently for potentially compromised software—the MoPs are resilient against run-time compromised software and firmware. We ensure that these monitors are reconfigurable after deployment by implementing them using embedded-FPGAs or as a reprogrammable, fixed-design module. We perform a case study of numerous IP-types and model a selection of security-relevant issues and bugs in the IPs, exploring the relative complexity and potential resource overhead. Our study shows the utility of our proposed approach, with MoP blocks requiring less than ~1.5% of the adaptive logic modules (ALMs) in a Cyclone V FPGA for interface monitoring and issue mitigation per IP.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Aleksa Deric,Kyle Mitard,Shahin Tajik,Daniel Holcomb

2024-05-24

Abstract:Driven by a need for ever increasing chip performance and inclusion of innovative features, a growing number of semiconductor companies are opting for all-inclusive System-on-Chip (SoC) architectures. Although Moore's Law has been able to keep up with the demand for more complex logic, manufacturing large dies still poses a challenge. Increasingly the solution adopted to minimize the impact of silicon defects on manufacturing yield has been to split a design into multiple smaller dies called chiplets which are then brought together on a silicon interposer. Advanced 2.5D and 3D packaging techniques that enable this kind of integration also promise increased power efficiency and opportunities for heterogeneous integration.

Cryptography and Security

Satwik Patnaik,Mohammed Ashraf,Ozgur Sinanoglu,Johann Knechtel

DOI: https://doi.org/10.1109/TETC.2019.2933572

2019-08-11

Abstract:Split manufacturing (SM) and layout camouflaging (LC) are two promising techniques to obscure integrated circuits (ICs) from malicious entities during and after manufacturing. While both techniques enable protecting the intellectual property (IP) of ICs, SM can further mitigate the insertion of hardware Trojans (HTs). In this paper, we strive for the "best of both worlds," that is we seek to combine the individual strengths of SM and LC. By jointly extending SM and LC techniques toward 3D integration, an up-and-coming paradigm based on stacking and interconnecting of multiple chips, we establish a modern approach to hardware security. Toward that end, we develop a security-driven CAD and manufacturing flow for 3D ICs in two variations, one for IP protection and one for HT prevention. Essential concepts of that flow are (i) "3D splitting" of the netlist to protect, (ii) obfuscation of the vertical interconnects (i.e., the wiring between stacked chips), and (iii) for HT prevention, a security-driven synthesis stage. We conduct comprehensive experiments on DRC-clean layouts of multi-million-gate DARPA and OpenCores designs (and others). Strengthened by extensive security analysis for both IP protection and HT prevention, we argue that entering the third dimension is eminent for effective and efficient hardware security.

Cryptography and Security,Emerging Technologies

Kaushik Vaidyanathan,Renzhi Liu,Ekin Sumbul,Qiuling Zhu,Franz Franchetti,Larry Pileggi

DOI: https://doi.org/10.1109/hst.2014.6855561

2014-05-01

Abstract:Split fabrication, the process of splitting an IC into an untrusted and trusted tier, facilitates access to the most advanced semiconductor manufacturing capabilities available in the world without requiring disclosure of design intent. While researchers have investigated the security of logic blocks in the context of split fabrication, the security of IP blocks, another key component of an SoC, has not been examined. Our security analysis of IP block designs, specifically embedded memory and analog components, shows that they are vulnerable to “recognition attacks” at the untrusted foundry due to the use of standardized floorplans and leaf cell layouts. We propose methodologies to design these blocks efficiently and securely, and demonstrate their effectiveness using 130nm split fabricated testchips.

冉彤,白国强

DOI: https://doi.org/10.1109/asicon.2011.6157283

2012-01-01

Abstract:A bottleneck problem exists in the information security chips, that it's hard to integrate the logic chips or blocks with the memory together. System-in-Package (SiP) is a technology that combining multiple actives and passives electronic components, assembled in a single unit that provides multiple functions associated with a system. In this paper, the concept “integration of information security chips based on SiP” is proposed, in order to solve the bottleneck problem above, and bring better performance on high-quality, lower-power consumption and high-reliability. The detailed development flow for “integration of information security chips based on SiP” is put forward, and some key issues like the verification methods are also expounded. According to this flow, a product of SiP integrating a CPU, a flash memory and a RSA cryptographic chip is designed. The function and properties of the product satisfy the requirement, thus certificating the feasibility of this development flow. And the SiP technology conforms to the trends of small-sized and high-dependability for information security device.

Abhishek Basak,Swarup Bhunia,Thomas Tkacik,Sandip Ray

DOI: https://doi.org/10.1109/tifs.2017.2658544

IF: 7.231

2017-07-01

IEEE Transactions on Information Forensics and Security

Abstract:Modern system-on-chip (SoC) designs involve integration of a large number of intellectual property (IP) blocks, many of which are acquired from untrusted third-party vendors. An IP containing a security vulnerability-whether inadvertent or malicious-may compromise the trustworthiness of the entire SoC, e.g., by leaking sensitive information or causing execution failures at key points. Existing functional validation approaches, post-manufacturing tests, and IP trust verification techniques are inadequate to accomplish comprehensive system-level security assurance in the presence of untrusted IPs. In this paper, we analyze security issues at the SoC level caused by untrusted IPs. We also propose a novel, resilient SoC security architecture to ensure trusted SoC operation with untrusted IPs. Our architecture realizes fine-grained IP-trust aware security policies in an efficient security policy checker that enables run-time monitoring of security issues arising from untrusted IPs. It also exploits on-chip design-for-debug architecture to ensure trusted information flow from IP blocks to the security policy checker. Unlike existing solutions to the untrusted IP problem, which rely on verification of IP trust before they are integrated into an SoC, the proposed approach follows a fundamentally different architecture-level solution based on run-time resilience. We demonstrate the effectiveness of this framework for system protection using several illustrative practical use cases. We also provide experimental results to show that the overhead of the proposed architecture is modest on representative SoC designs.

computer science, theory & methods,engineering, electrical & electronic

Sami Ul Islam Sami,Tao Zhang,Amit Mazumder Shuvo,Saad Ul Haque,Paul E. Calzada,Kimia Zamiri Azar,Hadi Mardani Kamali,Fahim Rahman,Farimah Farahmandi,Mark Tehranipoor,Md Sami Ul Islam Sami,Md Saad Ul Haque

DOI: https://doi.org/10.1109/access.2024.3375874

IF: 3.9

2024-04-09

IEEE Access

Abstract:The semiconductor industry has adopted heterogeneous integration (HI), incorporating modular intellectual property (IP) blocks (chiplets) into a unified system-in-package (SiP) to overcome the slowdown in Moore's Law and Dennard scaling and to respond to the increasing demand for advanced integrated circuits (ICs). Despite the manifold benefits of HI, such as enhanced performance, reduced area overhead, and improved yield, this transformation has also led to security vulnerabilities in the SiP supply chain and in-field operations, ranging from chiplet piracy and SiP reverse engineering (RE) to information leakage. Although conventional countermeasures provide the desired robustness for monolithic ICs, they are insufficient for addressing these challenges in the context of HI. To address these concerns, this paper presents a novel root-of-trust architecture, augmenting the process of integration using a centralized chiplet hardware security module (CHSM), aiming to provide comprehensive and robust protection throughout the SiP supply chain and in-field operations. Also, the proposed architecture equipped with the CHSM effectively addresses potential security breaches while providing robust protection against zero-day attacks through its reconfigurable capabilities. Throughout five detailed case studies, this paper performs a comprehensive security analysis to illustrate the resilience of CHSM against contemporary attack scenarios in the HI domain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Satwik Patnaik,Mohammed Ashraf,Ozgur Sinanoglu,Johann Knechtel

DOI: https://doi.org/10.1145/3240765.3240784

2018-11-16

Abstract:With the globalization of manufacturing and supply chains, ensuring the security and trustworthiness of ICs has become an urgent challenge. Split manufacturing (SM) and layout camouflaging (LC) are promising techniques to protect the intellectual property (IP) of ICs from malicious entities during and after manufacturing (i.e., from untrusted foundries and reverse-engineering by end-users). In this paper, we strive for "the best of both worlds," that is of SM and LC. To do so, we extend both techniques towards 3D integration, an up-and-coming design and manufacturing paradigm based on stacking and interconnecting of multiple chips/dies/tiers. Initially, we review prior art and their limitations. We also put forward a novel, practical threat model of IP piracy which is in line with the business models of present-day design houses. Next, we discuss how 3D integration is a naturally strong match to combine SM and LC. We propose a security-driven CAD and manufacturing flow for face-to-face (F2F) 3D ICs, along with obfuscation of interconnects. Based on this CAD flow, we conduct comprehensive experiments on DRC-clean layouts. Strengthened by an extensive security analysis (also based on a novel attack to recover obfuscated F2F interconnects), we argue that entering the next, third dimension is eminent for effective and efficient IP protection.

Cryptography and Security,Emerging Technologies

Rui Chang,Liehui Jiang,Wenzhi Chen,Yang Xiang,Yuxia Cheng,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1007/s10586-017-0833-4

2017-01-01

Cluster Computing

Abstract:With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Samuel Pagliarini,Joseph Sweeney,Ken Mai,Shawn Blanton,Larry Pileggi,Subhasish Mitra

DOI: https://doi.org/10.1109/mdat.2020.3033255

2021-08-01

IEEE Design and Test

Abstract:Split-chip design combines integrated circuits (ICs) from two or more disparate (trusted and untrusted) foundries to create an integrated system on a chip. This approach thwarts IP theft, hardware Trojan horse (HTH) insertion, and overbuilding by any single untrustworthy foundry. This study uses two silicon demonstration vehicles in 16-nm technology as proofs of the split-chip concept.

engineering, electrical & electronic,computer science, hardware & architecture

Suzano Juan,Abouzeid Fady,Di Natale Giorgio,Philippe Anthony,Roche Philippe

DOI: https://doi.org/10.1109/access.2024.3368152

IF: 3.9

2024-03-02

IEEE Access

Abstract:The relentless pace of transistor miniaturization has enabled developers to continuously increase chip complexity since the beginning of the information age. However, as transistors get smaller and chips become larger, the cost of manufacturing ICs becomes increasingly prohibitive. As Moore's Law is coming to an end, industry and academia have been exploring new paradigms to keep up with the ever-increasing demand for performance and functionality while dealing with the constraints of power consumption, area, and yield constraints. In this context, 3DICs are considered the future of the IC industry as they enable designers to fulfill both the "More Moore" and the "More than Moore" paradigm. A key feature of the 3DIC is that it can be manufactured by assembling multiple chiplets. Chiplets are single-purpose dies that must be assembled with other chiplets to form a complete system. Researchers and industry leaders believe that a chiplet market will form and that products with off-the-shelf chiplets will emerge. This scenario offers many economic opportunities. However, it also raises concerns regarding the security and trust (S&T) of chiplet-based designs. Malicious chiplets, Hardware trojans, and chiplet intellectual property theft are threats that must be addressed as the industry moves towards the "chiplet age". In this survey, we introduce the different types of 3DICs and their production chain. We then define the threats that threaten the different steps of the 3DIC manufacturing process. Finally, we present and discuss the state of the art in hardware S&T techniques for chiplet-based 3DICs.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mohammad Eslami,Tara Ghasempouri,Samuel Pagliarini

DOI: https://doi.org/10.1109/TC.2024.3449082

2024-08-28

Abstract:The globalization of the semiconductor industry has introduced security challenges to Integrated Circuits (ICs), particularly those related to the threat of Hardware Trojans (HTs) - malicious logic that can be introduced during IC fabrication. While significant efforts are directed towards verifying the correctness and reliability of ICs, their security is often overlooked. In this paper, we propose a comprehensive approach to enhance IC security from the front-end to back-end stages of design. Initially, we outline a systematic method to transform existing verification assets into potent security checkers by repurposing verification assertions. To further improve security, we introduce an innovative technique for integrating online monitors during physical synthesis - a back-end insertion providing an additional layer of defense. Experimental results demonstrate a significant increase in security, measured by our introduced metric, Security Coverage (SC), with a marginal rise in area and power consumption, typically under 20%. The insertion of online monitors during physical synthesis enhances security metrics by up to 33.5%. This holistic approach offers a comprehensive and resilient defense mechanism across the entire spectrum of IC design.

Cryptography and Security,Hardware Architecture

Johann Knechtel,Satwik Patnaik,Ozgur Sinanoglu

DOI: https://doi.org/10.48550/arXiv.1902.05333

2019-02-14

Cryptography and Security

Abstract:The increasing cost of integrated circuit (IC) fabrication has driven most companies to "go fabless" over time. The corresponding outsourcing trend gave rise to various attack vectors, e.g., illegal overproduction of ICs, piracy of the design intellectual property (IP), or insertion of hardware Trojans (HTs). These attacks are possibly conducted by untrusted entities residing all over the supply chain, ranging from untrusted foundries, test facilities, even to end-users. To overcome this multitude of threats, various techniques have been proposed over the past decade. In this paper, we review the landscape of IP protection techniques, which can be classified into logic locking, layout camouflaging, and split manufacturing. We discuss the history of these techniques, followed by state-of-the-art advancements, relevant limitations, and scope for future work.

Paul E. Calzada,Sami Ul Islam Sami,Kimia Zamiri Azar,Fahim Rahman,Farimah Farahmandi,Mark Tehranipoor,Md. Sami Ul Islam Sami

DOI: https://doi.org/10.1145/3625823

IF: 1.447

2023-11-15

ACM Transactions on Design Automation of Electronic Systems

Abstract:Over the past few decades, electronics have become commonplace in government, commercial, and social domains. These devices have developed rapidly, as seen in the prevalent use of system-on-chips rather than separate integrated circuits on a single circuit board. As the semiconductor community begins conversations over the end of Moore’s law, an approach to further increase both functionality per area and yield using segregated functionality dies on a common interposer die, labeled a System in Package (SiP), is gaining attention. Thus, the chiplet and SiP space has grown to meet this demand, creating a new packaging paradigm, advanced packaging, and a new supply chain. This new distributed supply chain with multiple chiplet developers and foundries has augmented counterfeit vulnerabilities. Chiplets are currently available on an open market, and their origin and authenticity consequently are difficult to ascertain. With this lack of control over the stages of the supply chain, counterfeit threats manifest at the chiplet, interposer, and SiP levels. In this article, we identify counterfeit threats in the SiP domain, and we propose a mitigating framework utilizing blockchain for the effective traceability of SiPs to establish provenance. Our framework utilizes the Chiplet Hardware Security Module to authenticate a SiP throughout its life. To accomplish this, we leverage SiP information including electronic chip identification of chiplets, combating die and IC recycling sensor information, documentation, test patterns and/or electrical measurements, grade, and part number of the SiP. We detail the structure of the blockchain and establish protocols for both enrolling trusted information into the blockchain network and authenticating the SiP. Our framework mitigates SiP counterfeit threats including recycled, remarked, cloned, overproduced interposer, forged documentation, and substituted chiplet while detecting of out-of-spec and defective SiPs.

computer science, software engineering, hardware & architecture

Chen Yan,Emre Salman

2018-01-01

Abstract:Monolithic 3D ICs provide vertical interconnects with comparable size to on-chip metal vias and therefore achieve ultra-high density device integration. A custom cell library and design flow are proposed to develop fully placed and routed monolithic 3D ICs. A monolithic 3D implementation of a 128point, highly parallelized FFT core with approximately 330K cells is demonstrated. The effects of monolithic 3D technology on power, footprint, and performance are quantified. Furthermore, the proposed design kit and cell libraries are utilized to evaluate the effects of circuit camouflaging on system power, delay, and area. A camouflaged lightweight block cipher, SIMON, is developed. GDS-level simulation results demonstrate that the monolithic 3D technology is highly effective to facilitate the utilization of camouflaging technique against image analysis based reverse engineering attacks. At the expense of a slight degradation in timing characteristics, monolithic 3D technology eliminates not only the area, but also the power overhead related to camouflaging. Keywords—Monolithic 3D integration; 3D cell library; 3D hardware security; circuit camouflaging; reverse engineering

Sandip Ray,Eric Peeters,Mark M. Tehranipoor,Swarup Bhunia

DOI: https://doi.org/10.1109/jproc.2017.2714641

IF: 20.6

2018-01-01

Proceedings of the IEEE

Abstract:Modern system-on-chip (SoC) designs include a wide variety of highly sensitive assets which must be protected from unauthorized access. A significant aspect of SoC design involves exploration, analysis, and evaluation of resiliency mechanisms against attacks to such assets. These attacks may arise from a number of sources, including malicious intellectualproperty blocks (IPs) in the hardware, malicious or vulnerable firmware and software, insecure communication of the system with other devices, and side-channel vulnerabilities through power and performance profiles. Countermeasures for these attacks are equally diverse, which include architecture, design, implementation, and validation-based protection. In this paper, we provide a comprehensive overview of the security infrastructure in modern SoC designs, including both resiliency techniques and their validation paradigms at presilicon and postsilicon stages. We identify gaps in current resiliency and analysis architectures and propose design and validation solutions to address them. Finally, we provide industry perspectives on the role and impact of current practices on SoC security, and discuss some emerging trends in this important area.

engineering, electrical & electronic