Although a recognized if imperfectly executed issue in software, design for security is an emerging topic in hardware engineering, reaching way beyond the precautions taken during the creation of cryptographic and other supposedly secure blocks in system-on-chip (SoC) development.
Disaggregated manufacturing and supply chains, the rise of cyber-physical systems and the internet of things (IoT) as well as the near universal use of third-party IP cores in SoCs – now numbering more than 100 individual cores on ICs implemented on advanced nodes – has given rise to concerns over the security not just of the software they execute but the hardware as well. Much of the existing secure-software infrastructure, which relies on concepts such as the root of trust and a secure-boot sequence relies on the assumption that the underlying hardware has not been compromised by an attacker. If the hardware is compromised, the rest of the system is vulnerable.
Research and a series of academic competitions such as the CSAW Embedded Systems Challenge have highlighted the ways in which malicious circuitry can be inserted into an existing chip design, at a number of different levels. These so-called hardware trojans, named after the wooden horse concealing Greek warriors dragged into Troy by unwitting defenders, have become a major concern to industrial and military users although there are as yet no publicly disclosed examples of such as circuit being exploited.
A hardware trojan represents one mechanism by which the root-of-trust in a supposedly secure device might be compromised, providing attack mechanisms similar to those already widely exploited in the software domain. However, it is far from being the only means of attack on hardware that SoC designers need to be concerned about. Soft attacks also exist that can render any security features, such as encryption, useless.
For example, side-channel analysis can provide an attacker with information on the content of private keys without any need to insert hardware or even decap the device to examine its circuitry. The economic damage may be limited by the use of private keys that are unique to each device. However, a number of penetration tests have shown many embedded systems have been developed and shipped using just one key for the entire family of products, laying them all open to attack once the key has been obtained.
Some researchers have proposed similar techniques to side-channel analysis to alter the behavior of a target system – using the combination of interactions with the physical environment and embedded processing components to alter their behavior. The proof of concept developed by Yasser Shoukry at the UCLA CyPhyLab and presented at CHES 2013 used the magnetic speed sensors in an antilock-braking system (ABS) against itself by placing a magnetic actuator close to them that is used to synthesize incorrect speed readings.
Other forms of attack focus on the entire chip or system. Manufacturers can produce too many copies of a device that then find their way onto the black market or are incorporated into counterfeit systems, possibly with altered code so that they can be subverted while in operation. Alternatively, information on the circuitry may be used to develop competing devices that use the same techniques. Such reverse engineering may be carried out by decapping the chip and stripping away the interconnect layer by layer to examine the layout on each.
A number of techniques exist to protect against counterfeiting and copying. The simplest is to employ a fully trusted foundry for production that is able to guarantee the use of procedures that combat tampering. However, such foundries are expensive and may lack the advanced processes needed to produce competitive commercial devices.
One option to reduce cost is to use split manufacturing, in which different foundries are used to produce different layers of the IC. A single foundry cannot tamper with the design and be assured that it will work. But split manufacturing is at odds with the most efficient interfaces used for fabless production and entail finding foundries with front-end and back-end processes that are compatible with each other.
The move to 3DIC production may provide one answer. At the 22nd Usenix Security Symposium in August 2013, Frank Imeson and colleagues from the University of Waterloo received the best student paper award for their proposal to
use 3DIC technology to prevent an attacker based at a foundry from successfully inserting a Trojan. Their idea was to ‘lift’ selected circuitry to a separate IC that would be fabricate at a trusted location while the remainder of the chips in the stack would use the conventional foundry supply chain. The method developed by Imeson and colleagues allows the ‘trusted’ layer to be no more complex than a passive interposer.
A method that involves less supply-chain overhead is to alter the circuit design to make it less amenable to overbuilding, counterfeiting or copying. Logic encryption, for example, inserts logic gates at key points in the design that are wired to a register. Unless this register is loaded with the correct key, the IC will not function correctly.
Layout analysis could be used on a decapped chip to determine register values that will work, so encryption may need to be used in combination with camouflaging or circuit obfuscation, which is normally employed to prevent reverse engineering of the circuit IP.