1

Hardware Security: An Emerging Threat Landscape and Possible Solutions

Siddharth Garg with

M. El-Massad (NYU), F. Imeson (Waterloo), and M. Tripunitara (Waterloo)

Electrical and Computer EngineeringNew York University

Berkeley DREAMS Seminar

2

Cyber-security Landscape

~20 Billion interconnected “devices” (semiconductor ICs) Security threats: firmware, application, network (both

wired and wireless), cloud …. …..but what about the “devices”

3

IC Supply Chain

module adder(x, a, b, cin); input a; input b; input cin;

Millions of LoC

Geographically dispersed design

teams

External “IP”

Source: Global Semicon. Alliance

“Fabless” manufacturing

IC circuitextraction

4

Threat Model: Malicious Foundry

“As for hardware, remotely operated kill switches and hidden backdoors can be written into computer chips….”

- U.S. Department of Defense

More pernicious than a software virus Instantly affects all chips Cannot (or is hard to) patch

5

Hardware Trojan Attacks Types of attacks

Private information leakage (leaking secret keys, etc.) Privilege escalation attacks [King et al., LEET’08]

Premise: targeted attack on a specific gate (or set of gates) Attacker must uniquely identify at least one gate to be

successful

Super-user bit

6

Existing Solutions

Hardware Trojan detection Compare measured IC

“fingerprints” with golden IC

Reactive (not proactive)

[Source: C Ortiz, US DoD]

Trusted foundry programs “Contracts with IBM for secure,

domestic advanced semiconductor fabrication and ASIC services”

[Source: Tehranipoor and Koushanfar]

7

Running Example: Full AdderRe

gula

r Inp

uts

Malicious input (trigger) to avoid detection in post-fab. testing

Malicious gate

8

Hide information (wires) from the view of the attacker

Proposed Solution: Logic Obfuscation

Hidden wire

I/O labels removed

Attackers View

Original NetlistLogic obfuscation (by hiding wires) reduces the

attackers ability to correctly identify gates

[Imeson et al., USENIX Security’13, Best Paper Award]

9

Hiding Wires Using 3D (2.5D) TechnologyTop Tier

(Hidden Tier)

Bottom Tier ( Obfuscated Tier)

Contains only hidden wires and all I/O

Inexpensive to manufacture

Fabricated at secure facility

Contains all gates and “unhidden” wires

Expensive Outsourced for

fabrication

2.5D IC

10

2.5D and 3D ICs

2.5D Xilinx FPGA

FPGA logicInterconnect

NYU 3D Test Chip (Tezzaron 0.13 mm)

[O’Sullivan et al., ISQED’13]

“A multi-layer circuit may be divided in such a way that the function of each layer becomes obscure..….. elements can be scattered among the layers in apparently random fashion”

- Tezzaron Technologies white paper

11

“Split Manufacturing” Flow

“Layout”

12

Attacker Model

ObfuscatedLayout Reconstructed

Net-list

13

How Does the Attacker Proceed Inputs: Graphs G and H

Attacker determines sub-graph isomorphisms

All four subgraphs of G that are isomorphic to H

Is H “4-secure” with respect to G?

14

Formal Notion of Security S(w) = 2 S(v), S(x), S(u) = 2 S(y) = 1 S(H) = 1

k-secure vertex

A vertex is k-secure if there exist at least k subgraph isomorphisms each of which map to a distinct vertex in G.

k-secure graph

is k-secure (with respect to G) if every vertex in is k-secure.

15

Computational Complexity Determining if is k-secure is NP-complete

Relevant from the perspective of the defender

We investigated two approaches: Reduction to subgraph isomorphism + VF2 solver Reduction to SAT + MiniSAT solver

16

Cost-Security Trade-offs Cost Number of hidden wires

Minimizing cost to achieve k-security is NP-Hard

Greedy procedure to explore cost-security trade-off Start with no edges in H. Pick edge to add to H that

maximizes security. Repeat.

17

Experimental Results: Cost vs. Security

Experiments on the C432 benchmark circuit, a 27-channel interrupt controller.

Max.

Avg.Min.

Gate type that appears fewest times

18

Layout Randomization Gates are placed to minimize average wirelength

Proximal gates on obfuscated (bottom) tier more likely to be connected on hidden (top) tier

Solution: secure layout randomization

[Rajendran et al., DATE’13]

OTS Layout

Tool

OTS Routing

Tool

Layout tool does not know about connectivity on the hidden tier and cannot optimize for it

19

Layout Randomization Results

Layout randomization effectively defeats proximity attacks 1.7x-2.1x delay overhead

Original 2D Layout Obfuscated Tier Layout Hidden Tier Layout

Original 2DObfuscated Hidden

20

Case Study: DES Circuit

Symmetric key based encryption/decryption

35,000 gate implementation from OpenCores library

Attack on LSB of 14th round reveals secret key

16-secure circuit by removing only 13% of wires

[Boneh et al., Eurocrypt’97]

21

Footprint of “Exhaustive” Attack

Implemented a 64-secure DES circuit

LSB of 14th round actually 255-secure

420x area overhead to attack all possible options

22

Raising the Bar on the Attacker

23

IC Supply Chain

module adder(x, a, b, cin); input a; input b; input cin;

Millions of LoC

Geographically dispersed design

teams

External “IP”

Source: Global Semicon. Alliance

“Fabless” manufacturing

IC circuitextraction

24

IC Circuit ExtractionDe-packaging And DelayeringPackaged IC

Imaging(SEM)

Schematic!

“…project we just finished; analyzing a digital ASIC with….. embedded encryption hardware…12K gates of digital logic…”

“Now we understood the encryption, had the keys, and had full chip simulations running….”

[Source: Torrance and James, CHES’09]

25

Potential Solution: IC Camouflaging Dummy contacts to

camouflage Boolean functionality [US6791191]

Attacker cannot determine functionality even after circuit extraction {XOR, NAND, NOR}

But, camouflaging comes at a cost (area/power/delay)

26

Defender Vs. Attacker

27

IC Camouflaging: Trade-off Camouflaging has a per-gate cost

Claim [R+,CCS’13]: If a small number of judiciously selected gates is camouflaged, => attacker needs >1000s of years to decamouflage

[R+,CCS’13] seemingly resolve cost-security trade-off

[R+,CCS’13] Rajendran, J., et al. "Security analysis of integrated circuit camouflaging,“ CCS 2013. (Best Student Paper Award)

28

Which Gates…? Mindset from [R+,CCS’13]

“Justification”“Sensitization’

Observation: Efficient attack strategy if gates can be simultaneously justified and sensitized

29

Non-Resolvable Gates

Claim [R+,CCS’13]: If gates cannot be simultaneously sensitized and justified, attacker must resort to brute-force attack Exponential complexity in # of camouflaged gates

30

The Example, Revisited

Each input eliminates a subset of solutions (or completions)

Set of inputs sufficient to eliminate all but the right completion(s)→ discriminating set

31

Discriminating Set of Inputs

32

IC Decamouflaging Attack

Our Work [E+, NDSS’15]: in practice, both the query cost and computational cost of an attack are low: IC decamouflaging in minutes

33

Attack Oracles

34

Practical Computational Procedure

1001

1111

0010

.

.

.

.

.

.

.

.

Am I done yet?

Add counterexample input

co-NP-complete

SAT Solver

UNSAT

Done!

SAT

What are the gate identities?

SAT Solver

NP-

com

plet

e

0001

“counterexample”

0001

Given a set of inputs…..

35

Our Attack: Empirical Results

36

Impact of Increasing # Camouflaged Gates

37

Takeaway Cautionary note to IC designers

Appealing claims on secure IC camouflaging with low cost must be examined carefully

Mindset rooted in foundations is helpful