PowerPoint Presentation
Security and Trust Issues in 3D ICsJennifer DworakSouthern
Methodist University
Al CrouchASSET InterTech
Presented at the 2011 Board Test Workshop, October 25-27,
2011Overview: Security needs to be considered in design and test of
3D ICsSecurity is a already significant concern for 2D Trojans and
CounterfeitsMeasures exist to expose both
Security and Trust is much more complex in 3DLack of access to
each dieComplexity of developing functional testsIndividual die are
hidden between other dieVertical routes are more difficult to
virtually probe for illicit connections
Types of Counterfeits in 2DReverse engineer, design, and
manufacture chips to be functionally similar to the originalSalvage
old chips from boards and sell them as new chipsRe-label
low-performing die as high-performingSell defective parts as
working chips
Impact of counterfeitsLess reliable than valid dieHarms the
reputation of the real chip providerDenies revenue to original chip
providerIncreases support costs the counterfeit die may require
support or may be returnedMay contain malicious functionality
Selected Counterfeit IncidentsBetween 2007 and 2010 over 5.6
million counterfeit semiconductor devices were seized by Customs
and Border Patrol (CBP) and ICE (Immigrations and Custom
Enforcement)In 2009, a NASA probe project was delayed nine months
and went 20% over-budget due partly to counterfeit parts.Entire NEC
product line was counterfeited in across multiple factories in
China and TaiwanCompany called VisionTech imported more than 3200
identified or suspected shipments of counterfeit microelectronics
to the U.S.Sold to military for use in missile targeting systems,
identification friend-or-foe systems, among othersThousands of
parts may still be in the supply chain
VisionTechs Cost to CompaniesAMD$34.9KNational
Semiconductor$5.9KAltera$7.6KNEC$24.8KAnalog Devices$75.6KPeregrine
Semiconductor$2.6KCypress Semiconductor$33.4KPhillips
Electronics$1.6KFreescale$40KRenesas$2.4KInfineon
Technologies$10KSamsung Elect.
America$77.2KIntel$100.9KSTMicroelectronics$18.6KIntersil$1.9KTexas
Instruments$92.9KLinear
Technology$32KToshiba$2.4KMaxim$1.6KXilinx$22.2KMitel$2.6KTotal$591.4K6Detecting/Avoiding
CounterfeitsBuying from authorized suppliersInspection of
packagingIncoming testDevice authentication (e.g. with die ID and a
trusted database.)Reporting suspected or discovered counterfeit
incidents to an anti-counterfeiting clearinghouseHardware
TrojansMalicious changes to a design intentionally inserted by an
attackerMay be inserted at any stage of the design and
manufacturing process: specification, RTL, manufacturing, supply
chainMost attention has focused on manufacturingInserted with the
intention of being stealthyTwo components:TriggerPayload
2D Circuit with Combinational TrojanTrigger should be
stealthyB=0, C=0 should be rare during functional operationB=0, C=0
should not be targeted during structural test.
TriggerPayloadPayload should affect something of functional
importance to attackerLeak DataCause ErrorsReduce
PerformanceDestroy the chipSequential 2D
TrojanTriggerCounter01Encryption circuitciphertextkeyData to
broadcastplaintextHow can we detect Trojans inserted at
manufacturing?Logic testing is generally ineffectiveToo hard to
activateSide channels affected by even inactive
TrojansDelayPowerObtain fingerprints of chips verified as
Trojan-freeProcess variations make comparison difficult Difference
between Trojan and non-Trojan containing circuits is very
small.Only works if Trojan is inserted at maskChip
IDDelayFingerprintgoodbadReal Life Trojans.
On September 6, 2007, the Israeli Air Force carried out an
airstrike on a Syrian nuclear reactor in Operation Orchard.
Hidden back door in microprocessors used in radar may have
allowed them to be disabled remotely.
beforeafterFrench microprocessors used in military applications
have remote kill switches to allow them to be disabled.During the
Cold War, secret cameras were inserted inside Xerox 914 copy
machines in the Soviet embassy to record copied documents.So what
changes in 3D?Where can Trojans and Counterfeits be inserted?
ManufacturingSpec
Supply ChainDesign
3rd Party AssemblerDie Access and ObservabilitySo what does this
mean for security?Die in 3D ICs are less observable.An entire board
in a packageAccess to all die comes only through the base dieCant
visually inspect die once assembledCant remove and analyze die once
assembled.Overall variability is likely to increase.
Its easier to hide things and harder to find them!!
Potential 3D Security IssuesBase DieInterposerUpper Die2D Trojan
in Real DieTrojan in InterposerCounterfeit Die or InterposerTrojan
Firmware in Programmable DieTrojan Extra DieIssue 1: 2D Trojan in a
DiePotential Actions:Data Collection and Transmission (e.g.
encryption codes)Denial of Service or Early Reliability Failures
(such as generating a high temp spot)Chip/Die Destruction (e.g.
on-demand kill-switch)
Base DieInterposerUpper DieTrojan in Real DieDetecting a 2D
Trojan in a 3D StackVariations increase in 3DRelative size of
Trojan effect is minisculeMay need to shut off power to all but one
dieNeed ability to obtain accurate delay measurements to flops and
TSVsVerify design and 3rd party IP at RTL
Base DieInterposerUpper DieTrojan in Real DieIssue 2:
Counterfeit Die or InterposerSame as 2D:Less reliable and may
contain TrojansBuy from trusted sources & perform incoming
testAuthenticate on-die device ID with a trusted databaseNew
ProblemsPoor copying of packages no longer helps with detectionNeed
to access device ID securely through stackCan no longer replace by
desoldering from board.
Issue 3: Extra Die in StackOriginal Die StackExtra Die in stack
can cause complex Trojans
If TSV information is standardized or published, that info can
be used by Trojan designer to access desired info.
RF Antenna could be added with an extra die on top of the stack
and broadcast the data on the busRF TX dieExtra memoryand
controller dieOut of band TSVsExtra memory and controller die can
save selected data for later extraction.Detecting Extra Die in
StackDepends on where in the stack extra die are located: top of
stack is harder:Strategies:Voltage dropTemperature ProfileSide
Channel Analysis (Power and Delay)X-rays or other imaging
approaches
Extra processorExtra processor die can drive data bus with
opposite values when triggeredshorting power and ground.Issue 4:
Evil FPGAs in StackFPGAs likely to be included for valid
reasons:Replace ASICsBuilt-in Self RepairTest other parts of
stackSecurity Concerns:Firmware CorruptionExtra FPGA in stackTrojan
can be inserted in the field
Hot Spot on FPGA die created by significant switching when
Trojan die is triggered.
Very complex Trojans are possibleIssue 5: Trojan
InterposersUpper DieLower DieInterposerSilicon Interposers may be
needed to align TSVs on adjacent dieincluding TSVs for power and
ground.Upper DieLower DieTrojan InterposerTrojan LogicTrojan Logic
in the Interposer (or in one of the die in the stack) could be used
to shut off power or data to all upper dieIn 2D, this is like
shutting off power or data to most of the chips on the board!!!If
the Trojan is in an interposer, it would not be visible to JTAG or
any other DFT hardware by design.Issue 6: Incorrect Die
OrderingProcessorMemoryASIC 1ASIC 2RF TransceiverOriginal
orderingProcessorMemoryASIC 1ASIC 2RF TransceiverTrojan
orderingEspecially if standard interposers are available, an
attacker could reorder the die.Causes loss of reliability and
performance.Detection Methods: Testing and Die IDs (JTAG, INTEST,
etc.)Issue 7: Protecting IPToday, defective chips can be
de-soldered and sent back to the manufacturer for FA.In 3D entire
stack will need to be spent.
Need to be able to access individual die for debug.Need to
protect the IP of each die provider.
AMD ProcessorTI Analog DieMemoryARM Core
OutlookSome of these issues are likely easier to solve than
others.Even the easy ones wont be detected if you arent
looking!When 3D assembly issues are solved and 3D becomes
commonplace, really evil counterfeits are possible.Easy to
manufacture with standard, interchangeable dieHard to detect in
packageIncoming Test is Mandatory!
Conclusions3D Security and Trust must be addressed at both
design and test.Research is needed to mitigate these issues
now.Waiting may make solutions much more expensive or impossible to
implementIf we dont look for these issues, they will happen, and
the consequences could be disastrous.
The End.
