Proceedings Article•
Active hardware metering for intellectual property protection and security
06 Aug 2007-pp 20
TL;DR: The first active hardware metering scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy and runtime tampering is introduced and has a low-overhead in terms of power, delay, and area, while it is extremely resilient against the considered attacks.
Abstract: We introduce the first active hardware metering scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy and runtime tampering. The novel metering method simultaneously employs inherent unclonable variability in modern manufacturing technology, and functionality preserving alternations of the structural IC specifications. Active metering works by enabling the designers to lock each IC and to remotely disable it. The objectives are realized by adding new states and transitions to the original finite state machine (FSM) to create boosted finite state machines(BFSM) of the pertinent design. A unique and unpredictable ID generated by an IC is utilized to place an BFSM into the power-up state upon activation. The designer, knowing the transition table, is the only one who can generate input sequences required to bring the BFSM into the functional initial (reset) state. To facilitate remote disabling of ICs, black hole states are integrated within the BFSM.
We introduce nine types of potential attacks against the proposed active metering method. We further describe a number of countermeasures that must be taken to preserve the security of active metering against the potential attacks. The implementation details of the method with the objectives of being low-overhead, unclonable, obfuscated, stable, while having a diverse set of keys is presented. The active metering method was implemented, synthesized and mapped on the standard benchmark circuits. Experimental evaluations illustrate that the method has a low-overhead in terms of power, delay, and area, while it is extremely resilient against the considered attacks.
Citations
More filters
TL;DR: A classification of hardware Trojans and a survey of published techniques for Trojan detection are presented.
Abstract: Editor's note:Today's integrated circuits are vulnerable to hardware Trojans, which are malicious alterations to the circuit, either during design or fabrication. This article presents a classification of hardware Trojans and a survey of published techniques for Trojan detection.
1,227 citations
Additional excerpts
...Action characteristics identify the types of disruptive behavior introduced by the Trojan....
[...]
...If the IUA’s power signature differs from the reference signature, the IUA is considered suspicious and that it might contain a Trojan....
[...]
...In the table, ‘‘test modality’’ (second column) refers to the measurement modality used (often as a side channel) to reveal the presence of a Trojan....
[...]
...The authors developed a multisupply transient-current integration methodology to detect a hardware Trojan....
[...]
...Different portions of the design can be explored by changing input vectors to localize a Trojan....
[...]
10 Mar 2008
TL;DR: A novel comprehensive technique to end piracy of integrated circuits (EPIC), which requires that every chip be activated with an external key, which can only be generated by the holder of IP rights, and cannot be duplicated.
Abstract: As semiconductor manufacturing requires greater capital investments, the use of contract foundries has grown dramatically, increasing exposure to mask theft and unauthorized excess production. While only recently studied, IC piracy has now become a major challenge for the electronics and defense industries [6].We propose a novel comprehensive technique to end piracy of integrated circuits (EPIC). It requires that every chip be activated with an external key, which can only be generated by the holder of IP rights, and cannot be duplicated. EPIC is based on (i) automatically-generated chip IDs, (ii) a novel combinational locking algorithm, and (iii) innovative use of public-key cryptography. Our evaluation suggests that the overhead of EPIC on circuit delay and power is negligible, and the standard flows for verification and test do not require change. In fact, major required components have already been integrated into several chips in production. We also use formal methods to evaluate combinational locking and computational attacks. A comprehensive protocol analysis concludes that EPIC is surprisingly resistant to various piracy attempts.
639 citations
Cites background from "Active hardware metering for intell..."
...Introduction As LSI Logic quit semiconductor manufacturing in 2005 and Texas Instruments chose not to develop sub-45nm fabrication in-house, they and their former clients partnered with major foundries to outsource production....
[...]
18 Jul 2014
TL;DR: This paper systematizes the current knowledge in this emerging field, including a classification of threat models, state-of-the-art defenses, and evaluation metrics for important hardware-based attacks.
Abstract: The multinational, distributed, and multistep nature of integrated circuit (IC) production supply chain has introduced hardware-based vulnerabilities. Existing literature in hardware security assumes ad hoc threat models, defenses, and metrics for evaluation, making it difficult to analyze and compare alternate solutions. This paper systematizes the current knowledge in this emerging field, including a classification of threat models, state-of-the-art defenses, and evaluation metrics for important hardware-based attacks.
514 citations
Additional excerpts
...Section VII concludes the paper....
[...]
03 Jun 2012
TL;DR: This work demonstrates that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output, and develops techniques to fix this vulnerability and make obfuscation truly exponential in thenumber of inserted keys.
Abstract: Due to globalization of Integrated Circuit (IC) design flow, rogue elements in the supply chain can pirate ICs, overbuild ICs, and insert hardware trojans. EPIC [1] obfuscates the design by randomly inserting additional gates; only a correct key makes the design to produce correct outputs. We demonstrate that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output. We then develop techniques to fix this vulnerability and make obfuscation truly exponential in the number of inserted keys.
489 citations
Cites background from "Active hardware metering for intell..."
...In sequential logic obfuscation, additional logic (black) states are introduced in the state transition graph [7,8]....
[...]
15 Jul 2014
TL;DR: This tutorial will provide a review of some of the existing counterfeit detection and avoidance methods, and discuss the challenges ahead for implementing these methods, as well as the development of new Detection and avoidance mechanisms.
Abstract: As the electronic component supply chain grows more complex due to globalization, with parts coming from a diverse set of suppliers, counterfeit electronics have become a major challenge that calls for immediate solutions. Currently, there are a few standards and programs available that address the testing for such counterfeit parts. However, not enough research has yet addressed the detection and avoidance of all counterfeit partsVrecycled, remarked, overproduced, cloned, out-of-spec/defective, and forged documentationVcurrently infiltrating the electronic component supply chain. Even if they work initially, all these parts may have reduced lifetime and pose reliability risks. In this tutorial, we will provide a review of some of the existing counterfeit detection and avoidance methods. We will also discuss the challenges ahead for im- plementing these methods, as well as the development of new detection and avoidance mechanisms.
424 citations
Cites background or methods from "Active hardware metering for intell..."
...Hardware metering attempts to uniquely tag each chip produced from a certain design by active or passive methods to facilitate chip tracing [20], [21]....
[...]
...In addition to unique identification, active metering approaches lock each IC until it is unlocked by the IP holder [20], [69]–[73]....
[...]
...This locking is mostly done in three ways: 1) initializing ICs to a locked state on power-up [20]; 2) combinational locking by scattering xor gates randomly throughout the design [71]–[73]; and 3) adding a finitestate machine (FSM) which is initially locked and can be unlocked only with the correct sequence of primary inputs [70], [74]....
[...]
References
More filters
Book•
01 Dec 1989TL;DR: This best-selling title, considered for over a decade to be essential reading for every serious student and practitioner of computer design, has been updated throughout to address the most important trends facing computer designers today.
Abstract: This best-selling title, considered for over a decade to be essential reading for every serious student and practitioner of computer design, has been updated throughout to address the most important trends facing computer designers today. In this edition, the authors bring their trademark method of quantitative analysis not only to high-performance desktop machine design, but also to the design of embedded and server systems. They have illustrated their principles with designs from all three of these domains, including examples from consumer electronics, multimedia and Web technologies, and high-performance computing.
11,671 citations
"Active hardware metering for intell..." refers background in this paper
..., the control circuitry) in modern industrial design are always a very small part of the overall design, well bellow 1% [7, 10]....
[...]
..., FSM) is less than 1% of the total area and hence, adding a small overhead to the FSM does not significantly affect the total area [7, 10]....
[...]
...Two important observations are that FSMs in modern industrial design are always a very small part the overall design, well below 1%, and that STG recovery is a computationally intractable problem [7, 10, 22]:...
[...]
08 May 1989
TL;DR: A set of 31 digital sequential circuits described at the gate level that extend the size and complexity of the ISCAS'85 set of combinational circuits and can serve as benchmarks for researchers interested in sequential test generation, scan-basedtest generation, and mixed sequential/scan-based test generation using partial scan techniques.
Abstract: A set of 31 digital sequential circuits described at the gate level is presented. These circuits extend the size and complexity of the ISCAS'85 set of combinational circuits and can serve as benchmarks for researchers interested in sequential test generation, scan-based test generation, and mixed sequential/scan-based test generation using partial scan techniques. Although all the benchmark circuits are sequential, synchronous, and use only D-type flip-flops, additional interior faults and asynchronous behavior can be introduced by substituting for some or all of the flip-flops their appropriate functional models. The standard functional model of the D flip-flop provides a reference point that is independent of the faults particular to the flip-flop implementation. A testability profile of the benchmarks in the full-scan-mode configuration is discussed. >
1,972 citations
"Active hardware metering for intell..." refers methods in this paper
...We used extended set of sequential benchmarks from the ISCAS’89 to evaluate the impact of the active hardware metering method [6]....
[...]
Journal Article•
TL;DR: This paper provides an overview of SIS and contains descriptions of the input specification, STG (state transition graph) manipulation, new logic optimization and verification algorithms, ASTG (asynchronous signal transition graph] manipulation, and synthesis for PGA’s (programmable gate arrays).
Abstract: SIS is an interactive tool for synthesis and optimization of sequential circuits Given a state transition table, a signal transition graph, or a logic-level description of a sequential circuit, it produces an optimized net-list in the target technology while preserving the sequential input-output behavior Many different programs and algorithms have been integrated into SIS, allowing the user to choose among a variety of techniques at each stage of the process It is built on top of MISII [5] and includes all (combinational) optimization techniques therein as well as many enhancements SIS serves as both a framework within which various algorithms can be tested and compared, and as a tool for automatic synthesis and optimization of sequential circuits This paper provides an overview of SIS The first part contains descriptions of the input specification, STG (state transition graph) manipulation, new logic optimization and verification algorithms, ASTG (asynchronous signal transition graph) manipulation, and synthesis for PGA’s (programmable gate arrays) The second part contains a tutorial example illustrating the design process using SIS
1,854 citations
"Active hardware metering for intell..." refers methods in this paper
...We synthesize the benchmarks using the Berkeley SIS tool [26], that given a STG or a logic-level description of a sequential circuit produces an optimized netlist in the target technology (cell library) while preserving the sequential input-output behavior....
[...]
Book•
01 Jan 2001
TL;DR: In almost 600 pages of riveting detail, Ross Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables.
Abstract: Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about. Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
1,852 citations
Book•
31 Aug 1984
TL;DR: The ESPRESSO-IIAPL as discussed by the authors is an extension of the ESPRSO-IIC with the purpose of improving the efficiency of Tautology and reducing the number of blocks and covers.
Abstract: 1. Introduction.- 1.1 Design Styles for VLSI Systems.- 1.2 Automatic Logic Synthesis.- 1.3 PLA Implementation.- 1.4 History of Logic Minimization.- 1.5 ESPRESSO-II.- 1.6 Organization of the Book.- 2. Basic Definitions.- 2.1 Operations on Logic Functions.- 2.2 Algebraic Representation of a Logic Function.- 2.3 Cubes and Covers.- 3. Decomposition and Unate Functions.- 3.1 Cofactors and the Shannon Expansion.- 3.2 Merging.- 3.3 Unate Functions.- 3.4 The Choice of the Splitting Variable.- 3.5 Unate Complementation.- 3.6 SIMPLIFY.- 4. The ESPRESSO Minimization Loop and Algorithms.- 4.0 Introduction.- 4.1 Complementation.- 4.2 Tautology.- 4.2.1 Vanilla Recursive Tautology.- 4.2.2 Efficiency Results for Tautology.- 4.2.3 Improving the Efficiency of Tautology.- 4.2.4 Tautology for Multiple-Output Functions.- 4.3 Expand.- 4.3.1 The Blocking Matrix.- 4.3.2 The Covering Matrix.- 4.3.3 Multiple-Output Functions.- 4.3.4 Reduction of the Blocking and Covering Matrices.- 4.3.5 The Raising Set and Maximal Feasible Covering Set.- 4.3.6 The Endgame.- 4.3.7 The Primality of c+.- 4.4 Essential Primes.- 4.5 Irredundant Cover.- 4.6 Reduction.- 4.6.1 The Unate Recursive Paradigm for Reduction.- 4.6.2 Establishing the Recursive Paradigm.- 4.6.3 The Unate Case.- 4.7 Lastgasp.- 4.8 Makesparse.- 4.9 Output Splitting.- 5. Multiple-Valued Minimization.- 6. Experimental Results.- 6.1 Analysis of Raw Data for ESPRESSO-IIAPL.- 6.2 Analysis of Algorithms.- 6.3 Optimality of ESPRESSO-II Results.- 7. Comparisons and Conclusions.- 7.1 Qualitative Evaluation of Algorithms of ESPRESSO-II.- 7.2 Comparison with ESPRESSO-IIC.- 7.3 Comparison of ESPRESSO-II with Other Programs.- 7.4 Other Applications of Logic Minimization.- 7.5 Directions for Future Research.- References.
1,347 citations