SoC: a real platform for IP reuse, IP infringement, and IP protection
TL;DR: The IP-based SoC design flow is discussed to highlight the exact locations and the nature of infringements in the flow, identifies the adversaries, categorizes these infringements, and applies strategic analysis on the effectiveness of the existing IPP techniques for these categories of infringement.
Abstract: Increased design complexity, shrinking design cycle, and low cost--this three-dimensional demandmandates advent of system-onchip (SoC) methodology in semiconductor industry. The key concept of SoC is reuse of the intellectual property (IP) cores. Reuse of IPs on SoC increases the risk of misappropriation of IPs due to introduction of several new attacks and involvement of various parties as adversaries. Existing literature has huge number of proposals for IP protection (IPP) techniques to be incorporated in the IP design flow as well as in the SoC design methodology. However, these are quite scattered, limited in possibilities in multithreat environment, and sometimes mutually conflicting. Existing works need critical survey, proper categorization, and summarization to focus on the inherent tradeoff, existing security holes, and new research directions. This paper discusses the IP-based SoC design flow to highlight the exact locations and the nature of infringements in the flow, identifies the adversaries, categorizes these infringements, and applies strategic analysis on the effectiveness of the existing IPP techniques for these categories of infringements. It also clearly highlights recent challenges and new opportunities in this emerging field of research.
Citations
More filters
TL;DR: In the proposed technique, transformable interconnects enable an IC chip to maintain functioning in normal use and to transform its physical structure into another pattern when exposed to invasive attacks.
Abstract: Protection of intellectual property (IP) is increasingly critical for IP vendors in the semiconductor industry. However, advanced reverse engineering techniques can physically disassemble the chip and derive the IPs at a much lower cost than the value of IP design that chips carry. This invasive hardware attack—obtaining information from IC chips—always violates the IP rights of vendors. The intent of this article is to present a chip-level reverse engineering resilient design technique. In the proposed technique, transformable interconnects enable an IC chip to maintain functioning in normal use and to transform its physical structure into another pattern when exposed to invasive attacks. The newly created pattern will significantly increase the difficulty of reverse engineering. Furthermore, to improve the effectiveness of the proposed technique, a systematic design method is developed targeting integrated circuits with multiple design constraints. Simulations have been conducted to demonstrate the capability of the proposed technique, which generates extremely large complexity for reverse engineering with manageable overhead.
14 citations
Cites background from "SoC: a real platform for IP reuse, ..."
...Revealing the design details and physical implementations not only creates opportunities for illegal reproduction but also makes it easier for IP infringement, tampering, malicious alteration, and counterfeiting [1, 11, 28, 34]....
[...]
TL;DR: This paper proposes the first known approach to protect the authorship and the usage legitimacy of NoCs using specially designed routing, square spiral routing, which exploits routing redundancy inherent in the mesh NoCs and transports packets along the paths, which have very low probability to be taken under commonly used routing algorithms.
Abstract: Intellectual property (IP) core reuse is essential for the design process of system-on-chip (SoC). Network-on-chip (NoC) has been used as an independent IP core during SoC design. However, the NoC has not been protected via IP protection and paid attention on its innovations. This paper proposes the first known approach to protect the authorship and the usage legitimacy of NoCs using specially designed routing, square spiral routing. The special routing algorithm exploits routing redundancy inherent in the mesh NoCs and transports packets along the paths, which have very low probability to be taken under commonly used routing algorithms. These unique and diverse paths are exploited in this paper to embed information of the author and identify the legal buyer of NoCs, showing high robustness and credibility. The hardware implementation of an IP-protected mesh NoC shows that the area overhead is small, which is $\sim 0.74$ %, and the power overhead is $\sim 0.52$ %, while the functionality and performance of the network is not affected. In this paper, the approach is presented for the mesh NoC, but the idea is equally applicable to other NoC topologies where the unique and diverse paths also inherently exist.
9 citations
Cites background or methods from "SoC: a real platform for IP reuse, ..."
...and become one of the major concern in the industry [1]....
[...]
...Reuse of already designed, optimized, and verified intellectual property (IP) cores has become the pervasive practice in SoC design industry, to meet the requirements of short design time and low design cost [1]....
[...]
...For a comprehensive review and classification of classical hardware watermarking, we refer the interested readers to [1] and [4]....
[...]
TL;DR: A novel methodology to secure hardware accelerators against ownership threats/IP piracy using biometric fingerprinting, followed by embedding fingerprint’s digital template into the design in the form of secret biometric constraints; thereby generating a secured hardware accelerator design.
Abstract: This article presents a novel methodology to secure hardware accelerators (such as digital signal processing (DSP) and multimedia intellectual property (IP) cores) against ownership threats/IP piracy using biometric fingerprinting. In this approach, an IP vendor’s biometric fingerprint is first converted into a corresponding digital template, followed by embedding fingerprint’s digital template into the design in the form of secret biometric constraints; thereby generating a secured hardware accelerator design. The results report the following qualitative and quantitative analysis of the proposed biometric fingerprint approach: 1) impact of 11 different fingerprints on probability of coincidence (Pc) metric. As evident, the proposed approach achieves a very low Pc value in the range of 2.22E−3 to 4.35E−6. Further, the biometric fingerprint achieves total constraints size between minimum 350 bits to maximum 895 bits; 2) impact of six different resource constraints on the design cost overhead of JPEG compression hardware postembedding biometric fingerprint. As evident, for all the resource constraints implemented, the design cost overhead is 0%; and 3) comparative analysis of proposed biometric fingerprint with recent work, for five different signature strength values, in terms of Pc. As evident, the proposed approach achieves minimum 3.9E+2 times and maximum 6.9E+4 times lower Pc, when compared to recent work.
9 citations
Cites background from "SoC: a real platform for IP reuse, ..."
...encoding rules) contributing to the security of the signature are known to an attacker, it becomes ineffective, as it can easily be replicated by an attacker [24]–[26]....
[...]
...vulnerable as it can be compromised by an attacker [24]–[26]....
[...]
Posted Content•
TL;DR: UNTANGLE as mentioned in this paper proposes a link prediction-based attack that successfully breaks InterLock in an oracle-less setting without having access to an activated IC (oracle), since InterLock hides selected timing paths in key-controlled routing blocks.
Abstract: Logic locking aims to prevent intellectual property (IP) piracy and unauthorized overproduction of integrated circuits (ICs). However, initial logic locking techniques were vulnerable to the Boolean satisfiability (SAT)-based attacks. In response, researchers proposed various SAT-resistant locking techniques such as point function-based locking and symmetric interconnection (SAT-hard) obfuscation. We focus on the latter since point function-based locking suffers from various structural vulnerabilities. The SAT-hard logic locking technique, InterLock [1], achieves a unified logic and routing obfuscation that thwarts state-of-the-art attacks on logic locking. In this work, we propose a novel link prediction-based attack, UNTANGLE, that successfully breaks InterLock in an oracle-less setting without having access to an activated IC (oracle). Since InterLock hides selected timing paths in key-controlled routing blocks, UNTANGLE reveals the gates and interconnections hidden in the routing blocks upon formulating this task as a link prediction problem. The intuition behind our approach is that ICs contain a large amount of repetition and reuse cores. Hence, UNTANGLE can infer the hidden timing paths by learning the composition of gates in the observed locked netlist or a circuit library leveraging graph neural networks. We show that circuits withstanding SAT-based and other attacks can be unlocked in seconds with 100% precision using UNTANGLE in an oracle-less setting. UNTANGLE is a generic attack platform (which we also open source [2]) that applies to multiplexer (MUX)-based obfuscation, as demonstrated through our experiments on ISCAS-85 and ITC-99 benchmarks locked using InterLock and random MUX-based locking.
9 citations
TL;DR: A Radio Frequency Identification (RFID) based protection scheme for Intellectual Property Protection (IPP) of Static Random Access Memory (SRAM) FPGA IP cores that overcome the limitations of existing IPP techniques is proposed.
Abstract: Field-programmable gate-array (FPGA) based hardware IP cores have emerged as an integral part of modern SOC designs. IP trading plays central role in Electronic Design Automation (EDA) industry. While the potential of IP infringement is growing fast, the global awareness of IP protection remains low. In this work, we propose a Radio Frequency Identification (RFID) based protection scheme for Intellectual Property Protection (IPP) of Static Random Access Memory (SRAM) FPGA IP cores that overcome the limitations of existing IPP techniques. Here, three types of reconfigurable RFID tags is realised in order to support the incorporation of the proposed RFID based security scheme in all the reconfigurable FPGA devices of Xilinx family. Also a special tag bypass feature is employed to increase the suitability of proposed scheme as an IPP technique for reconfigurable IP cores. The proposed scheme supports safe exchange of reconfigurable FPGA IP cores between IP providers and system developers. The results derived from the testing of hardware prototype used for the evaluation of the proposed scheme are quite encouraging and shows that the proposed security feature can be incorporated into the reconfigurable IP cores of any functionality without significant performance degradation of the reconfigurable IP cores.
5 citations
References
More filters
Posted Content•
TL;DR: A new model for directly evaluating DPA leakage from logic information in CMOS circuits is proposed, based on the transition probability for each gate, and is naturally applicable to various actual devices for simulating power analysis.
Abstract: In this paper, we propose a new model for directly evaluating DPA leakage from logic information in CMOS circuits. This model is based on the transition probability for each gate, and is naturally applicable to various actual devices for simulating power analysis. We also report on our study of the effects of the previously known countermeasures on both our model and FPGA, and show the possibility of leaking information, which is caused by strict precondition for implementing a secure circuit. Furthermore, we present an efficient countermeasure, Random Switching Logic(RSL), for relaxing the precondition, and show that RSL makes a cryptographic circuit secure through evaluation on both our model and FPGA.
106 citations
"SoC: a real platform for IP reuse, ..." refers background in this paper
...…2007 [16] Y Alkabani et al. 2007 [17] Y Y Chakraborty and Bhunia 2009 [18] Y Y Granado-Criado et al. 2010 [19] Y Dyka and Langendoerfer 2005 [20] Y Suzuki et al. 2004 [21] Y Deng et al. 2009 [23] Y Y Castillo et al. 2007 [24] Y Abdel-Hamid et al. 2005 [25] Y Saha and Sur-Kolay 2010 [26]…...
[...]
...Countermeasure to these attacks is to apply masking, permutation table, or random switching logic [21] to hide the nature of sensitive variables....
[...]
TL;DR: This paper proposes its own methodology for doing an FPGA-based AES implementation, which combines the use of three hardware languages with partial and dynamic reconfiguration, and a pipelined and parallel implementation.
Abstract: Wireless networks are very widespread nowadays, so secure and fast cryptographic algorithms are needed. The most widely used security technology in wireless computer networks is WPA2, which employs the AES algorithm, a powerful and robust cryptographic algorithm. In order not to degrade the Quality of Service (QoS) of these networks, the encryption speed is very important, for which reason we have implemented the AES algorithm in an FPGA, taking advantage of the hardware characteristics and the software-like flexibility of these devices. In this paper, we propose our own methodology for doing an FPGA-based AES implementation. This methodology combines the use of three hardware languages (Handel-C, VHDL and JBits) with partial and dynamic reconfiguration, and a pipelined and parallel implementation. The same design methodology could be extended to other cryptographic algorithms. Thanks to all these improvements our pipelined and parallel implementation reaches a very high throughput (24.922Gb/s) and the best efficiency (throughput/area ratio) of all the related works found in the literature (6.97Mb/s per slice).
105 citations
"SoC: a real platform for IP reuse, ..." refers methods in this paper
...For example, an efficient FPGA implementation [19] of symmetric key encryption algorithm AES can achieve throughput of 24....
[...]
...…al. 2008 [14] Y Alkabani et al. 2008 [15] Y Alkabani and Koushanfar 2007 [16] Y Alkabani et al. 2007 [17] Y Y Chakraborty and Bhunia 2009 [18] Y Y Granado-Criado et al. 2010 [19] Y Dyka and Langendoerfer 2005 [20] Y Suzuki et al. 2004 [21] Y Deng et al. 2009 [23] Y Y Castillo et al. 2007 [24]…...
[...]
TL;DR: This work presents the first technique that leverages the unique characteristics of field-programmable gate arrays (FPGAs) to protect commercial investment in intellectual property through fingerprinting.
Abstract: As current computer-aided design (CAD) tool and very large scale integration technology capabilities create a new market of reusable digital designs, the economic viability of this new core-based design paradigm is pending on the development of techniques for intellectual property protection. This work presents the first technique that leverages the unique characteristics of field-programmable gate arrays (FPGAs) to protect commercial investment in intellectual property through fingerprinting. A hidden encrypted mark is embedded into the physical layout of a digital circuit when it is placed and routed onto the FPGA. This mark uniquely identifies both the circuit origin and original circuit recipient, yet is difficult to detect and/or remove, even via recipient collusion. While this approach imposes additional constraints on the backend CAD tools for circuit place and route, experiments indicate that the performance and area impacts are minimal.
103 citations
"SoC: a real platform for IP reuse, ..." refers background in this paper
...The techniques in (iii), (iv) and (v) are for ASIC authentication and those in (vi), and (vii) are for FPGA bitfile core authentication....
[...]
...For example, an efficient FPGA implementation [19] of symmetric key encryption algorithm AES can achieve throughput of 24.922 Gb/s with the efficiency (throughput/area) of 6.97 Mb/s per slice of the FPGA used....
[...]
...Failing to detect desired parity relation signals possible existence of additional circuitry, that is, trojan in the FPGA design....
[...]
...(vii) Signatures of both IP vendor and IP buyer are stored as configuration bitstream of unused configurable logic blocks (CLBs) of FPGA [30]....
[...]
...…et al. 2005 [25] Y Saha and Sur-Kolay 2010 [26] Y Majzoobi and Koushanfar 2009 [27] Y Agrawal et al. 2007 [28] Y Y Cui et al. 2008 [29] Y Lach et al. 2001 [30] Y Y Gu et al. 2009 [31] Y Li and Lach 2008 [32] Y Y Potkonjak et al. 2009 [33] Y Wei et al. 2010 [34] Y Dutt and Li 2009 [35] Y…...
[...]
13 Jun 2010
TL;DR: The simulation results show that the thermally conditioned GLC approach is capable of characterizing all the gates with an average error less than the measurement error, and it can detect HTHs with 100% accuracy on a target circuit.
Abstract: Gate-level characterization (GLC) is the process of characterizing each gate of an integrated circuit (IC) in terms of its physical and manifestation properties. It is a key step in the IC applications regarding cryptography, security, and digital rights management. However, GLC is challenging due to the existence of manufacturing variability (MV) and the strong correlations among some gates in the circuit. We propose a new solution for GLC by using thermal conditioning techniques. In particular, we apply thermal control on the process of GLC, which breaks the correlations by imposing extra variations concerning gate level leakage power. The scaling factors of all the gates can be characterized by solving a system of linear equations using linear programming (LP). Based on the obtained gate level scaling factors, we demonstrate an application of GLC, hardware Trojan horse (HTH) detection, by using constraint manipulation. We evaluate our approach of GLC and HTH detection on several ISCAS85/89 benchmarks. The simulation results show that our thermally conditioned GLC approach is capable of characterizing all the gates with an average error less than the measurement error, and we can detect HTHs with 100% accuracy on a target circuit.
99 citations
"SoC: a real platform for IP reuse, ..." refers methods in this paper
...The technique in [34] breaks the correlations by applying thermal control on the process of GLC....
[...]
...…et al. 2007 [28] Y Y Cui et al. 2008 [29] Y Lach et al. 2001 [30] Y Y Gu et al. 2009 [31] Y Li and Lach 2008 [32] Y Y Potkonjak et al. 2009 [33] Y Wei et al. 2010 [34] Y Dutt and Li 2009 [35] Y Y Potkonjak 2010 [36] Y needs wider space for mark insertion compared to watermarking a design IP....
[...]
Book•
03 Nov 2010
TL;DR: This book brings together contributions from researchers and practitioners in academia and industry, an interdisciplinary group with backgrounds in physics, mathematics, cryptography, coding theory and processor theory, that will serve as important background material for students and practitioners, and will stimulate much further research and development.
Abstract: Hardware-intrinsic security is a young field dealing with secure secret key storage. By generating the secret keys from the intrinsic properties of the silicon, e.g., from intrinsic Physical Unclonable Functions (PUFs), no permanent secret key storage is required anymore, and the key is only present in the device for a minimal amount of time. The field is extending to hardware-based security primitives and protocols such as block ciphers and stream ciphers entangled with the hardware, thus improving IC security. While at the application level there is a growing interest in hardware security for RFID systems and the necessary accompanying system architectures. This book brings together contributions from researchers and practitioners in academia and industry, an interdisciplinary group with backgrounds in physics, mathematics, cryptography, coding theory and processor theory. It will serve as important background material for students and practitioners, and will stimulate much further research and development.
98 citations
"SoC: a real platform for IP reuse, ..." refers background in this paper
...This attack becomes relevant in SoC platform [9]....
[...]