SoC: a real platform for IP reuse, IP infringement, and IP protection
TL;DR: The IP-based SoC design flow is discussed to highlight the exact locations and the nature of infringements in the flow, identifies the adversaries, categorizes these infringements, and applies strategic analysis on the effectiveness of the existing IPP techniques for these categories of infringement.
Abstract: Increased design complexity, shrinking design cycle, and low cost--this three-dimensional demandmandates advent of system-onchip (SoC) methodology in semiconductor industry. The key concept of SoC is reuse of the intellectual property (IP) cores. Reuse of IPs on SoC increases the risk of misappropriation of IPs due to introduction of several new attacks and involvement of various parties as adversaries. Existing literature has huge number of proposals for IP protection (IPP) techniques to be incorporated in the IP design flow as well as in the SoC design methodology. However, these are quite scattered, limited in possibilities in multithreat environment, and sometimes mutually conflicting. Existing works need critical survey, proper categorization, and summarization to focus on the inherent tradeoff, existing security holes, and new research directions. This paper discusses the IP-based SoC design flow to highlight the exact locations and the nature of infringements in the flow, identifies the adversaries, categorizes these infringements, and applies strategic analysis on the effectiveness of the existing IPP techniques for these categories of infringements. It also clearly highlights recent challenges and new opportunities in this emerging field of research.
Citations
More filters
TL;DR: In the proposed technique, transformable interconnects enable an IC chip to maintain functioning in normal use and to transform its physical structure into another pattern when exposed to invasive attacks.
Abstract: Protection of intellectual property (IP) is increasingly critical for IP vendors in the semiconductor industry. However, advanced reverse engineering techniques can physically disassemble the chip and derive the IPs at a much lower cost than the value of IP design that chips carry. This invasive hardware attack—obtaining information from IC chips—always violates the IP rights of vendors. The intent of this article is to present a chip-level reverse engineering resilient design technique. In the proposed technique, transformable interconnects enable an IC chip to maintain functioning in normal use and to transform its physical structure into another pattern when exposed to invasive attacks. The newly created pattern will significantly increase the difficulty of reverse engineering. Furthermore, to improve the effectiveness of the proposed technique, a systematic design method is developed targeting integrated circuits with multiple design constraints. Simulations have been conducted to demonstrate the capability of the proposed technique, which generates extremely large complexity for reverse engineering with manageable overhead.
14 citations
Cites background from "SoC: a real platform for IP reuse, ..."
...Revealing the design details and physical implementations not only creates opportunities for illegal reproduction but also makes it easier for IP infringement, tampering, malicious alteration, and counterfeiting [1, 11, 28, 34]....
[...]
TL;DR: This paper proposes the first known approach to protect the authorship and the usage legitimacy of NoCs using specially designed routing, square spiral routing, which exploits routing redundancy inherent in the mesh NoCs and transports packets along the paths, which have very low probability to be taken under commonly used routing algorithms.
Abstract: Intellectual property (IP) core reuse is essential for the design process of system-on-chip (SoC). Network-on-chip (NoC) has been used as an independent IP core during SoC design. However, the NoC has not been protected via IP protection and paid attention on its innovations. This paper proposes the first known approach to protect the authorship and the usage legitimacy of NoCs using specially designed routing, square spiral routing. The special routing algorithm exploits routing redundancy inherent in the mesh NoCs and transports packets along the paths, which have very low probability to be taken under commonly used routing algorithms. These unique and diverse paths are exploited in this paper to embed information of the author and identify the legal buyer of NoCs, showing high robustness and credibility. The hardware implementation of an IP-protected mesh NoC shows that the area overhead is small, which is $\sim 0.74$ %, and the power overhead is $\sim 0.52$ %, while the functionality and performance of the network is not affected. In this paper, the approach is presented for the mesh NoC, but the idea is equally applicable to other NoC topologies where the unique and diverse paths also inherently exist.
9 citations
Cites background or methods from "SoC: a real platform for IP reuse, ..."
...and become one of the major concern in the industry [1]....
[...]
...Reuse of already designed, optimized, and verified intellectual property (IP) cores has become the pervasive practice in SoC design industry, to meet the requirements of short design time and low design cost [1]....
[...]
...For a comprehensive review and classification of classical hardware watermarking, we refer the interested readers to [1] and [4]....
[...]
TL;DR: A novel methodology to secure hardware accelerators against ownership threats/IP piracy using biometric fingerprinting, followed by embedding fingerprint’s digital template into the design in the form of secret biometric constraints; thereby generating a secured hardware accelerator design.
Abstract: This article presents a novel methodology to secure hardware accelerators (such as digital signal processing (DSP) and multimedia intellectual property (IP) cores) against ownership threats/IP piracy using biometric fingerprinting. In this approach, an IP vendor’s biometric fingerprint is first converted into a corresponding digital template, followed by embedding fingerprint’s digital template into the design in the form of secret biometric constraints; thereby generating a secured hardware accelerator design. The results report the following qualitative and quantitative analysis of the proposed biometric fingerprint approach: 1) impact of 11 different fingerprints on probability of coincidence (Pc) metric. As evident, the proposed approach achieves a very low Pc value in the range of 2.22E−3 to 4.35E−6. Further, the biometric fingerprint achieves total constraints size between minimum 350 bits to maximum 895 bits; 2) impact of six different resource constraints on the design cost overhead of JPEG compression hardware postembedding biometric fingerprint. As evident, for all the resource constraints implemented, the design cost overhead is 0%; and 3) comparative analysis of proposed biometric fingerprint with recent work, for five different signature strength values, in terms of Pc. As evident, the proposed approach achieves minimum 3.9E+2 times and maximum 6.9E+4 times lower Pc, when compared to recent work.
9 citations
Cites background from "SoC: a real platform for IP reuse, ..."
...encoding rules) contributing to the security of the signature are known to an attacker, it becomes ineffective, as it can easily be replicated by an attacker [24]–[26]....
[...]
...vulnerable as it can be compromised by an attacker [24]–[26]....
[...]
Posted Content•
TL;DR: UNTANGLE as mentioned in this paper proposes a link prediction-based attack that successfully breaks InterLock in an oracle-less setting without having access to an activated IC (oracle), since InterLock hides selected timing paths in key-controlled routing blocks.
Abstract: Logic locking aims to prevent intellectual property (IP) piracy and unauthorized overproduction of integrated circuits (ICs). However, initial logic locking techniques were vulnerable to the Boolean satisfiability (SAT)-based attacks. In response, researchers proposed various SAT-resistant locking techniques such as point function-based locking and symmetric interconnection (SAT-hard) obfuscation. We focus on the latter since point function-based locking suffers from various structural vulnerabilities. The SAT-hard logic locking technique, InterLock [1], achieves a unified logic and routing obfuscation that thwarts state-of-the-art attacks on logic locking. In this work, we propose a novel link prediction-based attack, UNTANGLE, that successfully breaks InterLock in an oracle-less setting without having access to an activated IC (oracle). Since InterLock hides selected timing paths in key-controlled routing blocks, UNTANGLE reveals the gates and interconnections hidden in the routing blocks upon formulating this task as a link prediction problem. The intuition behind our approach is that ICs contain a large amount of repetition and reuse cores. Hence, UNTANGLE can infer the hidden timing paths by learning the composition of gates in the observed locked netlist or a circuit library leveraging graph neural networks. We show that circuits withstanding SAT-based and other attacks can be unlocked in seconds with 100% precision using UNTANGLE in an oracle-less setting. UNTANGLE is a generic attack platform (which we also open source [2]) that applies to multiplexer (MUX)-based obfuscation, as demonstrated through our experiments on ISCAS-85 and ITC-99 benchmarks locked using InterLock and random MUX-based locking.
9 citations
TL;DR: A Radio Frequency Identification (RFID) based protection scheme for Intellectual Property Protection (IPP) of Static Random Access Memory (SRAM) FPGA IP cores that overcome the limitations of existing IPP techniques is proposed.
Abstract: Field-programmable gate-array (FPGA) based hardware IP cores have emerged as an integral part of modern SOC designs. IP trading plays central role in Electronic Design Automation (EDA) industry. While the potential of IP infringement is growing fast, the global awareness of IP protection remains low. In this work, we propose a Radio Frequency Identification (RFID) based protection scheme for Intellectual Property Protection (IPP) of Static Random Access Memory (SRAM) FPGA IP cores that overcome the limitations of existing IPP techniques. Here, three types of reconfigurable RFID tags is realised in order to support the incorporation of the proposed RFID based security scheme in all the reconfigurable FPGA devices of Xilinx family. Also a special tag bypass feature is employed to increase the suitability of proposed scheme as an IPP technique for reconfigurable IP cores. The proposed scheme supports safe exchange of reconfigurable FPGA IP cores between IP providers and system developers. The results derived from the testing of hardware prototype used for the evaluation of the proposed scheme are quite encouraging and shows that the proposed security feature can be incorporated into the reconfigurable IP cores of any functionality without significant performance degradation of the reconfigurable IP cores.
5 citations
References
More filters
01 Apr 1999
TL;DR: Reuse Techniques for VLSI Design is a reflection on the current state of the art in design reuse for microelectronic systems and is the first book to gamer the input of leading experts from both research and application areas.
Abstract: From the Publisher:
Reuse Techniques for VLSI Design is a reflection on the current state of the art in design reuse for microelectronic systems. To that end, it is the first book to gamer the input of leading experts from both research and application areas. These experts document herein not only their more mature approaches, but also their latest research results.
The background and support from international organisations that enforce System-on-a-Chip (SoC) design by reuse- oriented methodologies are presented. This overview is followed by a number of technical presentations covering different requirements of the reuse domain. These are presented from different points of view, i.e., IP provider, IP user, designer, isolated reuse, intra-company or inter-company reuse. More general systems or case studies, e.g., metrics, are followed by comprehensive reuse systems, e.g., reuse management systems partly including business models.
Mixed- signal and analog reuse approaches are also presented. In parallel to the digital domain, this area covers research in reuse database design. Design verification and legal aspects are two important topics that are closely related to the realization of design reuse. These hot topics are covered by presentations that finalize the survey of outstanding research, development and application of design reuse for SoC design. Reuse Techniques for VLSI Design is an invaluable reference for researchers and engineers involved in VLSI/ASIC design.
23 citations
TL;DR: A novel trust-based design method for FPGA circuits that uses error-correcting code (ECC) structures for detecting design tampers (changes, deletion of existing logic, and addition of extradesign logic-like Trojans) is proposed in this article.
Abstract: A novel trust-based design method for FPGA circuits that uses error-correcting code (ECC) structures for detecting design tampers (changes, deletion of existing logic, and addition of extradesign logic-like Trojans) is proposed in this article. We determine ECC-based CLB (configuration logic block) parity groups and embed the check CLBs for each parity group in the FPGA circuit. During a trust-checking phase, a Test-Pattern Generator (TPG) and an Output Response Analyzer (ORA), configured in the FPGA, are used to check that each parity group of CLB outputs produce the expected parities. We use two levels of randomization to thwart attempts by an adversary to discover the parity groups and inject tampers that mask each other, or to tamper with the TPG and ORA so that design tampers remain undetected: (a) randomization of the mapping of the ECC parity groups to the CLB array; (b) randomization within each parity group of odd and even parities for different input combinations (classically, all ECC parity groups have even parities across all inputs). These randomizations along with the error-detecting property of the underlying ECC lead to design tampers being uncovered with very high probabilities, as we show both analytically and empirically. We also classify different CLB function structures and impose a parity group selection in which only similarly structured functions are randomly selected to be in the same parity group in order to minimize check function complexity. Using the 2D code as our underlying ECC and its 2-level randomization, our experiments with inserting 1-10 circuit CLB tampers and 1-5 extraneous logic CLBs in two medium-size circuits and a RISC processor circuit implemented on a Xilinx Spartan-3 FPGA show promising results of 100% tamper detection and 0% false alarms, obtained at a hardware overhead of only 7-10%.
22 citations
"SoC: a real platform for IP reuse, ..." refers methods in this paper
...The authors of [35] proposed an IPP technique for detection of trojan horse inserted in FPGA design files, from bitfile core, or from FPGA hardware loaded with bitfile core....
[...]
...…et al. 2007 [28] Y Y Cui et al. 2008 [29] Y Lach et al. 2001 [30] Y Y Gu et al. 2009 [31] Y Li and Lach 2008 [32] Y Y Potkonjak et al. 2009 [33] Y Wei et al. 2010 [34] Y Dutt and Li 2009 [35] Y Y Potkonjak 2010 [36] Y needs wider space for mark insertion compared to watermarking a design IP....
[...]
02 Mar 2006
TL;DR: This paper proposes a system based on both public-key and secret-key cryptography embedded in a secured design exchange protocol for protecting the rights of the IP owner, consisting of hardware-supported design encryption and secured device authentication protocols.
Abstract: With the advent of multi-million gate chips, field programmable gate arrays (FPGAs) have achieved high usability for design verification, exchange, test and even production. Adding to this is the possibility of reusing readily available licensed IP to shorten the design cycle. A major concern for IP owners is the possible over-deployment of the IP into more devices than originally licensed. In this paper, we propose a system based on both public-key and secret-key cryptography embedded in a secured design exchange protocol for protecting the rights of the IP owner. The system consists of hardware-supported design encryption and secured device authentication protocols. Design encryption based on secured device identification ensures that the IP can only be deployed into explicitly identified and agreed upon devices. The system uses a combination of secret and public-key cryptographic functions devised for an uncomplicated trustable design exchange scenario. The public-key functions use modular squaring (Rabin lock) on the FPGA chip instead of exponentiation to reduce the hardware complexity.
21 citations
"SoC: a real platform for IP reuse, ..." refers methods in this paper
...IPP techniques Access control Authentication Trojan detection IP IC Data from IC IP IC From design From hardware Charbon and Torunoglu 2000 [10] Y Adi et al. 2006 [12] Y Saha and Sur-Kolay 2009 [13] Y Roy et al. 2008 [14] Y Alkabani et al. 2008 [15] Y Alkabani and Koushanfar 2007 [16] Y Alkabani et…...
[...]
...For FPGA design, corresponding bitfile core is kept encrypted [12] during its transmission to the SoC company, where it is decrypted using a decryption unit on FPGA hardware....
[...]
30 Aug 2009
TL;DR: The use of random permutation tables as a side-channel attack countermeasure was recently proposed by Coron as mentioned in this paper, which operates by ensuring that during the execution of an algorithm, each intermediate variable that is handled is in a permuted form described by the random permutations tables.
Abstract: The use of random permutation tables as a side-channel attack countermeasure was recently proposed by Coron [5]. The countermeasure operates by ensuring that during the execution of an algorithm, each intermediate variable that is handled is in a permuted form described by the random permutation tables. In this paper, we examine the application of this countermeasure to the AES algorithm as described in [5], and show that certain operations admit first-order side-channel leakage. New side-channel attacks are developed to exploit these flaws, using correlation-based and mutual information-based methods. The attacks have been verified in simulation, and in practice on a smart card.
20 citations
26 Jul 2009
TL;DR: Each processor design can be authenticated by requiring a checksum incorporating internals of complex microarchitectural mechanisms to be computed within a time limit; this checksum is different for each processor model and only authentic secure hardware can obtain the checksum fast enough.
Abstract: This paper proposes a novel approach to check the authenticity of hardware based on the inevitable performance gap between real hardware and simulations or emulations that impersonate it. More specifically, we demonstrate that each processor design can be authenticated by requiring a checksum incorporating internals of complex micro-architectural mechanisms to be computed within a time limit; this checksum is different for each processor model and only authentic secure hardware can obtain the checksum fast enough. This new authentication approach provides attractive solutions to privacy, scaling, and security issues of traditional approaches that otherwise rely only on certificates. Architectural simulations and an RTL implementation show that the proposed approach is viable with very low hardware overheads.
17 citations
"SoC: a real platform for IP reuse, ..." refers methods in this paper
...In the technique discussed in [23], a secure hardware/cryptoprocessor in an SoC authenticates the remote processor by challenging it to compute a check sum that depends on cycle-bycycle activities of its internal microarchitectural mechanisms for a given code within a time limit....
[...]
...…2007 [17] Y Y Chakraborty and Bhunia 2009 [18] Y Y Granado-Criado et al. 2010 [19] Y Dyka and Langendoerfer 2005 [20] Y Suzuki et al. 2004 [21] Y Deng et al. 2009 [23] Y Y Castillo et al. 2007 [24] Y Abdel-Hamid et al. 2005 [25] Y Saha and Sur-Kolay 2010 [26] Y Majzoobi and Koushanfar 2009 [27]…...
[...]