Transcript Document

Jennifer Dworak
Southern Methodist University
Al Crouch
ASSET InterTech
Presented at the 2011 Board Test Workshop, October 25-27, 2011
Overview: Security needs to be
considered in design and test of 3D ICs
 Security is a already significant concern for 2D
 Trojans and Counterfeits
 Measures exist to expose both
 Security and Trust is much more complex in 3D
 Lack of access to each die
 Complexity of developing functional tests
 Individual die are hidden between other die
 Vertical routes are more difficult to “virtually probe” for
illicit connections
Types of Counterfeits in 2D
 Reverse engineer, design, and
manufacture chips to be
functionally similar to the
original
 Salvage old chips from boards
and sell them as new chips
 Re-label low-performing die as
high-performing
 Sell defective parts as working
chips
Impact of counterfeits
 Less reliable than valid die
 Harms the reputation of the real chip provider
 Denies revenue to original chip provider
 Increases support costs – the counterfeit die may
require support or may be returned
 May contain malicious functionality
Selected Counterfeit Incidents
 Between 2007 and 2010 over 5.6 million counterfeit
semiconductor devices were seized by Customs and Border
Patrol (CBP) and ICE (Immigrations and Custom Enforcement)
 In 2009, a NASA probe project was delayed nine months and
went 20% over-budget due partly to counterfeit parts.
 Entire NEC product line was counterfeited in across multiple
factories in China and Taiwan
 Company called VisionTech imported more than 3200 identified
or suspected shipments of counterfeit microelectronics to the
U.S.
 Sold to military for use in missile targeting systems, identification
friend-or-foe systems, among others
 Thousands of parts may still be in the supply chain
VisionTech’s Cost to Companies
AMD
$34.9K
National Semiconductor
$5.9K
Altera
$7.6K
NEC
$24.8K
Analog Devices
$75.6K
Peregrine Semiconductor
$2.6K
Cypress Semiconductor
$33.4K
Phillips Electronics
$1.6K
Freescale
$40K
Renesas
$2.4K
Infineon Technologies
$10K
Samsung Elect. America
$77.2K
Intel
$100.9K
STMicroelectronics
$18.6K
Intersil
$1.9K
Texas Instruments
$92.9K
Linear Technology
$32K
Toshiba
$2.4K
Maxim
$1.6K
Xilinx
$22.2K
Mitel
$2.6K
Total
$591.4K
Detecting/Avoiding Counterfeits
 Buying from authorized suppliers
 Inspection of packaging
 Incoming test
 Device authentication (e.g. with die ID and a trusted
database.)
 Reporting suspected or discovered counterfeit
incidents to an anti-counterfeiting clearinghouse
Hardware Trojans
 Malicious changes to a design intentionally inserted by
an attacker
 May be inserted at any stage of the design and
manufacturing process: specification, RTL,
manufacturing, supply chain
 Most attention has focused on manufacturing
 Inserted with the intention of being stealthy
 Two components:
 Trigger
 Payload
2D Circuit with Combinational Trojan
Payload
Trigger
 Payload should affect something of functional importance to attacker
 Trigger
should be stealthy
 Leak Data
B=0, C=0
should be rare during functional operation
 Cause
Errors
B=0, C=0
should not be targeted during structural test.
 Reduce
Performance
 Destroy the chip
Sequential 2D Trojan
plaintext
ciphertext
Encryption
circuit
Trigger
key
0
1
Counter
Data to broadcast
How can we detect Trojans inserted at
manufacturing?
 Logic testing is generally ineffective
 Too hard to activate
 Side channels affected by even inactive
bad
 Delay
 Power
 Obtain “fingerprints” of chips verified as
Delay
Trojans
Trojan-free
 Process variations make comparison
difficult
 Difference between Trojan and non-Trojan Fingerprint
containing circuits is very small.
 Only works if Trojan is inserted at mask
good
Chip ID
Real Life Trojans….
 On September 6, 2007, the Israeli Air
Force carried out an airstrike on a Syrian
nuclear reactor in Operation Orchard.
Hidden back door in microprocessors
used in radar may have allowed them to
be disabled remotely.
before
after
French microprocessors used in military applications have remote “kill
switches” to allow them to be disabled.
During the Cold War, secret cameras were inserted inside Xerox 914 copy
machines in the Soviet embassy to record copied documents.
So what changes in 3D?
Where can Trojans and Counterfeits
be inserted?
Spec
Design
3rd Party Assembler
Manufacturing
Supply Chain
Die Access and Observability
 Die in 3D IC’s are less observable.
 An entire board in a package
 Access to all die comes only through the base die
 Can’t visually inspect die once assembled
 Can’t remove and analyze die once assembled.
 Overall variability is likely to increase.
So what does this mean for
security?
It’s easier to hide things
and harder to find them!!
Potential 3D Security Issues
Trojan Extra Die
Trojan Firmware in
Programmable Die
Counterfeit Die
or Interposer
Trojan in
Interposer
Upper Die
2D Trojan in Real
Die
Interposer
Base Die
Issue 1: 2D Trojan in a Die
 Potential Actions:
• Data Collection and Transmission (e.g. encryption codes)
• Denial of Service or Early Reliability Failures (such as
generating a high temp spot)
• Chip/Die Destruction (e.g. on-demand kill-switch)
Upper Die
Trojan in Real
Die
Interposer
Base Die
Detecting a 2D Trojan in a 3D Stack
 Variations increase in 3D
 Relative size of Trojan effect is miniscule
 May need to shut off power to all but one die
 Need ability to obtain accurate delay measurements to flops and TSV’s
 Verify design and 3rd party IP at RTL
Upper Die
Trojan in Real
Die
Interposer
Base Die
Issue 2: Counterfeit Die or
Interposer
 Same as 2D:
 Less reliable and may contain Trojans
 Buy from trusted sources & perform incoming
test
 Authenticate on-die device ID with a trusted
database
 New Problems
 Poor copying of packages no longer helps with
detection
 Need to access device ID securely through
stack
 Can no longer replace by desoldering from
board.
Issue 3: Extra Die in Stack
Extra Die in stack can cause complex Trojans
Original Die Stack
If TSV information is standardized or
published, that info can be used by Trojan
designer to access desired info.
RF TX die
Extra memory
and controller die
RF Antenna could be
added with an extra die
on top of the stack and
broadcast the data on the
bus
Out of
band TSV’s
Extra memory and controller die
can save selected data for later
extraction.
Detecting Extra Die in Stack
 Depends on where in the
stack extra die are located:
top of stack is harder:
 Strategies:
Extra processor
 Voltage drop
 Temperature Profile
 Side Channel Analysis
(Power and Delay)
 X-rays or other imaging
approaches
Extra processor die can drive data bus
with opposite values when
triggered—shorting power and
ground.
Issue 4: Evil FPGA’s in Stack
 FPGA’s likely to be included
for valid reasons:
 Replace ASICs
 Built-in Self Repair
 Test other parts of stack
 Security Concerns:
 Firmware Corruption
 Extra FPGA in stack
 Trojan can be inserted in the
field
Hot Spot on FPGA die created
by significant switching when
Trojan die is triggered.
Very complex Trojans are
possible
Issue 5: Trojan Interposers
Trojan Logic
Upper Die
Upper Die
Trojan
Interposer
Interposer
Lower Die
Silicon Interposers may be
needed to align TSV’s on
adjacent die—including
TSV’s for power and
ground.
Lower Die
Trojan Logic in the Interposer (or in
one of the die in the stack) could be
used to shut off power or data to all
upper die
In 2D, this is like shutting off power or data to most of the chips on the board!!!
If the Trojan is in an interposer, it would not be visible to JTAG or any other DFT
hardware by design.
Issue 6: Incorrect Die Ordering
Especially if standard interposers are available, an
attacker could reorder the die.
RF Transceiver
ASIC 2
ASIC 1
Memory
Processor
RF Transceiver
Memory
ASIC 2
ASIC 1
Processor
Original ordering
Trojan ordering
Causes loss of
reliability and
performance.
Detection Methods: Testing and Die IDs (JTAG, INTEST, etc.)
Issue 7: Protecting IP
 Today, defective chips
can be de-soldered and
sent back to the
manufacturer for FA.
 In 3D entire stack will
need to be spent.
 Need to be able to access
TI Analog Die
ARM Core
Memory
AMD Processor
individual die for debug.
 Need to protect the IP of
each die provider.
Outlook
 Some of these issues are likely easier to solve than
others.
 Even the easy ones won’t be detected if you aren’t
looking!
 When 3D assembly issues are solved and 3D becomes
commonplace, really evil counterfeits are possible.
 Easy to manufacture with standard, interchangeable die
 Hard to detect in package
 Incoming Test is Mandatory!
Conclusions
 3D Security and Trust must be addressed at both
design and test.
 Research is needed to mitigate these issues now.
 Waiting may make solutions much more expensive or
impossible to implement
 If we don’t look for these issues, they will happen, and
the consequences could be disastrous.
The End….