Hardware Trojan (HT) Detection in 3

Download Report

Transcript Hardware Trojan (HT) Detection in 3 

Hardware Trojan (HT)
Detection in 3-D IC
Wafi Danesh
Instructor: Dr. Christopher Allen
EECS 713 High-Speed Digital Circuit Design
Final Project Presentation
1
Outline
Why is Hardware Trojan (HT) a major
concern ?
Hardware Trojan (HT) Classification
and Detection
Introduction to 3-D IC
HT Detection in 3-D IC
2
Outline
Why is Hardware Trojan (HT) a major
concern ?
Hardware Trojan (HT) Classification
and Detection
Introduction to 3-D IC
HT Detection in 3-D IC
3
Outsourcing Chip Manufacturing
 Modern fabrication facility is costly
• $4.6 billion, Global Foundries, Fab 8, 2012[1]
• $7 billion, Intel, upgrading 7 facilities, 2009[2]
 Outsourcing fabrication is preferred
[1] www.theguardian.com
[2] www.forwardthinking.pcmag.com
https://www.ventureoutsource.com
4
Security Challenge from
Outsourcing
Outsourcing brings in
potential chip safety issues
Each stage designated to
different companies
•
•
•
make malicious insertions
insert counterfeit parts
modify design specification
Real-life reports:
• Counterfeit part reports increased
by factor of 700, iSupply report
Feb. 24, 2012.
• 1800 cases of counterfeit parts
over 2 year survey, Congressional
hearing Nov. 8, 2011.
Supply chain
Source: http://chipsecurity.org
5
Outline
Why is Hardware Trojan (HT) a major
concern ?
Hardware Trojan (HT) Classification
and Detection
Introduction to 3-D IC
HT Detection in 3-D IC
6
HT Definition
• Extra circuitry added to specified design
• can cause malfunction
• steal secret information
• create backdoor for attack
• Architecture divided into two parts:
• Trigger, activates the HT
• Payload, delivers the malicious effect
7
HT Classification
M. Tehranipoor and F. Koushanfar, IEEE Design & Test of Computers, 2010
8
Example of HT Effect
Combinational triggered HT
Original output
10
1
Triggered
0 1
Modified
output
1 0
XOR gate (Payload)
1
0
AND gate (trigger)
9
Example of HT Effect (continued)
Sequential triggered HT
2400
bits/second
Trigger probability = 1/2^32
Time to trigger = 662.8 days
32-bit trigger
Hardware
Trojan
RS-232 transmitter
module
10
HT Detection
J. Francq and F. Frick, ECCTD, 2015
11
Outline
Why is Hardware Trojan (HT) a major
concern ?
Hardware Trojan (HT) Classification
and Detection
Introduction to 3-D IC
HT Detection in 3-D IC
12
What is a 3D IC?
Chip consisting of multiple “tiers” of thinned-active
2D ICs
“Tiers” are layers that are stacked, bonded, and
electrically connected
Connection made using “Through-Silicon-Vias
(TSVs)” or “posts”
Frequency of connections is user-defined and
application specific
13
Generic architecture of 3D IC
Development process of a 3-D IC
Example of a fabricated 3-D IC, a
ring oscillator circuit
Three Dimensional System Integration, A Papanikolaou, 2010
14
Benefits and Drawbacks
Advantages of 3D IC for HT detection:
Heterogeneous Integration
Small form factor
Reduced power consumption
Decrease in overall cost of fabrication
Disadvantages:
Additional process steps for TSV
Higher operating temperature
Mechanical stability
Vendor interfaces
Standardization
15
Outline
Why is Hardware Trojan (HT) a major
concern ?
Hardware Trojan (HT) Classification
and Detection
Introduction to 3-D IC
HT Detection in 3-D IC
16
HT Detection Methods in 3-D IC
Heterogeneous mix of ICs stacked vertically in
standard 3-D IC die
Each IC can be fabricated from a different vendor
The process is a type of “Split Manufacture”
Aim is to prevent attacker from having a complete
picture of IC design
Critical functionality fabricated by a trusted foundry
while less “security intensive” functionality shipped
out to untrusted foundry
17
Integration of 3-D Control Plane
Initial proposed method:
Computation plane shipped to
untrusted foundry whereas 3-D
control plane fabricated in trusted
foundry
“Posts” tap required signals needed
for security logic
“Sleep
transistors”
reroute,
override, or disable lines on the
computation plane.
Computation plane thus monitored
from 3-D computation plane
J. Valamehr et. al, ACSAC, 2010
18
Hardware Obfuscation
Aim is to obscure the connections in the
IC netlist to the attacker:
Fabrication divided into two tiers:
bottom tier, fabricated by untrusted
foundry and top tier, fabricated by
trusted foundry
Neltist is split among the two tiers
Attacker has access to the bottom tier
The attack has to be random as gates
in bottom tier are indistinguishable
Attack will also require larger
overhead of HT risking detection
F. Imeson et. al, USENIX, 2013
19
Hardware Obfuscation Example
Example is of Virtex-7 2000T
Bottom tier, contains active
CMOS transistors, expensive to
fabricate and outsourced
Upper tier, called “interposer”, has
additional connections for digital
logic gates on the bottom tier
F. Imeson et. al, USENIX, 2013
20
Security-Aware 2.5D IC Design
Original netlist
partitions:
split
into
3
2 sub-netlists detailing the logic
gates involved in the IC functionality
Interposer layer containing all
connections in the netlists
Attacker cannot determine the
success of attack due to
obfuscation
Layout is also obfuscated in order
to deter layout based attacks
Y. Xie et. al, ACM, 2015
21
THANK YOU!!!
QUESTIONS?
22
References
1. Tehranipoor, Mohammad, and Farinaz Koushanfar. "A survey of hardware Trojan
taxonomy and detection." (2010).
2. Francq, Julien, and Florian Frick. "Overview of hardware trojan detection and
prevention methods." Circuit Theory and Design (ECCTD), 2015 European
Conference on. IEEE, 2015.
3. Papanikolaou, Antonis, Dimitrios Soudris, and Riko Radojcic. Three dimensional
system integration: IC stacking process and design. Springer Science & Business
Media, 2010.
4. Valamehr, Jonathan, et al. "Hardware assistance for trustworthy systems
through 3-D integration." Proceedings of the 26th Annual Computer Security
Applications Conference. ACM, 2010.
5. Imeson, Frank, et al. "Securing Computer Hardware Using 3D Integrated Circuit
(IC) Technology and Split Manufacturing for Obfuscation." USENIX Security. Vol.
13. 2013.
23
References
6. Xie, Yang, Chongxi Bao, and Ankur Srivastava. "Security-Aware Design Flow for
2.5 D IC Technology." Proceedings of the 5th International Workshop on Trustworthy
Embedded Devices. ACM, 2015.
24