Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation

Transcription

1 Securing Computer Hardware Using D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation Frank Imeson ECE, University of Waterloo USENIX Security Collaborators: Ariq Emtenan, Siddharth Garg, and Mahesh V. Tripunitara (Waterloo). Frank Imeson, Waterloo ECE D Hardware Security /6

2 Computer Hardware Computer Hardware = Digital IC Physical realization of digital logic Complex and ubiquitous Credit: Frank Imeson, Waterloo ECE D Hardware Security /6

3 Introduction Attack Model k-security Layout Randomization Summary Manufacturing Process HDL Netlist IC case(display_state) UPDATE : begin seg00_reg <= seg00; seg0_reg <= seg0; // update leds if (count00[0]) begin state <= UPDATE; end default : begin ons00 <= 0; count00 <= 0; display_state <= UPDATE; end endcase Credit: Frank Imeson, Waterloo ECE D Hardware Security /6

4 Threat Model Netlist External Foundry ICs News story, May 0: Security backdoor found in US military chip made in [foreign country]. Frank Imeson, Waterloo ECE D Hardware Security /6

5 Attack Types Examples: Privilege escalation [King et al., LEET 08] Leaking private information [Skorobogatov et al., CHES 0] Credit: King et al., LEET 08 Frank Imeson, Waterloo ECE D Hardware Security /6

6 Premise Successful Attack Uniquely identify at least one gate Credit: Cynthia Sturton, Matthew Hicks, David Wagner, and Samuel T. King. Defeating UCI: Building stealthy and malicious hardware. In Security and Privacy (SP), 0 IEEE Symposium on, pp IEEE, 0. Frank Imeson, Waterloo ECE D Hardware Security 6/6

7 Premise Successful Attack Uniquely identify at least one gate Credit: Cynthia Sturton, Matthew Hicks, David Wagner, and Samuel T. King. Defeating UCI: Building stealthy and malicious hardware. In Security and Privacy (SP), 0 IEEE Symposium on, pp IEEE, 0. Frank Imeson, Waterloo ECE D Hardware Security 6/6

8 Example Full Adder Netlist C IN S A B M C OUT T Malicious Gate Frank Imeson, Waterloo ECE D Hardware Security 7/6

9 Example Full Adder Netlist C IN S A B 0 0 M C OUT T Frank Imeson, Waterloo ECE D Hardware Security 7/6

10 Example Full Adder Netlist C IN S A B 0 M 0 C OUT T Frank Imeson, Waterloo ECE D Hardware Security 7/6

11 Our Solution Circuit Obfuscation Full Adder Netlist C IN A B S C OUT Obfuscated Netlist U X V W Y Frank Imeson, Waterloo ECE D Hardware Security 8/6

12 Our Solution Circuit Obfuscation Full Adder Netlist C IN A B S C OUT Obfuscated Netlist U X V W Y Frank Imeson, Waterloo ECE D Hardware Security 8/6

13 D IC Technology Top Tier (Hidden) Two or more tiers Tiers are connected via bond points Wire only tiers are relatively inexpensive Hidden Wires IO Pins Substrate Bond Points Unhidden Wires Transistors/Gates Bottom Tier (Obfuscated) Frank Imeson, Waterloo ECE D Hardware Security 9/6

14 D Xilinx FPGA 6.8 billion transistors,9,60 logic cells. Mbits of SRAM 6, Kbits of RAM 00 user I/O.D Credit: Frank Imeson, Waterloo ECE D Hardware Security 0/6

15 Circuit Obfuscation with D Technology A B CIN S C OUT Hide Wires X Place and Route U V W Y Hidden Circuit Fabrication In House Stacking Obfuscated Circuit Fabrication Outsourced Frank Imeson, Waterloo ECE D Hardware Security /6

16 Circuit Obfuscation with D Technology A B CIN S C OUT Hide Wires X Place and Route U V W Y Hidden Circuit Fabrication In House Stacking Obfuscated Circuit Fabrication Outsourced Frank Imeson, Waterloo ECE D Hardware Security /6

17 Circuit Obfuscation with D Technology A B CIN S C OUT Hide Wires X Place and Route U V W Y Hidden Circuit Fabrication In House Stacking Obfuscated Circuit Fabrication Outsourced Frank Imeson, Waterloo ECE D Hardware Security /6

18 Attack Model Summary Original Netlist C IN S G A B C OUT Obfuscated Circuit V X U W Y H W X Y V U Frank Imeson, Waterloo ECE D Hardware Security /6

19 Attack Model Summary Original Netlist C IN S G A B C OUT Obfuscated Circuit V X U W Y H W X Y V U Frank Imeson, Waterloo ECE D Hardware Security /6

20 What an Attacker Needs to Do Input graphs G and H G H Y W V X U Frank Imeson, Waterloo ECE D Hardware Security /6

21 What an Attacker Needs to Do Input graphs G and H Find subgraph isomorphisms G H W X Y V U Frank Imeson, Waterloo ECE D Hardware Security /6

22 What an Attacker Needs to Do Input graphs G and H Find subgraph isomorphisms G H W X Y V U M M M M Frank Imeson, Waterloo ECE D Hardware Security /6

23 k-security S(w) = G H Y W V X U A vertex v H is k-secure if there exist at least k subgraph isomorphisms each of which maps v to a distinct vertex in G. An obfuscated graph (circuit) H is k-secure if every vertex (gate) in H is k-secure. Frank Imeson, Waterloo ECE D Hardware Security /6

24 k-security S(w) = S(v),S(u),S(x) = G H W Y V X U A vertex v H is k-secure if there exist at least k subgraph isomorphisms each of which maps v to a distinct vertex in G. An obfuscated graph (circuit) H is k-secure if every vertex (gate) in H is k-secure. Frank Imeson, Waterloo ECE D Hardware Security /6

25 k-security S(w) = S(v),S(u),S(x) = S(y) = G H W X Y V U A vertex v H is k-secure if there exist at least k subgraph isomorphisms each of which maps v to a distinct vertex in G. An obfuscated graph (circuit) H is k-secure if every vertex (gate) in H is k-secure. Frank Imeson, Waterloo ECE D Hardware Security /6

26 k-security S(w) = S(v),S(u),S(x) = S(y) = S(H) = G H W X Y V U A vertex v H is k-secure if there exist at least k subgraph isomorphisms each of which maps v to a distinct vertex in G. An obfuscated graph (circuit) H is k-secure if every vertex (gate) in H is k-secure. Frank Imeson, Waterloo ECE D Hardware Security /6

27 Computational Complexity G, H is k-secure NP-complete. We investigated two approaches: Reduction to Subgraph Isomorphism and use of VF solver Reduction to SAT and use of MiniSAT solver 00 Avg Time vf 0.0 sat e Number of Vertices Frank Imeson, Waterloo ECE D Hardware Security /6

28 Cost vs. Security Cost = Number of hidden edges G 6 Goal: Explore Cost vs. Security trade-off Greedy approach Start with no edges in H. H 6 Frank Imeson, Waterloo ECE D Hardware Security 6/6

29 Cost vs. Security Cost = Number of hidden edges G 6 Goal: Explore Cost vs. Security trade-off Greedy approach Start with no edges in H. Greedily pick an edge to add to H that maximizes security. H 6 Frank Imeson, Waterloo ECE D Hardware Security 6/6

30 Cost vs. Security Cost = Number of hidden edges G 6 Goal: Explore Cost vs. Security trade-off Greedy approach Start with no edges in H. Greedily pick an edge to add to H that maximizes security. Repeat. H 6 Frank Imeson, Waterloo ECE D Hardware Security 6/6

31 Security vs. Number of Removed Edges Security greedy 0 rand % Hidden Wires (Cost) Figure: Experiments on the c circuit, which contains 0 edges. The c circuit is a 7-channel interrupt controller. Frank Imeson, Waterloo ECE D Hardware Security 7/6

32 Security vs. Number of Removed Edges Security 0 0 Lower Cost 0 greedy 0 rand % Hidden Wires (Cost) Figure: Experiments on the c circuit, which contains 0 edges. The c circuit is a 7-channel interrupt controller. Frank Imeson, Waterloo ECE D Hardware Security 7/6

33 Layout Randomization Netlist A B CIN S C OUT Layout Placement of Gates Routing Placement of Wires Frank Imeson, Waterloo ECE D Hardware Security 8/6

34 Layout Randomization Obfuscated Netlist Hidden Netlist Layout Routing Unhidden Wires Hidden Wires Frank Imeson, Waterloo ECE D Hardware Security 8/6

35 Layout and Routing Results (a) Unsecure Circuit (b) Obfuscated Tier (c) Hidden Tier Figure: Layout of c without any security (left), and the obfuscated (middle) and hidden tiers of an 8-secure version of c circuit. Green and red lines correspond to metal wires. Frank Imeson, Waterloo ECE D Hardware Security 9/6

36 Wire Length Distribution Ratio Unsecure Obfuscated Hidden Distance (um) Figure: Comparison of the wire length distribution for the unsecured, obfuscated and hidden circuits. Also the hidden wire length distribution passes the χ test when compared to a random distribution Frank Imeson, Waterloo ECE D Hardware Security 0/6

37 Power and Delay Costs. Ratio Delay Power Security Figure: Power and delay ratio calculated from base/unsecured circuit. Frank Imeson, Waterloo ECE D Hardware Security /6

38 Case Study: DES Circuit Plaintext IP Symmetric key-based encryption/ decryption algorithm.,000 gate implementation from OpenCores library. A fault in LSB of th round reveals secret key []. Round 0 Round Round Round 6 FB Ciphertext Frank Imeson, Waterloo ECE D Hardware Security /6

39 Case Study: DES Circuit Plaintext IP Symmetric key-based encryption/ decryption algorithm.,000 gate implementation from OpenCores library. A fault in LSB of th round reveals secret key []. 6-secure circuit is obtained by removing only % of wires. Further lifting can increase security. Round 0 Round Round Round 6 FB Ciphertext Frank Imeson, Waterloo ECE D Hardware Security /6

40 Impact on Attack Footprint Implemented a 6-secure DES circuit. th round LSB is actually -secure. 0x area overhead to attack a -secure gate. Trigger Target Attacking a non-secure circuit Attacking a k-secure circuit Trigger t target t target FSM 8:6 t t Modified Target t Attacking all k possible targets t target Frank Imeson, Waterloo ECE D Hardware Security /6

41 Raising the Bar on the Attacker Attack out of k gates or Attack all k gates MIPS MIPS Frank Imeson, Waterloo ECE D Hardware Security /6

42 Related Work and References Alina Campan and Traian Truta. Data and structural k-anonymity in social networks. Privacy, Security, and Trust in KDD, pages, 009. Alex Baumgarten, Michael Steffen, Matthew Clausman, and Joseph Zambreno. A case study in hardware trojan design and implementation. International Journal of Information Security, 0():, 0. Dan Boneh, Richard DeMillo, and Richard Lipton. On the importance of checking cryptographic protocols for faults. In Advances in CryptologyEUROCRYPT97, pages 7. Springer, 997. F. Brglez. Neutral netlist of ten combinational benchmark circuits and a target translator in fortran. In Special session on ATPG and fault simulation, Proc. IEEE Int. Symp. Circuits and Systems, June 98, pages , 98. Y. Jin, N. Kupp, and Y. Makris. Experiences in hardware trojan design and implementation. In Hardware-Oriented Security and Trust, 009. HOST 09. IEEE International Workshop on, pages 0 7. IEEE, 009. S. h and C. Woods. Breakthrough silicon scanning discovers backdoor in military chip. Cryptographic Hardware and Embedded Systems CHES 0, pages 0, 0. Frank Imeson, Waterloo ECE D Hardware Security /6

43 Frank Imeson, Waterloo ECE D Hardware Security 6/6