Date post: | 18-Jan-2016 |
Category: |
Documents |
Upload: | hilary-bruce |
View: | 215 times |
Download: | 0 times |
1
Hardware Trojan (HT) Detection in 3-D IC
Wafi Danesh Instructor: Dr. Christopher Allen
EECS 713 High-Speed Digital Circuit Design
Final Project Presentation
Outline
Why is Hardware Trojan (HT) a major concern ?
Hardware Trojan (HT) Classification and Detection
Introduction to 3-D IC HT Detection in 3-D IC
2
Outline
Why is Hardware Trojan (HT) a major concern ?
Hardware Trojan (HT) Classification and Detection
Introduction to 3-D IC HT Detection in 3-D IC
3
Outsourcing Chip Manufacturing Modern fabrication facility is costly
• $4.6 billion, Global Foundries, Fab 8, 2012[1]
• $7 billion, Intel, upgrading 7 facilities, 2009[2]
Outsourcing fabrication is preferred
4[1] www.theguardian.com[2] www.forwardthinking.pcmag.com
https://www.ventureoutsource.com
Outsourcing brings in potential chip safety issues
Each stage designated to different companies• make malicious insertions• insert counterfeit parts• modify design specification
Real-life reports:• Counterfeit part reports increased
by factor of 700, iSupply report Feb. 24, 2012.
• 1800 cases of counterfeit parts over 2 year survey, Congressional hearing Nov. 8, 2011. 5
Supply chainSource: http://chipsecurity.org
Security Challenge from Outsourcing
Outline
Why is Hardware Trojan (HT) a major concern ?
Hardware Trojan (HT) Classification and Detection
Introduction to 3-D IC HT Detection in 3-D IC
6
HT Definition
• Extra circuitry added to specified design• can cause malfunction• steal secret information• create backdoor for attack
• Architecture divided into two parts:• Trigger, activates the HT• Payload, delivers the malicious effect
7
HT Classification
8
M. Tehranipoor and F. Koushanfar, IEEE Design & Test of Computers, 2010
Example of HT Effect
Combinational triggered HT
9
0
01
01
0
1
1
0Triggered
1
11
Modified output
0
AND gate (trigger)
XOR gate (Payload)
Original output
Example of HT Effect (continued)Sequential triggered HT
10
RS-232 transmittermodule
Hardware Trojan
2400 bits/second
32-bit triggerTrigger probability = 1/2^32Time to trigger = 662.8 days
HT Detection
11
J. Francq and F. Frick, ECCTD, 2015
Outline
Why is Hardware Trojan (HT) a major concern ?
Hardware Trojan (HT) Classification and Detection
Introduction to 3-D IC HT Detection in 3-D IC
12
What is a 3D IC?
Chip consisting of multiple “tiers” of thinned-active 2D ICs
“Tiers” are layers that are stacked, bonded, and electrically connected
Connection made using “Through-Silicon-Vias (TSVs)” or “posts”
Frequency of connections is user-defined and application specific
13
Generic architecture of 3D IC
14
Development process of a 3-D IC Example of a fabricated 3-D IC, a ring oscillator circuit
Three Dimensional System Integration, A Papanikolaou, 2010
Benefits and DrawbacksAdvantages of 3D IC for HT detection:
Heterogeneous IntegrationSmall form factorReduced power consumptionDecrease in overall cost of fabrication
Disadvantages:Additional process steps for TSVHigher operating temperatureMechanical stabilityVendor interfacesStandardization
15
Outline
Why is Hardware Trojan (HT) a major concern ?
Hardware Trojan (HT) Classification and Detection
Introduction to 3-D IC HT Detection in 3-D IC
16
HT Detection Methods in 3-D IC
Heterogeneous mix of ICs stacked vertically in standard 3-D IC die
Each IC can be fabricated from a different vendorThe process is a type of “Split Manufacture”Aim is to prevent attacker from having a complete
picture of IC designCritical functionality fabricated by a trusted foundry
while less “security intensive” functionality shipped out to untrusted foundry
17
Integration of 3-D Control PlaneInitial proposed method:
Computation plane shipped to untrusted foundry whereas 3-D control plane fabricated in trusted foundry
“Posts” tap required signals needed for security logic
“Sleep transistors” reroute, override, or disable lines on the computation plane.
Computation plane thus monitored from 3-D computation plane 18
J. Valamehr et. al, ACSAC, 2010
Hardware Obfuscation
Aim is to obscure the connections in the IC netlist to the attacker: Fabrication divided into two tiers: bottom
tier, fabricated by untrusted foundry and top tier, fabricated by trusted foundry
Neltist is split among the two tiers
Attacker has access to the bottom tier
The attack has to be random as gates in bottom tier are indistinguishable
Attack will also require larger overhead of HT risking detection
19 F. Imeson et. al, USENIX, 2013
Hardware Obfuscation Example
Example is of Virtex-7 2000T
Bottom tier, contains active CMOS transistors, expensive to fabricate and outsourced
Upper tier, called “interposer”, has additional connections for digital logic gates on the bottom tier
20 F. Imeson et. al, USENIX, 2013
Security-Aware 2.5D IC DesignOriginal netlist split into 3
partitions:2 sub-netlists detailing the logic
gates involved in the IC functionalityInterposer layer containing all
connections in the netlists
Attacker cannot determine the success of attack due to obfuscation
Layout is also obfuscated in order to deter layout based attacks 21
Y. Xie et. al, ACM, 2015
22
THANK YOU!!!QUESTIONS?
References1. Tehranipoor, Mohammad, and Farinaz Koushanfar. "A survey of hardware Trojan
taxonomy and detection." (2010).2. Francq, Julien, and Florian Frick. "Overview of hardware trojan detection and
prevention methods." Circuit Theory and Design (ECCTD), 2015 European Conference on. IEEE, 2015.
3. Papanikolaou, Antonis, Dimitrios Soudris, and Riko Radojcic. Three dimensional system integration: IC stacking process and design. Springer Science & Business Media, 2010.
4. Valamehr, Jonathan, et al. "Hardware assistance for trustworthy systems through 3-D integration." Proceedings of the 26th Annual Computer Security Applications Conference. ACM, 2010.
5. Imeson, Frank, et al. "Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation." USENIX Security. Vol. 13. 2013.
23
References6. Xie, Yang, Chongxi Bao, and Ankur Srivastava. "Security-Aware Design Flow for 2.5 D IC Technology." Proceedings of the 5th International Workshop on Trustworthy Embedded Devices. ACM, 2015.
24