A Perspective on Security and Trust Requirements for the Future Dr. - - PowerPoint PPT Presentation

a perspective on security and trust requirements for the
SMART_READER_LITE
LIVE PREVIEW

A Perspective on Security and Trust Requirements for the Future Dr. - - PowerPoint PPT Presentation

Jul 05, 2023 197 likes •429 views

A Perspective on Security and Trust Requirements for the Future Dr. Kenneth Plaks International Symposium on Physical Design April 14-17, 2019 Distribution Statement A: Approved for Public Release, Distribution Unlimited Hardware Security in

slide-1
SLIDE 1

Distribution Statement A: Approved for Public Release, Distribution Unlimited

A Perspective on Security and Trust Requirements for the Future

  • Dr. Kenneth Plaks

International Symposium on Physical Design April 14-17, 2019

slide-2
SLIDE 2

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Hardware Security in the Field

US Air Force

slide-3
SLIDE 3

Distribution Statement A: Approved for Public Release, Distribution Unlimited

The importance of electronics

US Air Force

slide-4
SLIDE 4

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Commercial and Military have similar needs…

Commercial Military

  • IP protection and overproduction
  • License Enforcement
  • Brand identity and dependability
  • Export leakage – ITAR concerns
  • Anti Tamper
  • Trust – reliability and no malicious insertions
slide-5
SLIDE 5

Distribution Statement A: Approved for Public Release, Distribution Unlimited

But we place a much higher priority on security

Area Power Delay Area Power Delay Security Vs Commercial Optimization Defense Optimization

What would physical design look like if we optimized for security, instead of area?

slide-6
SLIDE 6

(U) Physical design and security

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Physical Design Digital World Real World Side Channels Sensors

slide-7
SLIDE 7

Distribution Statement A: Approved for Public Release, Distribution Unlimited

  • For this talk, sensors are things that provide data from the real world to the digital world
  • Military uses sensors to determine where a chip has been
  • Military uses sensors as a root of trust
  • We will use the DARPA SHIELD project as an example

Sensors

Image courtesy of Northrop Grumman Image courtesy of SRI International

slide-8
SLIDE 8

Sensor Example: DARPA SHIELD

SHIELD makes counterfeiting too expensive and too hard to do.

Key SHIELD Specifications

  • Unique Key Storage
  • Full 256-bit AES encryption engine
  • Unpowered, passive intrusion sensors
  • RF power and communication
  • Transfer fragility
  • 100µm x 100µm
  • 50 µW Total Power
  • Operating temp < 120C
  • Cost < $0.01 per dielet

ADC

22 µm 38 µm

Digital One-Time Programmable Memory PUF & Sensor

70 µm 42 µm 58 µm 50 µm 31 µm 21 µm 57 µm 31 µm

Analog

Voltage Clamp Charge Pump RNG Osc Osc

POR

Common Bias Rectifier

Modulator Modulator

Regulator

100 µm 100 µm

Dielet floorplan (Northrop Grumman) 14nm CMOS Prototype dielet layout (SRI) 28nm CMOS

Asymmetric Security

  • Non-resettable, “always on” intrusion sensors on dielet
  • On-board encryption symmetric key that cannot be “coaxed” from dielet
  • ID and Key are unique to the individual host IC (not just the part number)
  • Interrogation history (date, time, location) stored on secure server
  • Built-in fragility structures kill dielet if removal from host is attempted

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Images courtesy of Northrop Grumman and SRI International

slide-9
SLIDE 9

Distribution Statement A: Approved for Public Release, Distribution Unlimited

SHIELD – Xray and RF Sensor Testing

Mini-x-ray test fixture in Draper’s Radiation Effects Lab Stock photos of anechoic chamber, antenna & probe. RF testing was carried out in a secure lab at Draper

1.5 1.75 2 2.25 2.5 2.75 3 1 2 3 4 5 6

Voltage (V) Dose in KRad(Si)

Sensor Radiation Sensitivity

slide-10
SLIDE 10

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Physical Vulnerabilities of PUFs

The 1st silicon iteration of a DoD PUF failed due to its output voltages being severely skewed in the negative direction (toward 0V) The root cause of the voltage skew was the layout proximity effect which is a dominant effect in nanoscale devices

The PUF voltages should have been uniformly distributed; however, testing revealed that most of the voltages were skewed negatively toward 0V.

SHIELD, DARPA

slide-11
SLIDE 11

Distribution Statement A: Approved for Public Release, Distribution Unlimited

  • For this talk, side channels are ways of getting data from the digital world to the real world
  • Not talking about SPECTER and MELTDOWN
  • Military uses side channels to find malicious circuits
  • How can we interrogate a circuit for malice, when we don’t trust the circuit in the first place?
  • What aspects of physical design could enhance security?

Side channels

slide-12
SLIDE 12

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Sources: IBS; A. Olofsson, “Silicon Compilers - Version 2.0”, keynote,

  • Proc. ISPD, 2018

The trojan challenge in three charts

In this region customization and

  • ptimization

dominate In this region programmability and flexibility dominate

Moore’s law makes SOC’s possible

slide-13
SLIDE 13

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Technical Observation

But we have lost herd immunity

slide-14
SLIDE 14

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Hardware Trojans

Moore’s law also makes defense even harder

slide-15
SLIDE 15

Distribution Statement A: Approved for Public Release, Distribution Unlimited

  • Trojan impact on timing should be observable even without activating the trojan
  • But voltage variation makes that hard to measure

One possible approach: physical timing side channels

  • H. Kaul, M. Anders, S. Hsu, A.

Agarwal, R. Krishnamurthy and S. Borkar, "Near-threshold voltage (NTV) design — Opportunities and challenges," DAC Design Automation Conference 2012 , San Francisco, CA, 2012,

  • pp. 1149-1154.
slide-16
SLIDE 16
  • Voltage Noise
  • Process Drift

1 2 3 4 5 6 7

Path Delay Count Expected Path Delay

Distribution Statement A: Approved for Public Release, Distribution Unlimited

IR Annotated Timing Analysis NN Process Watchdog

Solution to Complications:

Avesta Sasan, GMU

  • A. Vakil, H. Homayoun, and A. Sasan, Proceedings of the 24th Asia and

South Pacific Design Automation Conference. ACM, 2019, pp. 152–159.

https://dl.acm.org/citation.cfm?id=3287683

slide-17
SLIDE 17

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Spice Verification: the improved accuracy

  • f AVATAR (IR-ATA) in capturing the timing

impact of Voltage drop (STA versus Spice) STA Improvement: Impact of using AVATAR(IR- ATA) for reporting the timing slack:

  • The released slack could be used for PPA

improvement.

AVATAR (IR-ATA): Annotating the Timing Impact of Voltage drop and Noise

Avesta Sasan, GMU

slide-18
SLIDE 18

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Power reduction: The released slack (from using AVATAR for voltage drop and voltage noise modeling) is used for ECOs targeting the reduction of leakage and dynamic power. Performance boost: The released slack (from using AVATAR for voltage drop and voltage noise modeling) in critical timing paths, allow the physical designer to shorten the clock cycle time, leading to a higher performance design.

PPA Improvement

  • Reduces Dynamic power
  • Reduces Leakage power
  • Reduces area
  • Increases max frequency

Avesta Sasan, GMU

slide-19
SLIDE 19

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Trojan Detection Rate

Percentage Detection

20 40 60 80 100

AES128

TP Trojans Detection Rate

Percentage Detection

20 40 60 80 100 TT Trojans Detection Rate

Timing Model Used Timing Model Used Percentage Detection

20 40 60 80 90 70 50 30 10

Percentage Detection

20 40 60 80 100

Ethernet

TT Trojans Detection Rate TP Trojans Detection Rate

Timing Model Used Timing Model Used Percentage Detection

20 40 60 80 100

S38417

20 40 60 80 100

Percentage Detection

TT Trojans Detection Rate TP Trojans Detection Rate

Timing Model Used Timing Model Used Cert HC LC

Small Medium Large

The new voltage variation aware timing model (GTM) along with NN process watch dog can significantly improve the chances of Trojan detection without having access to a Golden IC. Design and test Flow Trojan Detection

Avesta Sasan, GMU

slide-20
SLIDE 20

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Routing VIA: Adapt via size to help enhance power estimation accuracy Decap: Insert decaps to help stabilize power estimate

Security aware physical design

  • Upsize critical VIAs
  • Adds less routing violations
  • Leakage reduction
  • Lower space overhead

Avesta Sasan, GMU

slide-21
SLIDE 21

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Conclusion

  • Physical design is where the digital becomes real
  • There are several opportunities to enhance security
  • Or inadvertently break it…
  • By adding security considerations to physical design
  • ffers the opportunity to make better chips, with lower

security risk To make security-aware physical design a reality

Wikimedia Commons

slide-22
SLIDE 22

www.darpa.mil

Distribution Statement A: Approved for Public Release, Distribution Unlimited