Electronic devices are being increasingly used for both high-performance (e.g. data centers and networking) and energy-constrained applications (e.g. medical implants and sensors). Many of these applications require the security and privacy of both user data and computation, which are usually enforced at the software-level. Enforcing and studying hardware security will lead to improvements in energy efficiency and performance.
Furthermore, recent trends in integrated circuit (IC) design have required this improvement in hardware security. IC designers and manufacturers have been outsourcing various aspects of design, fabrication, testing, and packaging of ICs. This globalization of the IC design flow has created hitherto unknown security and trust concerns in the ICs, and, thereby, the computing systems (rooted in these ICs) on which modern society relies for mission-critical functionality.
An attacker, anywhere in the globalized design flow, can reverse engineer the functionality of an IC and intellectual property (IP) as well as steal and claim ownership of the IP. An untrusted IC foundry may overbuild ICs and sell the excess parts in the gray market. Rogue elements in the foundry may insert malicious circuits (hardware Trojans) into the design without the designer’s knowledge.
Our research addresses the security problems in IC design by developing novel design automation algorithms and circuit techniques to ensure the trustworthiness of an IC.
- Logic locking protects against reverse engineering, IP piracy, IC overbuilding Trojans by using a “lock and key” mechanism to hide the functionality and the implementation of a design from the untrusted entities in the IC supply chain.
- Split manufacturing protects against reverse engineering, IP piracy, IC overbuilding, and Trojans by manufacturing the design at two fabrication facilities, thereby preventing one facility knowing the complete design.
- IC camouflaging protects against reverse engineering and IP piracy by designing layouts whose functionalities are hard to understand.
Security of System-on-Chips
SoC designs are typically implemented at the register-transfer level (RTL) by engineers using hardware description languages (HDLs) such as Verilog and VHDL. Just as software programmers introduce bugs to the high-level code, hardware engineers may accidentally introduce bugs to the RTL code. While software errors may trigger fallback routines, no such safety net exists for hardware bugs. Thus, even minor glitches in the implementation of a module within the processor can cause the SoC to break down. Such attacks make the resulting failure modes visible to software adversaries, enabling them to exploit hardware vulnerabilities remotely. The affected targets range from low-end embedded devices to high-end servers.
To this end, our research:
- analyzes the different types of hardware vulnerabilities commonly found in real-world platforms;
- organizes a security competition, Hack@DAC, along with our industry partners;
- identifies the limitations of existing industry-standard tools in detecting these bugs;
- develops new techniques to overcome such limitations.