Electronic devices are increasingly used for high-performance applications such as data centers and networking to energy-constrained applications such as medical implants and sensors. Many of these applications require security and privacy of user data and computation which is usually enforced at the software-level. However, enforcing security and privacy at the hardware level has had to gain importance because of energy efficiency and performance benefits. Furthermore, during the past two decades, there has been a continuous trend away from in-house integrated circuit (IC) design and fabrication towards outsourcing various aspects of design, fabrication, testing, and packaging of ICs. This globalization of IC design flow has created hitherto unknown security and trust concerns in the ICs, and, thereby, the computing systems (rooted in these ICs) on which modern society relies for mission-critical functionality.
An attacker, anywhere in the globalized design flow, can reverse engineer the functionality of an IC and intellectual property (IP) as well as steal and claim ownership of the IP. An untrusted IC foundry may overbuild ICs and sell the excess parts in the gray market. Rogue elements in the foundry may insert malicious circuits (hardware Trojans) into the design without the designer’s knowledge.
Our research addresses the security problems in IC design by developing novel design automation algorithms and circuit techniques to ensure the trustworthiness of an IC.
- Logic locking protects against reverse engineering, IP piracy, IC overbuilding Trojans by using a “lock and key” mechanism to hide the functionality and the implementation of a design from the untrusted entities in the IC supply chain.
- Split manufacturing protects against reverse engineering, IP piracy, IC overbuilding, and Trojans by manufacturing the design at two fabrication facilities, thereby preventing one facility knowing the complete design.
- IC camouflaging protects against reverse engineering and IP piracy by designing layouts whose functionalities are hard to understand.
Security of System-on-Chips
SoC designs are typically implemented at the register-transfer level (RTL) by engineers using hardware description languages (HDLs) such as Verilog and VHDL. Just as software programmers introduce bugs to the high-level code, hardware engineers may accidentally introduce bugs to the RTL code. While software errors may trigger fallback routines, no such safety net exists for hardware bugs. Thus, even minor glitches in the implementation of a module within the processor can cause the SoC to break down. Such attacks make the resulting failure modes visible to software adversaries, enabling them to exploit hardware vulnerabilities remotely. The affected targets range from low-end embedded devices to high-end servers.
To this end, our research:
- analyzes the different types of hardware vulnerabilities commonly found in real-world platforms;
- organizes a security competition, Hack@DAC, along with our industry partners;
- identifies the limitations of existing industry-standard tools in detecting these bugs;
- develops new techniques to overcome such limitations.