Securing Computer Hardware Using 3D Integrated Circuit (IC ... · Introduction Attack Model...
Transcript of Securing Computer Hardware Using 3D Integrated Circuit (IC ... · Introduction Attack Model...
Introduction Attack Model k-Security Layout Randomization Summary
Securing Computer Hardware Using 3D IntegratedCircuit (IC) Technology and Split Manufacturing
for Obfuscation
Frank Imeson
USENIX Security 13
ECE, University of Waterloo
Collaborators: Ariq Emtenan, Siddharth Garg, and Mahesh V. Tripunitara (Waterloo).
Frank Imeson, Waterloo ECE 3D Hardware Security 1/26
Introduction Attack Model k-Security Layout Randomization Summary
Computer Hardware
– Computer Hardware = Digital IC– Physical realization of digital logic– Complex and ubiquitous
Credit: http://www.newsplink.com/2009/05/20/the-silicon-valley-trail/
Frank Imeson, Waterloo ECE 3D Hardware Security 2/26
Introduction Attack Model k-Security Layout Randomization Summary
Manufacturing Process
case(display_state) UPDATE : begin seg00_reg <= seg00; seg01_reg <= seg01; // update leds if (count00[0]) begin state <= UPDATE; end default : begin ons00 <= 0; count00 <= 0; display_state <= UPDATE; end endcase
HDL Netlist IC
Credit: www.theverge.com/2011/11/16/2565638/mit-neural-connectivity-silicon-synapse
Frank Imeson, Waterloo ECE 3D Hardware Security 3/26
Introduction Attack Model k-Security Layout Randomization Summary
Threat Model
Netlist ICsExternal Foundry
News story, May 2012: “Security backdoor found in US militarychip made in [foreign country].”
Frank Imeson, Waterloo ECE 3D Hardware Security 4/26
Introduction Attack Model k-Security Layout Randomization Summary
Attack Types
Examples:
Privilege escalation [King et al., LEET’08]
Leaking private information [Skorobogatov et al., CHES 2012]
Credit: King et al., LEET’08
Frank Imeson, Waterloo ECE 3D Hardware Security 5/26
Introduction Attack Model k-Security Layout Randomization Summary
Premise
Successful Attack⇓
Uniquely identify at least one gate
Credit: Cynthia Sturton, Matthew Hicks, David Wagner, and Samuel T. King. ”Defeating UCI: Building stealthy
and malicious hardware.” In Security and Privacy (SP), 2011 IEEE Symposium on, pp. 64-77. IEEE, 2011.
Frank Imeson, Waterloo ECE 3D Hardware Security 6/26
Introduction Attack Model k-Security Layout Randomization Summary
Premise
Successful Attack⇓
Uniquely identify at least one gate
Credit: Cynthia Sturton, Matthew Hicks, David Wagner, and Samuel T. King. ”Defeating UCI: Building stealthy
and malicious hardware.” In Security and Privacy (SP), 2011 IEEE Symposium on, pp. 64-77. IEEE, 2011.
Frank Imeson, Waterloo ECE 3D Hardware Security 6/26
Introduction Attack Model k-Security Layout Randomization Summary
Example
AB
CIN S
COUT
1
2
3
4
5
T
M
Full Adder Netlist
Malicious Gate
Frank Imeson, Waterloo ECE 3D Hardware Security 7/26
Introduction Attack Model k-Security Layout Randomization Summary
Example
AB
CIN S
COUT
1
2
3
4
5
T
000
0 M
0
Full Adder Netlist
Frank Imeson, Waterloo ECE 3D Hardware Security 7/26
Introduction Attack Model k-Security Layout Randomization Summary
Example
AB
CIN S
COUT
1
2
3
4
5
T
110
1 M
0
Full Adder Netlist
Frank Imeson, Waterloo ECE 3D Hardware Security 7/26
Introduction Attack Model k-Security Layout Randomization Summary
Our Solution – Circuit Obfuscation
AB
CIN S
C OUT
1
2
3
4
5
Full Adder Netlist
Obfuscated Netlist
X
V
U
W
Y
Frank Imeson, Waterloo ECE 3D Hardware Security 8/26
Introduction Attack Model k-Security Layout Randomization Summary
Our Solution – Circuit Obfuscation
AB
CIN S
C OUT
1
2
3
4
5
Full Adder Netlist
Obfuscated Netlist
X
V
U
W
Y
Frank Imeson, Waterloo ECE 3D Hardware Security 8/26
Introduction Attack Model k-Security Layout Randomization Summary
3D IC Technology
Two or more tiers
Tiers are connected viabond points
Wire only tiers arerelatively inexpensive Substrate
Unhidden Wires
Bond Points Hidden Wires
Transistors/Gates
IO Pins
Bottom Tier(Obfuscated)
Top Tier(Hidden)
Frank Imeson, Waterloo ECE 3D Hardware Security 9/26
Introduction Attack Model k-Security Layout Randomization Summary
3D Xilinx FPGA
6.8 billion transistors
1,954,560 logic cells
21.55 Mbits of SRAM
46,512 Kbits of RAM
1200 user I/O
2.5D
Credit: http://www.electroiq.com/articles/ap/2011/10/xilinx-fpga-boasts-6-8b-transistors.html
Frank Imeson, Waterloo ECE 3D Hardware Security 10/26
Introduction Attack Model k-Security Layout Randomization Summary
Circuit Obfuscation with 3D Technology
Outsourced
In House
Fabrication
Fabrication
1 32
4
5
Hidden Circuit
Obfuscated Circuit
Stacking
AB
CIN S
C OUT
1
2
3
45
U
V
X
WY
HideWires
Placeand
Route
Frank Imeson, Waterloo ECE 3D Hardware Security 11/26
Introduction Attack Model k-Security Layout Randomization Summary
Circuit Obfuscation with 3D Technology
Outsourced
In House
Fabrication
Fabrication
1 32
4
5
Hidden Circuit
Obfuscated Circuit
Stacking
AB
CIN S
C OUT
1
2
3
45
U
V
X
WY
HideWires
Placeand
Route
Frank Imeson, Waterloo ECE 3D Hardware Security 11/26
Introduction Attack Model k-Security Layout Randomization Summary
Circuit Obfuscation with 3D Technology
Outsourced
In House
Fabrication
Fabrication
1 32
4
5
Hidden Circuit
Obfuscated Circuit
Stacking
AB
CIN S
C OUT
1
2
3
45
U
V
X
WY
HideWires
Placeand
Route
Frank Imeson, Waterloo ECE 3D Hardware Security 11/26
Introduction Attack Model k-Security Layout Randomization Summary
Attack Model Summary
AB
CIN S
C OUT
1
2
3
4
5
Original Netlist
ObfuscatedCircuit
V
X
U
W
Y
24
5
31
G
WV
Y
XU
H
Frank Imeson, Waterloo ECE 3D Hardware Security 12/26
Introduction Attack Model k-Security Layout Randomization Summary
Attack Model Summary
AB
CIN S
C OUT
1
2
3
4
5
Original Netlist
ObfuscatedCircuit
V
X
U
W
Y
24
5
31
G
WV
Y
XU
H
Frank Imeson, Waterloo ECE 3D Hardware Security 12/26
Introduction Attack Model k-Security Layout Randomization Summary
What an Attacker Needs to Do
Input graphs G and H
Find subgraphisomorphisms
24
5
31
GW
V
Y
XU
H
Frank Imeson, Waterloo ECE 3D Hardware Security 13/26
Introduction Attack Model k-Security Layout Randomization Summary
What an Attacker Needs to Do
Input graphs G and H
Find subgraphisomorphisms
24
5
31
GW
V
Y
XU
H
Frank Imeson, Waterloo ECE 3D Hardware Security 13/26
Introduction Attack Model k-Security Layout Randomization Summary
What an Attacker Needs to Do
Input graphs G and H
Find subgraphisomorphisms
42
5
31
M14
2
5
13
M22
4
5
13
M3
24
5
31
GW
V
Y
XU
H
24
5
31
M4
Frank Imeson, Waterloo ECE 3D Hardware Security 13/26
Introduction Attack Model k-Security Layout Randomization Summary
k-Security
S(w) = 2
S(v),S(u),S(x) = 2
S(y) = 1
S(H) = 1
WV
Y
XU
H2
4
5
31
G
A vertex v ∈ H is k-secure if there exist at least k subgraphisomorphisms each of which maps v to a distinct vertex in G .
An obfuscated graph (circuit) H is k-secure if every vertex (gate)in H is k-secure.
Frank Imeson, Waterloo ECE 3D Hardware Security 14/26
Introduction Attack Model k-Security Layout Randomization Summary
k-Security
S(w) = 2
S(v),S(u),S(x) = 2
S(y) = 1
S(H) = 1
WV
Y
XU
H2
4
5
31
G
A vertex v ∈ H is k-secure if there exist at least k subgraphisomorphisms each of which maps v to a distinct vertex in G .
An obfuscated graph (circuit) H is k-secure if every vertex (gate)in H is k-secure.
Frank Imeson, Waterloo ECE 3D Hardware Security 14/26
Introduction Attack Model k-Security Layout Randomization Summary
k-Security
S(w) = 2
S(v),S(u),S(x) = 2
S(y) = 1
S(H) = 1
WV
Y
XU
H2
4
5
31
G
A vertex v ∈ H is k-secure if there exist at least k subgraphisomorphisms each of which maps v to a distinct vertex in G .
An obfuscated graph (circuit) H is k-secure if every vertex (gate)in H is k-secure.
Frank Imeson, Waterloo ECE 3D Hardware Security 14/26
Introduction Attack Model k-Security Layout Randomization Summary
k-Security
S(w) = 2
S(v),S(u),S(x) = 2
S(y) = 1
S(H) = 1
WV
Y
XU
H2
4
5
31
G
A vertex v ∈ H is k-secure if there exist at least k subgraphisomorphisms each of which maps v to a distinct vertex in G .
An obfuscated graph (circuit) H is k-secure if every vertex (gate)in H is k-secure.
Frank Imeson, Waterloo ECE 3D Hardware Security 14/26
Introduction Attack Model k-Security Layout Randomization Summary
Computational Complexity
〈G ,H〉 is k-secure ∈ NP-complete.
We investigated two approaches:
Reduction to Subgraph Isomorphism and use of VF2 solver
Reduction to SAT and use of MiniSAT solver
1e-06
0.0001
0.01
1
100
0 200 400 600 800 1000 1200 1400
Number of Vertices
Avg Timevf2
sat
Frank Imeson, Waterloo ECE 3D Hardware Security 15/26
Introduction Attack Model k-Security Layout Randomization Summary
Cost vs. Security
Cost = Number of hidden edges
Goal: Explore Cost vs. Security trade-off
Greedy approach
Start with no edges in H.
Greedily pick an edge to add to Hthat maximizes security.
Repeat.
24
5
31
6G
24
5
31
6H
Frank Imeson, Waterloo ECE 3D Hardware Security 16/26
Introduction Attack Model k-Security Layout Randomization Summary
Cost vs. Security
Cost = Number of hidden edges
Goal: Explore Cost vs. Security trade-off
Greedy approach
Start with no edges in H.
Greedily pick an edge to add to Hthat maximizes security.
Repeat.
24
5
31
6G
24
5
31
6H
Frank Imeson, Waterloo ECE 3D Hardware Security 16/26
Introduction Attack Model k-Security Layout Randomization Summary
Cost vs. Security
Cost = Number of hidden edges
Goal: Explore Cost vs. Security trade-off
Greedy approach
Start with no edges in H.
Greedily pick an edge to add to Hthat maximizes security.
Repeat.
24
5
31
6G
24
5
31
6H
Frank Imeson, Waterloo ECE 3D Hardware Security 16/26
Introduction Attack Model k-Security Layout Randomization Summary
Security vs. Number of Removed Edges
05
101520253035404550
40 50 60 70 80 90 100
Sec
urity
% Hidden Wires (Cost)
greedy
rand
Figure: Experiments on the c432 circuit, which contains 303 edges. Thec432 circuit is a 27-channel interrupt controller.
Frank Imeson, Waterloo ECE 3D Hardware Security 17/26
Introduction Attack Model k-Security Layout Randomization Summary
Security vs. Number of Removed Edges
05
101520253035404550
40 50 60 70 80 90 100
Sec
urity
% Hidden Wires (Cost)
greedy
rand
Lower Cost
Figure: Experiments on the c432 circuit, which contains 303 edges. Thec432 circuit is a 27-channel interrupt controller.
Frank Imeson, Waterloo ECE 3D Hardware Security 17/26
Introduction Attack Model k-Security Layout Randomization Summary
Layout Randomization
Placement of Wires
1 32
4
5
Netlist
Layout
Routing
AB
CIN S
C OUT
1
2
3
45
Placement of Gates
Frank Imeson, Waterloo ECE 3D Hardware Security 18/26
Introduction Attack Model k-Security Layout Randomization Summary
Layout Randomization
1
2
3
45
Hidden WiresUnhidden Wires
1 32
4
5
Hidden NetlistObfuscated Netlist
Layout
Routing
Frank Imeson, Waterloo ECE 3D Hardware Security 18/26
Introduction Attack Model k-Security Layout Randomization Summary
Layout and Routing Results
(a) Unsecure Circuit (b) Obfuscated Tier (c) Hidden Tier
Figure: Layout of c432 without any security (left), and the obfuscated(middle) and hidden tiers of an 8-secure version of c432 circuit. Greenand red lines correspond to metal wires.
Frank Imeson, Waterloo ECE 3D Hardware Security 19/26
Introduction Attack Model k-Security Layout Randomization Summary
Wire Length Distribution
0
0.2
0.4
0.6
0.8
1
7.9
14.8
21.7
28.6
35.5
42.4
49.3
56.2
63.1
70.0
Ratio
Distance (um)
UnsecureObfuscated
Hidden
Figure: Comparison of the wire length distribution for the unsecured,obfuscated and hidden circuits. Also the hidden wire length distributionpasses the χ2 test when compared to a random distribution.
Frank Imeson, Waterloo ECE 3D Hardware Security 20/26
Introduction Attack Model k-Security Layout Randomization Summary
Power and Delay Costs
1
1.2
1.4
1.6
1.8
2
2.2
0 5 10 15 20 25 30 35 40 45 50
Rat
io
Security
Delay
Power
Figure: Power and delay ratio calculated from base/unsecured circuit.
Frank Imeson, Waterloo ECE 3D Hardware Security 21/26
Introduction Attack Model k-Security Layout Randomization Summary
Case Study: DES Circuit
Symmetric key-based encryption/decryption algorithm.
35,000 gate implementation fromOpenCores library.
A fault in LSB of 14th roundreveals secret key [3].
16-secure circuit is obtained byremoving only 13% of wires.
Further lifting can increase security.
Plaintext
Round 01
Round 14
IP
FB
Round 16
Ciphertext
Round 15
Frank Imeson, Waterloo ECE 3D Hardware Security 22/26
Introduction Attack Model k-Security Layout Randomization Summary
Case Study: DES Circuit
Symmetric key-based encryption/decryption algorithm.
35,000 gate implementation fromOpenCores library.
A fault in LSB of 14th roundreveals secret key [3].
16-secure circuit is obtained byremoving only 13% of wires.
Further lifting can increase security.
Plaintext
Round 01
Round 14
IP
FB
Round 16
Ciphertext
Round 15
Frank Imeson, Waterloo ECE 3D Hardware Security 22/26
Introduction Attack Model k-Security Layout Randomization Summary
Impact on Attack Footprint
Implemented a 64-secureDES circuit.
14th round LSB isactually 255-secure.
420x area overhead toattack a 255-secure gate.
ModifiedTarget
Target
Trigger
8:256t1
t255
t2
FSM
Trigger
Attacking a non-secure circuit
target1
t1
Attacking a k-secure circuit
target2
t2
target255
t255
Attacking all kpossible targets
Frank Imeson, Waterloo ECE 3D Hardware Security 23/26
Introduction Attack Model k-Security Layout Randomization Summary
Raising the Bar on the Attacker
Attack 1 out of k gates
–or–
Attack all k gates
MIPS 00000-00-001
MIPS 00000-00-001
Frank Imeson, Waterloo ECE 3D Hardware Security 24/26
Introduction Attack Model k-Security Layout Randomization Summary
Related Work and References
Alina Campan and Traian Truta.
Data and structural k-anonymity in social networks.Privacy, Security, and Trust in KDD, pages 33–54, 2009.
Alex Baumgarten, Michael Steffen, Matthew Clausman, and Joseph Zambreno.
A case study in hardware trojan design and implementation.International Journal of Information Security, 10(1):1–14, 2011.
Dan Boneh, Richard DeMillo, and Richard Lipton.
On the importance of checking cryptographic protocols for faults.In Advances in CryptologyEUROCRYPT97, pages 37–51. Springer, 1997.
F. Brglez.
Neutral netlist of ten combinational benchmark circuits and a target translator in fortran.In Special session on ATPG and fault simulation, Proc. IEEE Int. Symp. Circuits and Systems, June 1985,pages 663–698, 1985.
Y. Jin, N. Kupp, and Y. Makris.
Experiences in hardware trojan design and implementation.In Hardware-Oriented Security and Trust, 2009. HOST’09. IEEE International Workshop on, pages 50–57.IEEE, 2009.
S. h and C. Woods.
Breakthrough silicon scanning discovers backdoor in military chip.Cryptographic Hardware and Embedded Systems–CHES 2012, pages 23–40, 2012.
Frank Imeson, Waterloo ECE 3D Hardware Security 25/26
Introduction Attack Model k-Security Layout Randomization Summary
Frank Imeson, Waterloo ECE 3D Hardware Security 26/26