Abhishek Basak

Correctness and security at odds: post-silicon validation of modern SoC designs

We consider the conflicts between requirements from security and post-silicon validation in SoC designs. Post-silicon validation requires hardware instrumentations to provide observability and controllability during on-field execution; this in turn makes the system prone to security vulnerabilities, resulting in potentially subtle security exploits. Mitigating such threats while ensuring that the system is amenable to post-silicon validation is challenging, involving close collaboration among security, validation, testing, and computer architecture teams. We examine the state of the practice in this area, the trade-offs and compromises made, and their limitations. We also discuss an emerging approach that we are contemplating to address this problem.

A Flexible Architecture for Systematic Implementation of SoC Security Policies

Modern SoC designs incorporate several security policies to protect sensitive assets from unauthorized access. The policies affect multiple design blocks, and may involve subtle interactions between hardware, firmware, and software. This makes it difficult for SoC designers to implement these policies, and system validators to ensure adherence. Associated problems include complexity in upgrading these policies, IP reuse for systems targeted for markets with differing security requirement, and consequent increase in design time and time-to-market. In this paper, we address this important problem by developing a generic, flexible architectural framework for implementing arbitrary security policies in SoC designs. Our architecture has several distinctive features: (1) it relies on a dedicated, centralized, firmware-upgradable plug-and-play IP block that can implement diverse security policies; (2) it interfaces with individual IP blocks through their “security wrapper”, which exploits and extends test/debug wrappers; (3) it implements a security policy as firmware code following existing security policy languages; (4) it can implement any security policy as long as relevant observable and controllable signals from the constituent IPs are accessible through the security wrappers; and (5) it realizes a low-overhead communication link between security wrappers of IP blocks and the centralized, dedicated controller. The approach builds on and extends the recent work on developing a centralized infrastructure IP for SoC security, referred to as IIPS, that interface with IP blocks using their boundary scan based wrappers. While this architecture is generic and independent of security policy types, we provide case studies with several common policies to show the flexibility and extendibility of the architecture. We also evaluate its viability in terms of overhead in area and power.

IIPS: Infrastructure IP for Secure SoC Design

Security is becoming an increasingly important parameter in current system-on-chip (SoC) design due to diverse hardware security attacks that can affect manufacturers, system designers or end users. To effectively address the security issues, design-time considerations, e.g. incorporation of design-for-security (DfS) features, are becoming essential. However, DfS measures for diverse security threats require specific design modifications to achieve target security level, which significantly increases design effort thus time-to-market, and usually incurs considerable design overhead. In addition, the general heterogeneous architecture of current SoCs makes many core-level DfS mechanisms unusable at SoC level. In this paper, we propose a centralized on-chip infrastructure IP for SoC security (IIPS), which alleviates the SoC designers from separately addressing different security issues through design modifications in multiple cores. It also provides ease of integration and functional scalability. We consider a specific implementation of IIPS that provides protection against: (1) scan-based attack for information leakage through low-overhead authentication; (2) counterfeiting attacks through integration of a Physical Unclonable Function (PUF); and (3) hardware Trojan attacks through a test infrastructure fortrust validation. To make the IP amenable for plug-and-play during SoC design, working protocols of the security functions are designed to comply with IEEE 1500 Standard for Embedded Core Test (SECT). Since IIPS resides outside the functional modules, it does not incur functional performance or power overhead. Simulations and experiments on example SoC designs validate the effectiveness of IIPS in providing protections against diverse attacks at a low hardware overhead.

How Secure Are Printed Circuit Boards Against Trojan Attacks

Hardware Trojan attacks at the integrated circuit (IC) level have been studied extensively in recent times. Researchers have analyzed the impact of these attacks and explored possible countermeasures for ICs. However, vulnerability with respect to hardware Trojan attacks at higher levels of system abstraction, e.g., at printed circuit board (PCB) level, have not been reported earlier. Previous studies have covered security of PCBs against piracy and various post-fabrication tampering attacks. JTAG (Joint Test Access Group) and other field programmability features, e.g., probe pins, unused sockets and USB have been extensively exploited by hackers to gain access to internal features of the designs as well as snooping of secret key, collection of test responses, and manipulating JTAG test pins. One instance demonstrated that Xbox can be hacked by disabling the Digital Rights Management (DRM) policy using JTAG. The emerging business model of PCB design and fabrication that favors extensive outsourcing and integration of untrusted components/entities in the PCB life-cycle to lower manufacturing cost, makes hardware Trojan attacks in PCBs highly feasible.

Exploiting design-for-debug for flexible SoC security architecture

Systematic implementation of System-on-Chip (SoC) security policies typically involves smart wrappers extracting local security critical events of interest from Intellectual Property (IP) blocks, together with a control engine that communicates with the wrappers to analyze the events for policy adherence. However, developing customized wrappers at each IP for security requirements may incur significant overhead in area and hardware resources. In this paper, we address this problem by exploiting the extensive design-fordebug (DfD) instrumentation already available on-chip. In addition to reduction in the overall hardware overhead, the approach also adds flexibility to the security architecture itself, e.g., permitting use of on-field DfD instrumentation, survivability and control hooks to patch security policy implementation in response to bugs and attacks found at postsilicon or changing security requirements on-field. We show how to design scalable interface between security and debug architectures that provides the benefits of flexibility to security policy implementation without interfering with existing debug and survivability use cases and at minimal additional cost in energy and design complexity.

CACI: Dynamic Current Analysis Towards Robust Recycled Chip Identification

Rising incidences of counterfeit chips in the supply chain have posed a serious threat to the semiconductor industry. Recycling of used chips constitutes a major form of counterfeiting attacks. If undetected, they can lead to serious consequences including system performance/reliability issues during field operation and potential revenue/reputation loss for a trusted manufacturer. Existing validation approaches based on path delay analysis suffer from reduced robustness and sensitivity under large process variations. On the other hand, existing design solutions based on aging sensors require additional design/verification efforts and cannot be applied to legacy chips. In this paper, we present a novel recycled chip identification approach, CACI, that exploits differential aging in self-similar modules (e.g., different parts of an adder) to isolate aged chips under large inter- and intra-die process variations. It compares dynamic current (IDDT) signatures between two adjacent similar circuit structures in a chip. We derive an isolation metric based on multiple current comparisons to provide high level of confidence. CACI does not rely on any embedded structures for authentication, thus it comes at virtually zero design overhead and can be applied to chips already in the market. Through extensive simulations, we show that for 15% inter- and 10% intra-die variations in threshold voltage for a 45nm CMOS process, over 97% of recycled chips can be reliably identified.

KiMS: Kids' Health Monitoring System at day-care centers using wearable sensors and vocabulary-based acoustic signal processing

Wearable sensors for healthcare and wireless health monitoring are rapidly becoming ubiquitous. They enable remote, accurate and low-cost health monitoring and can provide personal healthcare with timely detection of health issues. In this paper, we present a novel integrated system for monitoring children at day-care centers in order to facilitate proper care of health issues and overall wellbeing, including early detection of symptoms for various diseases, post-treatment monitoring as well as encouraging healthy habits and activities. The proposed “Kids Health Monitoring System”, referred to as KiMS, is built around a wearable acoustic sensor with embedded digital signal processing capabilities in order to detect various audio signals of interest, such as coughs, sneezes, and cries. It is also equipped with wearable body temperature and pulse rate sensors, along with on-site processing and a Bluetooth unit for communicating alerts and activity on a timely basis. The record of a childs activities can be used by daycare specialist, parents or the healthcare provider for understanding the probable cause or time of onset of symptoms and encouraging healthy habits. This paper also presents a signal processing framework for feature detection and classification of various audio signals, under varying Signal to Noise Ratios (SNR).

Active defense against counterfeiting attacks through robust antifuse-based on-chip locks

The rapidly rising incidences of counterfeit Integrated Circuits (ICs) in the semiconductor supply chain pose a significant threat to the electronic industry. These ICs may suffer from functional, performance or reliability issues and can affect design houses, chip manufacturers, system designers as well as end users. The standard chip/package/system level tests are often inadequate in detecting various forms of counterfeit ICs. On the other hand, design approaches that enable IC authentication are often not attractive due to significant design effort, hardware overhead and test cost. In this paper, we propose a novel defense against counterfeiting attacks through a “chip locking approach”, where an IC is made non-operational by locking select pins through insertion of Antifuse (AF) devices in input/output circuitry. It can be unlocked through application of a hard-to-clone key. The key is internally stored in a onetime programmable non-volatile memory. The key storage and comparison circuit is protected against reverse engineering and side-channel analysis attacks. Through mathematical analysis and simulation results, we demonstrate that the proposed mechanism provides high level of protection against all major forms of counterfeiting attacks (reselling, remarking and cloning) at ultralow overhead (<; 0.01% area).

Low-power implantable ultrasound imager for online monitoring of tumor growth

Clinicians all over the world agree that the most effective way to deal with a malignant tumor growth within internal organs is to detect it early. In most cases, early detection requires automated localized high resolution scanning of a region of interest — such as lungs, brain, small intestine, and gastro-intestinal tract. External or endoscopic ultrasound technologies are often not effective for imaging deep inside organs due to lack of adequate spatial resolution. In this paper, we propose using a miniature, low power implantable ultrasound imager for online monitoring of tumor growth in internal body parts. We explore the design space for such an implantable ultrasonic imaging system targeted to early detection or post-surgery monitoring of a malignant growth. The system can be placed locally in a susceptible region or for post-operative monitoring of relapse. The proposed system is capable of providing high-resolution image of a volume of interest at periodic intervals, using a relatively safe imaging technology, thus providing a chronic, reliable, and cost-effective monitoring option.

Implantable Ultrasonic Imaging Assembly for Automated Monitoring of Internal Organs

An implantable miniaturized imaging device can be attractive in many clinical applications. They include automated, periodic, high-resolution monitoring of susceptible organs for early detection of an anomalous growth. In this paper, we propose an implantable ultrasonic imager capable of online high-resolution imaging of a region inside the body. A feasibility analysis is presented, with respect to design of such a system and its application to online monitoring of tumor growth in deep internal organs. We use ultrasound (US) imaging technology, as it is safe, low-cost, can be easily miniaturized, and amenable for long-term, point-of-care (POC) monitoring. The design space of the proposed system has been explored including form factor, transducer specifications and power/energy requirements. We have analyzed the effectiveness of the system in timely detection of anomalous growth in a case study through software simulations using a widely-accepted ultrasonic platform (Field II). Finally, through experimental studies using medical grade phantoms and an ultrasound scanner, we have evaluated the system with respect to its major imaging characteristics. It is observed that interstitial imaging under area/power constraints would achieve significantly better imaging quality in terms of contrast sensitivity and spatial resolution than existing techniques in deep, internal body parts, while maintaining the automated monitoring advantages.