TECHNOLOGY AREA(S): Electronics
OBJECTIVE: Define new hardware security techniques for integrated circuits (ICs) and develop electronic design automation (EDA) tools enabling the detection and neutralization of malicious logic modifications.
DESCRIPTION: The commercial advanced IC market is increasingly a globalized, high-volume, and highly competitive enterprise, driving leading-edge wafer foundries out of the United States. Conversely, the DoD has historically required domestic, low-volume, and trusted fabrication sources in order to safeguard classified IP contained in circuit designs. As commercial market practices continue to diverge from DoD policy, new technologies are required to ensure that the military retains access to the most advanced fabrication nodes for its high-performance hardware needs . The past decade has seen intense academic interest in hardware security techniques [2, 3] intended to prevent the reverse engineering and subsequent modification of sensitive IP by unauthorized third parties. Application specific ICs (ASICs) fabricated in foreign, untrusted foundries are particularly vulnerable to these threats since the full design is easily available through imaging and side-channel analysis. Once an adversary extracts the design, they may resynthesize the netlist and layout to include malicious modifications, sometimes referred to as hardware Trojan horses (HTHs). HTHs may modify the circuit’s functionality, leak sensitive information, or degrade performance. Obfuscation of ASIC functionality [4, 5] is sometimes employed to protect a design from reverse engineering, thereby increasing the difficulty of inserting an effective HTH. However, such measures do not provide complete security. Indeed, the additional circuitry needed to obfuscate a design incurs penalties to performance, power, and chip area, ultimately limiting the practically attainable degree of security. In the event that trusted practices and obfuscation do not provide sufficient security over an ASIC development flow, other security measures that expose signatures of logic modifications post-manufacture are the last line of defense against HTHs. Such authentication tests can be performed either during integration acceptance testing at a trusted packaging facility or during operation in real time. In the former, test vectors are applied to the IC in order to either trigger a HTH response or observe HTH side effects on the power and/or timing characteristics of ICs . Unfortunately, well-designed HTHs are stealthy, rarely triggered, and have signatures that are difficult to distinguish from similar effects caused by manufacturing variability. DARPA seeks to promote the practice of HTH testing by advancing design-for-test (DFT) principles into industry standard EDA tools. These measures should sensitize IC designs to HTH insertions or provide additional functionality to improve the probability of detection, and should be of integrated within commercial EDA development flows such that performance and overhead impacts will be less severe than ad-hoc approaches. Other authentication measures can monitor the information flow on an ASIC during operation [7,8]. DARPA seeks to develop new methods that detect faulty logic with high probability, prevent the triggering of HTHs, or reconfigure logic in real time to mitigate the impacts of HTHs that happen to pass through acceptance testing or other defensive measures.
PHASE I: Develop a methodology for an innovative design for test, runtime monitoring, HTH trigger defense, or other hardware security technique that mitigates the risk of HTH insertion. Identify and develop a security metric for evaluation and optimization of the method under study in a design tool, and perform simulations or small-scale benchmark demonstrations of the method. The Phase 1 deliverable will be a final report that will include a detailed implementation concept for the security technique and performance specifications for the tool to be developed and tested in Phase II. For this topic, DARPA will accept proposals for work and cost up to $150,000 for Phase I. The preferred structure is a $100,000, 6-month base period, and a $50,000, 4-month option period.
PHASE II: Develop an EDA tool implementing the security technique that is compatible with standard commercial EDA tools and flow. The tool shall accept a large-scale, open-source benchmark design specified by the government, and output a modified version of the design on which the technique has been implemented. The EDA tool, modified design, and report on the performance of the tool shall be delivered to the government for evaluation.
PHASE III: Hardware security is a significant concern both to the military and commercial domains for maintaining sensitive systems. As part of Phase III, the developed tool should be transitioned into enterprise-level software that can be integrated into existing ASIC development flows. Applications include, but are not limited to, global positioning system (GPS), radar and communication transceivers, audio/video processors, and microcontrollers.
1: Defense Science Board Washington DC, "Report of the Defense Science Board Task Force on High Performance Microchip Supply," ADA435563 http://www.dtic.mil/get-tr-doc/pdf?AD=ADA435563 (2005).
2: K. Xiao, D. Forte, Y. Jin, R. Karri, S. Bhunia, and M. Tehranipoor, "Hardware Trojans: Lessons Learned after One Decade of Research," ACM Trans. Des. Autom. Elec. Syst. 22, 6 (2016). DOI: 10.1145/2906147
3: M. Rostami, F. Koushanfar, and R. Karri, "A Primer on Hardware Security: Models, Methods, and Metrics," Proc. IEEE 102, 1283 (2014). DOI: 10.1109/JPROC.2014.2335155
4: R. P. Cocchi, J. B. Baukus, L. Wai Chow, and B. J. Wang, "Circuit Camouflage Integration for Hardware IP Protection," Des. Autom. Conf. (2014). DOI: 10.1145/2593069.2602554
5: R. S. Chakraborty and S. Bhunia, "HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection," IEEE Trans. CAD Int. Circ. Syst. 28, 1493 (2009). DOI: 10.1109/TCAD.2009.2028166
6: H. Salmani, M. Tehranipoor, and J. Plusquellic, "A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time," IEEE Tran. VLSI Syst. 20, 112 (2012). DOI: 10.1109/TVLSI.2010.2093547
7: J. Dubeuf, D. Hely, and R.Karri, "Run-time detection of hardware Trojans: The processor protection unit," IEEE Eur. Test Symp. (2013). DOI: 10.1109/ETS.2013.6569378
8: T. F. Wu, K. Ganesan, Y. A. Hu, H.-S. P. Wong, S. Wong, S. Mitra, "TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits," IEEE Trans. Comp. Aid. Des. Int. Circ. Syst. 35, 521 (2016). DOI: 10.1109/TCAD.2015.2474373
KEYWORDS: Microelectronics, Security, Globalization