automatic implementation of secure siliconcrva.ict.ac.cn/documents/agile-and-open-hardware/... · 5...

Automatic Implementation of Secure SiliconSerge Leef

June 2019DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.

2

• 60 year old agency of Department of Defense• Started because of Sputnik strategic surprise

• Drove invention of the internet, night vision, GPS, satellites, stealth flight, mobile computing, mobile telephony, autonomous driving, sensor fusion, neural interfaces, advanced prosthetics, voice recognition, smart watch, etc…

• Annual Budget: $3.2B spent by 90* appointed PMs serving 3-5 year terms• Typical backgrounds: Visionary Academics, Industry Executives, Military Leaders

• Recent Add-ons: Electronic Resurgence Initiative ($1.5B), AI-Next ($2B)

• DARPA Operational Model• 5 technology offices – STO, TTO, DSO, MTO, I2O, BTO• 90 Program Managers recruited for their vision • Supported by ~100 government employees• Supported by ~1,200 subject matter experts (contractors)• Running around 250-300 programs at any time• Performed by thousands of university and industry researchers & engineers

DARPA: Defense Advanced Research Projects Agency

*Number set by the US Congress

3

Program Goal

Automate inclusion of scalable defense mechanisms into chip designs to enable security vs. economics optimization

Cost and Complexity of Attack Resistance Mechanisms

Source: shutterstock.comDISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.

Limitations• $30M+ cost for low complexity SoC• 9-12 month design cycles• Many human introduced errors• Unpredictable power and no security

4

System on Chip (SoC) Design Process

Source: Broadcom 5G SoC block diagram

Simplified View of SoC Design Process (source: Mentor)

High Medium Low

Huge

Big

Medium

Small

Tiny

Size

PerformanceTheoreticalBest

Human expertWith unlimited time

1990s

2000s

Present

Machine generatedsolutions

Current Practice• Manual system integration• Lengthy and complex simulation runs• Block level synthesis & optimization

(source: Broadcom)

DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.

5

Long Term EDA Dream: System Synthesis

System synthesis & optimization

1. S(a*Performance, b*Size)2. S(a*Performance, b*Size, c*Power)3. S(a*Performance, b*Size, c*Power, d*Security)4. S(a*Performance, b*Size, c*Power, {d*SideChannel, e*SupplyChain,

f*RevEngineering, g*MalHardware})

Key challenges:

• Quantification of security

• Rapid estimation of attack resistance

• Multi-dimensional optimizationHigh Medium Low

Huge

Big

Medium

Small

Tiny

Size

Performance

Power

Security= f(SideChannel, SupplyChain, RevEngineering, MalHardware)

(source: Broadcom)DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.

Moving Target (I20)

AISS Focus Areas

In Progress (SSITH)

• Substantial efforts are on-going in the software community

6

Attack Surface Based Reference ModelHa

rdw

are

Softw

are

Hard

war

eSo

ftwar

eIn

terfa

ce

• Side Channel – extraction of secrets through physical communication channels other than intended (assumption: attackers are able to “listen” to emissions)

• Reverse Engineering – extraction of algorithms from an illegally obtained design representation (assumption: attackers have access to design files)

• Supply Chain – Cloning, counterfeit, recycled or re-marked chips represented as genuine(assumption: attackers can manufacture perfect clones)

• Malicious Hardware – insertion of secretly triggered hidden disruptive functionality(assumption: attackers successfully inserted malicious function(s) into the design)

• Alteration of system behavior based on software-accessible points of illicit entry that exist due to hardware design weaknesses or architectural flaws


7

AISS Approach to On-Chip Security

Outer Perimeter

IP

P

ro

ve

na

nce

&

W

ate

rm

arkin

g

Off-ch

ip

K

ey M

an

ag

em

en

t

Off-chip Tracking

Supply Chain

Side Channel

Re

ve

rse

E

ng

in

ee

rin

g

Ma

licio

us H

ard

wa

re

Inner Perimeter

Secret

Extraction

Knowledge

Extraction

Cloning

Recycling

HWR

Trojans

Emission Reduction

Authentication, Provisioning, Metering

Lo

gic E

ncryp

tio

n &

O

bfu

sca

tio

n

Ru

n-tim

e M

on

ito

rin

g &

D

ete

ctio

n

Security

Engine • AISS focus is only

on securing inner

perimeter with

on-chip structures

Image source: Intel

• There are many

effective outer

perimeter attack

strategies

• Some level of off-

chip support is

also needed

• We are assuming

outer perimeter is

penetrated or

compromised

DISTRIBUTION STATEMENT A.

Approved for public release. Distribution is unlimited.

Security policies are updated and uploaded in response to newly discovered vulnerabilities; hardware upgrades also supported

security policies

reserved space in

eFPGA block

Level 5• Encrypted Busses• Active Trojan Detection• Software Watermarking

On-Chip Interconnect

Function0 Functionn

CPUMEMORY

Level 4• Provenance Extraction• Watermark Extraction

WM Extract WM Extractor

Level 3• Odometers• Quiet Crypto• Bus Monitoring• Trojan Detection

8

AISS: Security Engine

Lock/unlock

Level 2• Provisioning• Obfuscation• Logic locking

Lock/unlock

Level 1• Root of Trust• Keystore

I/O

BUSENCRYPTED BUS

Encrypted BUS Interface Encrypted BUS Interface

Encrypted BUS Interface Encrypted BUS Interface

On-chip, custom-generated “engine” to support design objectives and “Security vs. Economics” trade-off exploration

Security feature to level assignments are just examples

LEGEND: Side Channel ● Reverse Engineering ● Supply Chain ● Malicious Hardware


9

On-chip Security – viable strategies are emerging

Source: Mentor Graphics, 2017

• Design: Create secure-reconfigurable SoCs with a unique ID based on an inborn Root of Trust• Enroll: Extract chips unique ID into a secure server during first power up at wafer test• Configure: Inject keys to encrypt, sign, or decrypt content for devices or end-applications

• Provision: Program SKUs downstream to reduce inventory risk and exploit volume ramp• Personalize: Enables secure device identity during PCB assembly based on the chip’s Root of Trust• Authorize: Allow authorized parties to securely sign devices based on the SoC Root of Trust• Update: Securely update firmware and provision SOC hardware features in the field• Monitor: Track field use and evolve Big Data analytics on field failures, intrusions, counterfeits


10

AISS: Composition

• Phase I - Assisted Composition – Components are specified• Processor & security related components are user selected & automatically integrated

• Phase II - Automated Composition – Configuration is specified• User selects a platform and provides configuration to a tool that automatically generates an integrated system

ARMM0

512MBDDR

PCIX USB

LIN

PUF

10KEYS

AESCRYPTOCUSTOM

ARMM0

512MBDRAM UART PCIX

USB AESCRYPTOCUSTOM KEY

STORE PUF

Assisted Composition

Design: “Power Doors/Windows ECU”Platform (Automotive Control)• CPUs (A57, M3, M0) • Memory (512MB, 256MB, 128MB) • Networking (LIN, CAN, FlexRay)• Interfaces (PCIx, USB, DBG) Security Module (Suply Chain)• PUF (small, medium, large) • Keystore (small, medium, large)• Storage (OTP, NVRAM, EEPROM)• Connection (JTAG, IJTG, Custom)

PLATFORM(M0, 128MB, LIN, PCIx)

CUSTOM SECURITY MODULE(PUF, Keystore, OTP, JTAG)

Automated Composition

Selected

ARM M0128MB

LINPCIx

SmallSmallOTPJTAG


Combinatorial Optimization explores HUGE solution spaces (billions), but requires rapid estimation of “goodness”

Performance and Size estimators are well understood and incorporated in modern tools

AISS will drive discovery of rapid estimation of power and security

• Phase III - Optimized Composition – Objectives are specified

• User selects a platform and supplies a cost function with size, performance, power and security goals to guide

combinatorial optimization to find best architectures which are presented to the user for assessment and selection

11

AISS: Optimized Composition

Design: “Power Doors/Windows ECU”

Platform (Automotive Control)

• Performance = 2• Size = 9• Power = 3• Security = 3

• Supply Chain = 7• Side Channel = 2• Reverse Engineering = 5• Malicious Hardware = 1

Optimized Composition


Source: The 80sPoint: Technology for 2-dimensional optimization has been around for ~40 years 12

AISS: Optimization Cost Functions

f(a,b,c,d) = S(a*Performance, b*Size, c*Power, d*Security )

Application Perf. Size Power Security

Lawn Sprinkler 2 7 9 1Engine Control 6 5 1 3

Guided Projectile 5 1 9 7Network Router 9 5 1 8

Mobile Phone 7 9 9 7Smart Watch 3 6 9 3

Cost Function Examples

Application SideChannel

ReverseEng’g

SupplyChain

MaliciousHardware

Lawn Sprinkler 1 1 9 1Engine Control 1 7 5 2

Guided Projectile 3 9 5 9Network Router 9 7 8 9Mobile Phone 8 9 9 6Smart Watch 6 8 9 1

Security CostFunction Expansion

estimate estimate))


AISS Solution Space

Low Medium High

500

400

300

200

100

Size (K gates)

Security (Level)13

“Supply Chain” Attack Surface Metrics

Source: https://www.chemi-con.co.jp Source: Mentor Graphics

State of the Art Solution Strategy: Manual Implementation of

• Hardware root-of-trust, key & certificate storage, interface to outside world

• Support for locking and unlocking selected logic blocks

• Silicon odometers for re-cycling detection or mission limitingSource: Mentor Graphics

1 2 3 4 5 6 7 8 9

2

1

Cost ($M)

Time (Months)

• 256 Bit Key• Small Key Store• Lock/unlock

SOTA*

AISS

• Cloning• Re-cycling• Off-shore Overproduction

• Counterfeiting• Re-Marking

Attack Vectors

256 Bit KeySmall Key StoreLock/unlock

96 Bit Key

512 Bit KeyDeep Key StoreLock/unlockProvisioningOdometers

*Tes

t ch

ip:

5x5

mm

, TSM

C 1

80nm

, RIS

C-V

, O

TP, PU

F, S

RAM

, Sec

ure

JT

AG

, A

ES256, CM

AC, Fu

zzy

Logic


AISS Solution Space

14

“Side Channel” Attack Surface Metrics

1 3 6

2

1

Cost ($M)

Time (Months)

• IP license from CRI• IP license from SNPS• CRI integration services

SOTA

AISS

• Emission Interpretation• DPA• EMEA

• Glitching• Tomography

Attack Vector(s)

Sour

ce: M

ento

r Gra

phics

Low Medium High

200%

150%

100%

Size (relative to original)

Emissions from Cryptography (Level)

Match active transistors with passives 1:1Produce high level of random noise

Produce some random noise

Normal emissions

State of the Art Solution Strategy: “Emission Resistant” Crypto

• Match all active transistors with inactive counterparts

• Incorporate randomness into cryptography

Source: Mentor Graphics


AISS Solution Space

AISS Solution Space

15

“Reverse Engineering” Attack Surface Metrics

• Algorithm Extraction• Chip Delayering• Layout Reconstruction• Schematic Generation

Attack Vector(s)

Source: 4004.com Source: microship.com/Source: sciencevisionre.com Source: blog.wiser.com

State of the Art Solution Strategy: Logic Encryption & Obfuscation

• Insert logic that deactivates the design without a runtime key

• Use ultra-long keys to achieve obfuscation rather than encryption• Use multi-function blocks instead of key gates

• Manipulate state machines to complicate de-obfuscation

SOTA

1 3 6

High

Med

Low

Effort to break (low, med, high)

Time (Months)

Manual Insertion

Size (relative to original)

Low Medium High

State MachineOverloading

Multi-functionObfuscation

Simple Logic Obfuscation

Simple LogicEncryption

Attack Resistance LevelDISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.

16

“Malicious Hardware” Attack Surface Metrics

• Payload Countermeasures• Watermarking of pre-existing IP• Threat analysis of incoming IP

• Trigger Countermeasures• Runtime Trojan detection

• IP as a Carrier• Layout Modification• Mask Manipulation

Attack Vectors

Source: Mentor Graphics


www.darpa.mil

17DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.

automatic implementation of secure siliconcrva.ict.ac.cn/documents/agile-and-open-hardware/... · 5...

Documents