5-hardware-security-primitives-ip-protection-2.pdf

Full Transcript

Security in Embedded Hardware
Chapter 5: Hardware Design Flow and IP Protection

Dr.-Ing. Stefan Wildermann
Lehrstuhl für Informatik 12
 Hardware Design Flow

Gate- Layout Test,
Specification Design Physical
Synthesis Level File/Bit- Fabrication Waver Assembly & IC
& Design Sources Layout
Netlist stream Packaging

Soft IP Firm IP Hard IP

Design is specified in Hardware Description Language (Verilog, VHDL) at Register-Transfer Level (RTL)
Synthesis: Computer-aided design (CAD) tool synthesizes RTL design into gate-level netlist
Physical Layout: physically lay out design on target architecture (ASIC or FPGA) by placing cells and
routing interconnect, resulting in layout file (ASIC) or bitstream (FPGA)
Fabricate the actual hardware. Most design houses are fabless and fabricate products at third-party
foundries
Test, Assembly & Packaging: Test fabricated chips to ensure its functionality, cut individual dies from
waver, and package the chip
Security in Embedded Hardware 2
 Intellectual Property (IP)

Gate- Layout Test,
Specification Design Physical
Synthesis Level File/Bit- Fabrication Waver Assembly & IC
& Design Sources Layout
Netlist stream Packaging

Soft IP Firm IP Hard IP

IP Core: Reusable and modular unit of logic, cell, block, or IC layout designed and owned by an IP
vendor
 Basic building blocks of hardware design
 Modern SoCs can contain tens to hundreds of IP cores (processors, accelerators, periphery, etc.)
Soft IP: RTL design provided in hardware description language
Firm IP: Gate-level netlist based on Boolean algebra (gates and standard cells)
Hard IP: Technology-mapped and placed-and-routed design provided as black box by IP vendor

Security in Embedded Hardware 3
 Security and Trust Issues in Supply Chain

Gate- Layout Test,
Specification Design Physical
Synthesis Level File/Bit- Fabrication Waver Assembly & IC
& Design Sources Layout
Netlist stream Packaging

Soft IP Firm IP Hard IP

Hardware Trojans: Attacker in design house or foundry can add malicious circuitry or modify the
existing design
IP Piracy: IP user of attacker in foundry can illegally pirate the IP and deliver it to unauthorized
entities without knowledge and consent of the IP vendor
IC Overbuilding: Malicious foundry can produce more than the ordered number of ICs and sell them
on the black market.

Security in Embedded Hardware 4
Hardware Trojans

Security in Embedded Hardware 5
Trojan in Syrian Defense System

Hardware Trojans: Attacker in design house
or foundry can add malicious circuitry or
modify the existing design
Have been tested in research paper, no
reliable information about real cases
Known (anecdote?):
 2007 Israeli jets bombed a suspected
nuclear installation in Syria
 Syrian radar system failed to warn the
military from incoming assault
 Chips with hidden “backdoor”: Invade
communication, read sensors, manipulate https://foreignpolicy.com/2007/10/05/syrian-radar-
p0wned-by-israeli-military-hackers/
data, take over control

S. Adee. 2008. The hunt for the kill switch. IEEE Spectr. 55 (2016), 426–437.
https://spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch
Wildermann | GRK Cybercrime | Ringvorlesung 6
Hardware Trojans

Hardware Trojans: Attacker in design house or foundry can add malicious circuitry or
modify the existing design

1
Crypto ciphertext
plaintext hardware 0
module
signal 0 or 1

Trigger
Countermeasures:
 Establish trust in distributed supply chain
 Test whether timing, power, temperature (side-channel) measurements deviate from a
golden model
 (Invasive physical) reverse engineering of integrated circuit
Wildermann | GRK Cybercrime | Ringvorlesung 7
Hardware Trojans

Abstraction Activation
Insertion Phase Effects Location
level mechanism

Specification System level Always on Change the Processor
functionality
Development Triggered
Design Memory
environment Internally Downgrade
performance
Register-transfer Time-based
Fabrication Physical- I/O
level
condition Leak
based information Power
Testing Gate level
supply
Triggered Denial of
Assembly and Transistor level Externally service Clock grid
packaging User Input
Physical level Component
output
R. Karri, J. Rajendran, K. Rosenfeld and M. Tehranipoor. Trustworthy Hardware: Identifying and Classifying Hardware Trojans.
In Computer, vol. 43, no. 10, pp. 39-46, Oct. 2010, doi: 10.1109/MC.2010.299.
Security in Embedded Hardware 8
IP Encryption

Security in Embedded Hardware 9
IP Encryption

Goals:
 Prevent usage without proper license
 Prevent modifications of the core
Encryption of HDL or Netlist Cores
 Cores delivered to customer in an encrypted form (usable for
netlist or HDL cores)
 EDA tools decrypt the core before usage
Problem: Different EDA tools in the design flow IP Data
 After processing the core, the results must be also encrypted and
the next tool has to decrypt the core again
For example: The synthesis tool decrypts the VHDL source
codes and encrypts the resulting netlist
 Customers have only access to encrypted data
 EDA tools must be secured against read-out attacks

Security in Embedded Hardware 10
IP Encryption – IEEE standard P1735-2014

IEEE standard P1735-2014 “IEEE Recommended Practice for Encryption and Management
of Electronic Design Intellectual Property (IP)”
 Securing IP through encryption to protect the interests of IP vendors
 Sharing and reuse of IP cores within electronic design automation (EDA) tools
 Interoperability among different EDA tools and platforms
 Limited to soft and firm IP cores
Security goal: Confidentiality
Rights & Properties

IP Vendor EDA Tool Block EDA Tool
Session
Key

Protected IP
Data

IP Data IP Data

Security in Embedded Hardware 11
IP Encryption – Digital Envelope

IEEE 1735 defines structure of digital envelope to protect IP Rights & Properties
Rights & Properties section
 Specifies rights granted to IP user, e.g., which information Common Block
is visible during simulation and synthesis
Tool Block 1
 Common rights applying to all supported tools
 Tool blocks contain Session Key

HMAC
tool-specific rights
encrypted session key for the respective tool being
able to decrypt the IP data Tool Block 2
Hash signature computed over the common block and Session Key
the tool block by a hash-based message
authentication code (HMAC) using the session key  …
each tool can compute hash and validate integrity
Protected IP data encrypted with AES Protected IP Data

Security in Embedded Hardware 12
IP Encryption – IP Vendor

public key
Symmetric key (session key) is EDA tool
generated by the IP core vendor
IP Source IP vendor vendor 1
IP Cores are encrypted using
symmetric methods, e.g., AES symmetric
session key
Session key is encrypted using
the public key of the EDA tool
vendor using asymmetric
methods, e.g., RSA Rights & Properties
Digital envelop is provided to data data Common Block
customer
key
 Customer can use the IP Tool Block
data in EDA tools covered
Session
by the right & properties
Key
section of the envelope Encrypt
Encrypt
Decryption in EDA tool is done …
by (1.) decrypting the session
Protected IP
key with private key of EDA tool
and (2.) decrypting the IP data Source
with the decrypted session key

Security in Embedded Hardware 13
 IP Encryption – EDA Tool

public key next
private key EDA
EDA tool vendor 2
tool vendor 1

Rights & Properties Encrypt Rights & Properties
Common Block Decrypt Common Block

Tool Block Tool Block
Session Session
Key Key
… …
Decrypt IP vendor Encrypt
Protected IP Protected IP
symmetric key
Source Source

IP Source Synthesis Bitstream

Security in Embedded Hardware 14
IP Encryption – Design Flow

Security in Embedded Hardware 15
Where is the EDA tool key stored?

Key hard-coded in EDA tool which runs in untrusted environment
White-box cryptography focuses on protecting cryptographic
algorithms when attacker has full access to execution
environment and can observe and manipulate the cryptographic
process, e.g.,
 Code obfuscation
 Redundancy, Masking private key EDA
tool vendor
 Randomize and split keys, values, and computations
Attacks exist to recover private keys from tools of major EDA Encrypt

tool vendors such as Intel, Xilinx, Cadence, Siemens, Microsemi, Decrypt

and Lattice
Decrypt IP vendor Encrypt
 Attackers can decrypt, modify, and re-encrypt all protected symmetric key

IP cores IP Bitstrea
Synthesis
Source m
Julian Speith, et al. How Not to Protect Your IP - An Industry-Wide
Break of IEEE 1735 Implementations. IEEE Security and Privacy, 2022.
Security in Embedded Hardware 16
FPGA Bitstream Encryption

Security in Embedded Hardware 17
Field-Programmable Gate Arrays (FPGA)

Field-Programmable Gate Array (FPGA) is flexible and Programmable
reconfigurable integrated circuit. I/O Blocks

Composed of an array of programmable logic blocks,
configurable interconnects, and I/O blocks
Hardware can be programmed to implement custom
hardware functionality post-manufacturing
Configurable Logic Blocks (CLBs):
 Consisting of lookup tables (LUTs), flip-flops, and
multiplexers.
 Allow to implement combinational logic, sequential logic,
and simple storage.
Interconnects: Programmable routing resources that Configurable Programmable
provide paths for connecting the CLBs. Logic Blocks routing
I/O Blocks: Connect the internal FPGA logic to external pins.

Security in Embedded Hardware 18
FPGA Fundamentals – Look-up Tables

X