automatic implementation of secure siliconcrva.ict.ac.cn/documents/agile-and-open-hardware/... · 5...
TRANSCRIPT
Automatic Implementation of Secure SiliconSerge Leef
June 2019DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
2
• 60 year old agency of Department of Defense• Started because of Sputnik strategic surprise
• Drove invention of the internet, night vision, GPS, satellites, stealth flight, mobile computing, mobile telephony, autonomous driving, sensor fusion, neural interfaces, advanced prosthetics, voice recognition, smart watch, etc…
• Annual Budget: $3.2B spent by 90* appointed PMs serving 3-5 year terms• Typical backgrounds: Visionary Academics, Industry Executives, Military Leaders
• Recent Add-ons: Electronic Resurgence Initiative ($1.5B), AI-Next ($2B)
• DARPA Operational Model• 5 technology offices – STO, TTO, DSO, MTO, I2O, BTO• 90 Program Managers recruited for their vision • Supported by ~100 government employees• Supported by ~1,200 subject matter experts (contractors)• Running around 250-300 programs at any time• Performed by thousands of university and industry researchers & engineers
DARPA: Defense Advanced Research Projects Agency
*Number set by the US Congress
3
Program Goal
Automate inclusion of scalable defense mechanisms into chip designs to enable security vs. economics optimization
Cost and Complexity of Attack Resistance Mechanisms
Source: shutterstock.comDISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
Limitations• $30M+ cost for low complexity SoC• 9-12 month design cycles• Many human introduced errors• Unpredictable power and no security
4
System on Chip (SoC) Design Process
Source: Broadcom 5G SoC block diagram
Simplified View of SoC Design Process (source: Mentor)
High Medium Low
Huge
Big
Medium
Small
Tiny
Size
PerformanceTheoreticalBest
Human expertWith unlimited time
1990s
2000s
Present
Machine generatedsolutions
Current Practice• Manual system integration• Lengthy and complex simulation runs• Block level synthesis & optimization
(source: Broadcom)
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
5
Long Term EDA Dream: System Synthesis
System synthesis & optimization
1. S(a*Performance, b*Size)2. S(a*Performance, b*Size, c*Power)3. S(a*Performance, b*Size, c*Power, d*Security)4. S(a*Performance, b*Size, c*Power, {d*SideChannel, e*SupplyChain,
f*RevEngineering, g*MalHardware})
Key challenges:
• Quantification of security
• Rapid estimation of attack resistance
• Multi-dimensional optimizationHigh Medium Low
Huge
Big
Medium
Small
Tiny
Size
Performance
Power
Security= f(SideChannel, SupplyChain, RevEngineering, MalHardware)
(source: Broadcom)DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
Moving Target (I20)
AISS Focus Areas
In Progress (SSITH)
• Substantial efforts are on-going in the software community
6
Attack Surface Based Reference ModelHa
rdw
are
Softw
are
Hard
war
eSo
ftwar
eIn
terfa
ce
• Side Channel – extraction of secrets through physical communication channels other than intended (assumption: attackers are able to “listen” to emissions)
• Reverse Engineering – extraction of algorithms from an illegally obtained design representation (assumption: attackers have access to design files)
• Supply Chain – Cloning, counterfeit, recycled or re-marked chips represented as genuine(assumption: attackers can manufacture perfect clones)
• Malicious Hardware – insertion of secretly triggered hidden disruptive functionality(assumption: attackers successfully inserted malicious function(s) into the design)
• Alteration of system behavior based on software-accessible points of illicit entry that exist due to hardware design weaknesses or architectural flaws
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
7
AISS Approach to On-Chip Security
Outer Perimeter
IP
P
ro
ve
na
nce
&
W
ate
rm
arkin
g
Off-ch
ip
K
ey M
an
ag
em
en
t
Off-chip Tracking
Supply Chain
Side Channel
Re
ve
rse
E
ng
in
ee
rin
g
Ma
licio
us H
ard
wa
re
Inner Perimeter
Secret
Extraction
Knowledge
Extraction
Cloning
Recycling
HWR
Trojans
Emission Reduction
Authentication, Provisioning, Metering
Lo
gic E
ncryp
tio
n &
O
bfu
sca
tio
n
Ru
n-tim
e M
on
ito
rin
g &
D
ete
ctio
n
Security
Engine • AISS focus is only
on securing inner
perimeter with
on-chip structures
Image source: Intel
• There are many
effective outer
perimeter attack
strategies
• Some level of off-
chip support is
also needed
• We are assuming
outer perimeter is
penetrated or
compromised
DISTRIBUTION STATEMENT A.
Approved for public release. Distribution is unlimited.
Security policies are updated and uploaded in response to newly discovered vulnerabilities; hardware upgrades also supported
security policies
reserved space in
eFPGA block
Level 5• Encrypted Busses• Active Trojan Detection• Software Watermarking
On-Chip Interconnect
Function0 Functionn
CPUMEMORY
Level 4• Provenance Extraction• Watermark Extraction
WM Extract WM Extractor
Level 3• Odometers• Quiet Crypto• Bus Monitoring• Trojan Detection
8
AISS: Security Engine
Lock/unlock
Level 2• Provisioning• Obfuscation• Logic locking
Lock/unlock
Level 1• Root of Trust• Keystore
I/O
BUSENCRYPTED BUS
Encrypted BUS Interface Encrypted BUS Interface
Encrypted BUS Interface Encrypted BUS Interface
On-chip, custom-generated “engine” to support design objectives and “Security vs. Economics” trade-off exploration
Security feature to level assignments are just examples
LEGEND: Side Channel ● Reverse Engineering ● Supply Chain ● Malicious Hardware
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
9
On-chip Security – viable strategies are emerging
Source: Mentor Graphics, 2017
• Design: Create secure-reconfigurable SoCs with a unique ID based on an inborn Root of Trust• Enroll: Extract chips unique ID into a secure server during first power up at wafer test• Configure: Inject keys to encrypt, sign, or decrypt content for devices or end-applications
• Provision: Program SKUs downstream to reduce inventory risk and exploit volume ramp• Personalize: Enables secure device identity during PCB assembly based on the chip’s Root of Trust• Authorize: Allow authorized parties to securely sign devices based on the SoC Root of Trust• Update: Securely update firmware and provision SOC hardware features in the field• Monitor: Track field use and evolve Big Data analytics on field failures, intrusions, counterfeits
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
10
AISS: Composition
• Phase I - Assisted Composition – Components are specified• Processor & security related components are user selected & automatically integrated
• Phase II - Automated Composition – Configuration is specified• User selects a platform and provides configuration to a tool that automatically generates an integrated system
ARMM0
512MBDDR
PCIX USB
LIN
PUF
10KEYS
AESCRYPTOCUSTOM
ARMM0
512MBDRAM UART PCIX
USB AESCRYPTOCUSTOM KEY
STORE PUF
Assisted Composition
Design: “Power Doors/Windows ECU”Platform (Automotive Control)• CPUs (A57, M3, M0) • Memory (512MB, 256MB, 128MB) • Networking (LIN, CAN, FlexRay)• Interfaces (PCIx, USB, DBG) Security Module (Suply Chain)• PUF (small, medium, large) • Keystore (small, medium, large)• Storage (OTP, NVRAM, EEPROM)• Connection (JTAG, IJTG, Custom)
PLATFORM(M0, 128MB, LIN, PCIx)
CUSTOM SECURITY MODULE(PUF, Keystore, OTP, JTAG)
Automated Composition
Selected
ARM M0128MB
LINPCIx
SmallSmallOTPJTAG
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
Combinatorial Optimization explores HUGE solution spaces (billions), but requires rapid estimation of “goodness”
Performance and Size estimators are well understood and incorporated in modern tools
AISS will drive discovery of rapid estimation of power and security
• Phase III - Optimized Composition – Objectives are specified
• User selects a platform and supplies a cost function with size, performance, power and security goals to guide
combinatorial optimization to find best architectures which are presented to the user for assessment and selection
11
AISS: Optimized Composition
Design: “Power Doors/Windows ECU”
Platform (Automotive Control)
• Performance = 2• Size = 9• Power = 3• Security = 3
• Supply Chain = 7• Side Channel = 2• Reverse Engineering = 5• Malicious Hardware = 1
Optimized Composition
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
Source: The 80sPoint: Technology for 2-dimensional optimization has been around for ~40 years 12
AISS: Optimization Cost Functions
f(a,b,c,d) = S(a*Performance, b*Size, c*Power, d*Security )
Application Perf. Size Power Security
Lawn Sprinkler 2 7 9 1Engine Control 6 5 1 3
Guided Projectile 5 1 9 7Network Router 9 5 1 8
Mobile Phone 7 9 9 7Smart Watch 3 6 9 3
Cost Function Examples
Application SideChannel
ReverseEng’g
SupplyChain
MaliciousHardware
Lawn Sprinkler 1 1 9 1Engine Control 1 7 5 2
Guided Projectile 3 9 5 9Network Router 9 7 8 9Mobile Phone 8 9 9 6Smart Watch 6 8 9 1
Security CostFunction Expansion
estimate estimate))
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
AISS Solution Space
Low Medium High
500
400
300
200
100
Size (K gates)
Security (Level)13
“Supply Chain” Attack Surface Metrics
Source: https://www.chemi-con.co.jp Source: Mentor Graphics
State of the Art Solution Strategy: Manual Implementation of
• Hardware root-of-trust, key & certificate storage, interface to outside world
• Support for locking and unlocking selected logic blocks
• Silicon odometers for re-cycling detection or mission limitingSource: Mentor Graphics
1 2 3 4 5 6 7 8 9
2
1
Cost ($M)
Time (Months)
• 256 Bit Key• Small Key Store• Lock/unlock
SOTA*
AISS
• Cloning• Re-cycling• Off-shore Overproduction
• Counterfeiting• Re-Marking
Attack Vectors
256 Bit KeySmall Key StoreLock/unlock
96 Bit Key
512 Bit KeyDeep Key StoreLock/unlockProvisioningOdometers
*Tes
t ch
ip:
5x5
mm
, TSM
C 1
80nm
, RIS
C-V
, O
TP, PU
F, S
RAM
, Sec
ure
JT
AG
, A
ES256, CM
AC, Fu
zzy
Logic
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
AISS Solution Space
14
“Side Channel” Attack Surface Metrics
1 3 6
2
1
Cost ($M)
Time (Months)
• IP license from CRI• IP license from SNPS• CRI integration services
SOTA
AISS
• Emission Interpretation• DPA• EMEA
• Glitching• Tomography
Attack Vector(s)
Sour
ce: M
ento
r Gra
phics
Low Medium High
200%
150%
100%
Size (relative to original)
Emissions from Cryptography (Level)
Match active transistors with passives 1:1Produce high level of random noise
Produce some random noise
Normal emissions
State of the Art Solution Strategy: “Emission Resistant” Crypto
• Match all active transistors with inactive counterparts
• Incorporate randomness into cryptography
Source: Mentor Graphics
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
AISS Solution Space
AISS Solution Space
15
“Reverse Engineering” Attack Surface Metrics
• Algorithm Extraction• Chip Delayering• Layout Reconstruction• Schematic Generation
Attack Vector(s)
Source: 4004.com Source: microship.com/Source: sciencevisionre.com Source: blog.wiser.com
State of the Art Solution Strategy: Logic Encryption & Obfuscation
• Insert logic that deactivates the design without a runtime key
• Use ultra-long keys to achieve obfuscation rather than encryption• Use multi-function blocks instead of key gates
• Manipulate state machines to complicate de-obfuscation
SOTA
1 3 6
High
Med
Low
Effort to break (low, med, high)
Time (Months)
Manual Insertion
Size (relative to original)
Low Medium High
State MachineOverloading
Multi-functionObfuscation
Simple Logic Obfuscation
Simple LogicEncryption
Attack Resistance LevelDISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
16
“Malicious Hardware” Attack Surface Metrics
• Payload Countermeasures• Watermarking of pre-existing IP• Threat analysis of incoming IP
• Trigger Countermeasures• Runtime Trojan detection
• IP as a Carrier• Layout Modification• Mask Manipulation
Attack Vectors
Source: Mentor Graphics
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
www.darpa.mil
17DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.