security issues in ickoreatest.or.kr/sub08/sub09_data/양준성.pdf · 2014-10-20 · security...
TRANSCRIPT
Security Issues in IC
Joon-Sung Yang
DATES(Design and Test for Systems) Lab
Sungkyunkwan University
DATES Lab
Page 2
Security
<source : http://www.goophone.net>
DATES Lab
Copycat
Ex) Goophone
Page 3
Security
<source : http://www.gizchina.com/2013/10/13/goophone-open-international-webstore/>
DATES Lab
Smartphone
Penetration by Country
Page 4
IC Market
DATES Lab
Smartphone
Increasing Market
Page 5
IC Market
DATES Lab
What is this?
Page 6
Smartphone
<source : http://www.donga.com>
DATES Lab
Copycat
Page 7
Smartphone
<source : http://www.donga.com>
DATES Lab
Specification
Page 8
Smartphone
<source : http://www.donga.com>
DATES Lab
Past..
Counterfeit
Examples
Deliberately Misrepresented Part Its Identity (e.g. manufacturer, part number, date code, lot code)
Copied (reverse engineered) Part
Used Parts Sold as New
Defective Parts Sold as New or Working Used Parts
Fake Parts
Page 9
Security
<source : http://www.kozio.com>
DATES Lab
Mission Critical Applications
Military Defense Systems
Fighter Jet Case : Jet Failure at High Altitude (Temperature Issue)
Medical Systems
Health & Safety Issues
Page 10
Security
<source : http://www.kozio.com/blog/scripting-a-counterfeit-ic-detection-strategy>
DATES Lab
Economic Impact
Expecting
Semiconductor Industry Revenue Loss (2011)
– 7.5 Billion Dollars
– 11,000 US Job Positions
Page 11
Security
DATES Lab
General Counterfeit Detection Process
Page 12
Security
DATES Lab
How to Avoid Unauthentic ICs Use?
Can We Monitor them?
H/W Metering
Need for IP Owner to Track Manufacture Chips
Ways to Enable IP Owners Accessing ICs at Post-Si
Methods to Uniquely Tag Each Chip for Tracing Them
Page 13
Hardware Metering
DATES Lab
Authentication Flow
Page 14
Authentication
DATES Lab
Traditional Method
Embed Unique Secret Key in NVM
Challenge -> Response
Limitation
Side Channel Attacks on NVM
Resource Intensive Cryptography
Page 15
Authentication
DATES Lab
Physically Unclonable Function (PUF)
Find Something Unique per Chip
Process Variation
– Arbiter PUF
Page 16
ID Generation
DATES Lab
Physically Unclonable Function (PUF)
Find Something Unique per Chip
Process Variation
– Ring Oscillator PUF
Page 17
ID Generation
DATES Lab
Physically Unclonable Function (PUF)
Find Something Unique per Chip
Process Variation
– SRAM PUF
Page 18
ID Generation
DATES Lab
Physically Unclonable Function (PUF)
Find Something Unique per Chip
Process Variation
– SCAN PUF
Page 19
ID Generation
DATES Lab
Authentication Flow
Page 20
PUF
DATES Lab
Authentication Flow
Page 21
PUF
DATES Lab
Authentication Flow
Page 22
PUF
DATES Lab
Pros & Cons
Pros
No Need to Store NVM based Key (ID)
Random and Vast Number or Challenge-Response Pairs
Cons
Non-Deterministic
– Multiple Iteration Required
Process Variation Affected by Aging
Need to Enhance Determinism
Page 23
PUF
DATES Lab
Trojan Virus – S/W
Illegal S/W Download
Computers, Smart Phones
Erase Memory, Send Password & Credit Card Information
Page 24
Another Security Issue
DATES Lab
H/W Trojan? (HTH : Hardware Trojan Horse)
Business Model Shift
Fabless Company
Threat Holes
Page 25
Another Security Issue
IP Vendor
System
Integrator Manufacturer
Trusty?
Trusty? Trusty?
DATES Lab
Threat Holes
HTH Inserted IC to Customer
Possible Damage
H/W Performance Degradation
Authentication Flow Incapacitation
Secret Data Leak.. Backdoor.
IC Destruction
Page 26
HTH : Hardware Trojan Horse
DATES Lab
How It Works..
Time Bomb
Page 27
HTH Insertion
<source : Y. Alkabani and F. Koushanfar, “Extended Abstract : Designer’s Hardware Trojan Horse”, Proc. IEEE Int’l Workshop Hardware-Oriented Security and Trust>
DATES Lab
Action
UK, US, Canada, New Zealand and Australia
Use & Import Ban due to Backdoor Vulnerability
Page 28
HTH : Hardware Trojan Horse
<source : http://www.theregister.co.uk/2013/07/29/lenovo_accused_backdoors_intel_ban>
DATES Lab
Classification
Page 29
HTH
<source : X. Wang, M. Tehranipoor, and J. Plusquellic, “Detecting Malicious Inclusions in Secure Hardware: Challenges and Solutions”, IEEE HOST, 2008>
DATES Lab
How Hard is it to Find HTHs?
A Number of IPs Integrated in SoC
Soft, Firm and Hard IP, Hidden Small HTH
Almost Impossible Physical Detection in Nanometer Technology
Too Much Effort for Reverse Engineering
Conditional Activation
Activated in Special Case (Test Will Not Cover)
Page 30
HTH
DATES Lab
HTH Detection Approaches
Side-Channel Analysis
Using Power, Delay, Electromagnetic Wave, Thermal Emission, etc.
Analysis Flow
– 1) Selecting Chips
– 2) Iterative I/O Test -> Capturing Side-Channel Characteristics
– 3) Building Finger Print
– 4) Perform 2) and 3) for Golden Chip (Reference Chip)
– 5) Compare Finger Prints
Page 31
HTH
DATES Lab
HTH Detection Approaches
Side-Channel Analysis
Power Analysis Example
– Green Lines : Golden Chip
– Blue Lines : HTH Inserted Chip
Page 32
HTH
<source : X. Wang, M. Tehranipoor, and J. Plusquellic, “Detecting Malicious Inclusions in Secure Hardware: Challenges and Solutions”, IEEE HOST, 2008>
DATES Lab
HTH Detection Approaches
Side-Channel Analysis
Advantage
– Can Check Different Characteristics (Power, Delay, Thermal Diagram, etc.)
– No Need to Intentionally Activate HTH (Iterative Stress Test and HTHs Activated Always)
Disadvantage
– Very Susceptible to Noise
– Hard to Distinguish between HTH and Process Variation
– Cannot Detect Conditionally Activating HTHs
Page 33
HTH
DATES Lab
HTH Detection Approaches
Test Vector based Analysis
Trying to Activate HTHs
– Region Free Method
– Region Aware Method
Page 34
HTH
DATES Lab
HTH Detection Approaches
Test Vector based Analysis
Region Free Method
– Try to Active HTH Without Knowing CKT Information
– Applying Test Patterns
– Not Effective
Page 35
HTH
DATES Lab
HTH Detection Approaches
Test Vector based Analysis
Region Aware Method
– Try to Active HTH With Knowing CKT Information
– Flow
o 1) Partition CKT to Sub-CKTs (Clustering)
o 2) Generate Patterns for Sub-CKTs : Try to Increase Switching Activity, Power ONLY IN SELECTED Sub-CKT and Reduce Activity in Other Sub-CKTs
o 3) Perform 2) for Each Sub-CKT
Page 36
HTH
DATES Lab
HTH Detection Approaches
Test Vector based Analysis
Region Aware Method Example
– ISCAS Benchmark s3271 Switching Activity
– Blue Line : Golden Chip
– Red Line : HTH Inserted Chip
Page 37
HTH
DATES Lab
IoT (Internet of Things)
Page 38
Security
Data Acquisition
Data Aggregation
Data Analysis
DATES Lab
IoT (Internet of Things)
Page 39
Security
Data Acquisition
Data Aggregation
Data Analysis
DATES Lab
IoT (Internet of Things)
Page 40
Security
<source : http://www.digikey.com/en/articles/techzone/2014/jan/short-range-low-power-wireless-devices-and-internet-of-things-iot>
DATES Lab
Security Concerns
Need for Design for Security (DFS)
Secure Authentication
Supporting Side-Channel Analysis by CAD Tools
CKT Obfuscation : IP Protection
Test vs. Security
Page 41
Security