Author : Abhishek Basak
Publisher :
ISBN 13 :
Total Pages : 187 pages
Book Rating : 4.:/5 (957 download)
Book Synopsis Infrastructure and Primitives for Hardware Security in Integrated Circuits by : Abhishek Basak
Download or read book Infrastructure and Primitives for Hardware Security in Integrated Circuits written by Abhishek Basak and published by . This book was released on 2015 with total page 187 pages. Available in PDF, EPUB and Kindle. Book excerpt: For logical correlation and clustering similar approaches together, this thesis isdivided into two parts. Part I proposes three light-weight, proactive IC integrityvalidation approaches as countermeasures against the two major forms of counterfeit ICs namely Recycled and Cloned chips. Hence the security threats consideredhere revolve around the legitimacy of the procured components from the vast,ever-expanding global supply chain, used to design electronic systems. The firstapproach is a low overhead, on-die protection mechanism against both types ofabove-mentioned counterfeit digital ICs based on one-time programmable Antifuses inserted in the I/O port logic and a key stored in secure non-volatile memory. Second is an antifuse based IC package level solution against both counterfeittypes, that does not require any design modification, on-die resources and hencecan be applied to legacy designs (i.e. production ready designs), which comprisea significant portion of the semiconductor market. The last is an intrinsic pinresistance based IC authentication approach against cloned ICs, which does notrequire any overhead (die or package), changes in the design cycle and is applicable to legacy ICs. In addition to digital ICs, the latter two techniques alsowork efficiently for analog and mixed-signal designs. The protection against recycling offered by the first two methods involves active defense rather than onlydetection, i.e. the ICs are non-functional (hence of no value) until the antifuses areprogrammed. Overall, as compared to existing Design-for-Security (DfS) techniques,utilization of one or more of these proposed approaches would incur minimal tovirtually zero design modifications and associated hardware overhead, offer easyintegrability in existing chips and are potentially applicable to legacy designs andICs of all types at comparable security.Part II of the thesis revolves around efficient protection against threats arisingdue to the integration characteristics and interactions between different hardwareand/or software/firmware components on a platform required to perform systemlevel functions. It particularly focuses on a System-on-Chip (SoC), which constitute the primary IC type in mobile and embedded electronic systems today andis essentially an entire platform on a single chip. We have proposed a novel architecture framework that provides a methodical, formal approach to implementsystem level security policies in these SoCs. SoCs incorporate different types ofhardware/firmware/software based Intellectual Property (IP) cores including gen-eral purpose processors, graphics cores, accelerators, memory subsystems, devicecontrollers etc. Security policies protect the access of various security assets onchip sprinkled around in these IP blocks, like device keys, passwords, configuration register settings, programmable fuses and private user data. They typicallyinvolve subtle interactions between different IP components and their specification as well as implementation often get modified over the design cycle involvingvarious stakeholders. As a result, these policies are typically implemented in arather adhoc fashion in SoCs presently. This creates significant issues in post-SiSoC validation, in-field testing as well as patch/upgrades in response to bugs orchanging security requirements in field. To address this issue, the thesis proposesa light-weight infrastructure framework for systematic, methodical implementation of diverse SoC security policies. The architecture is centered around smartsecurity wrappers, which extract security critical event information from the IPsand a centralized, firmware upgradable micro-controlled policy controller, whichanalyzes the SoC security state at all phases and enforces the appropriate securitycontrols via the wrappers. Furthermore, to reduce the security wrapper overheadsas well as provide greater flexibility to adapt to new security requirements in-field,an interface is provided between the security architecture and the existing on-chipdebug infrastructure to permit reuse of its Design-for-Debug (DfD) componentsfor security policy implementation. The thesis concludes with an analysis of thethreat due to malicious modifications and/or covert backdoors in untrustworthy3rd party IPs in use today for designing SoCs. In the absence of full-proof statictrust analysis methods, potent run-time solutions have been proposed in the architectural framework as a last line of defense to ensure SoC security in presenceof untrustworthy IPs.