Introduction to Hardware Security and Trust

As technology feature size of devices and interconnects shrink at the rate predicted by Moore’s law, gate density and design complexity on single integrated chip (IC) keep increasing in recent decades. The close to nanoscale fabrication process introduces more manufacturing errors. New failure mechanisms that are not covered by current fault models are observed in designs fabricated in new technologies and new materials. At the same time, the power and signal integrity issues that come with scaled supply voltages and higher operating frequencies increase the number of faults that violate the predefined timing margin. VLSI testing has become more and more important and challenging to verify the correctness of design and manufacturing processes. The diagram shown in Fig. 1.1 illustrates the simplified IC production flow. In the design phase, the test modules are inserted in the netlist and synthesized in the layout. Designers set timing margin carefully to account for the difference between simulation and actual operation mode, such as uncertainties introduced by process variation, temperature variation, clock jitter, etc. However, due to imperfect design and fabrication process, there are variations and defects that make the chip violate this timing margin and cause functional failure in field. Logic bugs, manufacturing error, and defective packaging process could be the source of errors.

Hash algorithm is a type of cryptographic primitives that is widely used in many security protocols for the purposes like data integrity, digital signature, and authentication. In this chapter, we summarize some techniques to improve the hardware implementation of two commonly used hash algorithms MD5 and SHA-2. We also give an overview of the hardware implementation of the five candidates in the last round of SHA-3 competition.

The need for secure communication methods between remote parties has existed for as long as remote parties have wished to communicate. The rise of the digital computer in the beginning of the twentieth century brought with it a new paradigm in secure communications – computer-based encryption algorithms. Encryption is a process by which some private set of data, often called a plaintext, is deterministically converted in a seemingly random set of data called a ciphertext. This ciphertext is then later converted deterministically back into the plaintext through a process called decryption. Encryption and decryption can be thought of as the “locking” and “unlocking” of the plaintext. Imagine a plaintext as a piece of paper with sensitive information written on it. By placing this piece of paper in an unbreakable box with an unpickable lock, we have “encrypted” this data in such a way that only the person or persons with the right key can “decrypt” the data. There are two main ways in which two parties A and B could transmit data with this ideal box/lock combination. First, party A could give party B a copy of their unpickable lock’s key during some secure, personal meeting between the two parties. At a later date, party A could “encrypt” the data using their box and lock and then send the box to party B, who, having obtained the key to this lock at the prior meeting would be able to “decrypt” the data upon receiving it. In this example, both parties could continue sending data back and forth to each other while using the same key. This type of encryption is called “symmetric” encryption – both parties use the same key.

Identification, authentication, and integrity checking are important tasks for ensuring the security and protection of valuable objects, devices, programs, and data. The utilization of the microscopic, random, and unclonable disorder of physical media for such security tasks has recently gained increasing attention. Wherever applicable, the harnessing of disorder can lead to intriguing advantages: First, it can avoid the permanent storage of digital secret keys in vulnerable hardware, promising to make the resulting systems more resilient against invasive and malware attacks. Second, random physical disorder has the natural feature of being very hard to clone and to forge: Fully controlling the micro- and nanoscale fabrication variations in physical media is extremely difficult and, even if possible, prohibitively expensive. Third, utilization of the natural disorder and entropy in physical systems can sometimes enable cryptographic protocols whose security does not rest on the usual unproven number-theoretic assumptions like factoring and discrete log, creating an alternate foundation for cryptography. Physical Unclonable Functions or PUFs are perhaps the best known representative of this new class of “disordered” cryptoprimitives, but there are also others. In this chapter, we provide a classification for past and ongoing work in physical disorder based security alongside with security analyses and implementation examples. We will also outline some open problems and future research opportunities in the area.

This chapter provides the first comprehensive overview of hardware integrated circuits (IC) protection by metering. Hardware metering, or IC metering refers to mechanisms, methods, and protocols that enable tracking of the ICs postfabrication. Metering is particularly needed in the horizontal semiconductor business model where the design houses outsource their fabrication to (mostly offshore) contract foundries to mitigate the manufacturing and labor costs. The designers and/or the design intellectual property (IP) holders are vulnerable to piracy and overbuilding attacks due to the transparency of their designed IP to the foundry that requires a complete description of the design components and layout to fabricate the chips. Because of the prevalence of counterfeit and overbuilt items, and the widespread usage of ICs in a variety of important applications, the problem has recently gained an increased attention by the industry, government, and research community. Post-silicon identification and tagging of the individual ICs fabricated by the same mask is a precursor for metering: In passive metering, each ICs is specifically identified, either in terms of its functionality or by other forms of unique identification. The identified ICs may be matched against their record in a preformed database that could reveal unregistered ICs or overbuilt ICs (in case of collisions). In active metering, not only the ICs are uniquely identified but also parts of the chip’s functionality can be only accessed, locked (disabled), or unclocked (enabled) by the designer and/or IP rights owners with a high level knowledge of the design that is not transferred to the foundry. We provide a systematic view of the field, along with the first detailed taxonomy and descriptions of the various passive and active hardware metering methods available.

The purpose of this chapter is to introduce the basic concepts and approach to secure the hardware design intellectual properties (IPs) from unauthorized use. We borrow the idea of watermarking from the well-established field of multimedia data protection, where digital watermarks are embedded into the object and can be extracted when necessary to establish ownership. However, watermarking design IP is a much more challenging task.

Many semiconductor chips used in a wide range of applications require protection against physical attacks or tamper resistance. These attacks assume that a direct access to the chip is possible with either establishing electrical connections to signal wires or at least doing some measurements. The importance of protection against physical attacks is dictated by the amount of valuable and sensitive information stored on the chip. This could be secret data or company secrets and intellectual property (IP), electronic money for service access, or banking smartcards. The security in chips serves to deter prospective attackers from performing unauthorized access and benefiting from it. There are many areas that rely on tamper resistance of silicon chips. One of the first was car industry with theft protection and car alarms. Then in the early 1990s service providers such as PayTV, satellite TV, and utility companies realized that their service can be stolen if the access and payment cards are not properly protected. From the late 1990s home entertainment companies realized that their game consoles became the target of dishonest users who wanted to run illegal copies of the games. These days many device manufacturers from computer peripherals and mobile phones to printers and computers are worried about possible IP theft by third parties – either competitors or subcontractors. All the above challenges force hardware engineers to find secure solutions – either better protected off-the-shelf chips or their own custom chips. As in most cases it is impractical to block direct access to the device and its components, protection against physical attacks became the essential part of the system design. These days we have a continuous battle between the manufacturers who invent new security solutions learning their lessons from previous mistakes and the hacker community which is constantly trying to break the protection in various devices. Both sides are also constantly improving their knowledge and experience. In this endless war, the front line shifts forward and backward regularly. Deep down, the problem concerns both economics and law. On the one hand, when dishonest people try to steal property, there will be a demand to increase security. On the other, reverse engineering was always part of technological progress, helping to design compatible products and improve existing ones. The dividing line between legal (reverse engineering) and illegal (piracy) is difficult.

Side-channel attacks bypass the theoretical strength of cryptographic algorithms by exploiting weaknesses in the cryptographic system hardware implementation via nonprimary, side-channel inputs and outputs. Commonly exploited side-channel outputs include: power consumption, electromagnetic (EM) emissions, light, timing, and sound (Fig. 8.1). Commonly used side-channel inputs include: supply voltage, temperature, light, and other primary signal inputs unrelated to the cryptographic block. The attacks themselves combine observation of side-channel outputs, manipulation of side-channel inputs, observation of primary outputs, and manipulation of primary inputs with increasingly complex analysis techniques to discover secret information from the cryptographic system. Attacks that exploit side-channel output are often termed passive side-channel attacks, while attacks that exploit sidechannel inputs are called active side-channel attacks or fault injection attacks.

Reconfigurable hardware is by far the most dominant implementation platform in terms of the number of designs per year. During the past decade, security has emerged as a premier design metrics with an ever increasing scope. Our objective is to identify and survey the most important issues related to FPGA security. Instead of insisting on comprehensiveness, we focus on a number of techniques that have the highest potential for conceptual breakthroughs or for the practical widespread adoption. Our emphasis is on security primitives (PUFs and TRNGs), analysis of potential vulnerabilities of FPGA synthesis flow, digital rights management, and FPGA-based applied algorithmic cryptography. We also discuss the most popular and a selection of recent research directions related to FPGA-based security platforms. Specifically, we identify and discuss a number of classical and emerging exciting FPGA-based security research and development directions.

As networking connections become pervasive for computer systems and embedded software contents increase dramatically, it becomes more convenient for hostile parties to utilize software vulnerability to attack embedded systems, such as personal digital assistants (PDAs), cell phones, networked sensors, and automotive electronics [1]. The vulnerability of embedded systems carrying sensitive information to security attacks, ranging from common cybercrimes to terrorism, has become a very critical problem with far-reaching financial and social implications [2]. For example, security is still the largest concern that prevents the adoption of mobile commence and secure messaging [3, 4]. In addition to the traditional metrics of performance, area, and power consumption, security has been regarded as one of the most important design goals for networked embedded systems [4]. Compared to the general purpose and commodity desktop system, an embedded system presents advantages in allowing deployment of meaningful countermeasures across system architecture design. Building a secure embedded system, however, is a complex task that requires multidisciplinary research across different system layers and spanning various design stages, including circuits, processors, Operating System (OS), compiler, system platform, etc. It is especially challenging to find efficient solutions granting system immunity to a broad range of evolving attacks, considering the stringent constraints of embedded systems on computing capability, memory, and battery power and the tamper-prone insecure environment.

While trustworthy hardware helps to establish the basis of trustworthy computing, most applications in embedded security rely to a significant extent on software. Smart-cards are an excellent example. A smart-card is an embedded computer in the form factor of a credit card with an integrated microcontroller. In contrast to a credit card, a smart-card thus has an active component. This allows the card to execute one side of a cryptographic protocol, such as digital signature-generation. Crypto-protocols are build using crypto-algorithms including symmetric-key and public-key encryption, random number generation, and hashing. A smart-card may implement these building blocks in software or, in some cases, in dedicated hardware. Software is often preferred because of two different reasons: reducing the design cost and supporting flexibility. This chapter will discuss the implementation of side-channel attacks on such microcontrollers, as well as some common countermeasures. The objective is to introduce the reader to this exciting field of research within the limits of a book chapter. In-depth discussion of side-channel analysis on microcontrollers can be found in the literature, e.g., [1].

Radio frequency identification (RFID) is an automatic identification method for retrieving and accessing data using devices called RFID tags, sometimes called transponders. The basic RFID system includes tags, readers, and associated interfaces, as shown in Fig. 12.1. Tags are attached to objects that we want to identify. Readers query the tags using a radio frequency (RF) signal to obtain an identifier. RFID applications include item management, physical access control, travel documents, finance and banking, sensors, animal tracking, human identification, and product counterfeiting countermeasure.

With the growth of the personal computers and the internet, computers are now integrated into our lives. With all the conveniences this phenomena also creates more vulnerabilities. An intruder who is physically located on the other side of the earth may gain access to our most secret information by breaking through our firewall and gaining access to the internals of our computing system. Compromised computers may leak our most private information: personal documents, pictures and movies, browsing history, chat history, bank account passwords, etc.

With the steady increase in outsourcing of semiconductor integrated circuits (ICs) manufacturing, the concerns for malicious inclusions are increasing within the military and the commercial sectors. Recently, Trojans in ICs used by military equipment have been reported [1]. Trojans can change the functionality of an IC and affect mission critical equipment. Trojans can also disable a system at will. These concerns caused the Defense Advanced Research Projects Agency (DARPA) to initiate the Trust in ICs program. This program focuses on developing Trojan detection methods [2, 3].

Emerging trend of outsourcing the design and fabrication services to external facilities as well as increasing reliance on third-party Intellectual Property (IP) cores and electronic design automation tools makes integrated circuits (ICs) increasingly vulnerable to hardware Trojan attacks at different stages of its life-cycle. Figure 15.1 shows the modern IC design, fabrication, test, and deployment stages highlighting the level of trust at each stage. This scenario raises a new set of challenges for trust validation with respect to malicious design modification at various stages of an IC life-cycle, where untrusted components/personnel are involved [1]. In particular, it brings in the requirement for reliable detection of malicious design modification made in an untrusted fabrication facility, during post-manufacturing test. It also imposes a requirement for trust validation in IP cores obtained from untrusted thirdparty vendors.

Test interfaces are present in nearly all digital hardware. In many cases, the security of the system depends on the security of the test interfaces. Systems have been hacked in the field using test interfaces as an avenue for attack. Researchers in industry and academia have developed defenses over the past 20 years. A diligent designer can significantly reduce the chance of system exploitation by understanding known threats and applying known defenses.

The need for on-chip security has been on the rise with the proliferation of cryptochips and other applications that contain intellectual property that must be protected. In order to test these chips, scan-based testing has been commonly used due to the ease of application and high coverage. However, once in the field, the test ports become a liability due to the amount of controllability and observability scan-based testing provides. This chapter presents a low-cost secure scan solution that allows the ease of testing using a scan while maintaining a high level of security that will protect the on-chip IP. The proposed solution authorizes users through the use of a test key that is integrated directly into the test pattern and will prevent unauthorized users from correctly analyzing the responses from the scan chain. The area overhead of the proposed solution is negligible, has no impact on performance, and adds several layers of security on top of the scan chain without modifying the standard test interface.