Active hardware metering for intellectual property protection and security

Abstract We introduce the first active hardware metering scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy and runtime tampering. The novel metering method simultaneously employs inherent unclonable variability in modern manufacturing technology, and functionality preserving alternations of the structural IC specifications. Active metering works by enabling the designers to lock each IC and to remotely disable it. The objectives are realized by adding new states and transitions to the original finite state machine (FSM) to create boosted finite state machines(BFSM) of the pertinent design. A unique and unpredictable ID generated by an IC is utilized to place an BFSM into the power-up state upon activation. The designer, knowing the transition table, is the only one who can generate input sequences required to bring the BFSM into the functional initial (reset) state. To facilitate remote disabling of ICs, black hole states are integrated within the BFSM. We introduce nine types of potential attacks against the proposed active metering method. We further describe a number of countermeasures that must be taken to preserve the security of active metering against the potential attacks. The implementation details of the method with the objectives of being low-overhead, unclonable, obfuscated, stable, while having a diverse set of keys is presented. The active metering method was implemented, synthesized and mapped on the standard benchmark circuits. Experimental evaluations illustrate that the method has a low-overhead in terms of power, delay, and area, while it is extremely resilient against the considered attacks

A survey on security analysis of machine learning-oriented hardware and software intellectual property

Intellectual Property (IP) includes ideas, innovations, methodologies, works of authorship (viz., literary and artistic works), emblems, brands, images, etc. This property is intangible since it is pertinent to the human intellect. Therefore, IP entities are indisputably vulnerable to infringements and modifications without the owner’s consent. IP protection regulations have been deployed and are still in practice, including patents, copyrights, contracts, trademarks, trade secrets, etc., to address these challenges. Unfortunately, these protections are insufficient to keep IP entities from being changed or stolen without permission. As for this, some IPs require hardware IP protection mechanisms, and others require software IP protection techniques. To secure these IPs, researchers have explored the domain of Intellectual Property Protection (IPP) using different approaches. In this paper, we discuss the existing IP rights and concurrent breakthroughs in the field of IPP research; provide discussions on hardware IP and software IP attacks and defense techniques; summarize different applications of IP protection; and lastly, identify the challenges and future research prospects in hardware and software IP security

Secure Split Test for Preventing IC Piracy by Un-Trusted Foundry and Assembly

In the era of globalization, integrated circuit design and manufacturing is spread across different continents. This has posed several hardware intrinsic security issues. The issues are related to overproduction of chips without knowledge of designer or OEM, insertion of hardware Trojans at design and fabrication phase, faulty chips getting into markets from test centers, etc. In this thesis work, we have addressed the problem of counterfeit IC‟s getting into the market through test centers. The problem of counterfeit IC has different dimensions. Each problem related to counterfeiting has different solutions. Overbuilding of chips at overseas foundry can be addressed using passive or active metering. The solution to avoid faulty chips getting into open markets from overseas test centers is secure split test (SST). The further improvement to SST is also proposed by other researchers and is known as Connecticut Secure Split Test (CSST). In this work, we focus on improvements to CSST techniques in terms of security, test time and area. In this direction, we have designed all the required sub-blocks required for CSST architecture, namely, RSA, TRNG, Scrambler block, study of benchmark circuits like S38417, adding scan chains to benchmarks is done. Further, as a security measure, we add, XOR gate at the output of the scan chains to obfuscate the signal coming out of the scan chains. Further, we have improved the security of the design by using the PUF circuit instead of TRNG and avoid the use of the memory circuits. This use of PUF not only eliminates the use of memory circuits, but also it provides the way for functional testing also. We have carried out the hamming distance analysis for introduced security measure and results show that security design is reasonably good.Further, as a future work we can focus on: • Developing the circuit which is secuered for the whole semiconductor supply chain with reasonable hamming distance and less area overhead

Hardware security, vulnerabilities, and attacks: a comprehensive taxonomy

Information Systems, increasingly present in a world that goes towards complete digitalization, can be seen as complex systems at the base of which is the hardware. When dealing with the security of these systems to stop possible intrusions and malicious uses, the analysis must necessarily include the possible vulnerabilities that can be found at the hardware level, since their exploitation can make all defenses implemented at web or software level ineffective. In this paper, we propose a meaningful and comprehensive taxonomy for the vulnerabilities affecting the hardware and the attacks that exploit them to compromise the system, also giving a definition of Hardware Security, in order to clarify a concept often confused with other domains, even in the literature

Software asset management in an organization

This thesis presents a project conducted to assess software asset management (SAM) maturity, through the usage of a SAM maturity model, in a Portuguese group, composed of six companies of different business sectors, in order to understand if the group was taking all necessary measures to prevent software non-compliance risks whilst maximizing SAM benefits. The SAM maturity model adopted was based on the Microsoft SAM Optimization Model (SOM) and comprised the assessment of ten core competences, each considering a total of four different maturity levels. The results show that despite the recent group efforts to improve SAM maturity the overall conclusion is that the group is still at Basic Level and vision, goals and objectives to be achieved with a global SAM still need to be approved. This project was the first enterprise initiative to promote SAM awareness in the group under the sponsorship of the Board of Directors and has allowed to understand the current SAM maturity, for the group and each of the six companies, define the desired SAM maturity and also determine all initiatives that must be implemented to achieve the target maturity within the next twelve months.A presente tese consiste no projecto que foi efectuado para aferir a maturidade da gestão de activos de software, tendo por base um modelo de maturidade de gestão de activos de software, de um grupo Português, composto por seis empresas que actuam em diversos sectores da nossa economia, a fim de compreender se o grupo estava a tomar todas as medidas necessárias para prevenir os riscos de não cumprimento legal e regulamentar associados à temática do software e para obter o máximo de benefícios associados à gestão dos activos de software. O modelo de maturidade de gestão de activos de software adoptado teve por base o Microsoft SAM Optimization Model (SOM) que contempla um total de dez competências, cada um com quatro níveis de maturidade distintos. Os resultados obtidos permitem concluir que apesar dos recentes esforços por parte do grupo para melhorar a maturidade nesta área o grupo ainda está no nível Básico e não existe uma visão e objectivos a atingir aprovados que permitam definir o caminho a seguir. Este projecto foi, no entanto, a primeira iniciativa transversal para promover o tema de forma corporativa, com o apoio da Comissão Executiva, e permitiu aferir o nível de maturidade actual, no grupo e em cada uma das seis empresas, bem como o nível de maturidade desejado para o grupo e o conjunto de iniciativas a implementar no período de doze meses de modo a atingir o estágio pretendido