339 research outputs found
A Survey of hardware protection of design data for integrated circuits and intellectual properties
International audienceThis paper reviews the current situation regarding design protection in the microelectronics industry. Over the past ten years, the designers of integrated circuits and intellectual properties have faced increasing threats including counterfeiting, reverse-engineering and theft. This is now a critical issue for the microelectronics industry, mainly for fabless designers and intellectual properties designers. Coupled with increasing pressure to decrease the cost and increase the performance of integrated circuits, the design of a secure, efficient, lightweight protection scheme for design data is a serious challenge for the hardware security community. However, several published works propose different ways to protect design data including functional locking, hardware obfuscation, and IC/IP identification. This paper presents a survey of academic research on the protection of design data. It concludes with the need to design an efficient protection scheme based on several properties
Preventing integrated circuit piracy using reconfigurable logic barriers
With each new feature size, integrated circuit (IC) manufacturing costs increase. Rising expenses cause the once vertical IC supply chain to flatten out. Companies are increasing their reliance on contractors, often foreign, to supplement their supply chain deficiencies as they no longer can provide all of the services themselves. This shift has brought with it several security concerns classified under three categories: (1) Metering - controlling the number of ICs created and for whom. (2) Theft - controlling the dissemination of intellectual property (IP). (3) Trust - controlling the confidence in the IC post-fabrication. Our research focuses on providing a solution to the metering problem by restricting an attacker\u27s access to the IC design. Our solution modifies the CAD tool flow in order to identify locations in the circuit which can be protected with reconfigurable logic barriers. These barriers require the correct key to be present for information to flow through. Incorrect key values render the IC useless as the flow of information is blocked. Our selection heuristics utilize observability and controllability don\u27t care sets along with a node\u27s location in the network to maximize an attacker\u27s burden while keeping in mind the associated overhead. We implement our approach in an open-source logic synthesis tool, compare it against previous solutions and evaluate its effectiveness against a knowledgeable attacker
Gotcha! I Know What You are Doing on the FPGA Cloud: Fingerprinting Co-Located Cloud FPGA Accelerators via Measuring Communication Links
In recent decades, due to the emerging requirements of computation
acceleration, cloud FPGAs have become popular in public clouds. Major cloud
service providers, e.g. AWS and Microsoft Azure have provided FPGA computing
resources in their infrastructure and have enabled users to design and deploy
their own accelerators on these FPGAs. Multi-tenancy FPGAs, where multiple
users can share the same FPGA fabric with certain types of isolation to improve
resource efficiency, have already been proved feasible. However, this also
raises security concerns. Various types of side-channel attacks targeting
multi-tenancy FPGAs have been proposed and validated. The awareness of security
vulnerabilities in the cloud has motivated cloud providers to take action to
enhance the security of their cloud environments.
In FPGA security research papers, researchers always perform attacks under
the assumption that attackers successfully co-locate with victims and are aware
of the existence of victims on the same FPGA board. However, the way to reach
this point, i.e., how attackers secretly obtain information regarding
accelerators on the same fabric, is constantly ignored despite the fact that it
is non-trivial and important for attackers. In this paper, we present a novel
fingerprinting attack to gain the types of co-located FPGA accelerators. We
utilize a seemingly non-malicious benchmark accelerator to sniff the
communication link and collect performance traces of the FPGA-host
communication link. By analyzing these traces, we are able to achieve high
classification accuracy for fingerprinting co-located accelerators, which
proves that attackers can use our method to perform cloud FPGA accelerator
fingerprinting with a high success rate. As far as we know, this is the first
paper targeting multi-tenant FPGA accelerator fingerprinting with the
communication side-channel.Comment: To be published in ACM CCS 202
Techniques for Improving Security and Trustworthiness of Integrated Circuits
The integrated circuit (IC) development process is becoming increasingly vulnerable to malicious activities because untrusted parties could be involved in this IC development flow. There are four typical problems that impact the security and trustworthiness of ICs used in military, financial, transportation, or other critical systems: (i) Malicious inclusions and alterations, known as hardware Trojans, can be inserted into a design by modifying the design during GDSII development and fabrication. Hardware Trojans in ICs may cause malfunctions, lower the reliability of ICs, leak confidential information to adversaries or even destroy the system under specifically designed conditions. (ii) The number of circuit-related counterfeiting incidents reported by component manufacturers has increased significantly over the past few years with recycled ICs contributing the largest percentage of the total reported counterfeiting incidents. Since these recycled ICs have been used in the field before, the performance and reliability of such ICs has been degraded by aging effects and harsh recycling process. (iii) Reverse engineering (RE) is process of extracting a circuit’s gate-level netlist, and/or inferring its functionality. The RE causes threats to the design because attackers can steal and pirate a design (IP piracy), identify the device technology, or facilitate other hardware attacks. (iv) Traditional tools for uniquely identifying devices are vulnerable to non-invasive or invasive physical attacks. Securing the ID/key is of utmost importance since leakage of even a single device ID/key could be exploited by an adversary to hack other devices or produce pirated devices. In this work, we have developed a series of design and test methodologies to deal with these four challenging issues and thus enhance the security, trustworthiness and reliability of ICs. The techniques proposed in this thesis include: a path delay fingerprinting technique for detection of hardware Trojans, recycled ICs, and other types counterfeit ICs including remarked, overproduced, and cloned ICs with their unique identifiers; a Built-In Self-Authentication (BISA) technique to prevent hardware Trojan insertions by untrusted fabrication facilities; an efficient and secure split manufacturing via Obfuscated Built-In Self-Authentication (OBISA) technique to prevent reverse engineering by untrusted fabrication facilities; and a novel bit selection approach for obtaining the most reliable bits for SRAM-based physical unclonable function (PUF) across environmental conditions and silicon aging effects
Multi-Tenant Cloud FPGA: A Survey on Security
With the exponentially increasing demand for performance and scalability in
cloud applications and systems, data center architectures evolved to integrate
heterogeneous computing fabrics that leverage CPUs, GPUs, and FPGAs. FPGAs
differ from traditional processing platforms such as CPUs and GPUs in that they
are reconfigurable at run-time, providing increased and customized performance,
flexibility, and acceleration. FPGAs can perform large-scale search
optimization, acceleration, and signal processing tasks compared with power,
latency, and processing speed. Many public cloud provider giants, including
Amazon, Huawei, Microsoft, Alibaba, etc., have already started integrating
FPGA-based cloud acceleration services. While FPGAs in cloud applications
enable customized acceleration with low power consumption, it also incurs new
security challenges that still need to be reviewed. Allowing cloud users to
reconfigure the hardware design after deployment could open the backdoors for
malicious attackers, potentially putting the cloud platform at risk.
Considering security risks, public cloud providers still don't offer
multi-tenant FPGA services. This paper analyzes the security concerns of
multi-tenant cloud FPGAs, gives a thorough description of the security problems
associated with them, and discusses upcoming future challenges in this field of
study
SerIOS: Enhancing Hardware Security in Integrated Optoelectronic Systems
Silicon photonics (SiPh) has different applications, from enabling fast and
high-bandwidth communication for high-performance computing systems to
realizing energy-efficient optical computation for AI hardware accelerators.
However, integrating SiPh with electronic sub-systems can introduce new
security vulnerabilities that cannot be adequately addressed using existing
hardware security solutions for electronic systems. This paper introduces
SerIOS, the first framework aimed at enhancing hardware security in
optoelectronic systems by leveraging the unique properties of optical
lithography. SerIOS employs cryptographic keys generated based on imperfections
in the optical lithography process and an online detection mechanism to detect
attacks. Simulation and synthesis results demonstrate SerIOS's effectiveness in
detecting and preventing attacks, with a small area footprint of less than 15%
and a 100% detection rate across various attack scenarios and optoelectronic
architectures, including photonic AI accelerators
High-Level Synthesis Hardware Design for FPGA-Based Accelerators: Models, Methodologies, and Frameworks
Hardware accelerators based on field programmable gate array (FPGA) and system on chip (SoC) devices have gained attention in recent years. One of the main reasons is that these devices contain reconfigurable logic, which makes them feasible for boosting the performance of applications. High-level synthesis (HLS) tools facilitate the creation of FPGA code from a high level of abstraction using different directives to obtain an optimized hardware design based on performance metrics. However, the complexity of the design space depends on different factors such as the number of directives used in the source code, the available resources in the device, and the clock frequency. Design space exploration (DSE) techniques comprise the evaluation of multiple implementations with different combinations of directives to obtain a design with a good compromise between different metrics. This paper presents a survey of models, methodologies, and frameworks proposed for metric estimation, FPGA-based DSE, and power consumption estimation on FPGA/SoC. The main features, limitations, and trade-offs of these approaches are described. We also present the integration of existing models and frameworks in diverse research areas and identify the different challenges to be addressed
- …