17 research outputs found
N-variant Hardware Design
The emergence of lightweight embedded devices imposes stringent constraints on
the area and power of the circuits used to construct them. Meanwhile, many of
these embedded devices are used in applications that require diversity and flexibility
to make them secure and adaptable to the fluctuating workload or variable fabric.
While field programmable gate arrays (FPGAs) provide high flexibility, the use of
application specific integrated circuits (ASICs) to implement such devices is more
appealing because ASICs can currently provide an order of magnitude less area and
better performance in terms of power and speed. My proposed research introduces the
N-variant hardware design methodology that adds the sufficient flexibility needed by
such devices while preserving the performance and area advantages of using ASICs.
The N-variant hardware design embeds different variants of the design control
part on the same IC to provide diversity and flexibility. Because the control circuitry
usually represents a small fraction of the whole circuit, using multiple versions of the
control circuitry is expected to have a low overhead. The objective of my thesis is to
formulate a method that provides the following advantages: (i) ease of integration in
the current ASIC design flow, (ii) minimal impact on the performance and area of the
ASIC design, and (iii) providing a wide range of applications for hardware security
and tuning the performance of chips either statically (e.g., post-silicon optimization)
or dynamically (at runtime). This is achieved by adding diversity at two orthogonal
levels: (i) state space diversity, and (ii) scheduling diversity. State space diversity
expands the state space of the controller. Using state space diversity, we introduce
an authentication mechanism and the first active hardware metering schemes. On the
other hand, scheduling diversity is achieved by embedding different control schedules
in the same design. The scheduling diversity can be spatial, temporal, or a hybrid
of both methods. Spatial diversity is achieved by implementing multiple control
schedules that use various parts of the chip at different rates. Temporal diversity
provides variants of the controller that can operate at unequal speeds. A hybrid of
both spatial and temporal diversities can also be implemented. Scheduling diversity
is used to add the flexibility to tune the performance of the chip. An application
of the thermal management of the chip is demonstrated using scheduling diversity.
Experimental results show that the proposed method is easy to integrate in the current
ASIC flow, has a wide range of applications, and incurs low overhead
Homomorphic Data Isolation for Hardware Trojan Protection
The interest in homomorphic encryption/decryption is increasing due to its
excellent security properties and operating facilities. It allows operating on
data without revealing its content. In this work, we suggest using homomorphism
for Hardware Trojan protection. We implement two partial homomorphic designs
based on ElGamal encryption/decryption scheme. The first design is a
multiplicative homomorphic, whereas the second one is an additive homomorphic.
We implement the proposed designs on a low-cost Xilinx Spartan-6 FPGA. Area
utilization, delay, and power consumption are reported for both designs.
Furthermore, we introduce a dual-circuit design that combines the two earlier
designs using resource sharing in order to have minimum area cost. Experimental
results show that our dual-circuit design saves 35% of the logic resources
compared to a regular design without resource sharing. The saving in power
consumption is 20%, whereas the number of cycles needed remains almost the sam
Active hardware metering for intellectual property protection and security
Abstract We introduce the first active hardware metering scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy and runtime tampering. The novel metering method simultaneously employs inherent unclonable variability in modern manufacturing technology, and functionality preserving alternations of the structural IC specifications. Active metering works by enabling the designers to lock each IC and to remotely disable it. The objectives are realized by adding new states and transitions to the original finite state machine (FSM) to create boosted finite state machines(BFSM) of the pertinent design. A unique and unpredictable ID generated by an IC is utilized to place an BFSM into the power-up state upon activation. The designer, knowing the transition table, is the only one who can generate input sequences required to bring the BFSM into the functional initial (reset) state. To facilitate remote disabling of ICs, black hole states are integrated within the BFSM. We introduce nine types of potential attacks against the proposed active metering method. We further describe a number of countermeasures that must be taken to preserve the security of active metering against the potential attacks. The implementation details of the method with the objectives of being low-overhead, unclonable, obfuscated, stable, while having a diverse set of keys is presented. The active metering method was implemented, synthesized and mapped on the standard benchmark circuits. Experimental evaluations illustrate that the method has a low-overhead in terms of power, delay, and area, while it is extremely resilient against the considered attacks
Provably secure obfuscation of diverse watermarks for sequential circuits
Abstract—This paper presents a provably secure method for embedding multiple watermarks in sequential designs. A number of different watermarks signed with the IP owner’s secret key from a public key cryptography system are generated. The owner’s watermarks are then dissembled into the states and transitions of the original sequential design. Hiding the multiple watermarks in the states and transitions is shown to be an instance of obfuscating a multi-point function with a generalized output. We draw on the theoretical cryptographic results of provable obfuscation of this function family to build a secure sequential multi-watermark system by construction. An iterative synthesis method for integrating the collection of watermarks to the original design is introduced. Analysis of watermark properties and the attack resiliency of the new multiple water-marking construction is presented. Experimental evaluations on benchmark circuits demonstrate practicality and low overhead of the new provably secure multiple watermarks construction method. I
A Unified Framework for Multimodal IC Trojan Detection
This paper presents a unified formal framework for integrated circuits (IC) Trojan detection that can simultaneously employ multiple noninvasive measurement types. Hardware Trojans refer to modifications, alterations, or insertions to the original IC for adversarial purposes. The new framework formally defines the IC Trojan detection for each measurement type as an optimization problem and discusses the complexity. A formulation of the problem that is applicable to a large class of Trojan detection problems and is submodular is devised. Based on the objective function properties, an efficient Trojan detection method with strong approximation and optimality guarantees is introduced. Signal processing methods for calibrating the impact of inter-chip and intra-chip correlations are presented. We define a new sensitivity metric which formally quantifies the impact of modifications to each gate on the Trojan detection. Using the new metric, we compare the Trojan detection capability of the different measurement types for static (quiescent) current, dynamic (transient) current, and timing (delay) measurements. We propose a number of methods for combining the detections of the different measurement types and show how the sensitivity results can be used for a systematic combining of the detection results. Experimental evaluations on benchmark designs reveal the low-overhead and effectiveness of the new Trojan detection framework and provides a comparison of different detection combining methods