Hardware obfuscation

Last updated

Hardware obfuscation is a technique by which the description or the structure of electronic hardware is modified to intentionally conceal its functionality, which makes it significantly more difficult to reverse-engineer. In other words, hardware obfuscation modifies the design in such a away that the resulting architecture becomes un-obvious to an adversary. [1] Hardware Obfuscation can be of two types depending on the hardware platform targeted: (a) DSP Core Hardware Obfuscation - this type of obfuscation performs certain high level transformation on the data flow graph representation of DSP core to convert it into an unknown form that reflects an un-obvious architecture at RTL or gate level. This type of obfuscation is also called 'Structural Obfuscation'. Another type of DSP Core Obfuscation method is called 'Functional Obfuscation' - It uses a combination of AES and IP core locking blocks (ILBs) to lock the functionality of the DSP core using key-bits. Without application of correct key sequence, the DSP core produces either wrong output or no output at all [2] (b) Combinational/Sequential Hardware Obfuscation - this type of obfuscation performs changes to the gate level structure of the circuit itself. [3] [4]

Contents

In essence, it is different from digital watermarking (where the ownership is concealed in the digital content itself), or from hardware intellectual property (IP) watermarking [5] where the ownership information is embedded and concealed in the description of a circuit. It is also different from cryptography-based hardware IP protection techniques common in the design flow of Field Programmable Gate Array. [6] [7]

The importance of hardware watermarking has increased in the recent years due to widespread adoption of hardware IP based design practices for modern integrated circuits (ICs) such as system on chips (SoCs). Major security issues associated with hardware IPs include: (a) hardware intellectual property infringement during SoC design; (b) reverse engineering the manufactured ICs or the IC design database (in fabrication facilities) to produce counterfeit or clone ICs; and (c) malicious modifications of an IP through the insertion of hardware Trojan to cause in-field functional failure. Hardware obfuscation aims at minimizing these threats at IP or chip level by making it difficult for an adversary to comprehend the actual functionality of a design.

Hardware obfuscation techniques can be classified into two main categories: (a) the "passive" techniques, which do not directly affect the functionality of the electronic system, and (b) the "active" techniques, which directly alter the functionality of the system. Often the active hardware obfuscation techniques are "key-based", such that normal functionality of the obfuscated design can only be enabled by the successful application of a single pre-determined key or a sequence of secret keys at the input; otherwise the circuit operates in a mode, which exhibits incorrect functionality. This can be done by embedding a well-hidden finite state machine (FSM) in the circuit to control the functional modes based on application of key. The technique of key-based, active hardware obfuscation is similar in principle to private-key cryptographic approaches for information protection, since the "key sequence" for the obfuscated design plays a similar role as the cryptographic key. The technique can be applied at different levels of hardware description, namely gate-level or register transfer level (RTL) design and hence can be used to protect soft, firm and hard IP cores. [8] Obfuscation can also help to effectively hide security features in an IC and thus enable protection of ICs from counterfeiting and cloning in fabrication facilities. [9]

In contrast, the passive techniques modify the circuit description in a soft form (e.g. syntactic changes), such that it becomes difficult for a human reader to understand the functionality of the circuit. These approaches typically employ either string-substitution (including variable name change, comment removal, etc.), [10] or structural change in the hardware description language (HDL) description of a circuit (including loop unrolling, register renaming, etc.). [11] A major shortcoming of the passive approaches is that they do not modify the black box functionality of a circuit, and hence cannot prevent potential usage of an IP as black-box in a design. Moreover, the actual strength of such passive obfuscation is debatable, since, in general, black-box obfuscation does not exist, at least for software programs computing certain mathematical functions. [12]

Hardware watermarking can be used in conjunction with hardware obfuscation. In an obfuscated design, watermarking can be effective in providing a second line of defense against unlicensed copying efforts. [13]

Historical context

Hardware obfuscation in computing probably has its origins with mainframe CPUs, mainly ones made by IBM during the 1960s and 1970s. IBM, in order to maintain some competitive advantage, implemented secret opcodes that would only be used by the closed source operating system on the mainframe.[ citation needed ]

See also

Related Research Articles

Field-programmable gate array Array of logic gates that are reprogrammable

A field-programmable gate array (FPGA) is an integrated circuit designed to be configured by a customer or a designer after manufacturing – hence the term field-programmable. The FPGA configuration is generally specified using a hardware description language (HDL), similar to that used for an application-specific integrated circuit (ASIC). Circuit diagrams were previously used to specify the configuration, but this is increasingly rare due to the advent of electronic design automation tools.

Integrated circuit Electronic circuit formed on a small, flat piece of semiconductor material

An integrated circuit or monolithic integrated circuit is a set of electronic circuits on one small flat piece of semiconductor material, usually silicon. Large numbers of tiny MOSFETs integrate into a small chip. This results in circuits that are orders of magnitude smaller, faster, and less expensive than those constructed of discrete electronic components. The IC's mass production capability, reliability, and building-block approach to integrated circuit design has ensured the rapid adoption of standardized ICs in place of designs using discrete transistors. ICs are now used in virtually all electronic equipment and have revolutionized the world of electronics. Computers, mobile phones, and other digital home appliances are now inextricable parts of the structure of modern societies, made possible by the small size and low cost of ICs such as modern computer processors and microcontrollers.

In computer engineering, a hardware description language (HDL) is a specialized computer language used to describe the structure and behavior of electronic circuits, and most commonly, digital logic circuits.

System on a chip Integrated circuit that incorporates the components of a computer

A system on a chip is an integrated circuit that integrates all or most components of a computer or other electronic system. These components almost always include a central processing unit (CPU), memory, input/output ports and secondary storage, often alongside other components such as radio modems and a graphics processing unit (GPU) – all on a single substrate or microchip. It may contain digital, analog, mixed-signal, and often radio frequency signal processing functions.

Application-specific integrated circuit Integrated circuit customized (typically optimized) for a specific task

An application-specific integrated circuit is an integrated circuit (IC) chip customized for a particular use, rather than intended for general-purpose use. For example, a chip designed to run in a digital voice recorder or a high-efficiency video codec is an ASIC. Application-specific standard product (ASSP) chips are intermediate between ASICs and industry standard integrated circuits like the 7400 series or the 4000 series. ASIC chips are typically fabricated using metal-oxide-semiconductor (MOS) technology, as MOS integrated circuit chips.

Digital signal processor Specialized microprocessor optimized for digital signal processing

A digital signal processor (DSP) is a specialized microprocessor chip, with its architecture optimized for the operational needs of digital signal processing. DSPs are fabricated on MOS integrated circuit chips. They are widely used in audio signal processing, telecommunications, digital image processing, radar, sonar and speech recognition systems, and in common consumer electronic devices such as mobile phones, disk drives and high-definition television (HDTV) products.

JTAG is an industry standard for verifying designs and testing printed circuit boards after manufacture.

Mixed-signal integrated circuit

A mixed-signal integrated circuit is any integrated circuit that has both analog circuits and digital circuits on a single semiconductor die.

In electronic design, a semiconductor intellectual property core, IP core, or IP block is a reusable unit of logic, cell, or integrated circuit layout design that is the intellectual property of one party. IP cores can be licensed to another party or owned and used by a single party. The term comes from the licensing of the patent or source code copyright that exists in the design. Designers of application-specific integrated circuits (ASIC) and systems of field-programmable gate array (FPGA) logic can use IP cores as building blocks.

Hardware acceleration is the use of computer hardware designed to perform specific functions more efficiently when compared to software running on a general-purpose central processing unit (CPU). Any transformation of data that can be calculated in software running on a generic CPU can also be calculated in custom-made hardware, or in some mix of both.

Multi-chip module Electronic assembly containing multiple integrated circuits that behaves as a unit

A multi-chip module (MCM) is generically an electronic assembly where multiple integrated circuits, semiconductor dies and/or other discrete components are integrated, usually onto a unifying substrate, so that in use it can be treated as if it were a larger IC. Other terms for MCM packaging include "Heterogeneous integration" or "Hybrid Integrated Circuit". The advantage of using MCM packaging is it allows a manufacturer to use multiple components for modularity and/or to improve yields over a conventional monolithic IC approach.

Integrated circuit design Engineering process for electronic hardware

Integrated circuit design, or IC design, is a sub-field of electronics engineering, encompassing the particular logic and circuit design techniques required to design integrated circuits, or ICs. ICs consist of miniaturized electronic components built into an electrical network on a monolithic semiconductor substrate by photolithography.

Network on a chip Electronic communication subsystem on an integrated circuit

A network on a chip or network-on-chip is a network-based communications subsystem on an integrated circuit ("microchip"), most typically between modules in a system on a chip (SoC). The modules on the IC are typically semiconductor IP cores schematizing various functions of the computer system, and are designed to be modular in the sense of network science. The network on chip is a router-based packet switching network between SoC modules.

An application-specific instruction set processor (ASIP) is a component used in system-on-a-chip design. The instruction set of an ASIP is tailored to benefit a specific application. This specialization of the core provides a tradeoff between the flexibility of a general purpose CPU and the performance of an ASIC.

The Design Automation Standards Committee (DASC) is a subgroup of interested individuals members of the Institute of Electrical and Electronics Engineers (IEEE) Computer Society and Standards Association. It oversees IEEE Standards that are related to computer-aided design. It is part of the IEEE Computer Society.

The quality intellectual property metric (QIP) is an international standard, developed by Virtual Socket Interface Alliance (VSIA) for measuring Intellectual Property (IP) or Silicon intellectual property (SIP) quality and examining the practices used to design, integrate and support the SIP. SIP hardening is required to facilitate the reuse of IP in integrated circuit design.

Hardware Trojan malware embedded in hardware; harder to detect and fix than software vulnerabilities

A Hardware Trojan (HT) is a malicious modification of the circuitry of an integrated circuit. A hardware Trojan is completely characterized by its physical representation and its behavior. The payload of an HT is the entire activity that the Trojan executes when it is triggered. In general, Trojans try to bypass or disable the security fence of a system: for example, leaking confidential information by radio emission. HTs also could disable, damage or destroy the entire chip or components of it.

Saraju Mohanty

Saraju Mohanty is an American professor of the Department of Computer Science and Engineering, and the director of the Smart Electronic Systems Laboratory, at the University of North Texas in Denton, Texas. Mohanty received a Glorious India Award - Rich and Famous NRIs of America in 2017 for his contributions to the discipline. Mohanty is a researcher in the areas of "consumer electronics for smart cities", "application-Specific things for efficient edge computing", and "methodologies for digital and mixed-signal hardware". He has made significant research contributions to security and IP protection of consumer electronic systems, hardware-assisted security and protection, high-level synthesis of digital signal processing (DSP) hardware, and mixed-signal integrated circuit computer-aided design and electronic design automation. Mohanty has been the Editor-in-Chief (EiC) of the IEEE Consumer Electronics Magazine since 2016. He has held the Chair of the IEEE Computer Society's Technical Committee on Very Large Scale Integration since September 2014. He holds 4 US patents in the areas of his research, and has published 220 research articles and 3 books.

Hardware watermarking, also known as IP core watermarking is the process of embedding covert marks as design attributes inside a hardware or IP core design itself. Hardware Watermarking can represent watermarking of either DSP Cores or combinational/sequential circuits. Both forms of Hardware Watermarking are very popular. In DSP Core Watermarking a secret mark is embedded within the logic elements of the DSP Core itself. DSP Core Watermark usually implants this secret mark in the form of a robust signature either in the RTL design or during High Level Synthesis (HLS) design. The watermarking process of a DSP Core leverages on the High Level Synthesis framework and implants a secret mark in one of the high level synthesis phases such as scheduling, allocation and binding. DSP Core Watermarking is performed to protect a DSP core from hardware threats such as IP piracy, forgery and false claim of ownership. Some examples of DSP cores are FIR filter, IIR filter, FFT, DFT, JPEG, HWT etc. Few of the most important properties of a DSP core watermarking process are as follows: (a) Low embedding cost (b) Secret mark (c) Low creation time (d) Strong tamper tolerance (e) Fault tolerance.

Mark Tehranipoor

Mark M. Tehranipoor is an Iranian American academic researcher specializing in hardware security and trust, electronics supply chain security, IoT security, and reliable and testable VLSI design. He is the Intel Charles E. Young Preeminence Endowed Professor in Cybersecurity at the University of Florida and serves as the Director of the Florida Institute for Cybersecurity Research. He is an IEEE fellow and a co-founder of the International Symposium on Hardware Oriented Security and Trust (HOST). Tehranipoor also serves as a co-director of the Air Force Office of Scientific Research CYAN and MEST Centers of Excellence.

References

  1. Anirban Sengupta, Dipanjan Roy, Saraju Mohanty, Peter Corcoran "DSP Design Protection in CE through Algorithmic Transformation Based Structural Obfuscation", IEEE Transactions on Consumer Electronics, Volume 63, Issue 4, November 2017, pp: 467 - 476
  2. Anirban Sengupta, Deepak Kachave, Dipanjan Roy "Low Cost Functional Obfuscation of Reusable IP Cores used in CE Hardware through Robust Locking", IEEE Transactions on Computer Aided Design of Integrated Circuits & Systems (TCAD), 2018
  3. Anirban Sengupta, Dipanjan Roy "Protecting an Intellectual Property Core during Architectural Synthesis using High-Level Transformation Based Obfuscation" IET Electronics Letters, Volume: 53, Issue: 13, June 2017, pp. 849 - 851
  4. M. Yasin, J. Rajendran, O. Sinanoglu, and R. Karri. "On improving the security of logic locking." IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 35, no. 9 (2016): 1411-1424
  5. E. Castillo, U. Meyer-Baese, A. Garcia, L. Parilla, and A. Lloris: "IPP@HDL: efficient intellectual property protection scheme for IP cores", IEEE Transactions on VLSI, 16(5), 2007.
  6. Xilinx Corporation: "Xilinx IP evaluation", Archived 2010-09-20 at the Wayback Machine , 2009.
  7. M. Wirthlin and B. McMurtrey: "IP delivery for FPGAs using Applets and JHDL", Design Automation Conference (DAC), 2002.
  8. R.S. Chakraborty and S. Bhunia: "RTL hardware IP protection using key-based control and data flow obfuscation", International Conference on Very Large Scale Integration Design (VLSID), 2010.
  9. J. Roy, F. Koushanfar, and I.L. Markov: "EPIC: ending piracy of integrated circuits," Design, Automation and Test in Europe (DATE), 2008.
  10. Thicket Family of Source Come Obfuscators
  11. M. Brzozowski and V. N. Yarmolik: "Obfuscation as intellectual rights protection in VHDL language", International Conference on Computer Information Systems and Industrial Management Applications (CISIM), 2007.
  12. B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S.P. Vadhan and K. Yang: "On the (im)possibility of obfuscating programs", Cryptology Conference on Advances in Cryptology (CRYPTO), 2001.
  13. R.S. Chakraborty and S. Bhunia: "HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection", IEEE Trans. on CAD of Integrated Circuits and Systems (TCAD), 2009.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.