IIPS: Infrastructure IP for Secure SoC Design

Security is becoming an increasingly important parameter in current system-on-chip (SoC) design due to diverse hardware security attacks that can affect manufacturers, system designers or end users. To effectively address the security issues, design-time considerations, e.g. incorporation of design-for-security (DfS) features, are becoming essential. However, DfS measures for diverse security threats require specific design modifications to achieve target security level, which significantly increases design effort thus time-to-market, and usually incurs considerable design overhead. In addition, the general heterogeneous architecture of current SoCs makes many core-level DfS mechanisms unusable at SoC level. In this paper, we propose a centralized on-chip infrastructure IP for SoC security (IIPS), which alleviates the SoC designers from separately addressing different security issues through design modifications in multiple cores. It also provides ease of integration and functional scalability. We consider a specific implementation of IIPS that provides protection against: (1) scan-based attack for information leakage through low-overhead authentication; (2) counterfeiting attacks through integration of a Physical Unclonable Function (PUF); and (3) hardware Trojan attacks through a test infrastructure fortrust validation. To make the IP amenable for plug-and-play during SoC design, working protocols of the security functions are designed to comply with IEEE 1500 Standard for Embedded Core Test (SECT). Since IIPS resides outside the functional modules, it does not incur functional performance or power overhead. Simulations and experiments on example SoC designs validate the effectiveness of IIPS in providing protections against diverse attacks at a low hardware overhead.

[1]  Yervant Zorian,et al.  Overview of the IEEE P1500 standard , 2003, International Test Conference, 2003. Proceedings. ITC 2003..

[2]  Qiang Xu,et al.  Delay fault testing of core-based systems-on-a-chip , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[3]  Mark Mohammad Tehranipoor,et al.  Securing Scan Design Using Lock and Key Technique , 2005, 20th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT'05).

[4]  Cynthia E. Irvine,et al.  Security Checkers: Detecting processor malicious inclusions at runtime , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[5]  Máire O'Neill,et al.  FPGA implementation and analysis of random delay insertion countermeasure against DPA , 2008, 2008 International Conference on Field-Programmable Technology.

[6]  Yu Zheng,et al.  Role of power grid in side channel attack and power-grid-aware secure design , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[7]  Pim Tuyls,et al.  Anti-counterfeiting with hardware intrinsic security , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[8]  A. Minelli BIO , 2009, Evolution & Development.

[9]  Yiorgos Makris,et al.  Hardware Trojan detection using path delay fingerprint , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[10]  Srinivas Devadas,et al.  Delay-based circuit authentication and applications , 2003, SAC '03.

[11]  Mark Mohammad Tehranipoor,et al.  RON: An on-chip ring oscillator network for hardware Trojan detection , 2011, 2011 Design, Automation & Test in Europe.

[12]  Yu Zheng,et al.  ScanPUF: Robust ultralow-overhead PUF using scan chain , 2013, 2013 18th Asia and South Pacific Design Automation Conference (ASP-DAC).

[13]  Swarup Bhunia,et al.  VIm-Scan: A Low Overhead Scan Design Approach for Protection of Secret Key in Scan-Based Secure Chips , 2007, 25th IEEE VLSI Test Symposium (VTS'07).

[14]  Swarup Bhunia,et al.  Security Against Hardware Trojan Attacks Using Key-Based Design Obfuscation , 2011, J. Electron. Test..

[15]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[16]  Mark Mohammad Tehranipoor,et al.  A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[17]  Ramesh Karri,et al.  Secure scan: a design-for-test architecture for crypto chips , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[18]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[19]  Jacob A. Abraham,et al.  On-chip Programmable Capture for Accurate Path Delay Test and Characterization , 2008, 2008 IEEE International Test Conference.

[20]  Michel Renovell,et al.  Scan Design and Secure Chip , 2004, IOLTS.

[21]  Paolo Bernardi,et al.  Exploiting an I-IP for in-field SoC test , 2004, 19th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, 2004. DFT 2004. Proceedings..

[22]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[23]  Mark Craig,et al.  A strategy for mixed-signal yield improvement , 2002, IEEE Design & Test of Computers.

[24]  Swarup Bhunia,et al.  Improving IC Security Against Trojan Attacks Through Integration of Security Monitors , 2012, IEEE Design & Test of Computers.

[25]  Farinaz Koushanfar,et al.  Integrated circuits metering for piracy protection and digital rights management: an overview , 2011, GLSVLSI '11.

[26]  Erik Jan Marinissen,et al.  The Role of Test Protocols in Automated Test Generation for Embedded-Core-Based System ICs , 2002, J. Electron. Test..

[27]  Michael Nicolaidis,et al.  Embedded robustness IPs for transient-error-free ICs , 2002, IEEE Design & Test of Computers.

[28]  Yervant Zorian Guest Editor's Introduction: What is Infrastructure IP? , 2002, IEEE Des. Test Comput..

[29]  Francisco da Silva,et al.  The Core Test Wrapper Handbook , 2006 .

[30]  André Ivanov,et al.  Embedded timing analysis: a soc infrastructure , 2002, IEEE Design & Test of Computers.

[31]  Mark Mohammad Tehranipoor,et al.  A Clock Sweeping Technique for Detecting Hardware Trojans Impacting Circuits Delay , 2013, IEEE Design & Test.

[32]  J. Plusquellic,et al.  Securing Scan Design Using Lock & Key Technique , 2005 .

[33]  Swarup Bhunia,et al.  TeSR: A robust Temporal Self-Referencing approach for Hardware Trojan detection , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.