Is split manufacturing secure?

Split manufacturing of integrated circuits (IC) is being investigated as a way to simultaneously alleviate the cost of owning a trusted foundry and eliminate the security risks associated with outsourcing IC fabrication. In split manufacturing, a design house (with a low-end, in-house, trusted foundry) fabricates the Front End Of Line (FEOL) layers (transistors and lower metal layers) in advanced technology nodes at an untrusted high-end foundry. The Back End Of Line (BEOL) layers (higher metal layers) are then fabricated at the design house's trusted low-end foundry. Split manufacturing is considered secure (prevents reverse engineering and IC piracy) as it hides the BEOL connections from an attacker in the FEOL foundry. We show that an attacker in the FEOL foundry can exploit the heuristics used in typical floorplanning, placement, and routing tools to bypass the security afforded by straightforward split manufacturing. We developed an attack where an attacker in the FEOL foundry can connect 96% of the missing BEOL connections correctly. To overcome this security vulnerability in split manufacturing, we developed a fault analysis-based defense. This defense improves the security of split manufacturing by deceiving the FEOL attacker into making wrong connections.

[1]  Kaushik Roy,et al.  Multiple-parameter side-channel analysis: A non-invasive hardware Trojan detection approach , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[2]  Swarup Bhunia,et al.  HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection , 2009, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[3]  Jarrod A. Roy,et al.  Ending Piracy of Integrated Circuits , 2010, Computer.

[4]  Jeyavijayan Rajendran,et al.  Logic encryption: A fault analysis perspective , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[5]  Naveed A. Sherwani Algorithms for VLSI Physcial Design Automation , 1998 .

[6]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[7]  Naveed A. Sherwani,et al.  Algorithms for VLSI Physical Design Automation , 1999, Springer US.

[8]  Dong Sam Ha,et al.  HOPE: an efficient parallel fault simulator for synchronous sequential circuits , 1992, DAC '92.

[9]  Yiorgos Makris,et al.  Hardware Trojan detection using path delay fingerprint , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[10]  Dick James,et al.  The state-of-the-art in semiconductor reverse engineering , 2011, 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC).

[11]  Vishwani D. Agrawal,et al.  Essentials of electronic testing for digital, memory, and mixed-signal VLSI circuits [Book Review] , 2000, IEEE Circuits and Devices Magazine.

[12]  Miodrag Potkonjak,et al.  Hardware Trojan horse detection using gate-level characterization , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[13]  Jarrod A. Roy,et al.  EPIC: Ending Piracy of Integrated Circuits , 2008, 2008 Design, Automation and Test in Europe.

[14]  Joseph Zambreno,et al.  Preventing IC Piracy Using Reconfigurable Logic Barriers , 2010, IEEE Design & Test of Computers.

[15]  G. Karypis,et al.  Multiobjective hypergraph-partitioning algorithms for cut and maximum subdomain-degree minimization , 2003, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.