Belling the CAD: Toward Security-Centric Electronic System Design

In order to keep pace with the growing complexity of integrated circuits (ICs), IC and system designers are increasingly using electronic system level (ESL) design tools. ESL tool sales were around $460 million in 2011. The value of the ICs designed using these tools is at least an order of magnitude more. Concurrently, advanced IC reverse engineering techniques are being developed and used by attackers. In response, several anti-reverse engineering techniques have been proposed for integration into the IC design flow. An important class of defenses hardens the controllers that orchestrate the functionality of designs generated by ESL tools. We demonstrate an attack to recover the controller in any ESL-generated design even if the controller has been hardened using state-of-the-art controller hardening techniques. The attack analyzes the unhardened parts of the controller (i.e., the controller output logic and datapath) and reconciles this information with the architectural, controller, and timing constraints implicit in and underlying all ESL design methodologies. We then propose a countermeasure that inserts decoy connections into an ESL tool-generated design to thwart reverse engineering. We introduce a security metric to quantify the effectiveness of the developed attacks and defenses. We demonstrate the attack and defenses on designs generated by state-of-the-art ESL tools.

[1]  Y. Arai,et al.  A Fast DCT-SQ Scheme for Images , 1988 .

[2]  Jarrod A. Roy,et al.  EPIC: Ending Piracy of Integrated Circuits , 2008, 2008 Design, Automation and Test in Europe.

[3]  Jason Cong,et al.  High-Level Synthesis for FPGAs: From Prototyping to Deployment , 2011, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[4]  Jianqin Zhou,et al.  On discrete cosine transform , 2011, ArXiv.

[5]  Tom Feist,et al.  Vivado Design Suite , 2012 .

[6]  Miodrag Potkonjak,et al.  Optimum and heuristic transformation techniques for simultaneous optimization of latency and throughput , 1995, IEEE Trans. Very Large Scale Integr. Syst..

[7]  Jeyavijayan Rajendran,et al.  Security analysis of logic obfuscation , 2012, DAC Design Automation Conference 2012.

[8]  Sen M. Kuo,et al.  Real-time digital signal processing , 2001 .

[9]  Farinaz Koushanfar,et al.  Provably Secure Active IC Metering Techniques for Piracy Avoidance and Digital Rights Management , 2012, IEEE Transactions on Information Forensics and Security.

[10]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[11]  Farinaz Koushanfar,et al.  Active Hardware Metering for Intellectual Property Protection and Security , 2007, USENIX Security Symposium.

[12]  Zhiru Zhang,et al.  Flushing-enabled loop pipelining for high-level synthesis , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[13]  Swarup Bhunia,et al.  HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection , 2009, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[14]  Miodrag Potkonjak,et al.  Remote activation of ICs for piracy prevention and digital right management , 2007, 2007 IEEE/ACM International Conference on Computer-Aided Design.

[15]  Dick James,et al.  The state-of-the-art in semiconductor reverse engineering , 2011, 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC).

[16]  Kazutoshi Wakabayashi C-based behavioral synthesis and verification analysis on industrial design examples , 2004, ASP-DAC.

[17]  N. Ahmed,et al.  Discrete Cosine Transform , 1996 .

[18]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Trojan Detection and Design-for-Trust Challenges , 2011, Computer.

[19]  Joseph Zambreno,et al.  Preventing IC Piracy Using Reconfigurable Logic Barriers , 2010, IEEE Design & Test of Computers.

[20]  Daniel D. Gajski,et al.  High ― Level Synthesis: Introduction to Chip and System Design , 1992 .

[21]  Farinaz Koushanfar,et al.  Idetic: A high-level synthesis approach for enabling long computations on transiently-powered ASICs , 2013, 2013 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[22]  Sharad Malik,et al.  Reverse engineering digital circuits using functional analysis , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).