2.5D Root of Trust: Secure System-Level Integration of Untrusted Chiplets

For the first time, we leverage the 2.5D interposer technology to establish system-level security in the face of hardware- and software-centric adversaries. More specifically, we integrate chiplets (i.e., third-party hard intellectual property of complex functionality, like microprocessors) using a security-enforcing interposer. Such hardware organization provides a robust 2.5D root of trust for trustworthy, yet powerful and flexible, computation systems. The security paradigms for our scheme, employed firmly by design and construction, are: 1) stringent physical separation of trusted from untrusted components and 2) runtime monitoring. The system-level activities of all untrusted commodity chiplets are checked continuously against security policiesvia physically separated security features. Aside from the security promises, the good economics of outsourced supply chains are still maintained; the system vendor is free to procure chiplets from the open market, while only producing the interposer and assembling the 2.5D system oneself. We showcase our scheme using the Cortex-M0 core and the AHB-Lite bus by ARM, building a secure 64-core system with shared memories. We evaluate our scheme through hardware simulation, considering different threat scenarios. Finally, we devise a physical-design flow for 2.5D systems, based on commercial-grade design tools, to demonstrate and evaluate our 2.5D root of trust.

[1]  Prabhat Mishra,et al.  Efficient Test Generation for Trojan Detection using Side Channel Analysis , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  Daniel Gruss,et al.  ZombieLoad: Cross-Privilege-Boundary Data Sampling , 2019, CCS.

[3]  Ozgur Sinanoglu,et al.  On mitigation of side-channel attacks in 3D ICs: Decorrelating thermal patterns from power and activity , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[4]  Ozgur Sinanoglu,et al.  Protect Your Chip Design Intellectual Property: An Overview , 2019, COINS.

[5]  Ozgur Sinanoglu,et al.  A Modern Approach to IP Protection and Trojan Prevention: Split Manufacturing for 3D ICs and Obfuscation of Vertical Interconnects , 2019, ArXiv.

[6]  Johannes Götzfried,et al.  Hardware-Based Trusted Computing Architectures for Isolation and Attestation , 2018, IEEE Transactions on Computers.

[7]  Chang-Chi Lee,et al.  An Overview of the Development of a GPU with Integrated HBM on Silicon Interposer , 2016, 2016 IEEE 66th Electronic Components and Technology Conference (ECTC).

[8]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[9]  Dennis Sylvester,et al.  A2: Analog Malicious Hardware , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[10]  Sanjeev Khushu,et al.  8.1 Lakefield and Mobility Compute: A 3D Stacked 10nm and 22FFL Hybrid Processor System in 12×12mm2, 1mm Package-on-Package , 2020, 2020 IEEE International Solid- State Circuits Conference - (ISSCC).

[11]  Eric Beyne,et al.  Active-lite interposer for 2.5 & 3D integration , 2015, 2015 Symposium on VLSI Technology (VLSI Technology).

[12]  Sung Kyu Lim,et al.  Architecture, Chip, and Package Co-design Flow for 2.5D IC Design Enabling Heterogeneous IP Reuse , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[13]  Ankur Srivastava,et al.  Reducing Timing Side-Channel Information Leakage Using 3D Integration , 2019, IEEE Transactions on Dependable and Secure Computing.

[14]  Mary Wootters,et al.  The N3XT Approach to Energy-Efficient Abundant-Data Computing , 2019, Proceedings of the IEEE.

[15]  Natalie D. Enright Jerger,et al.  Modular Routing Design for Chiplet-Based Systems , 2018, 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA).

[16]  Jack W. Davidson,et al.  Security through redundant data diversity , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[17]  Ozgur Sinanoglu,et al.  Large-Scale 3D Chips: Challenges and Solutions for Design Automation, Testing, and Trustworthy Integration , 2017, IPSJ Trans. Syst. LSI Des. Methodol..

[18]  Jeyavijayan Rajendran,et al.  Shielding Heterogeneous MPSoCs From Untrustworthy 3PIPs Through Security- Driven Task Scheduling , 2013, IEEE Transactions on Emerging Topics in Computing.

[19]  John H. Lau The Most Cost-Effective Integrator (TSV Interposer) for 3D IC Integration System-in-Package (SiP) , 2011 .

[20]  Ryan Kastner,et al.  A 3-D Split Manufacturing Approach to Trustworthy System Development , 2013, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[21]  Siddharth Garg,et al.  Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation , 2013, USENIX Security Symposium.

[22]  Yuan Xie,et al.  Cost-effective design of scalable high-performance systems using active and passive interposers , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[23]  Ramesh Karri,et al.  Building Trustworthy Systems Using Untrusted Components: A High-Level Synthesis Approach , 2016, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[24]  Yu Zheng,et al.  IIPS: Infrastructure IP for Secure SoC Design , 2015, IEEE Transactions on Computers.

[25]  Brent Byunghoon Kang,et al.  Hacking in Darkness: Return-oriented Programming against Secure Enclaves , 2017, USENIX Security Symposium.

[26]  Ankur Srivastava,et al.  Security-Aware 2.5D Integrated Circuit Design Flow Against Hardware IP Piracy , 2017, Computer.

[27]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[28]  Gianluca Palermo,et al.  Secure Memory Accesses on Networks-on-Chip , 2008, IEEE Transactions on Computers.

[29]  K. Saban Xilinx Stacked Silicon Interconnect Technology Delivers Breakthrough FPGA Capacity , Bandwidth , and Power Efficiency , 2009 .

[30]  Yuangang Wang,et al.  Scalable memory fabric for silicon interposer-based multi-core systems , 2016, 2016 IEEE 34th International Conference on Computer Design (ICCD).

[31]  Eric Beyne,et al.  Si interposer build-up options and impact on 3D system cost , 2013, 2013 IEEE International 3D Systems Integration Conference (3DIC).

[32]  Atsushi Sakai,et al.  A 100GB/s wide I/O with 4096b TSVs through an active silicon interposer with in-place waveform capturing , 2013, 2013 IEEE International Solid-State Circuits Conference Digest of Technical Papers.

[33]  Flavio D. Garcia,et al.  Plundervolt: Software-based Fault Injection Attacks against Intel SGX , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[34]  Abhi Shelat,et al.  Verifiable ASICs , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[35]  George Danezis,et al.  A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components , 2017, CCS.

[36]  François-Xavier Standaert,et al.  Implementing Trojan-Resilient Hardware from (Mostly) Untrusted Components Designed by Colluding Manufacturers , 2018, ASHES@CCS.

[37]  Srdjan Capkun,et al.  Thermal Covert Channels on Multi-core Platforms , 2015, USENIX Security Symposium.

[38]  Christos A. Papachristou,et al.  MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[39]  Swarup Bhunia,et al.  Security Assurance for System-on-Chip Designs With Untrusted IPs , 2017, IEEE Transactions on Information Forensics and Security.

[40]  Emre Salman,et al.  Hardware-Efficient Logic Camouflaging for Monolithic 3-D ICs , 2018, IEEE Transactions on Circuits and Systems II: Express Briefs.