Are Proximity Attacks a Threat to the Security of Split Manufacturing of Integrated Circuits?

Split manufacturing is a technique that allows manufacturing the transistor-level and lower metal layers of an integrated circuit (IC) at a high-end, untrusted foundry, while manufacturing only the higher metal layers at a smaller, trusted foundry. Using split manufacturing is only viable if the untrusted foundry cannot reverse engineer the higher metal layer connections (and thus the overall IC design) from the lower layers. This paper studies the effectiveness of proximity attack as a key step to reverse engineer a design at the untrusted foundry. We propose and study different proximity attacks based on how a set of candidates are defined for each broken connection. The attacks use both placement and routing information along with factors which capture the router’s behavior such as per-layer routing congestion. Our studies are based on designs having millions of nets routed across nine metal layers and significant layer-by-layer wire size variation. Our results show that a common, Hamming distance-based proximity attack seldom achieves a match rate over 5%. But our proposed attack yields a relatively small list of candidates which often contains the correct match. Finally, we propose a procedure to artificially insert routing blockages in a design at a desired split level, without causing any area overhead, in order to trick the router to make proximity-based reverse engineering significantly more challenging.

[1]  Jeyavijayan Rajendran,et al.  The cat and mouse in split manufacturing , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[2]  Jonathan Tse,et al.  A split-foundry asynchronous FPGA , 2013, Proceedings of the IEEE 2013 Custom Integrated Circuits Conference.

[3]  Lawrence T. Pileggi,et al.  Building trusted ICs using split fabrication , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[4]  Mark Mohammad Tehranipoor,et al.  Case study: Detecting hardware Trojans in third-party digital IP cores , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[5]  Franz Franchetti,et al.  Efficient and secure intellectual property (IP) design with split fabrication , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[6]  Derong Liu,et al.  Incremental layer assignment for critical path timing , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[7]  John P. Hayes,et al.  Unveiling the ISCAS-85 Benchmarks: A Case Study in Reverse Engineering , 1999, IEEE Des. Test Comput..

[8]  Jarrod A. Roy,et al.  The ISPD-2011 routability-driven placement contest and benchmark suite , 2011, ISPD '11.

[9]  Jeyavijayan Rajendran,et al.  Is split manufacturing secure? , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[10]  Mark Mohammad Tehranipoor,et al.  Efficient and secure split manufacturing via obfuscated built-in self-authentication , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[11]  Mark Mohammad Tehranipoor,et al.  Counterfeit Integrated Circuits: A Rising Threat in the Global Semiconductor Supply Chain , 2014, Proceedings of the IEEE.

[12]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[13]  Yih-Lang Li,et al.  NCTU-GR: Efficient Simulated Evolution-Based Rerouting and Congestion-Relaxed Layer Assignment on 3-D Global Routing , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[14]  Dick James,et al.  The state-of-the-art in semiconductor reverse engineering , 2011, 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC).

[15]  Azadeh Davoodi,et al.  Congestion analysis for global routing via integer programming , 2011, 2011 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[16]  Christophe Clavier,et al.  Complete reverse-engineering of AES-like block ciphers by SCARE and FIRE attacks , 2014, Cryptography and Communications.

[17]  Jonathan Tse,et al.  Automatic obfuscated cell layout for trusted split-foundry design , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[18]  Michael S. Hsiao,et al.  Hardware Trojan Attacks: Threat Analysis and Countermeasures , 2014, Proceedings of the IEEE.

[19]  Peter Gadfort,et al.  Split-fabrication obfuscation: Metrics and techniques , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[20]  Siddharth Garg,et al.  Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation , 2013, USENIX Security Symposium.

[21]  Yih-Lang Li,et al.  NCTU-GR 2.0: Multithreaded Collision-Aware Global Routing With Bounded-Length Maze Routing , 2013, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.