Research
CSME aims to investigate, design and evaluate technologies that ensure the security of integrated circuits under a zero-trust model. To pursue this overarching goal, CSME’s research efforts will be organized into the six research vectors listed below.
RV1: VEDA: A Unified Pre/Post-Silicon Verification Platform for Quantifiable Assurance
University: University of Florida
Principle Investigator (PI): Dr. Swarup Bhunia
CoPI's: Dr. Sandip Ray
|
In this project, we propose to develop a comprehensive infrastructure, VEDA (Verification based Design Assurance) to address this critical problem. The framework enables trust assessment and verification of a microelectronics device at different stages in its life cycle. VEDA is built to account for zero trust requirements from the ground up, including trust issues in IPs procured from an untrusted IP vendor as well as ICs fabricated by an untrusted foundry and provisioned or tested in an untrusted facility.
RV1: Security Quality Assurance against Side Channel Attack for Trusted Microelectronics and its Portability Across Technology
University: Purdue University
Principle Investigator (PI): Shreyas Sen
|
(A) On-chip Security Quality Monitor Design using BIST (Built-in-Self-Test), (B) Guarantee per device security quality using BIST + on-chip Tuning, (C) Provide security HVM quality estimate using small sample set (N=20-100) BIST data, and (D) Process Tampering, Cloning, Counterfeit identification using non-invasive EM SC signatures and BIST process monitors.
RV1: SARI: Security-Aware Reconfigurable Interposer
University: Arizona State University
Principle Investigator (PI): Michel Kinsy
|
Under this project efforts, the PI is introducing a novel, reconfigurable on-interposer interconnect which enables user-defined security at runtime, bypassing fab-time attacks. The proposed methodology uses a new active reconfigurable interposer based 2.5-D design approach that enables integration time or user-side, hardware-assisted, security features programming. It decouples the security of the chiplet-based design from the individual chiplet fabrication or provenance, or even the interposer itself. It does this by imbuing the active interposer with reconfigurable fabric that can be programmed at integration and end-use stages to provide hardware root-of-trust security guarantees.
RV1: Zero-trust IPs through Interposer-based Integration
University: Texas A&M
Principle Investigator (PI): Paul Gratz
Co-PI: Jiang Hu. JV Rajendran
|
In this work we propose to leverage the advent of interposer-based, 2.5D integration to enable the concept of Zero-trust IP integration. In particular, we will explore novel techniques to show formal proof that IP blocks and the interposer have not been tampered with through a highly flexible and practical version of split-manufacturing we dub 2.5D Logic Redaction. Further we will look at mechanisms to leverage the interposer as a root-of-trust in 2.5D integrated systems, securing those chiplets for which trust cannot be otherwise established. We also will look at the assumed security of eFPGA-based redaction. We will develop an attack to retrieve the hardware IP with only black-box access to a programmed eFPGA, based on the effect of modern electronic design automation (EDA) tools on practical hardware circuits and leverage the observation to guide our attack.
RV2: Attack-resistant voltage and clocking infrastructure for SoCs
University: Georgia Institute of Technology
Principle Investigator (PI): Arijit Raychowdhury
|
Hardware cryptosystems are vulnerable to attacks from malicious agents through a variety of electrical and physical channels. To protect hardware from such attacks, power and clocking circuits need to be designed for resiliency against side-channel attacks. All these techniques come with very high area and power overhead, often eclipsing the hardware cost of the crypto-engine itself. While this can be an acceptable trade-off in microprocessors, the design space is quite different in mobile and IoT platforms that are severely limited in their power and area budgets. This calls for innovations in protection hardware for crypto-engines that are embedded in such devices. The problem is further exacerbated when we consider new crypto standards that are being developed to meet the demands of the embedded markets. One such crypto standard is ASCON which has recently been recently approved by NIST. ASCON is a low-cost algorithm that is ideal for mobile and IoT platforms. Designing hardware accelerated ASCON with side-channel protection is an unsolved problem. Our work addresses low-cost hardware design for ASCON with low-overhead power side-channel protection circuit, all designed in an industry standard 28nm TSMC process. We are exploring the design space, cost of side-channel protection as well as the trade-offs between side-channel leakage and power/area overhead using low-cost, easy-to-calibrate sensors and protection circuits, tightly integrated into the ASCON crypto-processor.
RV2: Protecting Physical and Logical Side-channels in Cryptographic Hardware and Accelerator-rich Computing Systems
University: Purdue University
Principle Investigator (PI): Kaushik Roy
Co-PI: Anand Raghunathan
|
There have been many efforts to address the issue of Intellectual Property (IP) protection. These methods aim to protect the design or mask during fabrication. Encrypted forms of IP cores add some measure of security. While these techniques address the issue of IP protection, several techniques have also been developed in order to protect the fabricated IC instances that are deployed in end systems. They can be broadly classified as passive schemes and active schemes. Here a new active protection scheme is proposed that a) uses the process variation of the IC itself, the unlocking key is unique and intrinsic to each chip, b) uses sensors which are spread throughout the circuit making it hard to perform mask analysis attacks, and c) uses low overhead circuits that allow the user to choose longer key lengths, rendering brute force or other computational attacks infeasible.
RV2: Deep Learning based Cross-device and Cross-process Side Channel Analysis
University: University of Florida
Principle Investigator (PI): Dr. Sandip Ray
CoPI's: Dr. Swarup Bhunia
|
In this proposal, we will focus on optimizing the trace collection process and the impact of each individual trace. This will consist of two main goals, 1) an analysis of cross-device and cross-process side channel similarity; and 2) trace expansion and dataset maximization. We will accomplish these through three tasks: (A) Evaluation of Side Channel Behavior between Devices on the Same Process, (B) Cross-Process Side Channel Analysis, and (C) Trace Utility Maximization.
RV3: Polymorphic Logic – Obfuscation, Locking, and Reconfigurability
University: Purdue University
Principle Investigator (PI): Joerg Appenzeller
Co-PI: Zhihong Chen and Mark C. Johnson
|
We propose the use of reconfigurable logic gates based on ambipolar transistors to obfuscate circuit designs. Different from obfuscation techniques that use many additional cells alongside the performing cells to hide the actual function of the circuit, polymorphic gates do not have the same overhead demand. This offers the opportunity for a more compact design and reduced power consumption. Moreover, polymorphic gates reveal their functionality only after the polarities of the power rails is properly chosen.
RV4: Security Threats and Opportunities in Non-volatile Memory based Hardware Accelerator
University: Georgia Institute of Technology
Principle Investigator (PI): Prof. Shimeng Yu
|
We will investigate security vulnerabilities introduced by the non-volatility of weights being persistent in the hardware accelerators. There are two aspects of the threats: one is the data integrity in eNVMs and its robustness to environmental or manipulated changes (e.g. by adversary); the other is the data privacy as the valuable information (e.g. DNN model) is stored in the eNVMs even when the chip is powered off.
RV4: Using MRAM as Sensors for Side Channel Attacks
University: Purdue University
Principle Investigator (PI): Joerg Appenzeller
Co-PI: Zhihong Chen and Mark C. Johnson
|
We propose the development of sensors to detect side-channel attacks aimed at MRAM devices by using the MRAM itself as a sensor. This work involves the following unique thrusts: (A) Explore quantitatively vulnerabilities of MRAM to DC and AC magnetic fields and temperature through a statistical analysis and modeling, (B) Define the desired MRAM access patterns to half-selected cells to identify SCAs and design a memory controller considering relevant timing constraints to interface with the external MRAM, and (C) Identify methods to create a data dump and/or transfer when SCAs are detected.
RV5: IC and Mission-Specific Aging Captured by the “Intrinsic Odometers”
University:Purdue University
PrincipleInvestigator (PI):Muhammad A. Alam
Co-PI: Saeed Mohammadi
|
We will use a four-pronged measurement-based self-monitoring and accelerated test strategy for the specialized IC needed for government and non-standard-usage electronics. These include: (A) interconnect derived heating/thermometry, (B) stress-induced Iddq monitoring, (C) finger-printing of Supply-current transients and low-frequency noise thermometry, and (D) bond-pad watermarking.
RV6: Microstructure Fingerprinting for Secure Microelectronics
University:Purdue University
PrincipleInvestigator (PI):Nikhilesh Chawla
Co-PI: Ganesh Subbarayan
|
In this proposal we address the issue of trusted packages by introducing the concept of a “microstructural signature” that can be easily detected and quantified suing non-destructive x-ray and optical microscopy followed by n-point correlation function analysis. The concept relies on a particle filled adhesive layer that can be applied during manufacturing, signature particles inserted into die adhesive, thermal interface materials or other layers inherent in advanced packages. The distribution of particles (conductive or non-conductive) can be quantified to obtain a unique signature of the device involved.