280 likes | 448 Views
Security and Trust Issues in 3D ICs. Al Crouch ASSET InterTech. Jennifer Dworak Southern Methodist University. Presented at the 2011 Board Test Workshop, October 25-27, 2011. Overview: Security needs to be considered in design and test of 3D ICs.
E N D
Security and Trust Issues in 3D ICs Al Crouch ASSET InterTech Jennifer Dworak Southern Methodist University Presented at the 2011 Board Test Workshop, October 25-27, 2011
Overview: Security needs to be considered in design and test of 3D ICs • Security is a already significant concern for 2D • Trojans and Counterfeits • Measures exist to expose both • Security and Trust is much more complex in 3D • Lack of access to each die • Complexity of developing functional tests • Individual die are hidden between other die • Vertical routes are more difficult to “virtually probe” for illicit connections
Types of Counterfeits in 2D • Reverse engineer, design, and manufacture chips to be functionally similar to the original • Salvage old chips from boards and sell them as new chips • Re-label low-performing die as high-performing • Sell defective parts as working chips
Impact of counterfeits • Less reliable than valid die • Harms the reputation of the real chip provider • Denies revenue to original chip provider • Increases support costs – the counterfeit die may require support or may be returned • May contain malicious functionality
Selected Counterfeit Incidents • Between 2007 and 2010 over 5.6 million counterfeit semiconductor devices were seized by Customs and Border Patrol (CBP) and ICE (Immigrations and Custom Enforcement) • In 2009, a NASA probe project was delayed nine months and went 20% over-budget due partly to counterfeit parts. • Entire NEC product line was counterfeited in across multiple factories in China and Taiwan • Company called VisionTech imported more than 3200 identified or suspected shipments of counterfeit microelectronics to the U.S. • Sold to military for use in missile targeting systems, identification friend-or-foe systems, among others • Thousands of parts may still be in the supply chain
Detecting/Avoiding Counterfeits • Buying from authorized suppliers • Inspection of packaging • Incoming test • Device authentication (e.g. with die ID and a trusted database.) • Reporting suspected or discovered counterfeit incidents to an anti-counterfeiting clearinghouse
Hardware Trojans • Malicious changes to a design intentionally inserted by an attacker • May be inserted at any stage of the design and manufacturing process: specification, RTL, manufacturing, supply chain • Most attention has focused on manufacturing • Inserted with the intention of being stealthy • Two components: • Trigger • Payload
2D Circuit with Combinational Trojan • Trigger should be stealthy • B=0, C=0 should be rare during functional operation • B=0, C=0 should not be targeted during structural test. Payload Trigger • Payload should affect something of functional importance to attacker • Leak Data • Cause Errors • Reduce Performance • Destroy the chip
Sequential 2D Trojan ciphertext plaintext 0 Data to broadcast Encryption circuit key 1 Counter Trigger
How can we detect Trojans inserted at manufacturing? • Logic testing is generally ineffective • Too hard to activate • Side channels affected by even inactive Trojans • Delay • Power • Obtain “fingerprints” of chips verified as Trojan-free • Process variations make comparison difficult • Difference between Trojan and non-Trojan containing circuits is very small. • Only works if Trojan is inserted at mask bad Delay good Fingerprint Chip ID
Real Life Trojans…. • On September 6, 2007, the Israeli Air Force carried out an airstrike on a Syrian nuclear reactor in Operation Orchard. • Hidden back door in microprocessors used in radar may have allowed them to be disabled remotely. before after • French microprocessors used in military applications have remote “kill switches” to allow them to be disabled. • During the Cold War, secret cameras were inserted inside Xerox 914 copy machines in the Soviet embassy to record copied documents.
Where can Trojans and Counterfeits be inserted? Spec Design Manufacturing Supply Chain 3rd Party Assembler
Die Access and Observability So what does this mean for security? • Die in 3D IC’s are less observable. • An entire board in a package • Access to all die comes only through the base die • Can’t visually inspect die once assembled • Can’t remove and analyze die once assembled. • Overall variability is likely to increase. • It’s easier to hide things and harder to find them!!
Potential 3D Security Issues Trojan Extra Die Trojan Firmware in Programmable Die Counterfeit Die or Interposer Trojan in Interposer Upper Die 2D Trojan in Real Die Interposer Base Die
Issue 1: 2D Trojan in a Die • Potential Actions: • Data Collection and Transmission (e.g. encryption codes) • Denial of Service or Early Reliability Failures (such as generating a high temp spot) • Chip/Die Destruction (e.g. on-demand kill-switch) Upper Die Trojan in Real Die Interposer Base Die
Detecting a 2D Trojan in a 3D Stack • Variations increase in 3D • Relative size of Trojan effect is miniscule • May need to shut off power to all but one die • Need ability to obtain accurate delay measurements to flops and TSV’s • Verify design and 3rd party IP at RTL Upper Die Trojan in Real Die Interposer Base Die
Issue 2: Counterfeit Die or Interposer • Same as 2D: • Less reliable and may contain Trojans • Buy from trusted sources & perform incoming test • Authenticate on-die device ID with a trusted database • New Problems • Poor copying of packages no longer helps with detection • Need to access device ID securely through stack • Can no longer replace by desoldering from board.
Issue 3: Extra Die in Stack Extra Die in stack can cause complex Trojans If TSV information is standardized or published, that info can be used by Trojan designer to access desired info. Original Die Stack RF TX die Out of band TSV’s Extra memory and controller die RF Antenna could be added with an extra die on top of the stack and broadcast the data on the bus Extra memory and controller die can save selected data for later extraction.
Detecting Extra Die in Stack • Depends on where in the stack extra die are located: top of stack is harder: • Strategies: • Voltage drop • Temperature Profile • Side Channel Analysis (Power and Delay) • X-rays or other imaging approaches Extraprocessor Extra processor die can drive data bus with opposite values when triggered—shorting power and ground.
Issue 4: Evil FPGA’s in Stack • FPGA’s likely to be included for valid reasons: • Replace ASICs • Built-in Self Repair • Test other parts of stack • Security Concerns: • Firmware Corruption • Extra FPGA in stack • Trojan can be inserted in the field Hot Spot on FPGA die created by significant switching when Trojan die is triggered. Very complex Trojans are possible
Issue 5: Trojan Interposers Trojan Logic Upper Die Upper Die Trojan Interposer Interposer Lower Die Lower Die Silicon Interposers may be needed to align TSV’s on adjacent die—including TSV’s for power and ground. Trojan Logic in the Interposer (or in one of the die in the stack) could be used to shut off power or data to all upper die In 2D, this is like shutting off power or data to most of the chips on the board!!! If the Trojan is in an interposer, it would not be visible to JTAG or any other DFT hardware by design.
Issue 6: Incorrect Die Ordering Especially if standard interposers are available, an attacker could reorder the die. RF Transceiver RF Transceiver Causes loss of reliability and performance. ASIC 2 Memory ASIC 1 ASIC 2 Memory ASIC 1 Processor Processor Original ordering Trojan ordering Detection Methods: Testing and Die IDs (JTAG, INTEST, etc.)
Issue 7: Protecting IP • Today, defective chips can be de-soldered and sent back to the manufacturer for FA. • In 3D entire stack will need to be spent. • Need to be able to access individual die for debug. • Need to protect the IP of each die provider. TI Analog Die ARM Core Memory AMD Processor
Outlook • Some of these issues are likely easier to solve than others. • Even the easy ones won’t be detected if you aren’t looking! • When 3D assembly issues are solved and 3D becomes commonplace, really evil counterfeits are possible. • Easy to manufacture with standard, interchangeable die • Hard to detect in package • Incoming Test is Mandatory!
Conclusions • 3D Security and Trust must be addressed at both design and test. • Research is needed to mitigate these issues now. • Waiting may make solutions much more expensive or impossible to implement • If we don’t look for these issues, they will happen, and the consequences could be disastrous.