No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Counterfeit Chips on the Rise
Abstract
As more firms report finding phony chips, the danger they pose becomes clearer — Making semiconductors is a big business–and, so it seems, is counterfeiting them. Just how big is becoming clearer than ever, thanks in part to the candor of the U.S. military, and it will become even clearer as new laws in the United States come into effect later this year.
... Comme dans les autres secteurs d'activités, le marché de la contrefaçon des produits électroniques a pris une ampleur considérable ces dernières années : il a été multiplié par 4 entre 2009 et 2011 et par 700 entre 2001 et 2011 [59]. Le coût de la contrefaçon est aujourd'hui estimé entre 7% et 10% du marché total des semiconducteurs [130], ce qui représente un minimum de 23.4 milliards d'euros en 2015, et pourrait atteindre 34 milliards d'euros en 2016 selon un rapport de la Global Semiconductor Alliance [60]. ...
... En 2010, un rapport de l'Alliance for Gray Market and Counterfeit Abatement (AGMA) [48] montre que 83% des incidents liés à la contrefaçon ne sont pas rapportés aux autorités et que seuls 4% des distributeurs de produits électroniques signalent tous les incidents. Le même constat est établi dans [130] et [59]. Le Government Accountability Office (GAO), équivalent américain de la Cour des comptes française, déclare clairement dans un rapport de février 2016 la nécessité d'améliorer le taux de déclaration des incidents liés à la contrefaçon [110]. ...
... Parmi les cas de contrefaçon rapportés, nombreux sont ceux qui touchent les systèmes militaires [63,114]. Des circuits contrefaits ont été trouvés dans des hélicoptères de la marine américaine (Seahawk SH-60B, AH-64, CH-46) et dans des avions de l'U.S. Force (C-17, C-103J, C-27J et P-8A) [59,149]. Un cas de contrefaçon a également été retrouvé dans des systèmes de missile FLIR, développés par la société américaine Raytheon [149]. ...
Le vol et la contrefaçon touchent toutes les sphères industrielles de nos sociétés. En particulier, les produits électroniques représentent la deuxième catégorie de produits la plus concernée par ces problèmes. Parmi les produits électroniques les plus touchés, on retrouve les téléphones mobiles, les tablettes, les ordinateurs mais aussi des éléments bien plus basiques comme des circuits analogiques ou numériques et les circuits intégrés. Ces derniers sont au coeur de la plupart des produits électroniques et un téléphone mobile peut être considéré comme contrefait s’il possède ne serait-ce qu’un seul circuit intégré contrefait. Le marché de la contrefaçon de circuits intégrés représente entre 7 et 10% du marché total des semi-conducteurs, ce qui implique une perte d’au moins 24 milliards d’euros en 2015 pour les entreprises concevant des circuits intégrés. Ces pertes pourraient s’élever jusqu’à 36 milliards d’euros en 2016. Il est donc indispensable de trouver des solutions pratiques et efficaces pour lutter contre la contrefaçon et le vol de circuits intégrés. Le projet SALWARE, financé par l’Agence Nationale de la Recherche et par la Fondation de Recherche pour l’Aéronautique et l’Espace, a pour but de lutter contre le problème de la contrefaçon et du vol de circuits intégrés et propose l’étude et la conception de matériels salutaires (ou salwares). En particulier, l’un des objectifs de ce projet est de combiner astucieusement plusieurs mécanismes de protection participant à la lutte contre la contrefaçon et le vol de circuits intégrés, pour construire un système d’activation complet. L’activation des circuits intégrés après leur fabrication permet de redonner leur contrôle au véritable propriétaire de la propriété intellectuelle. Dans ce manuscrit de thèse, nous proposons l’étude de trois mécanismes de protection participant à la lutte contre la contrefaçon et le vol de circuits intégrés. Dans un premier temps, nous étudierons l’insertion et la détection de watermarks dans les machines à états finies des systèmes numériques synchrones. Ce mécanisme de protection permet de détecter un vol ou une contrefaçon. Ensuite, une fonction physique non-clonable basée sur des oscillateurs en anneaux dont les oscillations sont temporaires est implantée et caractérisée sur FPGA. Ce mécanisme de protection permet d’identifier un circuit grâce à un identifiant unique créé grâce aux variations du processus de fabrication des circuits intégrés. Enfin, nous aborderons l’implantation matérielle d’algorithmes légers de chiffrement par bloc, qui permettent d’établir une communication sécurisée au moment de l’activation d’un circuit intégré
... For instance, between 2006 and 2010, the US retailer VisionTech circuits delivered almost 60,000 counterfeit circuits to its clients, including the US Navy, Raytheon Missile System [5]. Many cases of counterfeit circuits used in sensitive applications have been reported in the US (military equipment) [6] and are increasingly relayed in the press [7]. The problem of counterfeit integrated circuits has increased significantly in recent years. ...
... The problem of counterfeit integrated circuits has increased significantly in recent years. The number of electronic circuits counterfeits seized by US Customs from 2001 to 2011 has been approximately multiplied by 700 [7]. Between 2007 and 2010, US Customs sized 5.6 million counterfeit electronic products [8]. ...
The Digital Rights Management (DRM) principle is generally well known for the exchange of files (music, video), or software management. Specialized solutions concerning vprofessional software are behind a business called "Software License Managemen". The concept of DRM can be transposed to other areas, in particular to the design of hardware devices. Although the concept of DRM is allowed and widely used in the field of software, this is not the case for Integrated Circuit design (no industrial solutions to date are actually proposed). We propose into this paper a new approach based on a original way to extract Physically Unclonable Function which is at the heart of the DRM proposal.
... H ARDWARE solution is needed in order to protect the supply chain of semiconductor components, as scavenging integrated circuit (IC) chips from Printed Circuit Boards (PCBs) is one major way through which counterfeit semiconductor components have become a growing global problem. Semiconductor Industry Associates (SIA) estimates the annual loss of U.S. IC companies due to the counterfeiting to be about $7.5 billion translating into 11,000 lost jobs [1], [2], while the global revenue loss is estimated to be about $100 billion every year [3]. The best way to deal with fake electronic components is to buy items directly from the manufacturer, affiliate, or post-retail provider approved by the manufacturer. ...
This paper describes a proof-of-concept sensor (1) that can detect and record (without battery) a semiconductor-chip tamper activity (i.e., de-soldering followed by mechanical banging) which a counterfeiter does to scavenge semiconductor chips from a printed circuit board and (2) that can be wirelessly interrogated without need to open semiconductor packages. The sensor is based on a High-overtone-Bulk-Acoustic-Resonator (HBAR) working as a Radio-Frequency Identification (RFID) tag, which can be permanently broken down by the voltage and charge generated by a pyroelectric-energy-converter (PEC). The concept is demonstrated through connecting a 7.5 GHz HBAR (based on a 350 nm-thick ZnO thin film deposited on sapphire) to a
$5\times 5\times0.15$
mm
<sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">3</sup>
lithium niobate-based PEC, via a Kapton-copper cantilever switch. When the switch is turned on (due to a mechanical shock emulating a counterfeiter’s mechanical banging), the accumulated charge on the PEC (produced by 250 °C temperature rise emulating a counterfeiter’s de-soldering) generates an electrical pulse with 9.6 V peak voltage and 1.36 nC charge transfer to an 8
$\text{M}\Omega $
load (close to the HBAR’s resistance). The PEC’s voltage and charge are shown to permanently breakdown the ZnO film on the HBAR (
$0.1\times 0.1\times0.33$
mm
<sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">3</sup>
) having a quality factor (Q) of about 2,500, so that the Q drops to near zero, drastically changing the RF absorption/scatter characteristics. A wireless interrogation is demonstrated by having a pair of
$2\times 2\times0.2$
cm
<sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">3</sup>
microstrip patch antennas, one of which is connected to HBAR while the other one is connected to a network analyzer working as a wireless interrogator.
... Supply chain threats also extend to embedded hardware such as chipsets, unauthenticated parts, and counterfeit components inserted in the supply chain. These counterfeit components may impact systems by being of lower quality [51]. In other cases, hardware threats extend to hardware trojans, which have been an ongoing topic of research [52]- [54]. ...
As technology becomes more widely available, millions of users worldwide have installed some form of smart device in their homes or workplaces. These devices are often off-the-shelf commodity systems, such as Google Home or Samsung SmartThings, that are installed by end-users looking to automate a small deployment. In contrast to these “plug-and-play” systems, purpose-built Enterprise Internet-of-Things (E-IoT) systems such as Crestron, Control4, RTI, Savant offer a smart solution for more sophisticated applications (e.g., complete lighting control, A/V management, security). In contrast to commodity systems, E-IoT systems are usually closed source, costly, require certified installers, and are overall more robust for their use cases. Due to this, E-IoT systems are often found in expensive smart homes, government and academic conference rooms, yachts, and smart private offices. However, while there has been plenty of research on the topic of commodity systems, no current study exists that provides a complete picture of E-IoT systems, their components, and relevant threats. As such, lack of knowledge of E-IoT system threats, coupled with the cost of E-IoT systems has led many to assume that E-IoT systems are secure. To address this research gap, raise awareness on E-IoT security, and motivate further research, this work emphasizes E-IoT system components, E-IoT vulnerabilities, solutions, and their security implications. In order to systematically analyze the security of E-IoT systems, we divide E-IoT systems into four layers: E-IoT Devices Layer, Communications Layer, Monitoring and Applications Layer, and Business Layer. We survey attacks and defense mechanisms, considering the E-IoT components at each layer and the associated threats. In addition, we present key observations in state-of-the-art E-IoT security and provide a list of open research problems that need further research.
... Supply chain threats also extend to embedded hardware such as chipsets, unauthenticated parts, and counterfeit components inserted in the supply chain. These counterfeit components may impact systems by being of lower quality [55]. In other cases, hardware threats extend to hardware trojans, which have been an ongoing topic of research [56]- [58]. ...
As technology becomes more widely available, millions of users worldwide have installed some form of smart device in their homes or workplaces. These devices are often off-the-shelf commodity systems, such as Google Home or Samsung SmartThings, that are installed by end-users looking to automate a small deployment. In contrast to these "plug-and-play" systems, purpose-built Enterprise Internet-of-Things (E-IoT) systems such as Crestron, Control4, RTI, Savant offer a smart solution for more sophisticated applications (e.g., complete lighting control, A/V management, security). In contrast to commodity systems, E-IoT systems are usually closed source, costly, require certified installers, and are overall more robust for their use cases. Due to this, E-IoT systems are often found in expensive smart homes, government and academic conference rooms, yachts, and smart private offices. However, while there has been plenty of research on the topic of commodity systems, no current study exists that provides a complete picture of E-IoT systems, their components, and relevant threats. As such, lack of knowledge of E-IoT system threats, coupled with the cost of E-IoT systems has led many to assume that E-IoT systems are secure. To address this research gap, raise awareness on E-IoT security, and motivate further research, this work emphasizes E-IoT system components, E-IoT vulnerabilities, solutions, and their security implications. In order to systematically analyze the security of E-IoT systems, we divide E-IoT systems into four layers: E-IoT Devices Layer, Communications Layer, Monitoring and Applications Layer, and Business Layer. We survey attacks and defense mechanisms, considering the E-IoT components at each layer and the associated threats. In addition, we present key observations in state-of-the-art E-IoT security and provide a list of open research problems that need further research.
... A malicious entity may distribute IC chips in markets that are refurbished illegally from garbage, counterfeited for cheap manufacturing or even falsified with undesired functionality, as sketched in Fig. 1. Public institutions, commercial investigators and web magazines have continuously reported the market statistics and distributions of such undesired electronic products in worldwide [4,5,6,7,8]. ...
Side-channel attacks have emerged as the nondestructive threats of security vulnerability in cryptographic hardware. This paper provides an overview of the protection techniques with counter ways of utilizing sidechannel information leakage for combatting side-channel attacks as well as securing the authenticity of devices against counterfeits or even falsification.
... The general idea is shown how the problem of security is issued since the beginning of computer science to the rise of embedded systems and the Internet of things. Moreover, recent integrated circuit (IC) security issues such as hardware Trojan [16] and IC counterfeiting [17] are presented in order to prepared young engineers to design trusted IC [18]. ...
The digital rights management (DRM) principle is generally well known for the exchange of files (music, video), or software management. Specialized solutions concerning professional software are behind a business called “Software License Management”. The concept of DRM can be transposed to other areas, in particular to the design of hardware devices. Although the concept of DRM is allowed and widely used in the field of software, this is not the case for Integrated Circuit design (no industrial solutions to date are actually proposed).
... Electronics systems design is increasingly uses Intellectual Property (IP) cores. The means, however, that can render the IP core unusable if it has been obtained illegally [1] have not yet been identified. We describe lightweight locking schemes lacking in the state of the art. ...
... In recent years, the issue of counterfeiting of integrated circuits has increased considerably. For example, the number of counterfeit electronic circuits collected by U.S. Customs from 2001 to 2011 has increased by around 700 [20]. Between 2007 and 2010, U.S. Customs collected 5.6 million counterfeit electronic products [21]. ...
Over the past 10 years, the designers of intellectual properties (IP) have faced increasing threats including illegal copy or cloning, counterfeiting, reverse-engineering. This is now a critical issue for the microelectronics industry, mainly for fabless designers and FPGA designers. The design of a secure, efficient, lightweight protection scheme for design data is a serious challenge for the hardware security community. In this context, this paper presents the first ultra-lightweight transmitter using side channel leakage based on electromagnetic emanation to send embedded IP identity discreetly and quickly. In addition, we present our electromagnetic test bench and a coherent demodulation method using slippery window spectral analysis to recover data outside the device. The hardware resources occupied by the transmitter represent less than 0.022% of a 130 nm Microsemi Fusion FPGA. Experimental results show that the demodulation method success to provide IP data with a bit rate equal to 500 Kbps.
... The general idea is shown how the problem of security is issued since the beginning of computer science to the rise of embedded systems and the Internet of things. Moreover, recent integrated circuit (IC) security issues such as hardware Trojan [16] and IC counterfeiting [17] are presented in order to prepared young engineers to design trusted IC [18]. ...
This paper proposes a theoretical study and a full overview of the design, evaluation and optimization of a PUF based on transient element ring oscillators (TERO-PUF). We show how, by following some simple design rules and strategies, designers can build and optimize a TERO-PUF with state of the art PUF characteristics in a standard CMOS technology. To this end, we analyzed the uniqueness, steadiness and randomness of responses generated from 30 test chips in a CMOS 350nm process in nominal and corner voltage and temperature conditions. Response generation schemes are proposed and discussed to optimize the PUF performances and reduce its area without noticeable loss in its output quality. In particular, we show that the large area of the basic blocks in the TERO-PUF is balanced by the high level of entropy extracted in each basic block. Guidelines are provided to balance reliability and randomness of the responses and the design area.
... The discovery of counterfeit chips in industrial and military products over the last years has made this threat much more conceivable. For instance, in 2010 the chip broker VisionTech was charged with selling fake chips, many of which were destined for safety and security critical systems such as highspeed train breaks, hostile radar tracking in F-16 fighter jets, and ballistic missile control systems [6]. The threat of hardware Trojans is expected to only increase with time, especially with the recent concerns about cyberwar, cf., e.g., [13,20]. ...
In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like and how difficult it would be in practice to implement one. In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against “golden chips”. We demonstrate the effectiveness of our approach by inserting Trojans into two designs—a digital post-processing derived from Intel’s cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation—and by exploring their detectability and their effects on security.
... The general idea is shown how the problem of security is issued since the beginning of computer science to the rise of embedded systems and the Internet of things. Moreover, recent integrated circuit (IC) security issues such as hardware Trojan [16] and IC counterfeiting [17] are presented in order to prepared young engineers to design trusted IC [18]. ...
Teaching FPGA security to electrical engineering students is new at graduate level. It requires a wide field of knowledge and a lot of time. This paper describes a compact course on FPGA security that is available to electrical engineering master's students at the Saint-Etienne Institute of Telecom, University of Lyon, France. It is intended for instructors who wish to design a new course on this topic. The paper reviews the motivation for the course, the pedagogical issues involved, the curriculum, the lab materials and tools used, and the results. Details are provided on two original lab sessions, in particular, a compact lab that requires students to perform differential power analysis of FPGA implementation of the AES symmetric cipher. The paper gives numerous relevant references to allow the reader to prepare a similar curriculum.
... The counterfeiting of ICs has become a major problem in recent years [2]. For example, the number of counterfeit electronic circuits seized by U.S. Customs between 2001 and 2011 has been multiplied by around 700 [3]. Between 2007 and 2010, U.S. Customs confiscated 5.6 million counterfeit electronic products [4]. ...
The increasing production costs of electronic devices and changes in the design methods of integrated circuits (ICs) has led to emerging threats in the microelectronics industry. Today, high value chips are the target of counterfeiting, theft and malicious hardware insertion (such as hardware trojans). Intellectual property (IP) protection has become a major concern and we propose to fight counterfeiting and theft by designing salutary hardware (salware). Instead of insert malicious effects inside an IP like a malware (e.g. a hardware trojan), a salware uses the same techniques, strategies and means for IP protection. One of the most studied salware is IP watermarking. Many works propose to target the finite state machine of digital IP to perform the watermarking. But, most of the time, the verification of the watermark is not clearly described. This conduces to a lack of credibility of these works. This paper proposes a watermark verification scheme using a correlation analysis based on the measurement of the IC power consumption. This article presents this process of verification and also discusses the selection of its parameters according to experimental results.
... The discovery of counterfeit chips in industrial and military products over the last years has made this threat much more conceivable. For instance, in 2010 the chip broker VisionTech was charged with selling fake chips, many of which were destined for safety and security critical systems such as high-speed train breaks, hostile radar tracking in F-16 fighter jets, and ballistic missile control systems [6]. The threat of hardware Trojans is expected to only increase with time, especially with the recent concerns about cyberwar, cf., e.g., [13,20]. ...
In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like, and how difficult it would be in practice to implement one.
In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against “golden chips”. We demonstrate the effectiveness of our approach by inserting Trojans into two designs — a digital post-processing derived from Intel’s cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation — and by exploring their detectability and their effects on security.
... The general idea is shown how the problem of security is issued since the beginning of computer science to the rise of embedded systems and the Internet of things. Moreover, recent integrated circuit (IC) security issues such as hardware Trojan [16] and IC counterfeiting [17] are presented in order to prepared young engineers to design trusted IC [18]. ...
Teaching FPGA security to electrical engineering students is new at graduate level. It requires a wide field of knowledge and a lot of time. This paper describes a compact course on FPGA security that is available to electrical engineering master's students at the Saint-Etienne Institute of Telecom, University of Lyon, France. It is intended for instructors who wish to design a new course on this topic. The paper reviews the motivation for the course, the pedagogical issues involved, the curriculum, the lab materials and tools used, and the results. Details are provided on two original lab sessions, in particular, a compact lab that requires students to perform differential power analysis of FPGA implementation of the AES symmetric cipher.
... In recent years, the issue of counterfeiting of integrated circuits has increased considerably. For example, the number of counterfeit electronic circuits collected by U.S. Customs from 2001 to 2011 has increased by around 700 [1]. Between 2007 and 2010, U.S. Customs collected 5.6 million counterfeit electronic products [2]. ...
Fabless semiconductor industries are facing the rise of design costs of integrated circuits. This rise is link to the technology change and the complexity increasing. It follows that integrated circuits have become targets of counterfeiting and theft. The SALWARE project aims to study (theoretically and experimentally) salutary hardware design in order to fight against theft, illegal cloning and counterfeiting of integrated circuits. Salutary hardware means an embedded hardware system, hardly detectable / circumvented, inserted in an integrated circuit or a virtual component (Intellectual Property), used to provide intellectual property information (eg watermarking or hardware license) and / or to remotely activate the circuit or IP after manufacture and during use.
Over the years, a handwritten signature has been used for verification and authentication purpose in various things. However, its use for hardware intellectual property (IP) cores is under-utilized so far. In this paper, we explore that a handwritten signature with date can be useful for IP protection in three contexts: (i) verifying the true owner of IP during ownership conflict (ii) identifying counterfeit IPs by authenticating the genuine ones (iii) detecting IP cloning. Therefore, this paper presents a novel dated handwritten-signature based hardware IP watermarking (
Hard-Sign
) technique which can be useful to resolve the IP ownership conflict and handle the counterfeiting and cloning threats. The date (MM-DD-YYYY) is assigned to the signature during its digital template conversion phase wherein date-DD and year-YYYY determine the binary encoding of the handwritten signature features and month-MM determines the concatenation of the features to compose the signature template. Thus, generated dated signature template is embedded into the IP core design during behavioral synthesis process. The strength of proposed approach is analyzed in terms of uniqueness of signature, security and impact of embedding signature on hardware design. The results reveal that the
Hard-Sign
approach outperforms the related approaches.
Physical Unclonable Functions (PUFs) are promising primitives for the lightweight authentication of an integrated circuit (IC). Indeed, by extracting an identifier from random process variations, they allow each instance of a design to be uniquely identified. However, the extracted identifiers are not stable enough to be used as is, and hence need to be corrected first. This is currently achieved using error-correcting codes in secure sketches, that generate helper data through a one-time procedure. As an alternative, we propose key reconciliation protocols. This interactive method, originating from quantum key distribution, allows two entities to correct errors in their respective correlated keys by discussing over a public channel. We believe that this can also be used by a device and a remote server to agree on two different responses to the same challenge from the same PUF obtained at different times. This approach has the advantage of requiring very few logic resources on the device side. The information leakage caused by the key reconciliation process is limited and easily computable. Results of implementation on FPGA targets are presented, showing that it is the most lightweight error-correction module to date.
In order to fight against counterfeiting and illegal copying of integrated circuits (ICs) and intellectual property (IP) cores, several design data protection schemes have been proposed. One of the key components of such schemes is the one in charge of locking the circuit in case it has been illegally obtained. This is necessary in order to make illegal copies useless. In this chapter, we show that common features, found in most electronic devices, can be turned into on-chip locks. First of all, we identify these features and then show how they can be modify to lock the design. The main point to use existing features is to induce low overhead, which is very interesting for designers. We implemented the proof of concept of the described locks in FPGAs, and present resources overhead for the implementation of them on two reference designs. We also give details on partial locking, which can be used to provide the design in evaluation mode.
Over the past 10 years, the multitude of highly constrained applications such as radio-frequency identification and sensor networks has led to a new trend in the development of cryptographic primitives. Many algorithms categorized as lightweight cryptographic algorithms have been developed specifically for these new applications. Comparing them is very important but also very challenging because every application has its own constraints. This fact leads to a different choice of design strategies, and the best algorithm for one application is not necessarily the best for all applications. Moreover, the definition of what is lightweight is not always the same because lightweight covers a reduction in power and energy consumption just as well as a reduction in area for hardware. This article proposes and compares lightweight hardware implementations of four recent block ciphers (Klein, Led, Lilliput, and Ktantan). This work is included in a large project that aims to protect the hardware against cloning and counterfeiting. The main constraint in this field is the area required by the protection scheme. As a result, we chose to target only the smallest possible area for each selected algorithm. Consequently, two strategies are presented: full width and serial hardware implementations. All results were generated and verified for Xilinx Spartan-6 and Spartan-3 field-programmable gate arrays and also for application-specific integrated circuit. Additionally, all the design files are available online. Copyright
Integrated circuit counterfeits, relabeled parts and maliciously modified integrated circuits (so-called Hardware Trojan horses) are a recognized emerging threat for embedded systems in safety or security critical applications. We propose a Hardware Trojan detection technique based on fingerprinting the electromagnetic emanations of integrated circuits. In contrast to most previous work, we do not evaluate our proposal using simulations but we rather conduct experiments with an FPGA. We investigate the effectiveness of our technique in detecting extremely small Hardware Trojans located at different positions within the FPGA. In addition, we also study its robustness to the often neglected issue of variations in the test environment. The results show that our method is able to detect most of our test Hardware Trojans but also highlight the difficulty of measuring emanations of unrealistically tiny Hardware Trojans. The results also confirm that our method is sensitive to changes in the test environment.
Over the past 10 years, the designers of intellectual properties (IP) have faced increasing threats including cloning, counterfeiting, and reverse-engineering. This is now a critical issue for the microelectronics industry. The design of a secure, efficient, lightweight protection scheme for design data is a serious challenge for the hardware security community. In this context, this chapter presents two ultra-lightweight transmitters using side channel leakage based on electromagnetic emanation to send embedded IP identity discreetly and quickly.
Critical infrastructure protection spans an increasing number of publicly and privately owned nondefense entities. As cyberspace continued to expand, securing society requires a comprehensive approach to include business sector cooperation with all levels of government. More attention must be devoted to activities and facilities not only on the national but also on the municipal level. This will require nontraditional governance approaches to complement the usual top–down national regulation. We discuss recent cyber security policy developments in Israel, and move on to discuss future cyber security challenges using water supply as an example. Hopefully the approaches discussed in this paper will provide useful information for other developed countries.
As demonstrated by the recent attack on Intel's Ivy Bridge processor, the traditional Logic Built-In Self-Test (LBIST) methods do not provide adequate protection of SoC against malicious modifications known as hardware Trojans. In this paper, we introduce a simple but efficient countermeasure against hardware Trojans which exploits non-zero aliasing probability of LBIST. We propose to generate LBIST test patterns based on a configurable key which is decided and programed into the circuit after the manufacturing stage. Since the key and hence expected LBIST signature are unknown at the manufacturing stage, an attack based on selecting suitable values for the Trojan which result in the same signature as a fault-free circuit signature becomes infeasible.
Physically unclonable functions (PUFs) are expected to provide a breakthrough in anti-counterfeiting devices for secure ID generation and authentication, etc. Factory-manufactured PUFs are generally more secure if the number of outputs (the variety of responses) is larger (e.g., a 256-bit full-entropy response is more secure than a 128-bit response). In Yamamoto et al. (J Cryptogr Eng 3(4):197–211, 2013), we presented a latch-based PUF structure, which enhances the variety of responses by utilizing the location information of the RS (Reset-Set) latches outputting random numbers. We confirmed the effectiveness of this method using two kinds of different Xilinx FPGA chips: Spartan-3E and Spartan-6. In this paper, we propose a novel method of further enhancing the variety of responses while maintaining the reliability of responses, i.e., consistency over repeated measurements. The core idea in this method is to effectively utilize the information on the proportion of ‘1’s in the random number sequence output by the RS latches. This proportion information is determined during the manufacturing process, making it relatively stable and reliable once PUFs are manufactured. We estimated the variety of responses generated by the PUFs to which the proposed method was applied. According to our experiment with 73 ASIC chips fabricated by a 0.18-\(\upmu \)m CMOS process, latch-based PUFs with 256 RS latches can improve the variety of responses to as much as \(2^{379}\). This is much larger than \(2^{220}\) for conventional methods, and \(2^{314}\) for our previous method presented in Yamamoto et al., J Cryptogr Eng 3(4):197–211, 2013). The average error rate (reliability) of responses is only 0.064 when both temperature and voltage are changed to \(-20 \sim 60^\circ \)C and \(1.80 \pm 0.15\mathrm{V}\), respectively. Our proposed PUF enhances the variety of responses dramatically while maintaining reliability.
This study reviews the current situation regarding design protection in the microelectronics industry. Over the past 10 years, the designers of integrated circuits (IC) and intellectual properties (IP) have faced increasing threats including counterfeiting, reverse-engineering and theft. This is now a critical issue for the microelectronics industry, mainly for fabless designers and IP designers. Coupled with increasing pressure to decrease the cost and increase the performance of ICs, the design of a secure, efficient, lightweight protection scheme for design data is a serious challenge for the hardware security community. However, several published works propose different ways to protect design data including functional locking, hardware obfuscation and IC/IP identification. This study presents a survey of academic research on the protection of design data. It concludes with the need to design an efficient protection scheme based on several properties.
IC chips become dubious in authenticity – the identity, birth origin and operation correctness may be faked or altered somewhere in the international specializations of IC chip manufacturing and packaging. The warning is directed not at semiconductor businesses but also at every hardware product development. This article gives an overviews of the counterfeiting, tampering and falsification of IC chips and an explorations of preventive as well as proactive measures against them.
Design fingerprinting is a means to trace the illegally redistributed intellectual property (IP) by creating a unique IP instance with a different signature for each user. Existing fingerprinting techniques for hardware IP protection focus on lowering the design effort to create a large number of different IP instances without paying much attention on the ease of fingerprint detection upon IP integration. This paper presents the first dynamic fingerprinting technique on sequential circuit IPs to enable both the owner and legal buyers of an IP embedded in a chip to be readily identified in the field. The proposed fingerprint is an oblivious ownership watermark independently endorsed by each user through a blind signature protocol. Thus, the authorship can also be proved through the detection of different user's fingerprints without the need to separately embed an identical IP owner's signature in all fingerprinted instances. The proposed technique is applicable to both application-specific integrated circuit and field-programmable gate array IPs. Our analyses show that the fingerprint is immune to collusion attack and can withstand all perceivable attacks, with a lower probability of removal than state-of-the-art FSM watermarking schemes. The probability of coincidence of a 32-bit fingerprint is in the order of 10-10 and up to 1035 32-bit fingerprinted instances can be generated for a small design of 100 flip-flops.
ResearchGate has not been able to resolve any references for this publication.